Our company respects the right to privacy and acknowledges the importance of protecting personal information. That is why we ensure your privacy and protect your personal data. Our intended objective is to be transparent as regards the processing of your personal data. In this context, we adhere to this policy that defines how we process and protect your data while you are browsing our website, www.elivihotels.com. We use all personal data you provide us in accordance with the General Data Protection Regulation (EU 2016/679) and the applicable personal data protection laws, for the purposes set out in this policy.
As the data controller, societe anonyme “ELIVI HOTELS AND TOURISM ENTERPRISES SOCIETE ANONYME” is responsible for the processing of your personal data via the website “www.elivihotels.com” and for the security of your data under the applicable personal data protection laws.
DETAILS OF DATA CONTROLLER
Corporate Name: “ELIVI HOTELS AND TOURISM ENTERPRISES SOCIETE ANONYME”
Address: 25 Pontou Street, Ptolemaida, PC 50200
T.I.N. : 800945488
Tax Office: Ptolemaida
A. Personal Data
The following table presents the personal data our company collects through its website, depending on the type of each user’s activity.
Reservation information: name, surname, email, telephone number, country, address, city, PC, flight number, flight airport, arrival time, departure time, room type preference, number of persons, dietary preferences, reservation history.
Billing information:cardholder name, card number, card expiry date and month, card CVC.
Technical Data: IP address, login details, browser type and version, time zone and location, types and versions of additional browsers, operating system and platform and other technology on the devices used to access the website.
Contact Data: name and email.
Marketing Data:include your preferences for receiving promotional material from us.
Email and reservation code (personal).
Join our Team
Name, surname, email, preferred job, age, curriculum vitae, telephone number.
Use of “Cookies”
Cookie ID, IP Address, Website user browsing history and behaviour.
B. Sensitive Personal Data
Through its website, our company does not ask you to disclose sensitive personal data, i.e. data that reveals your racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, as well as genetic data, biometric data or data concerning your health or sex life or sexual orientation.
C. Data of Children
Our website and services are aimed exclusively at adults (i.e. people aged 18 or more). Our company does not seek and does not receive (at least in its knowledge) personal data directly from minors. However, since it is impossible to always check the age of the persons entering or using the website, we recommend that the parents and guardians of minors contact us if they note any unauthorised disclosure of data by minors for whom they are responsible, in order for them to exercise their rights, such as the right to erasure. Therefore, if you are a minor, do not use or provide any information on this website and do not provide any information about yourself to us. If we note that we have collected or received personal data from a minor, we will delete this information immediately. If you believe that we may have information originating from or concerning a minor, please contact us.
Your personal data is processed by our company in the framework of legitimate purposes and provided that the law permits it. Specifically, we process your personal data:
Our company relies on your explicit consent as the legal basis for processing your personal data only for sending updates and promotional material and for using certain cookies (see Cookies Policy). In these cases, you always have the right to withdraw your consent at any time, by contacting us. Where your consent is the sole legal basis for the processing of personal data, we will stop the processing following its withdrawal.
We retain your data for no longer than is necessary for the purposes for which the personal data are collected. To determine the necessary retention period of your personal data, we check the purposes for which we process your data, the ability to fulfil these purposes with other, less restrictive means, our applicable legal obligations, the quantity, nature and sensitivity of the data, as well as the potential risk of harm from their unauthorised use or disclosure. Different retention periods apply for different types of personal data. However, the maximum retention period of your personal data is twenty (20) years. For more details on the retention periods for each category of personal data, please contact us.
In order to better serve you and ensure the uninterrupted provision of our services, we reserve the right to share some of your personal data with our partners who provide us with support services or help us promote our services. These third-party partners are (natural or legal) persons that process your personal data on our behalf. Our partners include the company Mozaik Hospitality, which manages the website and the online booking system for us, as well as the company Mozaik, which is responsible for our advertising campaigns. Our partners are bound by contract not to use your personal information for other purpose than the one pursued and to implement appropriate technical and organisational measures for data safety, always in compliance with the applicable personal data protection legislation.
We will never transfer, sell, lease or exchange your personal data to other companies or organisations for marketing purposes.
It is possible that we may disclose your data to state organisations, regulatory bodies, law enforcement authorities, courts, banking institutions, but only when it is necessary, specifically:
Note that in case of a change in our company (e.g. acquisition or merger with another company), the new owners have the right to use your personal data in the same manner as set out in this privacy statement.
Our company does not transfer the personal data it collects via its website to non EU or non EEA countries.
We implement appropriate technical and organisational measures to ensure your personal data is always protected and safe, preventing any accidental loss, change, disclosure, use or access thereof in an unauthorised manner. Our safety measures include data encryption, regular cyber-safety assessments by all service providers who may handle your personal data, safety audits protecting our overall technical infrastructure against external attacks and unauthorised access and internal policies setting out the method that ensures your personal data protection and the training of our employees. Our company has adopted a policy and procedures for addressing personal data breach incidents, ensuring that you and the supervisory authority are immediately notified, when required by law.
If you wish to exercise any of your above rights, contact us using our contact information. You are not required to pay us any fee or charge to exercise any of your rights. However, we reserve the right to charge a reasonable fee, if your request is manifestly unfounded, repeated or excessive. In these cases, we also reserve the right to refuse to comply with your request.
In case you exercise any of your rights, our company is required to respond within a period of one (1) month from the submission of your request. If your request is particularly complex or you have submitted a number of requests, we may need more time to respond. In this case, we will inform you.
If you think that our company processes your personal data incorrectly, please contact us. You also have the right to lodge a complaint with a supervisory authority. Noted that the Greek supervisory authority is the Hellenic Data Protection Authority, seated in Athens, at 1-3 Kifissias Street, P.C. 11523, www.dpa.gr.
We reserve the right to update or modify this Policy at any time. For this reason, you are required to regularly check this Policy. Its latest edition is always available on our website and replaces all previous editions. In case of any crucial modification to this policy, such as modifications concerning the purpose for which we use your personal data, the identity of the controller or your rights, we will notify you by publishing the modifications on our website.
If you have any questions regarding the way in which we collect or use your personal data that was not answered here or if you want to exercise your rights regarding your personal data, please contact us by e-mail firstname.lastname@example.org.