We want to assure you that our hotel's Privacy Policy is compliant with the European Data Protection Regulation 2016/679 (GDPR) and the Greek Implementing Regulations. We wish to be transparent with you and explain why your information is collected when you visit our hotel website by making a reservation directly, filling out the contact form or sending your details by a request for a Booking form. We also aim to explain how (and for how long) we keep your personal information as well as how we secure and protect your rights. Please read our Privacy Policy carefully and if you have any questions about this Privacy Policy or the use of your personal data, please contact us by sending your request by e-mail to: welcome@aristideshotel.com. In order to use our website or our services, you must accept the terms and conditions of this Privacy Policy. If you do not agree with this Privacy Policy, please do not use our website or our services.

​

The hotel/business collects and processes the following data of its clients in order to provide its services and perform its activities in compliance with the national and European regulations and legislation: Personal data of the clients: Identification data: Name and surname, nationality, date of birth and identity card or passport number. Contact information: Landline or mobile number, email, home address. Special Category of Personal Data: The client on his own initiative shall inform us either upon the reservation or upon his arrival or during his stay on sensitive personal data such as health issues, allergies etc. Origin of the data: The Business processes the personal data of its clients provided to the former either by the clients themselves (prior, upon or after their arrival) or by other legally contracted parties (such as the travel agency). Purpose of the processing: The processing of the personal data of the clients is necessary for establishing and providing the services, the communication and the notification on matters that concern the provided service until the provision of such service is completed and the compliance of the Business with any legal obligation thereof. Legal Basis for the Processing: (a) For the personal data, the execution of the contract on the provision of services and the legal compliance of the Business. (b) The use of the contact information of the client for communication and promotion purposes based on his written and express consent. (c) The processing of photographs/videos of the client based on his written and express consent. (d) The processing of the sensitive personal data according to the law for the protection of his health and if necessary for the protection of public interest. Data Controller: Aristides Hotel locatedin FOURKA HALKIDIKI , tel. 23740 45045, email: welcome@aristideshotel.com. Personal Data Recipients: (a) The Business’s Management (b) The personnel and the partners of the Business that are related to the provisions of the services agreed by and between the Business and the clients, who shall keep the personal data in confidence and safety pursuant to relevant contracts, statements or/and authorizations and who shall process the personal data for the purposes of this processing. (c) Any natural or legal entity, public authority or office, judicial authorities, the public prosecutors or investigators and on occasions any third person, in the event that the transfer or disclosure of the data is required by law, court decision pursuant to the national or foreign legislation or the decision of any (d) Associated attorneys for the establishment, pursuit or defense of legal claims and the legal interests of the Business. Rights of the data subject: Notwithstanding the applicable law, on a case-by-case basis you shall exercise the following rights with regard to the aforementioned data: (a) Right of access (in order to be informed on which data of yours we process, for what purpose, the type of your data and the recipients thereof or the categories of the recipients thereof), (b) Right of rectification (for the rectification of any incomplete or inaccurate data of yours) (c) Right of erasure (right to be forgotten) (their erasure from our records under the condition that the processing thereof is not necessary anymore) (d) Right to restriction of processing (in case that the accuracy of the data is questioned etc.) (e) Right to data portability (receive your data in a structured and commonly-used format with regard to any data kept in an electronic record). (f) Right to object (on grounds that relate to your particular situation in case that your personal data are processed for the legal interests of the Business). (g) Right to withdraw the consent (you have the right to withdraw your consent, when it is necessary, at any time without affecting the lawfulness of the processing that was based thereon prior to the said withdrawal). You shall exercise these rights at no cost by sending a written application to the email address welcome@aristideshotel.com other authority. You must attach all necessary identification documents to any request filed. The Business may ask for additional information necessary to identify you. If your requests are evidently unfounded or repeated, then we have the possibility either: (a) to charge you with a reasonable fee considering the administrative cost for the provision of the information or (b) to refuse to process your request. In the event that you exercise any of your rights, we shall make any possible effort to address your request within a month for the receipt of any such request after we have informed you on whether you are able to satisfy your request or not and on what grounds. The said deadline might be extended by two months if necessary, considering the complexity of the request and the number of requests after we have informed you thereon. The aforementioned rights are subject to the restrictions provided by the applicable legislation. In the event that you exercise your rights and the Business refuses or unjustifiably delays the satisfaction of your requests, you have the right to address to the Hellenic Data Protection Authority who is the competent supervising authority for the implementation of the GDPR and the competent courts. Contact with the Hellenic Data Protection Authority In the event that you think that your rights on the protection of your personal data are violated, you have the right to file a complaint before the Hellenic Data Protection Authority at the post address Hellenic Data Protection Authority, Offices: Kifisias 1-3, P.C. 115 23, Athens, telephone: 210 6475628, email: contact@dpa.gr, fax: +30-210 6475628, www.dpa.gr) Security of processing: The Data Controller acknowledges the importance of the safety of the personal data. In the course of the processing we implement all the modern and appropriate technical and organizational measures whose effectiveness is checked on a regular basis in order to ensure the best possible security. Personal data retention: The Business shall retain and process the aforementioned personal data for as long as it is necessary in order to fulfill the aforementioned purposes of the processing, the compliance of the Business with its legal obligations, the defense against any legal claims against the Business in accordance with the applicable legislation. After the expiry of the retention period, the Business ensures the safe destruction of your data.