The Company under the name “G. TZARAKIS SOCIETE ANONYME TOURISM SERVICES AND HOLDINGS ” and bearing the distinctive title "TZARAKIS S.A.", located in Municipality of Ierapetra (Katharades area), with VAT Registration No.: 094491700, Tax Office Heraklion, with Hellenic Business Registry Registration No.: 125139941000, as Personal Data Processing Officer, hereafter referred to as the "Company", in the framework of the General Data Protection Regulation (EU) 2016/679, which enters into force on 25.05.2018 (hereinafter referred to as "GDPR"), as well as the national and Community legislation, as applicable, is bound to its customers, respecting their privacy and being vigilant to ensure the confidentiality and security of their personal data. Our Company, operates the hotel under the name “Ostria Hotel Resort & Spa” in Ierapetra.
This information is addressed to any and all natural and legal persons who carry out any transaction with the Company, as indicatively to its customers who make use of the services offered by the Company.
The processing of personal data consists in collecting, registering, organizing, structuring, storing, changing, retrieving, seeking information, using, transmitting, restricting or deleting personal data that have or will come to the knowledge of the Company either within the context of your dealings with it or within the context of information received by the Company from a third natural or legal person or public sector entity in the exercise of a legal right therein or of the Company itself.
The Company, in compliance with the applicable legal framework, has taken all necessary actions by implementing the appropriate technical and organizational measures for the lawful adherence and processing, committed to keep ensuring and protecting in every possible way the processing of your personal data from loss or leakage, alteration, transmission or otherwise unlawful processing thereof.
In order to make the collection, use and exchange of personal data transparent and to disclose the purpose and means of processing, "TZARAKIS S.A." provides its customers with the following information:
The Company processes personal data that you have or will notify to the Company, you or your legal representatives, which are necessary for the initiation, maintenance and execution of your business relations and dealings with the Company, existing or future depending on the product or service provided and its applicable procedures and policies. Personal data that you provide to the Company shall be complete and accurate and up-to-date with your due diligence immediately, in every case of change or whenever deemed necessary by the Company for the purpose of maintaining your business relationships or fulfilling an obligation of the Company deriving from the national law and the regulatory provisions in force.
The collection and processing of the above personal data by the Company is necessary for the commencement, execution and maintenance of our business relationships [as defined in article 2 of the Regulation of the relations between hoteliers and their clients (article 8 of law 1652/30.10.1986, Greek Government Gazette 167 Α')]. Possible objection on your behalf to the provision or processing of your personal data - information may lead to the failure to initiate or maintain/continue your already existing partnership with the Company (for example, failure to provide the necessary data for booking a room will lead to inability to make the reservation).
The Company does not process “sensitive personal data” (data of specific and special categories), such as data related to your racial or ethnic origin, political opinions, religious or philosophical beliefs, or membership of a trade union, genetic or biometric data in order to identify you as a processing Subject, as well as health data or data related to your sexual life, sexuality or sexual orientation unless: a) you have explicitly given the consent to that effect for a specific purpose, b) this information has been communicated to the Company by you or a third natural/legal person within the context of documentation and safeguarding of your legal interests and/or the Company’s ones, given its role as Process Manager and Officer (e.g. information about the subject placed under judicial interdiction, c) processing is necessary in order to protect your vital interests or the ones of another’s natural person, d) the data are clearly disclosed by you, e) processing is critical and essential for the foundation, exercise or support of your own legal claims as well as the Company’s ones as Process Manager and Officer (e.g. legal incapacity to act), f) processing is necessary for reasons of substantial public interest. The Company has in any case taken all needed technical and organizational measures to maintain safety and process appropriately your personal data which belong to the above specific categories.
The processing of personal data of minors, which is necessary for the commencement, execution and maintenance of our trading relationships (e.g. room reservation and stay - lodging of a minor in the hotel, etc.) is performed on the condition of the previous consent of parents or those who exercise parental responsibility, unless otherwise specified by law. For the purposes of this, minors are considered to be those who have not reached the age of 18.
Additionally, when processing of personal data is based on consent (in accordance with Article 6.1.a GDPR), in relation to the provision of information society services directly to a child, the consent provided by the minor and therefore processing is lawful if the minor is at least 16 years old. In the case where the minor is under 16 years of age, this processing - treatment is lawful only if and to the extent that such consent is granted or approved by the person having parental responsibility for the minor (as said in Article 8 of GDPR).
The Company lawfully processes personal data if:
The processing of your personal data concerns:
The Company can, subject to your prior consent, process your personal data in order to inform you about its provided products and services. For this purpose, it processes information about the services you use targeting to present products, services or offers that best serve your needs.
In any case, you are given the right to oppose the processing of your personal data for the above purpose of direct commercial marketing of the Company's products/services, including profile training, by submitting your request to the Company in any convenient manner or by unsubscribing from newsletters.
The Company, certainly, maintains your personal data for as long as it is provided for by the applicable legal and regulatory framework per case. Even if the applicable legal and regulatory framework provides a shorter period, company will maintain your personal data, for the purposes of the legitimate interests it pursues (limitation of actions/claims), generally for a minimum of five (05) years to a maximum of twenty (20) years from the last calendar day of the year in which your (each time) business - trading relationship with the Company expires. In the event of litigation, personal data that concerns you will be respected, secured and kept in any case until the end of the lis pendens, even if the above period of twenty (20) years is exceeded. In the event of any form of claim, your data will be kept to a minimum period of time, for as long as the claim is maintained.
In the event that any request for your cooperation with the Company is not accepted and the conclusion of the contract is not completed, the data will be kept for a maximum of five (5) years, in order to safeguard the interests of the Company in the event of a claim being made, after this period of time, will be erased in a non-recoverable way.
The company may also keep your personal data for longer, if it has a legal obligation to act so.
Access to your personal data is provided to the employees of the Company's business and operating units, within the scope of their responsibilities, within the context of the proper execution and fulfillment of their contractual, legal and regulatory obligations.
The Company does not transmit or disclose your personal data to third parties unless it concerns:
You can learn more about the names of our associates, upon your request.
The Company has legally ensured that the Performers of the Processing on its behalf meet the prerequisites and provide sufficient assurances that appropriate technical and organizational measures will be in place to ensure that your personal data processing will keep their rights protected.
“TZARAKIS S.A.” does not transmit your personal data directly to third (non-EU) countries or international organizations, unless the transmission is required by the applicable regulatory or legislative framework or you have been informed of this and consented in advance and explicitly to such transmission (in cases in which this is required).
In any case, you have control over the processing of your personal data. In particular, you have the following rights:
For the exercise of the above rights you can address in writing to the Company's address at “Ostria Hotel Resort & Spa” in Ierapetra, or you can contact the e-mail address email@example.com or by phone at +30 28420 25711
Download exercise of rights form
Please let your relevant requests be accompanied by the appropriate proof of identification of your person, with the explicit reservation of the Company to request the provision of additional details to identify and confirm your information.
ΤΖΑRAKIS S.A. will make every effort to respond to your request(s) within thirty (30) days of submission of the relevant request or requests. The Company's denial or unjustified delay in meeting your claims in the exercise of your rights entitles you to appeal to the Data Protection Authority, as the competent supervisory authority for implementing the GDPR.
The Company may revise or modify this current update, on the basis of its applicable data protection policy and in accordance with the applicable laws and regulations. The updated information will always be available on the Company's website
The Company is taking care to enforce adequate and necessary technical and organizational measures to safeguard both technological and natural security according to article 32 GDPR (indicatively: encryption and regular testing, restricted accesses, special codes given to authorized persons for access to its databases, etc.) and observes the principles of the processing according to the GDPR, meaning the principle of legality, the principle of objectivity and transparency, the principle of purpose limitation, the principle of data minimization, the principle of accuracy, the principle of storage limitation and the principle of integrity and confidentiality (Article 5 of the GDPR).
With a view to safeguarding your privacy, we apply the best practices possible to safeguard and secure your personal data, by implementing the necessary technical and organizational measures set out in the GDPR. Data is secured by the loss of availability, integrity and confidentiality of information.
The Company is in constant harmonization and compliance with the terms of General Regulation (EU) 2016/679 on the protection of individuals - natural persons against and with regard to the processing of personal data and on the purpose of the free movement of data, and is constantly making every effort to comply with the above Regulation.
Although the Company has due diligence in relation to the processing of your personal data, it is on hand to deal promptly and in time with any potential violation (of it) for the best possible assurance, while in the event of a violation of your personal data that may put your rights and freedoms at high risk, the company will take all appropriate technical and organizational measures and, if required by law, will inform you immediately.
In case you realize the violation of your personal data, you shall without delay contact and inform ΤΖARAKIS S.A., as soon as you become aware of such a possible violation of personal data, by notifying us of the nature of the violation of personal data. Indicative examples: 1) Loss of mail or relevant reading by an unauthorized recipient, 2) Hacking, 3) Malicious software (e.g. virus, ransom ware) 4) Phishing email, 5) Accidental data publishing/disclosure, 6) Demonstration/ granting/transmission of faulty person data, 7) Oral data dissemination by mistake.
Check whether the breach has come from your own responsibility and collect all necessary information that TZARAKIS S.A. will use to deal with the incident. Check whether the breach has come from your own responsibility and collect any necessary information that the Company will use to deal with the incident.
Useful Phone Numbers and Contact Information:
Address of the Company's Head Office: “Ostria Hotel Resort & Spa”, Municipality of Ierapetra (Katharades area)
Telephone: +30 28420 25711
Address: Kifisias Avenue (street), No 01 – 03, Athens Greece, PC 115 23,
Athens Call Center: +30 2106475600
Fax: +30 2106475628