Privacy Policy

1. INTRODUCTION

Our Company, Exclusive Plan Hotels Selection (hereinafter referred to as the Company), takes the protection of the privacy of its visitors, customers, suppliers, partners, and employees very seriously. Therefore, we strictly adhere to this Privacy Policy (hereinafter referred to as the Policy), which ensures a high level of services offered and is based on the applicable legal framework. The personal data concerning you are collected and retained for predetermined, explicit, and lawful purposes, for strictly necessary and lawful time periods, and are processed in a lawful, fair, and transparent manner, in accordance with the applicable legal framework, subject to integrity and confidentiality. These data are always appropriate, relevant, adequate, and not excessive in relation to the aforementioned lawful and clear purposes, accurate, and updated where necessary.​

2. COMPANY DETAILS OF "EXCLUSIVE PLAN HOTELS SELECTION"

The details of the Company you are addressing or transacting with in any way are as follows:

Trade Name: Exclusive Plan Hotels Selection
Headquarters Address: 9 Lamprou Katsoni Street
VAT Number: 802288990
Tax Office: KEFODE Attikis
General Commercial Registry (GEMI) Number: 173708501000
Data Protection Officer (DPO) Details for the Company's Hotels: Vasileios Koumoudis

3. PURPOSE

This Policy establishes the terms and conditions adhered to by our Company, which relate exclusively to the protection of the privacy of our visitors, customers, suppliers, partners, and employees, as well as the privacy of any other individual who interacts with us in any manner, whose personal data are processed to provide hotel services.

The Company reserves the right to amend and revise this Policy whenever deemed necessary. Such modifications take effect once they are posted on the website www.exclusiveplan.gr.

In any case, we recommend periodically reviewing this Policy, as changes may occur to enhance it.

4. DEFINITIONS​

"Personal Data": Any information relating to an identified or identifiable natural person ("data subject").

"Identifiable Natural Person": A natural person whose identity can be determined, directly or indirectly, in particular through reference to an identifier such as a name, identification number, location data, online identifier, or to one or more factors specific to the physical, physiological, genetic, psychological, economic, cultural, or social identity of that person.

"Special Categories of Personal Data": These include, among others, genetic data, biometric data, health data, racial or ethnic origin, etc.

"Processing of Personal Data": Any operation or set of operations performed on personal data, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.

"Data Controller": The natural or legal person, public authority, agency, or other body that, alone or jointly with others, determines the purposes and means of the processing of personal data.

"Processor": The natural or legal person, public authority, agency, or other body that processes personal data on behalf of the data controller.

5. LEGAL FRAMEWORK FOR THE PROTECTION OF PERSONAL DATA​

The "legal framework for the protection of personal data," from which this Policy derives, is the General Data Protection Regulation (GDPR) 2016/679 of the European Parliament and of the Council for the protection of individuals with regard to the processing of personal data and the free movement of such data, Law 4624/2019 (Government Gazette A' 137/29-08-2019), and any law or regulation issued in connection with or for the application of the above-mentioned General Regulation, as well as any national legislation that applies and relates to the processing and overall protection of personal data.​

6. METHODS OF COLLECTING YOUR INFORMATION​

We collect and process your personal data every time you use our services (whether these services are provided directly by us or by other companies or agents acting on our behalf), when you stay at our Hotel, visit our restaurants, generally interact with us, use our websites, or use our telephone centers or mobile and tablet apps. Additionally, Information About you is collected by us:

  • Through the cookies of the browser you use when browsing our Websites, in order to respond, promote, and route your request accurately. In this case, we may collect information about the type of browser you are using for the purpose of managing our system and gathering aggregate information about our website visitors, purely for statistical purposes, which do not identify any individual.
  • When you use contact forms to request more information or post a comment.
  • When we communicate with you.
  • When you connect to the Wi-Fi of our hotels.

7. PURPOSES OF DATA COLLECTION​

We collect your data both to provide the services you have requested and to improve them. Specifically, we collect data for the following purposes:

  1. Room booking and other related services (e.g., keeping required documents in accordance with applicable law, requests regarding your stay) and stay at the Hotel (room access, minibar service, room telephone, etc.).
  2. For organizational purposes (e.g., customer check-in/check-out lists, special offers lists).
  3. To use data analysis tools in order to improve our websites, products/services, customer relationships, and better respond to your needs.
  4. For the optimal functioning and protection of our business, our websites, and our systems in general.
  5. To comply with the applicable Greek and European legislation at any given time.
  6. To assist you in further activities you may want to carry out, such as restaurant bookings, taxi calls, excursions, or guided tours.
  7. To provide you with personalized services, we may collect personal preferences, including interests, activities, food and drink preferences,
    possible allergies, and general requests related to services and amenities.
  8. To keep you informed about our news and services.

8. DATA WE COLLECT​

Depending on the purpose of your visit and the service you wish to receive via our Websites, the nature of the personal data we collect will include information such as your name/surname, address, email address, phone number, vehicle registration number, as well as additional information like airline, flight number, etc.​ In certain cases, we may also need to collect sensitive personal data, such as medical information, in order to meet your specific needs (e.g., possible allergies). We keep this type of information only if required by applicable law or if you provide us with your explicit consent, as part of the provision of our services (e.g., for providing specific dietary options).​ We reserve the right to collect, store, and process different types of personal data related to you. Specifically:

  • Customer identification details.
  • Data related to billing (e.g., VAT number, tax office, bank card number used for payment).
  • Arrival/departure date and room number.
  • Preferences and interests: e.g., preferred floor, bed type, cultural interests.
  • Health information, e.g., allergies, medical conditions, etc., that you share with us so we can serve you in the most suitable way (e.g., cases involving people with disabilities).
  • Information about individuals under 18 is limited to name/surname, nationality, and date of birth, and is provided only by the adult who has custody (guardian or parent).
  • When we provide our services, we may create accounts/profiles, for which we may ask you to provide information such as name/surname, email.
  • When you order a product or service, we may ask for information to process your order, such as name/surname, room details, etc.
  • If you participate in one of our contests or promotional activities, we may ask for your name/surname, contact details, email, personal or professional interests, etc.
  • Device information (e.g., unique device identifiers, IP address, device settings for accessing our services, etc.).
  • Location information (e.g., your device's GPS, etc.).
  • Other information about how you use our services (e.g., interaction with a service feature).

9. PERSONAL DATA STORAGE PERIOD​

Our company retains your personal data only for as long as necessary to fulfill the purposes for which they were collected (e.g., completing legal/tax processes). Additionally, depending on the volume, nature, and sensitivity of the personal data, as well as the purposes for which we process them, we determine the appropriate storage period.​ We have the right to anonymize your data so that it can no longer be associated with you, for the purpose of using it for research or statistical purposes, allowing us to use this information indefinitely without further notice to you.​ Resumes collected by the relevant Human Resources departments are stored for one year and are then destroyed, in accordance with our company's Destruction Policy.​

10. ACCESS BY THIRD PARTIES TO YOUR PERSONAL DATA​

Our primary principle is not to disclose your information to third parties for their own independent business or commercial marketing activities without your consent.However, to provide you with the best possible service, we grant access to your personal data, or parts of it, to our appropriately trained staff (hotel staff, IT department, marketing department, legal department, medical services, if necessary). Employees with access to your personal data use encrypted credentials, which are regularly updated.​

Additionally, we may disclose your personal data to trusted business partners who comply with GDPR requirements, as well as to the relevant authorities, in order to comply with accounting and tax regulations, and in general, with applicable legislation. This may also be done to ensure compliance with the policies governing our services, as well as to achieve the highest level of security for the Company and the Hotels.

11. YOUR RIGHTS REGARDING DATA PROTECTION​

The legislation regarding the protection of your personal data grants you the following rights, which you can exercise free of charge and in accordance with the provisions of the legal framework:

  • Right of access: This allows you to be informed about what data we have collected and are processing, its source, purposes, and legal basis for processing, potential recipients or categories of recipients of your personal data, especially in third countries, as well as the storage period.
  • Right to rectification: You have the right to correct any inaccuracies in your personal data to ensure its accuracy by submitting a declaration with your correct personal data.
  • Right to completion: You may supplement any incomplete personal data by submitting a declaration with the complete information.
  • Right to erasure: You can request the deletion of your personal data in the following cases:​
    i. When the personal data is no longer necessary for the purposes for which it was collected or otherwise processed.​
    ii. When you withdraw your consent on which the processing was based, and there is no other legal basis for processing.​
    iii. When the personal data has been processed unlawfully.​ iv. When the law requires the deletion of personal data.​
    v. When personal data of a child has been collected in relation to the offering of information society services, with the child's consent or with the consent of the person with parental responsibility.
  • Right to restriction of processing: You have the right to request the restriction of the processing of your personal data in the following cases:​
    i. When you contest the accuracy of your personal data, and until its accuracy is verified by the company.​
    ii. When you request the restriction of the processing instead of deletion.​
    iii. When the company no longer needs your personal data for processing purposes, but you require it to establish, exercise, or defend legal claims.
  • Right to object: You can object to the processing of your personal data unless the processing is justified by compelling and legitimate reasons, which override your rights and freedoms, or for the establishment, exercise, or defense of legal claims by the company.
  • Right to data portability: You can receive and transfer your personal data, which you have provided to our company, to another data controller in a suitable format, provided that the processing of the personal data is based on your consent or is necessary for the performance of our contract.
  • Right to withdraw consent: You have the right to withdraw your consent at any time, with no retrospective effect.

These rights may be restricted if another law applies, such as when you request the deletion of data, but we are obligated to retain it under legal requirements.​ For any questions or to exercise any of the above rights, please contact our company at:

  • Via the online contact form at [email protected]
  • By letter: Data Protection Officer, Lamprou Katsouni 9​
    Our company will respond to your request free of charge, without delay, and in any case, within one month from the receipt of the request. In exceptional cases, the deadline may be extended by two additional months if required, considering the complexity of the request or the number of requests. You will be informed about any extension within one month from receiving your request, along with the reasons for the delay.​ If your request cannot be satisfied, we will inform you without delay, and no later than one month from receiving the request, about the reasons and the possibility of lodging a complaint with the Personal Data Protection Authority, as well as your right to appeal to the competent judicial authorities.​

12. RIGHT TO FILE A COMPLAINT​

If you believe that your rights related to the protection of your personal data are being violated, you have the right to file a complaint with the Personal Data Protection Authority (1-3 Kifisias Avenue, P.O. Box 115 23, Athens, Tel: +30 2106475600, email: [email protected]).​
Additionally, you have the right to seek recourse before the competent judicial authorities to protect your personal data.​

13. SECURITY MEASURES​

The company has implemented appropriate technical and organizational measures to comply with the legislation and ensure the appropriate level
of security for your personal data. We have trained our staff and our entire network of partners through Personal Data Policies and Procedures,
ensuring that all our partners, acting on our behalf as data processors, are bound by contractual agreements that guarantee this. If, for any reason, you believe that our interaction is not secure, please inform us.​

14. NEWSLETTER​

Our company sends emails for the purpose of advertising and direct promotion of our products and/or services through a newsletter. In each such email, we clearly and explicitly reveal our identity and allow you to object and request, in an easy and free manner, the termination of communication and the deletion of your data from this database.