For the processing of Personal Data of users of Photo Booth application
Introduction
This Privacy Notice applies to the processing of your personal data (hereinafter referred to as “Personal Data”) as a user of the Photo Booth application (hereinafter referred to as “User” or “Guest” or “you”) made by the companies mentioned in the Joint Controllers section (hereinafter referred to as “Companies” or “we”).
As as a user of the Photo Booth application you are entitled to the protection of your Personal Data. The Companies respects your privacy and your personal data and always complies with the Personal Data Protection Legislation. The hotel also undertakes to act transparently as to how to collect and use the data in the course of fulfilling its obligations.
The term “Personal Data Protection Legislation” (hereinafter referred to as “Legislation”) means all laws, regulations, directives, etc., Greek or European that deal with the processing of Personal Data, privacy and security.
Basic, but not exclusive, laws are the General Data Protection Regulation (GDPR), the e-Privacy Directive for the protection of privacy in electronic communications, and any other Opinions or Guidelines issued by the Hellenic Data Protection Authority.
It is important that you read carefully and keep this notice which is explaining explicitly how and why we collect your Personal Data, what we do with them, how long we maintain them, with whom we share them, how we protect them, and the choices you can have about them. In this way you will always be fully aware of the ways and the purposes for which we use this data and your rights in accordance with the Legislation.
Joint Controllers
The following companies, operate under common business interests and with a common object of activity. In this context, they jointly process the personal data as joint Controllers (within the meaning of the Personal Data Protection Legislation) for the fulfillment of their common purposes using common means of processing.
IOANNIS MINETTOS SA
Lindos Imperial Resort & Spa
Kiotari, Rhodes, 85109, Greece
Tel: +30 22440 32000
Fax: +30 22440 29209
Email: [email protected]
LINDIAN HOTELS SA
Lindos Grand Resort & Spa
Vlycha Lindos, Rhodes, 85107, Greece
Tel: +30 22440 32000
Fax: +30 22440 32007
Email: [email protected]
LINDOS HOTELS SA
Gennadi Grand Resort
Gennadi, Rhodes, 85109, Greece
Tel: +30 22440 43043
Email: [email protected]
https://www.gennadigrandresort.com
KLEOVOULOS SA
Lindos Village Resort & Spa
Vlycha Lindos, Rhodes, 85107, Greece
Tel: +30 22440 32000
Fax: +30 22440 32007
email: [email protected]
Lindos Royal Resort
Vlycha Lindos, Rhodes, 85107, Greece
Tel: +30 22440 32000
Fax: +30 22440 32007
email: [email protected]
Principles of Processing
In the context of complying with our Privacy Policy, we make every effort and in particular:
- We process your personal data in a fair, legal, fair, clear, objective and transparent manner.
- We collect your data only for specified, explicit and legitimate purposes that we deem appropriate and have been adequately explained to you. We also assure you that they will not be used in any other way except for those purposes.
- We collect and maintain the least possible data, which is appropriate, relevant and absolutely necessary for processing purposes.
- We confirm that the data is correct and kept up-to-date and accurate.
- We will retain your data only for as long as we need it to fulfill any processing goal.
- We will make sure that we store them with the appropriate security.
- We process it in a way that ensures that it will not be used unlawfully or contrary to your will.
Legal basis for the processing of personal data
We process your Personal Data according to the legal basis mentioned in particular below:
- Processing is based on your consent, given for one or more specific purposes.
Personal Data we Collect and Process
Personal Data is any information that relates to you as an identifiable person. In detail, the Personal Data we collect and process are described below:
- Your email address
- Your photograph taken from Virtual PhotoBooth app
Purpose of Collection and Processing of Your Personal Data
We process and use your personal data for one or more of the following purposes:
- For the provision of the PhotoBooth service
- For our guests’ mailing database for any promotional actions (Newsletters, etc)
- For posting your photos on our social media channels (Facebook, Instagram, Tik Tok, etc)
How long do we keep your data?
We will retain the users Personal Data for a maximum period of 5 years, unless the user withdraws his/her consent.
Your data may also be deleted in one of the following cases:
- when they are no longer necessary for the purposes that are collected
- when deletion is necessary to comply with our legal obligations
- at your request, provided there are no compelling legal reasons for maintaining it.
Data will be destroyed in a secure way when it is no longer necessary.
Your Rights on the Protection of Personal Data
Under certain conditions set forth in the Privacy Policy, you have the following rights regarding your personal data:
- Right to Transparency. You have the right to know who is processing your data, how it processes, what are they and for what purpose.
- Right of access. You have the right to request free access to your personal data.
- Right to rectification. You have the right to request the correction of inaccurate personal data and fill in incomplete information.
- Right of remission (“right to delete”). You have the right to request the deletion of your personal data under certain conditions, such as when the data are no longer necessary in relation to the purposes for which they were collected, you have withdrawn your consent and there is no other legal basis for processing, the data have been subject to unlawful processing, etc. Deletion cannot be applied when processing is necessary to meet a hotel’s legal obligation, to perform a duty performed to the public interest, for the exercise of public authority assigned to the hotel on the grounds of public interest in the field of public health, for establishing, exercising or supporting legal claims etc.
- Right to limit processing. You have the right to request the limitation of the processing of your personal data when their accuracy is questioned, the processing is illegal, the data is no longer needed by the controller or you have objections to the automated processing.
- Right to data portability. You have the right to request the transfer of your data to another controller where technically feasible.
- Right of objection. You have the right to oppose to the processing of your personal data, provided that the public interest is not prejudiced. The right to oppose to certain forms of processing of your personal information, so not to be subject to the legal consequences of automated processing or formatting.
If you have given your consent to the use of some of your data, you also have the unlimited right to withdraw it at any time. Recalling your consent means that we will stop processing the data you have previously given your consent. The hotel reserves the right to determine what information should continue to be retained in order to fulfill its tax and legal obligations in general. There will be no consequences for the withdrawal of your consent beyond the hotel’s inability to perform this action.
You can exercise your rights by contacting the Companies or by sending an email to [email protected] or using the Data Submission Form. If you exercise any of your rights in writing on request, we will take every possible action to process your claim within thirty (30) days of receipt. If you do not receive a response within 30 days or are not satisfied with our response, you have the right to complain to the Data Protection Authority.
You have the right to complain to the Data Protection Authority, which enforces data protection laws, if you have concerns about how the Hotel is processing your personal data or you are dissatisfied with our response to your complaint or request.
Hellenic Data Protection Authority
1-3 Kifissias str. 115 23, Athens
Tel: + 30-210 6475600
Fax: + 30-210 6475628
email: [email protected]
Protection of your personal data
Data is stored in a variety of resources, including the physical file, the Website, the Property Management System, and other IT systems (including email). The data are stored in the whole and the format they are submitted to, without any interference with their content.
We have established a set of technical and organizational security measures to prevent the use or access of your personal information with an unauthorized or illegal way, accidental loss or damage to their integrity, their change or disclosure.
In addition, we restrict access to your personal information only to those who have a business need to know. They will only process your personal information in accordance with our instructions and are subject to a confidentiality obligation. Your Personal Data will be processed by a Third Processor only if he agrees to comply with the specific technical and organizational data security measures.
In case of a breach of data security we will notify you and any applicable regulatory bodies where we will be legally obliged to do so.
Questions, Concerns or Complaints
If you have questions about this Privacy Policy, if you would like to complain about how your personal data is processed by the Companies or its partners you have the right to contact us. The contact details can be found in the Joint Controllers section of this notice.
Amendments to this policy
The Companies reserve the right to modify this Notice and its associated practices at any time in order to respond to changes in the regulatory environment, business needs, or to meet the needs of the subjects, properties, strategic partners and service providers without notice. Such changes, modifications, additions or deletions to the Notice will replace previous disclosures and will enter into force immediately upon publication.