The company under the name “IONIC SUITES“, which is located in the Municipality of Mykonos, is the owner of the hotel “IONIC” and is legally represented (hereinafter “Company”), hereby declares that it respects your privacy and its primary concern is the effective protection and security of your personal data.
In this context, the Company shall be bound to keep and process personal data respectingthe provisions of the applicable national and EU legislation, in particular, accepts to safeguard the security and confidentiality of personal data and to fulfil security conditions in order to prevent in any manner, where possible, loss of data,unlawful or improper use, as well as unauthorized access to them.
1. Purpose and procedure of processing personal data
The personal data you provide us with will be processed for the following purposes:
(a) for the purpose of reservation management – planning & ensuring the appropriate and best possible conditions and specifications for the reception and service of the hotel’s customers
(b) for the purpose of immediate, personalized and efficient customer service
(c) for the purpose of processing and management of payments of hotel bills
(d) for the purpose of making purchases of supplies and other necessary raw materials, or services by suppliers (placing orders, executing orders, receiving raw materials, goods and ready-made products, making payments)
(e) for the purpose of human resources management (recruiting employees, making the payroll payment of employees and business associates of the Company, as well as any provision of private health insurance to them).
The Company will collect, keep and process personal data limited to a strict minimum and to what is necessary for the purposes for which they are processed.
Personal data will be processed both by automated means and other than by automated means which will form part of a filing system.
2. The kind of personal data we collect.
Personal Data means any information about a person from which that person can be identified. The concept of personal data does not include any anonymous personal data from which the natural person is not identifiable.
Due to the above-mentioned processing purposes, as described under -1-, we may collect and process personal data that we have indicatively categorized as follows:
(a) for the purpose of reservation management – planning & ensuring the appropriate and best possible conditions and specifications for the reception and service of the restaurant’s customers, we collect the following information: full name, location, address, telephone number, mobile phone number, e-mail address, passport number (in specific occasions).
(b) for the purpose of immediate, personalized and efficient customer service, we collect the following information: full name, or nickname, special food and gastronomic preferences, sitting preferences.
(c) for the purpose of processing and management of payments of hotel bills, we collect the following information: debit or credit card number, or IBAN
(d) for the purpose of making purchases of supplies and other necessary raw materials, or services by suppliers (placing orders, executing orders, receiving raw materials, goods and ready-made products, making payments), we collect the following information: full name, address, telephone number, email address, Tax Identification Number (TIN), Public Financial Service , IBAN.
(e) for the purpose of human resources management (recruiting employees, making the payroll payment of employees and business associates of the Company, as well as any provision of private health insurance to them), we collect the following information: full name, identity card number, address, telephone number, mobile phone number, email address, marital status, education, educational level, professional training and expertise, work experience, personal interview data, personal CV and any letters of recommendation, SSN (Social Security Number) and social security data, Tax Identification Number (TIN), Public Financial Service , recruitment date, salary, fees and allowances, IBAN, limited health data.
In each case of collecting Personal Data, we will maintain them in a transparent and accurate manner and in accordance with the principle of data minimization. For this purpose, please let us know about any changes to your personal data so that they always meet reality.
3. Consequences of non-consent to the provision of personal data.
The provision of personal data is by no means obligatory. In any case, the non-provision of personal data which have been declared “mandatory” may prevent us from fulfilling the above-mentioned processing purposes or from fulfilling any contractual agreement. Failure to provide other non-mandatory personal data may under no circumstances affect our service provision.
4. Recipients of personal data
Personal data may be processed by natural and / or legal entities established within or / and outside the European Union acting in the name and on behalf of the Company on the basis of specific contractual obligations.
Furthermore, personal data will only be transferred in compliance with legal obligations in the context of the execution of orders of public authorities and in the exercise of its rights by the Company before judicial and administrative authorities.
5. The transfer of personal data outside the European Union
As part of our contractual obligations, the Company may also transfer and disclose personal data to countries outside the European Union, including the storage of such data in databases operated by entities acting on behalf of the Company. The management of databases and the processing of personal data will always be within the scope of the processing purposes set and in accordance with the applicable law for the protection of personal data.
6. The Controller and the Data Protection Officer
The Controller is the Company.
The Data Protection Officer is the Company.
Contact: Super Paradise Beach, Mykonos 846 00 or +30 22890 23935.
7. Retention period for Personal Data
Personal Data submitted to the above -1- processing purposes will be adhered to by the Company for the period considered to be strictly necessary for the fulfillment of these purposes, including the fulfilment of any legal, accounting or disclosure requirements and obligations, as well as and for the performance of a task carried out in the public interest.
With regard to Personal Data processed for the provision of the contractual service, the Company may continue to store such Data for a longer period of time as it may be necessary to protect and safeguard the Company’s legitimate interests in relation to possible liability associated with the provision of the Service.
In some cases, we may make your personal data anonymous so that it can no longer be associated with you and cannot be identified for statistical and research purposes, so we may use this information indefinitely without further notification towards you.
8. The Rights of the Data Subject
You may exercise your rights below and within the limits set out in the more specific provisions of Regulation (EU) 2016/679, namely:
• The right to access your Personal Data, which means your right to be informed by the Company if your Data is being processed and be able to access them (Article 15 of Regulation 679/2016).
• The right to rectification, to erasure (the right to be forgotten) means the right to rectify any inaccurate information and the right to delete your data if there is a legitimate interest in such deletion (Articles 16-17 of Regulation 679/2016), without prejudice to any overriding interest of the Company or a legal obligation to retain personal data.
• The right to restriction of processing means your right to request the suspension of processing when you have a legitimate interest in it (Article 18 of Regulation 679/2016).
• The right to data portability means your right to receive your Data relating to a structured, commonly used and machine readable format, as well as your right to ask for such data to be transferred to other controllers (Article 20 of Regulation 679 / 2016).
• The right to object means your right to oppose the processing of your Data when there is a legitimate interest under the terms and provisions of Article 21 of Regulation 679/2016, including your right to object to data being processed by automated means and to data being processed for direct marketing purposes.
• The right to withdraw your consent within the limits and provisions of the legislation.
• The right to lodge a complaint with the competent supervisory authority in the event of your Data being processed unlawfully.
You will not have to pay fees to access your personal data or to exercise your rights mentioned above. However, we may charge a reasonable fee if your request is manifestly unfounded or excessive, in particular because of its repetitive character. Moreover, in such a case, we may refuse to respond to this request.
The Company shall make reasonable efforts to respond to your requests within one (1) month of their submission. In any case, if due to the complexity or volume of your requests we require more time, we will inform you accordingly.
9. Security of personal data information
In order to protect the personal data, you provide us with, we have taken the appropriate technical and organizational measures. In this context, we regularly check our security systems and restrict access to your personal data only to those who are authorized to have access to these data and who are bound to observe these data as strictly confidential.
10. Illustrating of processing purposes and the carrying-out of a data protection impact assessment
The Company has illustrated the purposes of processing Personal Data in the Company’s Register of Activities. The Register of Activities shall at least provide the following information:
• Processing purposes.
• Description of the categories of data subjects and categories of Personal Data.
• The categories of recipients to whom the Personal Data is or will be disclosed.
• Where possible, the deadlines for maintaining and deleting the Personal Data.
• To the extent possible, a description of the technical and organizational security measures under the terms of Article 32 of Regulation 679/2019.
Based on this Register, as periodically updated, the Company undertakes to prepare periodic impact assessments of the above processes and of any incidents of personal data breach.
The Company uses Processors who provide reasonable assurances about the protection of personal data and the subjects of such Data. They contract with the Company and are expressly bound to the protection of your Personal Data by way of a contract or other legal act which defines the subject matter and duration of the processing, the nature and purpose of processing, as well as the rights and obligations of the Processor.
This Personal Data Protection Policy may occasionally be amended. We reserve the right to alter or amend this Personal Data Protection Policy at any time. Please review our company’s Personal Data Protection Policy regularly and especially before providing any new personal information.