Last modified: 25.05.2020
Effective date: 25.06.2020
Thank you for visiting our website www.anandaretreat.gr which is dedicated to providing accommodation services of the highest quality to the island of Thira (Santorini) Greece. Through our Website you can review our services and remotely visit the wonderful island of Santorini while our hotel and staff are anxiously waiting for you to visit us and have a memorable stay.
Our hotel is operated by IOANNA PANAGIOTOPOULOU and our contact details can be found below:
While providing our services and/or offering them via the Website we need to collect certain personal data and our primary goal is to keep it safe and secure and protect your privacy. We regard your wish to spend some time on our premises and relax with the highest respect and therefore all necessary measures are in place to safeguard your ultimate right to personal and private time.
Offering our services means that except for the Website, where you can directly access and book the services you wish for, we engage and cooperate with third parties, such as online booking engines, tour operators and travel agencies through whom you may request and receive our services.
As of May 2018, our Accommodation has fully aligned its policies and operation with the requirements of GDPR (General Data Protection Regulation) and only works with people and entities who share the same views and high sense of responsibility towards the need to lawfully and safely process personal data.
Personal data refers to any information related to an identified or identifiable person and basically refers to all information that may identify you as an individual.
As mentioned above, you have the ability to review and book our services through third parties (e.g. third parties’ online platforms/applications or other service providers). When doing so, information provided by you to these third parties may be separately collected and processed by them, so you need to be mindful of their privacy policies.
Persons browsing through our Website and interacting with it and any features and/or applications operated by the Website are considered as Visitors.
When visiting our Website, we collect the following information (i) IP address, (ii) device and browser type as well as the device operating system, (iii) the pages you visited on our Website, and (iv) the time you spent on our Website.
When you choose to contact us via our online Contact form you will be requested to fill in your full name, a valid e-mail address (required field) and optionally your phone number, your country of origin, possibly requested arrival and departure dates.
In order to make a booking you will have to provide us with your name and last name, your country of origin as well as a valid e-mail address and a mobile phone number. You are free to provide any requests or additional information you may consider important so that we can provide additional services requested (if possible).
Additionally, you will be requested to fill in your debit/credit card details in order to proceed with your transaction as per the terms of your booking.
If you decide to receive our accommodation services either via our Website Online Booking Platform or through third parties, then you are considered a Guest.
Please see in the above section.
Once you arrive at our Accommodation, we will ask you to fill in a check-in form where you will have to provide us with the following data: Full name, e-mail address, date of birth, Passport Number, Nationality, Profession, Company (Employer if applicable), full address details (city, street and number, ZIP code), telephone number (home or mobile) and fax number. You will also be requested to present the credit/debit card used for payment/guarantee while it is noted that the holder of the card must also be present during check-in. As per legal requirements, we will also ask and receive a photocopy of the passport of all other guests staying with you.
As already mentioned you may as well request third persons to intervene for making a booking in our Accommodation. In such instances we shall receive all personal data already provided by you and especially those mentioned under 1.2.(b).
Kindly note that our premises are monitored by closed circuit television systems (installed as per legal requirements) while certain data may be collected if you choose to use our wired or wireless networks (data about your device or your location). Data shall also be collected through the use of card keys and other security and/or technology systems.
Under normal circumstances we will not ask, nor will we hold special categories of personal data i.e. health data, religious beliefs. Any such data will only be provided by you and/or under your explicit consent by third parties (e.g. online platforms) if you wish us to adapt our services to specific requests (e.g. meal preferences, food allergies, use of spa services) and subject to availability of such custom services.
Personal data are provided to us either by you personally either by third parties acting on your behalf and under your explicit authorization (e.g. online booking platforms, tour operators, etc.).
Kindly note that if you provide us with special categories of data in order to receive personalized services, such data will not be used for any other purposes.
We use personal data to maintain the safety of our facilities, services, guests and personnel (e.g. CCTV data, data collected from the use of room card-keys).
We may use personal data to investigate or address claims or disputes relating to services or as otherwise allowed by law or as requested by public, police or other authorities. Additionally we shall process personal data to detect and prevent fraud.
Greek authorities issue annual reports referring to the number and nationality of foreigners visiting Greece and we shall disclose in anonymized and aggregate form the aforementioned details (if provided by the guest).
Under normal circumstances we shall not use your data for purposes other than those originally collected for. However, should that be the case we shall inform you in a proper and timely manner for any new processing of your personal data along with all details set out by law.
We may disclose personal information if that is required by EU or national legislation or in compliance with a ruling, order, mandate received from any authority or court. Legislation may also require collection and disclosure of personal data e.g. passport information to police authorities, guests’ information in line with Covid-19 measures. We may also share personal data in order to establish or exercise our rights, to defend against a legal claim, to investigate, prevent, or take action regarding possible illegal activities, suspected fraud, safety of person or property, or a violation of our policies.
(c) Investors, to the extent that the expansion of business activity requires a due diligence by an interested investor, taking any measures necessary to secure and protect confidentiality of personal data.
Our Accommodation does not transmit personal data in countries or international organizations outside the EEA.
We would like to draw your attention that in the event you do not allow us to collect personal information from you, we may not be able to deliver certain products and services, while some of our services may not be able to take account of your preferences. If collection of personal information is mandatory, we will make that clear at the point of collection so that you can make an informed decision whether you shall proceed with visiting our Accommodation and making use of our services.
For the exercise of your rights, you can contact us via our Contact Form on this Website under the subject “Exercise of Data Subject Rights” or send an e-mail at email@example.com and we shall proceed with any required action to respond in a timely manner and within the time limits set by law. Exercising the aforementioned rights is free of charge unless requests are repeated in an unreasonable way or excessive.
Law provides you with the ability to lodge a complaint to the competent data protection authority in your country of residence or the country of our main establishment. Please find below the contact details for the competent authority in Greece:Hellenic Data Protection Authority
Our Accommodation has taken all necessary technical and organizational measures for the safety of your personal data. We have applied all required procedures, such as encryption and pseudonymization, in order to prevent unauthorized and/or unlawful access or transmission to third parties. Our standard procedures include periodic review of security measures but it must be considered that despite our best efforts, these are not perfect or unbreachable.
We retain personal data for the period necessary to fulfill processing purposes unless legislation requires or allows retention for a longer time period. We retain information in our reservation system for at least five (5) years following a guest’s departure in order to process your booking and provide invoicing and recordkeeping.
Our and services, as well as the website www.anandaretreat.gr do not address to children under 15 years old. Therefore, we do not knowingly collect personal data belonging to minors that do not meet the required age criteria. In that case minors are not allowed to make use of our Website and not provide any personal data.
In case you realize, acting under your capacity as guardian or parent that a minor has notified personal data to us, please send us immediately an e-mail through Contact Form.