Privacy Policy

We respect your right to privacy and treat the personal data you give to us with care and we act according to the European Regulation 2016/679 (GDPR) for the protection of the personal data and the Greek Legislation. This Privacy Policy describes how we collect, use, share, store or otherwise process the information we hold about you. We are committed to ensuring the personal data you provide is used for the purpose it was collected and is kept secure.

We encourage you to read this Privacy Notice carefully when using our website or services or transacting business with us. By accepting this Privacy Notice you are informed and you provide your free, informed, specific and unambiguous consent for the personal data you provide on the website at https://www.atriumhotels.gr/

Your personal information allows us to provide the products and services you have asked for, as well as enabling us to improve those products and services by understanding your interests and preferences.

Please note that Atrium Hotels is the Data Controller of your personal data. PRESIDENTIAL and AITHRION PALACE, (Greece) Limited (“we”, “our”, “us”) is the data controller when you provide information to any of our brands, including: Atrium Platinum, Atrium Palace and Atrium Prestige.

The principles set out in this Privacy Notice apply to all instances in which Atrium Hotels receives your personal data as a Data Controller for the purposes described in this notice. Those purposes are processing of data in order to participate in the various activities available on this website or as mentioned below.

If you have any questions about our privacy practices, please refer to the end of this Privacy Notice for information on how to contact us.

Atrium Hotels is the only Data controller of these data. The term “personal information or personal data” in this Policy refers to information that identifies or is capable of identifying you as an individual.

We do not sell, rent or otherwise disclose personal information collected by us to third parties in the ordinary course of business. The use of information collected through our website shall be limited to the purpose of providing the service for which you have engaged us.

When you interact with our products and services, for example when browsing our website or booking a hotel room οr you filling in any contact form, we collect information about you and that particular interaction.

Generally, the types of personal data that we process may include:

1. 1. Data provided by users for making reservations, both through our website, the call center, the contact form on our website and emails for room bookings and combined packages (airline tickets and room bookings):

• name, surname,
• email address
• credit card details (name/surname of the holder, card number, expiration data and security code)
• arrival time and other requests
• dietary and other requests
• allergies

Data the user provides on a voluntary basis:

• country
• telephone number
• company
• address (name, number)
• purpose of stay
• city/location
• state/region
• postal code
• comments

1. Data provided by users for changing or cancelling their reservations:

• name, surname
• email address and/or telephone number.

• credit card details (name/surname of the holder, card number, expiration data and security code)

1. Data provided for sending out Newsletters:

• email address.

1. Data provided by applicants for submitting employment applications

• name, surname
• e-mail address
• CV, résumé
• telephone number (on a voluntary basis)

When referring to the notions of “special categories of personal data” or “sensitive personal data”, it means that this kind of personal information reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership and genetic data, biometric data which allows to uniquely identify a natural person, health data and/or data regarding sexual orientation. At Αtrium Ηotels, we do not collect sensitive personal data, unless you provide us them along with an explicit consent for every related purpose of processing. Such a case is when we ask you to provide us information about your health (i.e. allergies), in order to be able to offer you the best gastronomic services in relation with your health status. This information is stored securely with restricted access and handled with the greatest respect for your privacy. Where you provide information to us about other people, you need to make sure you have their permission to do so or that you can speak on their behalf, for example, in the case of children.

mages/video

We collect, process and store images through our video-surveillance systems (“CCTV systems”), where installed, for security reasons, pursuant to the requirements and standards set by the national and union law for the retention of data, sound and images. In many cases, non-operational CCTV systems are available (“replica cameras”) for precaution and safety purposes.

Security Reports

Reports including personal data are being prepared by our Security department for security reasons (i.e. incident reports, object lost reports, open safe list etc.). Such reports may include personal information, such as name, surname room number and will be recorded only for security purposes.

Accident form

In case an accident occurs in our premises, you will be requested to provide information such as your name, surname, date of birth, room number, duration of stay, as well as some additional information about the accident, such as the location of the incident, date and time of incident, it’s nature and any further relevant details.

Our Security department collects data for:

• The operation of the CCTV system in order to guarantee the security of our employees, establishments and equipment. Our legal basis is the legitimate interest.
• The creation of security reports. Our legal basis is the legitimate interest.
• To assess and investigate an accident/incident according to relevant internal procedures, for the proper handling of any legal issues arising onwards:
• Transferring data to our insurance company. Our legal basis is your explicit consent, if provided.
• Handling of the incident. Our legal basis is that processing is necessary for the establishment, exercise or defense of legal claims or whenever courts are acting in their judicial capacity.

For us, your feedback is valuable, as it helps us improve our services to you. You may at any point provide us with your feedback, by completing our Guest Questionnaire (either in paper form or through our mobile app/wifi). If you wish to complete it, the provision of personal information (i.e. your name, surname, room number email, address, country, profession, arrival data, length of stay, data of birth) is optional.

We collect the data you provide us through our Guests Questionnaires either in paper form or through our mobile app/wifi for:

Evaluating your experience, improving our services, as well as to further contact you to discuss your experiences during your stay at our premises, and evaluate services rendered to you in the future. Our legal basis is our legitimate interest.

The justification for processing your personal data will be as follows:

1. for making reservations, both through our website, the call center the contact form on our website and emails for room bookings and combined packages (airline tickets and room bookings): performance of the contract between the parties. The use of the Website, is to provide an online booking service (room or flight) to its users (legitimate interest of Atrium Hotels)
2. for changing or cancelling their reservations: the performance of the contract between the parties. The use of the Website, is to provide its users with the opportunity to amend or cancel their bookings (legitimate interest of Atrium Hotels).
3. for sending newsletters: the consent provided by the user. However, if the user withdraws its consent, this will not affect the legality of prior processing.
4. for submitting employment applications: the consent provided by the user. However, if the user withdraws its consent, this will not affect the legality of prior processing.

We take all the necessary precautions, security measures as well as the relevant technical and organizational measures to ensure the confidentiality of the provided personal data. We have secure systems and processes in place to ensure the personal information you provide us is kept safe. We store personal information on our secure electronic systems.  We can assure you that we take all reasonable steps to ensure your data is handled securely under appropriate agreements with our suppliers.

 At Atrium Hotels, it is not part of our policy to seek or obtain personal data directly from minors (i.e. under the age of 18) without their parental or legal guardian’s consent. However, as it is impossible to always determine the age of persons who access and use our websites, we encourage parents or guardians to contact us if they notice any case of unauthorized data provision by minors in order to exercise accordingly their rights such as deletion of their data.

How we use the data we collect from this website?

 We always base the processing of your personal data to a valid legal basis such as law, contract or your explicit consent etc.

We need your personal data in order to:

a. Comply with legal obligations:

• Verify your identity
• Monitor the use of our products and services and content
• Facilitate administration and marketing purposes including analyzing your travel and accommodation preferences, as well as communication purposes in relation to our products and services our strategic marketing partners, and other trusted third parties (ELSTAT)
• Comply with general legal obligations on us
• Keep guests safe and ensure the security of our hotels
• Ensure the acceptable use of our services
• Facilitate payments and credit checks (i.e. completing a reservation, billing purposes etc)
• Investigate and respond to disputes
• send you product or service related communications, service messages (Law 3471/2006)

b. Enter a contract or fulfill the hospitality contract we have with you:

• Provide you with help and support where it may be required. For example, we may contact you to provide assistance if experience technical difficulties, where we have your contact details
• Provide you with the products and services you have requested, including administering your booking, amend it or cancel it, responding to any enquiries, complaints or requests you may have
• Verify your identity
• Process a transaction (i.e. completing a reservation, responding to a request for information etc)
• Detect ad blockers and other technologies that affect the services we provide
• Send you product or service related communications, service messages
• Offer you the opportunity to work with us and become a member of our hospitality team

c. Promote the legitimate interests of Atrium Hotels:

• In order to help you enter a contract with us or to fulfill the hospitality contract we already have between us. (Verify your identity, provide you with the products and services you have requested, including administering your booking, amend it or cancel it, responding to any enquiries, complaints or requests you may have)

• Improve our services as well as promote questionnaires or surveys in order to provide you personalized offers about our products and services;

• Make decisions about what direct marketing to show you based on how you have interacted with us
• Monitor the use of our products and services and content
• Improve our products and services online and offline, including our websites and apps
• Comply with legal obligations on us
• Keep guests safe and ensure the security of our hotels
• Offer you personalized information about us and special offers, goods, services any events that may interest you or/and send you direct marketing, where you have consented
• Ensure the acceptable use of our services
• Facilitate payments and credit checks

• Offer you the opportunity to work with us
• Improve the efficiency of our websites and our various means of communications, facilitate our advertising campaigns, and/or promotional activities

• Facilitate administration and marketing purposes including analyzing your travel and accommodation preferences, as well as communication purposes in relation to our products and services our strategic marketing partners, and other trusted third parties (ELSTAT)

However, for certain activities we may also need your explicit consent to process your data. Where the consent is needed for the processing it is clearly mentioned in this Privacy Notice.

 In addition to sending you information about the products and services you use (product communications) and in-life communications while you stay with us, where we have your permission or where we are relying on our legitimate interest, we may send you direct marketing communications about our products, services, events and offers.

Direct marketing communications may be sent by post, email, telephone, SMS and MMS, through social media (such as Whatsapp, Instagram, Twitter, and Facebook), messages including push notifications to your mobile devices, and via other electronic means such as when you visit our websites or use our apps. This may also include any websites and apps of our partners who are in our advertising networks.

We may send you direct marketing while you have an ongoing relationship with us and for a reasonable time after you have used one of our products or services where we feel we have a legitimate interest.

Wherever we rely on your consent, you will always be able to withdraw that consent, although we may have other legal grounds for processing your data for other purposes, such as those set out above. You have an absolute right to opt-out of direct marketing, or profiling we may carry out for direct marketing, at any time. You can do this by contacting us using the details set out in the end of this Privacy Notice.

We will retain your information for as long as necessary for the uses set out in this Policy or while there is a legitimate business reason for doing so. If you ask us to delete your information before this time, we may not be able to do so for technical, legal, regulatory or contractual constraints. Your information will be retained in order to comply with legal and regulatory obligations as well as for analysis, to prevent fraud, collect any monies owed, and to resolve disputes.

More specifically,

1. for making reservations, both through our website, the call center, the contact form on our website and emails for room bookings and combined packages (airline tickets and room bookings): the data will be stored throughout the contractual relationship, and after termination of the same, for the limitation period for legal actions that could result from it.
2. for changing or cancelling their reservations: will be stored throughout the contractual relationship, and after termination of the same, for the limitation period for legal actions that could result from it.
3. for sending newsletters: will be stored for as long as the user does not withdraw the consent provided for this.

4.for submitting employment applications: if your application for employment is unsuccessful, the organisation will hold your data on file for 12 (twelve) months after the end of the relevant recruitment process. If you agree to allow us to keep your personal data on file, we will hold your data on file for a further 6 (six) months for consideration for future employment opportunities. At the end of that period or once you withdraw your consent, your data is deleted or destroyed. You will be asked when you submit your CV whether you give us consent to hold your details for the full 18 months in order to be considered for other positions or not.

If your application for employment is successful, personal data gathered during the recruitment process will be transferred to your Human Resources file (electronic and paper based) and retained during your employment. The periods for which your data will be held will be provided to you in a new privacy notice.

As a data subject, you have a number of rights. You can:

• access and obtain a copy of your data on request; You may request a copy of your personal information which we may hold about you by getting in touch with us using the contact details below. You may also ask us to correct any inaccuracies in your personal information. This right may be restricted by law where disclosing information may result in the personal information of other individuals being disclosed and it would be unreasonable to do so.
• require Atrium Hotels to change incorrect or incomplete data;
• require Atrium Hotels to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing; and
• object to the processing of your data where Atrium Hotels is relying on its legitimate interests as the legal ground for processing.

If you would like to exercise any of these rights, please contact Atrium Hotels at [email protected]

We will carefully consider your request as there may be circumstances which require us to, or allow us to, continue processing your data.

If you believe that the organisation has not complied with your data protection rights, you can file a complaint to the Greek Data Protection Authority (http://www.dpa.gr/portal/page?_pageid=33,15048&_dad=portal&_schema=PORTAL)