The Company, EKMETALLEUSI AKINITON HALKIDIKIS IKE, with the distinctive title “OCEAN PRIVATE VILLAS”, which is based in Pefkochori, Halkidiki, PC 63085, tel. 6944 941826 ensures the confidentiality of your personal data and adopts the General Regulation for the Protection of Personal Data 679/2016 of the European Union and the current Greek legislation in all procedures and stages of communication with you.
Purpose of this Policy
This Personal Data Protection Policy concerns the OCEAN PRIVATE VILLAS and the personal data of individuals processed by the Company. This policy provides to any individual, customer or visitor of the OCEAN PRIVATE VILLAS or visitor of the website of our Company https://www.oceanprivatevillas.com/ with concise and transparent information regarding the practices followed for the management and protection of personal data.
It concerns any transaction or series of transactions performed with or without the use of automated means, in personal data or in personal data sets, such as the collection, registration, organization, structure, storage, adaptation or modification, retrieval, search for information, use, disclosure by transmission, dissemination or any other form of disposal, association or combination, restriction, deletion or destruction.
The Policy is updated from time to time and may be amended whenever necessary, without prior notice, always within the applicable legal framework and in accordance with any changes in the current legislation on personal data protection. We therefore suggest that you check our website https://www.oceanprivatevillas.com/, in which, any posted revised version of this policy, prevails over the printed version.
The term “personal data” hereinafter referred to as “Personal Data or Data”, is any information concerning a specific natural person or person whose identity can be verified (e.g., name, identity number, address, etc.). Data related to health (physical or mental condition, receiving medical services, etc.) are included in the general term personal data; however, they constitute a special category of data.
Personal Data are obtained with following methods:
(a) When you apply for a job. The provision of your personal data in the context of submitting a CV to find a job in our Company takes place automatically and voluntarily as otherwise, it would not be possible to assess the possibility of your recruitment. The legal basis for the processing is in accordance with Article 6, (1) (b) of the GDPR “processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract”.
For more information, please check our CV Policy.
(b) Personal data related to your reservation, stay, arrival or departure are provided to us in person, during your stay at our facilities (registration/ entry). The submission of your data is of your choice and their processing in accordance with article 6 (1) (b) of the Regulation 2016/679 “processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract”.
(c) You provide to us your personal data during your stay at our facilities or after contacting us in order to receive information messages about our services in the context of marketing actions of the Company or in order to invite you to our Company events via email, online ads, social media, telephone, messages (SMS), announcements, via our call center. The submission of your data is of your choice and their processing with your consent in accordance with article with article 6 (1) (a) of the Regulation 2016/679 “the data subject has given consent to the processing of his or her personal data for one or more specific purposes”.
(d) We receive your personal data via third party cooperating companies (e.g. travel agencies). The processing of your data is in accordance with article 6 (1) (b) of the Regulation 2016/679 “processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
(e) Automatically, via your browser or the mobile device you use to access our website https://www.oceanprivatevillas.com/
(f) You provide your personal data to us when you fill out electronic forms or send an e-mail for a reservation or to be informed about the services provided. The submission of your personal data is at your option and their processing is in accordance with article 6 (1) (b) of the Regulation 2016/679 “processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract”.
Categories of Personal Data – Purposes of Processing
Personal data which are collected and further processed include:
-identification data such as your name, postal address, billing address, telephone number, details of booking, your arrival or departure, date of birth, passport number-date and place issue, nationality, details of your children, etc. The purpose of the collection and processing is the provision of hotel services in accordance with article 6 (1) (b) of the Regulation 2016/679 “processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract”.
-identification data such as CV, education status, work experience, etc. The collection, processing and maintenance of the above data is for the sole purpose of the selection and evaluation of prospective employees by the Company for the possibility of finding a job and in accordance with article 6 (1) (b) of the Regulation 2016/679 “processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract”.
-identification data, financial data, tax and contact details, such as VAT, Tax Office, address, etc. The collection, processing and retention of your data belonging to the above mentioned categories, is in accordance with article 6 (1) (c) of the Regulation 2016/679, “processing is necessary for compliance with a legal obligation to which the controller is subject”.
-health data related to the care and wellness services provided by the Company (medical history, medication, allergies, chronic diseases, etc.) The data belonging to the above-mentioned category can be transferred to third parties for the provision of services. The processing of your personal data is carried out in accordance with article (9) (2) (c) of the Regulation 2016/679 “processing is necessary to protect the vital interests of the data subject or of another natural person where the data subject is physically or legally incapable of giving consent”.
-identification data such as your habits, name, etc. regarding the services provided by the Company (transportation, sports activities, leisure activities, etc). The personal data can be transferred to third parties for the provision of services. The processing of your data belonging to the above-mentioned category, is in accordance with article 6 (1) (a) “the data subject has given consent to the processing of his or her personal data for one or more specific purposes”.
The Company will not process your personal data without your consent, where is required. However, the Company reserves the right, in exceptional cases, to process your personal data to the extent permitted or required by law, and/ or by court decisions or prosecutorial orders.
Recipients of your data
We may disclose your personal information (in whole or in part, as each time it appears) indicatively to:
a) all authorized persons of our Company, e.g. legal advisers, business consultants, external accountants, security technicians etc.,
b) specific persons of our Company, necessary for the selection process of candidate employees, e.g., Administration etc.,
c) authorized external partners (car rental companies, travel agencies, transport companies etc.), necessary for the execution of the contract between us,
d) providers of support for these data processing systems,
(e) judicial or supervisory or control authorities, within the scope of their jurisdiction,
(f) third parties who have a legal interest in establishing, exercising or upholding legal claims.
In cases where your consent to the disclosure of your data to third parties is required (where it is not mentioned by law), it will be explicitly requested by you and you have the right to revoke it at any time. In these cases, the Company assures you that it is in constant contact and takes all necessary security measures, so that the transfer of personal data is carried out in the safest possible way.
The Company undertakes the obligation to not trade your personal data by making it available for sale or rental by transferring or disclosing it to third parties or using it in any other way and for other purposes that might jeopardize your privacy and your rights and freedoms, unless required by law, court decision/ order, administrative act or if it is a contractual obligation necessary for the smooth operation of the Company’s website and the performance of its functions.
Your personal data may be transferred to partners or third parties, complying with the terms of this policy and committed to maintaining confidentiality and who act on behalf of the Company for further processing in order to provide services (e.g. data management, technical support etc.). These third parties have contractually agreed with the Company, that the personal data will be used only for the above purposes and will not transmit personal information to third parties, as well as will not disclose any personal data to third parties unless law requires it.
The retention period can vary significantly depending on the type of data and how it is used. Determining the retention time of data is based on criteria such as legal retention periods, pending or potential disputes, intellectual property or rights, contractual requirements, business instructions or archiving needs.
The Company is committed to keep your CV for one (1) year, after the job position is filled.
The tax data are kept in accordance with the current tax legislation.
Your sensitive data is destroyed two (2) months after your last visit to our facilities.
Data collected via video surveillance system are kept for up to 15 days after which it is automatically deleted. In the event that during this period we find an incident, we isolate part of the video and keep it for another (1) month, in order to investigate the incident and initiate legal proceedings to defend our legal interests, while if the incident concerns thirdly we will keep the video for up to three (3) more months.
In order to fulfill the purpose of processing that concerns the execution of the contract and to inform you about our services, a reasonable retention time of your data is the time of the operation of the Company and according to the current legal framework governing its operation, the legal framework governing the tax obligations of the Company as well as the Personal Data Protection Legislation.
CCTV – Data Processing
We use a surveillance system for protecting persons and property. The processing is necessary for the purposes of legal interests as a Controller and in accordance with article 6 (1) (f) of the Regulation 2016/679, “processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child”.
Our legal interest consists in the need to protect our property and the goods located in it from illegal acts, such as theft. The same applies to the safety of life, physical integrity, health as well as the property of our staff, our customers and third parties legally located in the supervised area. We only collect image data and limit the collection to areas where assessed with an increased possibility of committing illegal acts e.g. theft, such as at the entrance, without focusing on places where the privacy of the persons being photographed may be severely restricted, including their right to respect for personal data.
The kept material is accessible only by our authorized personnel who are in charge of the security of our facilities. This material shall not be transmitted to third parties, except in the following cases: (a) to the competent judicial, prosecutorial and police authorities when it contains information necessary for the investigation of a criminal offense involving persons or property of the controller; b) to the competent judicial, prosecutorial and police authorities when requesting data, lawfully, in the performance of their duties and (c) to the victim or perpetrator of a crime, in the case of data may constitute evidence of the act.
Data subject’s rights
With regard to your personal data, you may exercise the following rights: right of access, right of information, right of rectification, right of erasure, right of restriction of processing, right of data portability, and right of objection.
In order to exercise any of the above rights, please use the “Request Form” and send it either by letter to the Company’s headquarters (Pefkochori, Halkidiki, PC 63085, tel. 6944 941826), or via e-mail (in the Email account: email@example.com) always stating your complete details and the reason for your communication.
In case of exercise of one of the above rights, the Company will take every possible measure to satisfy your request within one (1) month of receiving it, informing you in writing of the satisfaction of your request or the reasons that prevent the satisfaction of one or more of them, as well as for the reasons of any delay beyond the above period of one (1) month and in any case not later than three months. The Company will also inform you of your further rights in case of improper response. This information is in principle provided free of charge by the Company, subject to the request for notification and information not to be exercised repeatedly, in excess and/ or to be manifestly unjustified.
If you consider that the Company in any way violates the current legislation on personal data, you reserve the right to file a complaint to the Personal Data Protection Supervisory Authority: http://www.dpa.gr, 1-3 Kifissias, PC 11523, Athens, tel. 210 6475600, e-mail: firstname.lastname@example.org.
In this case, we would highly appreciate your previous communication with the Company either by letter at its headquarters (Pefkochori, Halkidiki, PC 63085, tel. 6944 941826), or via e-mail (to the E-mail account: email@example.com ) Always stating you