This Statement is made by MONASTY HOTEL to inform you about www.monastyhotel.com policies and practices with respect to the collection, use, retention, disclosure, transfer, security, and access of personal data.
The private company under the name “NEW ERA P.C.”, with distinctive title “NEW ERA P.C.”, established in Thessaloniki, 45 Vasileos Irakleiou Street, PC 54623, Tel.: +302310 274545, e-mail: firstname.lastname@example.org is the Controller of your Personal Data (hereinafter the “Company”). The Company as Data Controller undertakes to comply with the Regulation EU 2016/679 of the European Parliament and the Council of 27 April 2016 applicable from 25 May 2018, national law 4624/2019 and the decisions of the Personal Data Protection Authority, in any capacity you cooperate or communicate with us (such as customers, prospective customers, visitors, employees, prospective employees, partners, suppliers, participants in conferences, shareholders of the company, visitors to our website or in general private individuals and third parties who cooperate or communicate with our company. By this statement, the company provides you with all relevant information regarding the use and processing of your personal data, as well as your rights as data subjects, according to Articles 12 to 14 GDPR.
“personal data” means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
“data concerning health” means personal data related to the physical or mental health of a natural person, including the provision of health care services, which reveal information about his or her health status.
“processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
“profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
“supervisory authority” means an independent public authority which is established by a Member State.
2. COLLECTION AND PURPOSE OF PERSONAL DATA
The company collects and processes personal data, such as indicatively the following:
For clients/ prospective clients/ residents of the Hotel: identification data such as name and surname, arrival and departure dates, number, price and type of room, number of booking reservation, date of birth, gender, nationality, ID, passport, visa or other government-issued identification data, country of origin, contact information (mobile phone and e-mail), home or billing address (country, city, street, zip code), credit or debit card number, billing information (company name, VAT number, address, email), bank account information. Billing address and company’s billing information are not required but voluntary.
We use the aforementioned personal data to provide you with services (Article 6 paragraph 1 (b) GDPR), to protect the legal rights of the company and to comply with a legal obligation to which the company is subject (Article 6 para. 1 (c) GDPR). Specifically, the company has legal obligation to collect the data of its customers, i.e. Article 2 of No. 8/1999 of the Police Order concerning the customer books and the obligations of those in charge of tourist accommodation, as amended and in force by the Police Order 8A/2003 (Government Gazette 1674/B). The procedure concerns the keeping of a Customer Book by hotels and other accommodations, as well as the monitoring of its compliance by the Greek Police. Those in charge of tourist accommodation are required to keep a book, in which the details of each customer as well as other information concerning their arrival, stay and departure from the accommodation are entered. The book in question is kept in conventional or electronic form and is subject to review and control by the locally competent police authority, in the context of the prevention and suppression of crime, the safeguarding of the uninterrupted operation of tourist accommodations and the safety of their customers. Upon the arrival of each customer at the hotel, an arrival and departure form is drawn up. The form remains in the company for a period of three (3) months and is checked by the police authorities, while a copy of it can be requested from the local competent police authority. In addition, the hotel is obliged to keep a book in which all the information received, in the bulletins or statements, are entered in continuous order. The customer book and the special file are kept for ten (10) years after their completion at the company. At the same time, the company may have other legal obligations to keep the above data, such obligations pursuant to tax legislation or enforced by national authorities (for example legislative obligations regarding covid-19 pandemic).
Furthermore, we will use your personal data to manage our contractual relationship with our customers, for example to facilitate your reservations or accommodation at our hotel, to send administrative information, confirmations, or pre-arrival messages, to complete your reservation and stay, for example, ensure that your room is available. If you do not provide the data that we request, or prohibit us from collecting such data, we may not be able to provide the requested services.
Apart from the above personal data, the Hotel may use personal data related to Personal Preferences, such as your preferred language of contact, prior guest stays or interactions, goods and services purchased, special service and amenity requests, interests, activities, hobbies, food and beverage choices, information of your vehicles parked in the hotel parking lot, services and amenities of which you advise us or which we learn about during your visit, important dates, such as
birthdays, anniversaries and special occasion, membership or loyalty program data, tour group or activity data. We will use these data to provide personalised services and improve your experiences according to your personal preferences either with your consent or because we have a legitimate interest to do so. Also, we use these data to offer and manage your participation (if you are a member) in global loyalty programs, with you and/or because we have a legitimate interest to do so. Regarding your preferences related to nutritional needs or health conditions that require special accommodation conditions or services, the processing of this information can only be done voluntarily by you, and after granting your consent for its use and processing.
Regarding your personal data related to your image, we inform you that our company has installed a video surveillance system in our hotel facilities and information about this can be found immediately below (Annex II).
For promotional or advertising purposes, your data are collected only upon your express consent, which is provided through the customer form or electronically by our website. We use these data to send you marketing communications and promotional offers, as well as periodic customer satisfaction, market research or quality assurance surveys, or to communicate with you about goods and services of our hotel.
When your consent is required, this should be given by a clear affirmative act establishing a freely given, specific, informed and unambiguous indication of the data subject's agreement to the processing of personal data, such as by a written statement, including by electronic means, or an oral statement. You have the right to withdraw your consent at any time. Withdrawal of consent shall be in written form and bears no detriment to the provision of our services. If you wish to withdraw your consent, we will inform you regarding the services that are no longer available, for example we won’t be able to offer you services based on your specific nutritional needs or health conditions. Withdrawal of your consent will not affect the lawfulness of processing based on consent before its withdrawal.
Regarding organizers/ participants in conferences or other events, it is necessary to maintain and process the following information to assist you with meetings and events and to provide you with the required services: Name, postal address, status, profession, organization/company that may represent, email and phone number, billing information, bank account number. Generally, our company does not process personal data for participants/guests.
Provided that a supplier or a partner of our company is a natural person or αν individual business, we use the following data: name and surname, VAT number, IBAN, phone number, address, email, entity representing the natural person, invoicing information, bank account information. The legal basis for processing is the performance of a contract to which the subject is a contracting party.
Finally, all the employees and interns of the company have been notified properly regarding their detailed information and data that the company processes.
3. WHERE WE COLLECT YOUR PERSONAL DATA
We collect your personal data from you during your visit at our property, by signing our form, using our services or offline interactions. Furthermore, we collect your data when you make a reservation, by any means, over the phone, by email or online as well as when you use our website. In that case, there is a check box that you should give your consent if you wish to retain your email and sign up in our newsletter email list. If you wish to contact our company electronically, there is a contact form in our website where you will be asked to give your consent to use the required data only for the purpose of communication regarding your request. We may collect your data from our third parties’ business partners, for example travel booking platforms or travel agents. If you are a member of a Mariotte loyalty program, we collect data from the Marriott Group or other Marriott Group companies.
4. RETENTION OF YOUR PERSONAL DATA
The Company collects and maintains personal data for the purposes identified in this notice and retains them for the minimum period necessary to fulfill the stated purposes or as required or permitted by law. In particular, the company will retain your personal data:
- for as long as it is required by law, if processing is based on a legal obligation.
- In the case where the processing is necessary for the execution of a contract, the company retains your data throughout the duration of the contractual relationship between us, as well as for a period of ten (10) years from the last calendar day of the year of the end of the contractual relationship, for the possibility of a future cooperation/contact and as a proof against the authorities and public services. Exceptionally, the company may retain your data beyond the above-mentioned period, if it has a legitimate interest or legal obligation to do so or when it is required to claim or defend its rights against legal claims.
- In case your data is processed with your consent, until you withdraw your consent. You have the right to withdraw your consent at any time.
5. TRANSFER OF PERSONAL DATA
6. PRINCIPLES RELATING TO OUR PROCESSING OF PERSONAL DATA - SECURITY
Our company adheres to the processing principles set out in the General Regulation on the Protection of Personal Data (legality, objectivity, transparency, purpose limitation, data minimization, accuracy, storage time limitation, integrity, confidentiality and accountability) and national legislation. Our personnel is trained in matters of personal data protection and shall ensure that the personal data we process are subjected to legal and legitimate processing, are collected for specified express and legal purposes, are appropriate, relevant and are limited to what is necessary for the purposes for which they are processed. To ensure that your information is secure and to prevent unauthorized access or disclosure, we have put in place suitable procedures to safeguard and secure the information we collect.
7. YOUR RIGHTS
Regardless the purpose or legal basis on which we process your data, as the data subject you reserve and can exercise any time the following rights:
- You may request details of personal information which we hold about you. If you would like a copy of the information held on you, please write to or email us (right of access).
- If you believe that any information we are holding on you is incorrect or incomplete, please write to or email us as soon as possible. We will promptly update the information accordingly (right to rectification).
- You have the right, also known as the "right to be forgotten" to request the erasure or removal of your personal data, when there is no legitimate reason for the continued processing, without prejudice to our obligations and legal rights regarding their retention on the basis of the specific implemented statutory and regulatory provisions (right to erasure).
- You can ask us to restrict the processing of your personal data (right to restriction). You may change your mind at any time and choose to restrict the collection or use of your personal information by writing to or emailing us.
- You can request to receive your personal data in a structured, in a commonly used and machine – relatable format in order to transmit it directly to another legal entity (right to portability).
- You can object at any time to the processing of your Data, especially if your data is collected for direct marketing purposes (right to object).
8. HOW YOU CAN EXERCISE YOUR RIGHTS
You can exercise your rights by sending an email to the address email@example.com or a letter to our postal address, Vasileos Irakleiou 45, PC 54623, or by filing a request in person at our offices.
In your request, please make clear what right is exercised and what personal data it regards. The Company will respond to you within one (1) month from the receipt of the request or in case of complexity or other difficulty and upon relevant information within a period of three (3) months. If your requests are manifestly unfounded or excessive, in particular due to their repetitive nature, the company may impose a reasonable fee, taking into account the administrative costs of providing the information or carrying out the requested action.
9. THE RIGHT TO LODGE A COMPLAINT
In case you feel that your personal data are processed in contravention of the law or the protection of personal data is infringed in any way, as well as there is undue refusal or delay on our behalf to grant your requests, you can file a complaint to the Hellenic Data Protection Authority (www.dpa.gr, Kifissias Avenue 1-3, P.C. 115 23, Athens, tel: +30 210 6475600 and fax, +30 210 6475628, email: firstname.lastname@example.org)
1. Cookies Policy
Links to other websites
2. 2nd Level Notification on the processing of personal data through a video surveillance system
- Controller Details: The private company under the name “NEW ERA P.C.”, with distinctive title “NEW ERA P.C.”, with registered offices in Thessaloniki, 45 Vasileos Irakleiou Street, PC 54623, Tel.: +302310 274545, e-mail: email@example.com
- Purpose of processing and legal basis: We use a surveillance system for the purpose of protecting people and assets at our hotel. The processing is necessary for the purpose of the legitimate interests that we pursue as Controller, according to Article 6 paragraph 1 (f) GDPR.
- Analysis of legitimate interests: Our legitimate interest consists in the need to protect our premises and our goods, or the goods of our customers found in them from illegal acts, including, for example, theft, vandalism, damage, etc. As a hotel, we have a legal obligation to protect the property of our customers (see articles 834 et seq. of the Civil Code), and the installation of a video surveillance system in our premises is aimed at this. In addition, there is a legitimate interest in the protection and safety of the life, physical integrity, health and property of our staff, our customers and any third party who enters our premises. For these purposes, the video surveillance system aims to protect and secure the hotel's facilities and infrastructure critical to its operation. Please note that we only collect image data, not audio data, and we do not use cameras with rotation (pan-and-focus cameras). Regarding the installation of the cameras in the hotel premises, an assessment was carried out, during which the interests and fundamental rights of the data subjects and the legal interest of our hotel were weighed, limiting the placement of the cameras only to the areas and points where we assessed that there is an increased possibility of illegal acts or increased expectation of safety and protection of persons and property. In accordance with article 17 paragraph 1) of Directive 1/2011, the installation of cameras in our hotel is limited to the areas intended to control incoming/outgoing traffic, such as the central entrance of the hotel, the reception area, the entrances/exits of the elevators and staircases and the entrance to the parking. Also, in the money storage areas (cash registers), in the property storage areas (luggage room and parking), in the equipment and personnel facilities and in the electromechanical facilities. Also, cameras have been placed in the entrance/exit areas of the elevators on the floors, but without taking an image from the corridors of the hotel or the entrances of the individual rooms. Toilet areas and vestibules, as well as common areas (gym, swimming pool) and catering areas, such as lounge area, breakfast area, restaurant, are not videotaped. Finally, cameras have been placed on the external perimeter of the building and this to the extent necessary for security and control of the hotel's perimeter.
- Recipients: The material stored is accessible only by our competent/authorised personnel who are charged with the security of the space. This material shall not be transmitted to third parties, save in the following cases: a) to the competent judicial, prosecution and police authorities when it includes information necessary to investigate a criminal act involving persons or goods relating to the controller; b) to the competent judicial, prosecution and police authorities when legitimately requesting data in the performance of their duties; and c) to the victim or the perpetrator of a criminal offence, in cases of data which may constitute evidence of the act.
- Retention period: We retain the data referred to in this Notification for seven (7) days and, after this period has elapsed, the data are automatically deleted. If an incident comes to our attention during this period, we will isolate part of the video and retain it for one (1) further month, for the purpose of investigating the incident and institute legal proceedings to protect our legitimate interests; if the incident concerns a third party, we will retain the video for a further period of up to (3) months.
- Rights of Data Subjects: Data Subjects have the following rights:
• Right of access: You have the right to be informed whether we process your image and, if so, to receive a copy of it.
• Right to restrict processing: You have the right to request that we restrict processing, such as, for example, not to delete data which you consider necessary to establish, exercise or defend legal claims.
• Right to object: You have the right to object to processing.
• Right to erasure: You have the right to request the erasure of your data.
You can exercise your rights by sending an email to the address firstname.lastname@example.org or a letter to our postal address, Vasileos Irakleiou 45, PC 54623, or by filing a request in person at our offices. In order for us to examine a request related to your image, you will need to advise us approximately when you were within reach of our cameras and provide us with an image of yours to enable us to locate your data and withhold the data which portray third parties. Alternatively, you may visit our premises in order for us to display the images in which you appear. Please note , that the exercise of your right to object or right to erasure does not entail the immediate deletion of your data or the modification of the processing. In any event we will respond in detail as soon as possible, within the time limits set forth in the GDPR.
- Right to lodge a complaint: Should you believe that the processing of your data infringes Regulation (EU) 2016/679, you have the right to lodge a complaint with the supervisory authority. The competent supervisory authority for Greece is the Hellenic Data Protection Authority, 1-3 Kifisias Street, PC GR-11523, Athens, https://www.dpa.gr, tel: 2106475600.
Our hotel may change this policy by updating this page without notice. You should check this page from time to time to ensure that you are aware of those changes. In case of any inconsistency or conflict between the English and versions of other languages, the English version shall prevail.
LAST UPDATE: APRIL 2023