PRIVACY NOTICE
Summary
We respect your right to privacy and treat the personal data you give to us with care and we act according to the European Regulation 2016/679 (GDPR) for the protection of the personal data and the Greek Legislation. This Privacy Policy describes how we collect, use, share, store or otherwise process the information we hold about you. We are committed to ensuring the personal data you provide is used for the purpose it was collected and is kept secure.
We encourage you to read this Privacy Notice carefully when using our website or services or transacting business with us. By accepting this Privacy Notice you are informed and you provide your free, informed, specific and unambiguous consent for the personal data you provide on the website at https://www.atriumhotels.gr/
Your personal information allows us to provide the products and services you have asked for, as well as enabling us to improve those products and services by understanding your interests and preferences.
Please note that Atrium Hotels is the Data Controller of your personal data. PRESIDENTIAL and AITHRION PALACE, (Greece) Limited (“we”, “our”, “us”) is the data controller when you provide information to any of our brands, including: Atrium Platinum, Atrium Palace and Atrium Prestige.
The principles set out in this Privacy Notice apply to all instances in which Atrium Hotels receives your personal data as a Data Controller for the purposes described in this notice. Those purposes are processing of data in order to participate in the various activities available on this website or as mentioned below.
If you have any questions about our privacy practices, please refer to the end of this Privacy Notice for information on how to contact us.
What information do we collect?
Atrium Hotels is the only Data controller of these data. The term “personal information or personal data” in this Policy refers to information that identifies or is capable of identifying you as an individual.
We do not sell, rent or otherwise disclose personal information collected by us to third parties in the ordinary course of business. The use of information collected through our website shall be limited to the purpose of providing the service for which you have engaged us.
When you interact with our products and services, for example when browsing our website or booking a hotel room οr you filling in any contact form, we collect information about you and that particular interaction.
Generally, the types of personal data that we process may include:
Data the user provides on a voluntary basis:
Special Categories of Personal Data – Sensitive Personal Data
When referring to the notions of “special categories of personal data” or “sensitive personal data”, it means that this kind of personal information reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership and genetic data, biometric data which allows to uniquely identify a natural person, health data and/or data regarding sexual orientation. At Αtrium Ηotels, we do not collect sensitive personal data, unless you provide us them along with an explicit consent for every related purpose of processing. Such a case is when we ask you to provide us information about your health (i.e. allergies), in order to be able to offer you the best gastronomic services in relation with your health status. This information is stored securely with restricted access and handled with the greatest respect for your privacy. Where you provide information to us about other people, you need to make sure you have their permission to do so or that you can speak on their behalf, for example, in the case of children.
Personal Data collected for Security reasons
Images/video
We collect, process and store images through our video-surveillance systems (“CCTV systems”), where installed, for security reasons, pursuant to the requirements and standards set by the national and union law for the retention of data, sound and images. In many cases, non-operational CCTV systems are available (“replica cameras”) for precaution and safety purposes.
Security Reports
Reports including personal data are being prepared by our Security department for security reasons (i.e. incident reports, object lost reports, open safe list etc.). Such reports may include personal information, such as name, surname room number and will be recorded only for security purposes.
Accident form
In case an accident occurs in our premises, you will be requested to provide information such as your name, surname, date of birth, room number, duration of stay, as well as some additional information about the accident, such as the location of the incident, date and time of incident, it’s nature and any further relevant details.
Purposes of processing – legal basis
Our Security department collects data for:
Personal Data collected via Guests’ Questionnaires
For us, your feedback is valuable, as it helps us improve our services to you. You may at any point provide us with your feedback, by completing our Guest Questionnaire (either in paper form or through our mobile app/wifi). If you wish to complete it, the provision of personal information (i.e. your name, surname, room number email, address, country, profession, arrival data, length of stay, data of birth) is optional.
Purposes of processing (Guests’ Questionnaires) – legal basis
We collect the data you provide us through our Guests Questionnaires either in paper form or through our mobile app/wifi for:
Evaluating your experience, improving our services, as well as to further contact you to discuss your experiences during your stay at our premises, and evaluate services rendered to you in the future. Our legal basis is our legitimate interest.
What is the purpose of collecting such personal information?
The justification for processing your personal data will be as follows:
How we keep your personal data secure
We take all the necessary precautions, security measures as well as the relevant technical and organizational measures to ensure the confidentiality of the provided personal data. We have secure systems and processes in place to ensure the personal information you provide us is kept safe. We store personal information on our secure electronic systems. We can assure you that we take all reasonable steps to ensure your data is handled securely under appropriate agreements with our suppliers.
Minors Data
At Atrium Hotels, it is not part of our policy to seek or obtain personal data directly from minors (i.e. under the age of 18) without their parental or legal guardian’s consent. However, as it is impossible to always determine the age of persons who access and use our websites, we encourage parents or guardians to contact us if they notice any case of unauthorized data provision by minors in order to exercise accordingly their rights such as deletion of their data.
How we use the data we collect from this website?
We always base the processing of your personal data to a valid legal basis such as law, contract or your explicit consent etc.
We need your personal data in order to:
a. Comply with legal obligations:
b. Enter a contract or fulfill the hospitality contract we have with you:
c. Promote the legitimate interests of Atrium Hotels:
However, for certain activities we may also need your explicit consent to process your data. Where the consent is needed for the processing it is clearly mentioned in this Privacy Notice.
Withdrawing consent or otherwise objecting to direct marketing/profiling
In addition to sending you information about the products and services you use (product communications) and in-life communications while you stay with us, where we have your permission or where we are relying on our legitimate interest, we may send you direct marketing communications about our products, services, events and offers.
Direct marketing communications may be sent by post, email, telephone, SMS and MMS, through social media (such as Whatsapp, Instagram, Twitter, and Facebook), messages including push notifications to your mobile devices, and via other electronic means such as when you visit our websites or use our apps. This may also include any websites and apps of our partners who are in our advertising networks.
We may send you direct marketing while you have an ongoing relationship with us and for a reasonable time after you have used one of our products or services where we feel we have a legitimate interest.
Wherever we rely on your consent, you will always be able to withdraw that consent, although we may have other legal grounds for processing your data for other purposes, such as those set out above. You have an absolute right to opt-out of direct marketing, or profiling we may carry out for direct marketing, at any time. You can do this by contacting us using the details set out in the end of this Privacy Notice.
How long do we keep your personal data?
We will retain your information for as long as necessary for the uses set out in this Policy or while there is a legitimate business reason for doing so. If you ask us to delete your information before this time, we may not be able to do so for technical, legal, regulatory or contractual constraints. Your information will be retained in order to comply with legal and regulatory obligations as well as for analysis, to prevent fraud, collect any monies owed, and to resolve disputes.
More specifically,
4.for submitting employment applications: if your application for employment is unsuccessful, the organisation will hold your data on file for 12 (twelve) months after the end of the relevant recruitment process. If you agree to allow us to keep your personal data on file, we will hold your data on file for a further 6 (six) months for consideration for future employment opportunities. At the end of that period or once you withdraw your consent, your data is deleted or destroyed. You will be asked when you submit your CV whether you give us consent to hold your details for the full 18 months in order to be considered for other positions or not.
If your application for employment is successful, personal data gathered during the recruitment process will be transferred to your Human Resources file (electronic and paper based) and retained during your employment. The periods for which your data will be held will be provided to you in a new privacy notice.
Your rights
As a data subject, you have a number of rights. You can:
If you would like to exercise any of these rights, please contact Atrium Hotels at dpo@atriumhotels.gr
We will carefully consider your request as there may be circumstances which require us to, or allow us to, continue processing your data.
If you believe that the organisation has not complied with your data protection rights, you can file a complaint to the Greek Data Protection Authority (http://www.dpa.gr/portal/page?_pageid=33,15048&_dad=portal&_schema=PORTAL)
Disclosure of your personal data
In some cases, we may be required to disclose your personal information to comply with legal requirements and requests from government agencies if required for the purposes set out above, if mandated by law or if required for the legal protection of our legitimate interests in compliance with applicable laws.
Your information will only be shared and used in accordance with this Policy and where an agreement is in place to ensure that your information is protected. We won’t sell your personal information without your consent or share it with other organisations for their own marketing purposes.
We may also disclose your personal information to our group companies or to third parties:
We may share your personal data:
User data may be disclosed to:
Our site may contain links to other websites belonging to third parties. We do not control the privacy practices of these other websites. You should therefore make sure when you leave our site that you have read that website’s Privacy Notice.
Overseas Transfers of Your Personal Data
Your personal data will be stored at our hotel in which you stay or visit. Alternative, your personal data will only be shared with one or more hotels of Atrium Hotel’s Group Companies. Your personal data will not be transferred to countries outside the EU.
In case we may need for some reason to transfer such data, we will only transfer such data in countries that satisfy the adequate or comparable levels of protection in order to protect personal data held in that jurisdiction, and (where we are required to do so) with your consent.
In case personal data is transferred from the EU to outside the EU, we use Model Clauses, ensuring that such data transfers are compliant with applicable privacy legislation.
The information you provide to us may be given to our third party service suppliers outside the European Economic Area for the purpose of delivering the personalized services and communications stated above. Atrium Hotels will always take steps to ensure that your information is used by third parties in accordance with this Privacy Notice and that your information is kept secure at all times. In particular, in relation to any transfer to a third party in a country that is not subject to an adequacy decision by the EU Commission, such transfer will be appropriately protected through mechanisms such as EU Commission approved standard contractual clauses, an appropriate Privacy Shield certification or Binding Corporate Rules. A copy of the relevant mechanism can be provided for your review upon request.
Our processors
There may be situations where we use data processors – companies who act on our behalf – to collect your information for us or to use the personal data we pass to them to provide your service. These processors can only use your information in accordance with our instructions and for the purposes in this Policy.
Travel agents and partners
We collect information about you when it is provided to us by third parties. This might include online travel agents, travel websites, and other partners. This could be when you make bookings, review your stay online, or where you interact with anyone who promotes our brands. You should always read the privacy policies of travel companies or other third parties you use, as they will use your information in accordance with their own privacy policies.
When you, or someone on your behalf, make a booking using travel agent, booking platform or other third party to use our services, they may pass us information about your booking, including information about anyone else on that booking. The same would be true where you use a third party to make inquiries about our products or services.
Where you interact with third parties who promote our services for us, these third parties may pass us your information.
We may also obtain information about you from our partners and other companies that have your permission to share your information both online and offline, like insight providers.
Do not track signals or browser/device settings
Our websites are not designed to respond to “do not track” signals or browser/device settings.
Analysis and product development
We may use your information to improve the products and services we offer. For example, we may look at the preferences our guests have when they stay with us to offer more relevant personalised services to them.
Linked services, third party sites and content
Our website may, from time to time, contain links to other websites which are outside of our control and are not covered by this Policy. We do not accept any responsibility or liability for other sites’ privacy policies. If you access other websites using the links provided, please check their policies before submitting any personal information.
Cookie Policy
Our site uses cookies. A “cookie” is a small file of letters and numbers that is sent to your computer by a website and automatically saved on your computer by your web browser (e.g. “Internet Explorer”). Each time you request a page from the website, your web browser sends this cookie back to the website server.
You are not obliged to accept cookies. If you wish, you can set your browser to notify you before you receive a cookie so you have the chance to accept it and you can also set your browser to refuse to receive or send all cookies. The website www.allaboutcookies.org contains step-by-step guidance on how cookies can be switched off by users.
For more information about our cookie policy visit: ….
Please note that our advertisers and third party partners may also use cookies. These parties may use so-called “third party” cookies so that they can track your response to their adverts and/or identify you on any other website that you visit which also contains their adverts. Please refer to their Privacy Notice for further details.
Social media login
Our websites and apps provide plug-ins to social media websites, including Facebook, Twitter, Youtube, and Instagram.
If you make use of, or log-in to, the social media features on our websites or apps, we may (depending on your privacy settings) access, use and store information about you, including, but not limited to: your name, e-mail address, gender, location, profile, picture, contacts, and any other information you have chosen to make available.
To find out more about the reasons and extent to which social media sites collect and process your data, or to change your privacy settings, please refer to your social media provider’s privacy policy.
Application for iOS and Android
We provide a free application to any user that wish to download it for the purpose of making your stay more pleasant and easier with activities such as hotel events, orders through your phone, travel guide and more. For those activities we may use your reservation details such as name, room number and arrival/departure dates along with your location, when using the maps. All information shared is solely done by your approval if you want to use the specific use.
Statistical usage is also tracked by default in order to better understand the app and fixing of bugs and other issues.
Above information provided is is no way shared with any third party and will not be used for advertising purposes.
You may remove the application and its data at any point without prior notice to us.
Information Collection and Use for the App
For a better experience, while using our Service, we may require you to provide us with certain personally identifiable information, including but not limited to crash report. The information that we request will be retained by us and used as described in this privacy policy.
The app does use third party services that may collect information used to identify you.
Link to privacy policy of third party service providers used by the app
Log Data
We want to inform you that whenever you use our Service, in a case of an error in the app we collect data and information (through third party products) on your phone called Log Data. This Log Data may include information such as your device Internet Protocol (“IP”) address, device name, operating system version, the configuration of the app when utilizing our Service, the time and date of your use of the Service, and other statistics.
Changes to our Privacy Policy
From time to time we may make changes to this Policy. This might be in relation to changes in the law, best practice, changes to the services we provide or collection and use of your personal information. We will always display clearly when the Policy was last updated and where appropriate, notify you of any relevant changes.
Contact
If you would like to get in touch with us, please contact:
ATRIUM HOTELS
Main Office: Ixia Bay
85100 Rhodes – Greece
Tel.: +30 22410 44901
Fax: +30 22410 44900
Email: info@atriumhotels.gr
Privacy contact: privacy@atriumhotels.gr
Data contact: dpo@atriumhotels.gr