Information to our clients regarding implementation of the EU General Data Protection Regulation (“GDPR”) 2016/679
Regulation (EU) 2016/679, otherwise known as the General Data Protection Regulation (“GDPR”), on the protection of individuals with regard to the processing of personal data and on the free movement of such data, entered into force on 25 May 2018 and repeals European Directive 95/46/EC, thereby modernising the older data protection framework. GDPR aims at producing a new, effective framework of data protection and at creating business opportunities, and enhancing innovation, while ensuring data subjects are given greater protection and control over their personal data. In performing our responsibilities as the Management of the Hotel, we are committed to guaranteeing maximum protection of the personal data of the Hotel’s clients, and have made protection of clients’ data privacy a top priority. We believe that GDPR presents important opportunities that, if properly pursued, can help improve the way businesses operate. Accordingly, we have deployed all the measures required for the protection of the personal data we handle, in the context of complying fully with the new regulatory framework, transforming the culture of respect and protection of our clients’ personal data into a core component of our day-to-day operations. The Hotel’s Management (as Data Controller) hereby wishes to assure our clients that:
- We make protection of your privacy a top priority.
- We exercise full transparency in the way we manage your personal data.
- We collect and process your data only for legal, legitimate, clear and predefined purposes.
- We treat all of our clients’ information as confidential, taking every technical and organizational measure to protect such information.
- We do not disclose or transmit your personal data to third parties without your consent, unless permitted by law or by our agreement with you.
- We observe the law in full, and in our capacity of Data Controller comply with all our obligations arising from said law.
At the Paliria Hotel we have absolute respect for our clients and hold the protection of their privacy as one of our top priorities.
1. What personal data do we collect?
The types of personal data we collect from you depend on the services you want us to provide you. In particular, in the context of fulfilling the terms of the agreement between us regarding the booking and renting of a room, we collect from you, either by means of the form that you complete or by means of direct communication between you and a member of our staff, such personal data as are absolutely necessary for performing our services under the terms of the agreement, including (a) personal details (e.g., your name, gender, date of birth, ID number, VAT number or other ID particulars); (b) other more specific personal data, such as information regarding your health (e.g., diabetes, special dietary requirements); (c) your contact details (e.g., phone number, postal address, e-mail address, fax number), and (d) credit or debit card details, or details of other billing cards (including cardholder name, card number, billing address, expiry date), provided, of course, that you have chosen to pay by card.
Our Company processes your personal data throughout the duration of the contract between us and after the cessation or termination of such contract for as long as is prescribed by the applicable legal and regulatory framework, or until the end of the applicable time bar on any claims that may arise from the said contract between us.
2. Why do we collect and process your personal data?
We hold and process the personal data that you have provided to us so that we can provide you with the services you have requested, issue your bill(s), and manage, provide, adjust and improve our services and business activities. In addition to the above, our Company collects your personal data for the following purposes, in the context of fulfilling our part of the contract between us, i.e. (a) to notify you of significant changes or developments in relation to services that we already provide to you, and to communicate with you by e-mail, fax, telephone or other means on any matter arising in the course of performing the contract between us, such as, for example, answering questions or complaints you may have about the services provided, (b) to defend our rights before any Court and any authority, and for the purposes of executing and complying with court rulings or legal provisions, directives, regulations and circulars, and (c) with your consent, to update you about, and promote, our services via SMS and telephone.
3. To whom do we disclose or forward your personal data?
In order to meet effectively the purposes outlined above, we may transmit, disclose, grant access to or share your personal data with third parties, while always observing the principle of proportionality and data minimization. In this case, third parties may be: (a) any third party that provides customer services or customer satisfaction services and solely in the context of providing these specific services; (b) affiliates providing our company with data centers, servers or software solely in the context of providing such services; (c) financial institutions solely in the context of clearing the financial transactions conducted between us by virtue of our contractual relationship; (e) insurance companies; (f) government services, legal entities of public law, legal entities of private law, judicial authorities, regulatory bodies and agencies, irrespective of their jurisdiction or level, (e) auditors, accountants, notaries, bailiffs or other economic or professional advisers, and (f) our specific or universal successors, in the event of sale, disposal, merger or liquidation of our business.
The Hotel does not transmit the personal data, which it processes to third parties outside the EU and/or international organisations.
The Hotel does not proceed to automated individual decision-making, including profiling.
4. What are your rights?
Under Regulation (EU) 2016/679, as a “data subject” you have the following rights:
i. Right of access: You, our customer, as data subject, have the right to obtain from us, as data controller, confirmation as to whether or not personal data concerning you are being processed, and, when that is the case, to access to such personal data, and obtain a copy of said data. If you wish to obtain a copy of part or all of your personal data in our records, please contact us.
ii. Right to rectification: We shall always endeavor to make sure that the personal data we hold regarding you is accurate. Accordingly, if you find that some of your personal data are inaccurate or incomplete, please do not hesitate to ask us to rectify or complete said data.
iii. Right to erasure (“right to be forgotten”): We want you to be aware that you are entitled to ask us to erase your personal data, if (a) these data are no longer needed in the context of our contractual relationship, (b) these data were submitted for processing illegally and used beyond the purposes specified herein above, and (c) such erasure is required by law.
iv. Right to data portability: When exercising your right to data portability, you are entitled to ask us to send your personal data from our Company to another company, when this is technically feasible.
v. Right to object: You are entitled to revoke (in whole or in part) your consent regarding the collection and processing of your personal data by our Company. In this case, you should be aware that any revocation of your consent could result in the termination of our contractual relationship, if said consent is required for it to continue.
vi. Right to lodge a complaint with a supervisory authority: Notwithstanding any other administrative or judicial recourse, every data subject is entitled to lodge a complaint with a supervisory authority, specifically in the member state in which he has his habitual residence or place of work or the place where the alleged infringement is committed. In any case, you have the right to have recourse to the Personal Data Protection Authority if you believe that you are adversely affected by the processing of your personal data and you consider that the processing of your personal data is in violation of Regulation (EU) 2016/679.