PRIVACY POLICY OF ‘THALEIA and GEORGIOS VARDAKIS G.P.’

The company ‘THALEIA and GEORGIOS VARDAKIS G.P.’ acknowledges and respects the rules on the protection of natural persons with regard to the processing of their personal data, and therefore drafted and communicated this personal data protection policy, in accordance with the provisions of the national, European and international law with regard to the processing of personal data.

By means of this policy, the company under the name ‘THALEIA and GEORGIOS VARDAKIS G.P.’, and the distinctive title ‘PELION ESTIES’ lays down and discloses the conditions under which, in its function as ‘Controller’, as defined by law, processes your personal data, which it collects, when you enter into transactions at its venues, as well as when you visit its website or mobile applications.

Scope

This personal data protection policy is compliant with the provisions resulting from the European Regulation (EU) 2016/679 and all other relevant applicable legislation.

This personal data protection policy shall apply for the transactions of any natural person with the company as well as for the information provided through the company and its website.

The website www.pelion-villas.com is the website of the company, through which the company informs its clients on the services provided. Through the website, the customer may proceed to book either by being redirected to our page on the website of the company ‘Booking.com’ or by remaining at our website. Therefore, the personal data protection policy which shall apply while booking or navigating through our website is that of ‘Booking.com’ or ours. This personal data protection policy shall not apply for information which is collected through any other website. We are not responsible for information that is collected through other websites and we suggest that you read the personal data protection policy of all websites you visit.

What does personal data mean?

‘Personal data’ means information which may be used to identify a natural person (e.g. name and surname, telephone number, VAT number etc.).

.

What does processing personal data mean?

‘Processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Is provision of personal data mandatory?

The provision of your personal data to the company may be necessary to achieve the intended purposes or it may be optional.

If you refuse to provide the information necessary for the execution of the contract, it will be impossible to achieve the primary purpose for which the specific data is collected. The provision of additional, non-mandatory data is optional and does not affect the main purposes of data collection, as its provision serves exclusively for communication, updates, and the optimization of the services provided.

What personal data do we collect, and why do we process it?

We make sure to collect only your personal data which are absolutely necessary for the purpose intended, and particularly:

1. Name and surname, father’s name, date and place of birth, citizenship, address, VAT number, date of arrival and departure. These data are collected for the company to comply with its legal obligations and for the execution of the service contract.
2. The telephone number and possibly the e-mail address are collected and serve the execution of the service contract. These data are collected and may be used for sending you offers or updates, only with your consent.
3. The abovementioned information (1) and (2) will also be registered in a special book of events kept in our accommodation to enable tracing and informing contacts if a COVID-19 case is confirmed.
4. Credit card details are subject to processing for the performance of the service contract, namely to ensure the booking of a room and the fulfillment of the customer's obligation to pay the fee for the services received.
5. Special preferences are collected, with your consent, for the purpose of providing better services and a pleasant staying for the customer, during the execution of the service contract.
6. Data on the number of visits of our website.
7. Your username on social media, if you interact with us via those media, to help as answer your comments or questions.

How are your data used?

The company processes your personal data to:

• Fulfill the contractual obligation, in order to perform the sale of services, to satisfy its legitimate interests and to ensure its smooth functioning, to comply with its legal obligations and to be able to carry out or to contest legal obligations.
• Create a user account on its website.
• Stay in contact with its clients.
• Send information material (newsletter). With your consent, we will able to use your personal data to inform you about our products, services and actions via e-mail.
• Protect public health.

What is the legal ground for the processing of your personal data?

The data protection regulation defines the reasons why the company may collect and process your personal data. These reasons are the following:

• the performance of the contract to which you are a contracting party
• meeting the legitimate interests of the company
• complying with the legal obligations of the company
• your consent, for the reasons it is given.

Who are the recipients of your data?

Access to your data is given to the competent control authorities, the company's absolutely necessary personnel, who are committed to confidentiality and the companies cooperating with us or third-party service providers, who process your data as processors on our behalf and in accordance with with our orders and under the condition of maintaining confidentiality in any case, namely:

• Providers of IT application maintenance services and accounting support services 
• Credit and Financial institutions of the European Union, which have been licensed and operate legally
• The above, take personal data protection measures themselves, and process your data only in the context of our express and written order

How long do we keep your data?

We keep the above data, for as long as required by the national and European law, until the completion of the sales and purchase agreement or provision of services, in paper or in electronic form and moreover, for as long as required after it expires, namely until the completion of the limitation period of the right of the Greek State to carry out regular inspections and to impose fines for related violations. In case of any legal action of any kind involving the undersigned directly or indirectly, the abovementioned time limit shall be suspended throughout the proceedings and until an irrevocable court decision has been taken.

• to maintain confidentiality,
• not to send your data to third parties without the company's permission,
• take appropriate security measures,
• to comply with the legal framework for the protection of personal data and in particular Regulation 979/2016/EU.

How long do we keep your Data?

We keep your personal data for as long as Greek and European Legislation requires and until the completion of the contract of sale, or provision of services, in paper and/or electronic form and in addition for as many years as required after its expiry, until the completion of the time limitation of the right of the Greek State to carry out regular inspections and to impose fines on relevant violations.

In the event of the initiation of legal proceedings of any kind that directly or indirectly concern the signatory hereof, the above-mentioned data retention period shall be suspended for the entire duration thereof and until the issuance of an irrevocable court decision.

Are your data safe?

To ensure the security of your personal data, the company takes all technical and organizational measures to protect its paper and electronic files, from accidental or unlawful destruction, accidental loss, alteration, prohibited dissemination or access and any other form of unlawful processing.

In all cases, you have complete control of your personal data, which are provided and received for the abovementioned purposes. 

The company will not offer for sale, will not transfer in any way and will not disclose personal data of its clients to anyone, without their consent, except for the competent authorities, if it is required by the law.

What are your rights to the access and management of your personal data and your options?

According to the provisions of the national, European and international law, you have the right to ask:

• For a copy of personal data, which are or were subject to processing (right of access)
• To raise any objections at any time and to oppose the processing of data related to them (right of objection),
• To request correction (right of correction) or deletion of his data (right of deletion), provided that it is not contrary to legal provisions
• To ask the company for direct transmission of their data to another controller (right to data portability).

The abovementioned actions are carried out by us, after the submission and identification of your request, and within a reasonable time, which does not exceed 30 days.

Sending e-mails and newsletter

You may allow us or not to send you e-mails and newsletters for advertising purposesat any time.

You may withdraw any consent you gave with regard to the processing of your personal data, under the condition that it is not contrary to the law or our legitimate interests. We will comply with your wish, within a reasonable time.

How can you contact us?

If you have any questions or remarks regarding this personal data protection policy or you wish to update your information that we keep, or your preferences, please contact us at our e-mail address: info@pelion-villas.com.

If you wish to complain on how your personal data are processed, please contact the Controller at info@pelion-villas.com.

If you are not satisfied with our response or believe that we are not processing personal data in accordance with the law, you can file a complaint with the relevant Personal Data Protection Authority (www.dpa.gr, Kifisias 1-3 Athens, 2106475600 ).

The applicable legislation is the Greek legislation, as laid down in the Regulation (ΕU) 2016/679on the protection of natural persons with regard to the processing of their personal data, and in general, the national and European legal and regulatory framework with regard to the protection of personal data. The courts of Larisa are competent for any disputes.

This policy may be updated from time to time, due to changes in the relevant legislation or to changes in the company’s structure. Therefore, we encourage our clients/users to check this website regularly to stay informed about updates on confidentiality practices.