PERSONAL DATA PROTECTION POLICY ONOMA HOTEL
ONOMA Hotel processes all of your personal data in compliance with the General Data Protection Regulation (Regulation 2016/679 – GDPR), as well as national and community legislation in force today or to be enacted in the future, offering a safe environment.
ONOMA Hotel (company NEW S.A.) is a member of Anatolia Hospitality Group, along with ANATOLIA Hotel in Thessaloniki (company VICTORIA S.A.) and ANATOLIA Hotel in Komotini (company N. G. CHRYSOCHOIDIS S.A.).
1. Personal information we collect
Personal is any information relating to an identified or identifiable individual, a person that is, whose identity can be directly or indirectly ascertained. Not included are data which cannot lead to the identification of a specific individual (anonymous data).
We collect the following types of personal data:
Visitors / Customers:
Identification data: Full name, user name or similar identifier, birth date and sex, Tax Identification Number, signature, identity card or passport particulars, VISA status information, professional and family status, CCTV images and videos and, generally, photographs taken inside the hotel (for example in our Photo Booth).
Contact information: invoice address, e-mail address, residential address and phone numbers, contact information and other related particulars.
Booking information: room number and type, number of visitors, vehicle information, arrival and departure time.
Financial information: bank account and payment card information.
Transaction data: details relating to payments from and to you and details regarding booking or other offers you have purchased from us.
Sensitive information*: Possible disabilities/special needs, medical conditions and special medical or dietary requirements which could affect your stay at our hotel.
Communication and promotional materials: your preferences relating to promotional materials from us or third parties, such as the other members of Anatolia Hospitality Group (e.g. informational material – newsletter), as well as your preferred method of communication with us.
Our correspondence with you: included in this is your views on hotels (for example, possible complaints or observations made by you over the telephone, e-mail or social networking websites or e-mail, personal or written correspondence and interaction files between us).
Data from your activity on the Internet / mobile network: data such as your IP address, the type and version of your browser, language and location setting, as well as settings relating to appearance/screen, geographic position data, data relating to the platform or other technology in the devices you use to access our website or applications, data relating to the manner by which you use or interact with our website and applications, data relating to your profile (e.g. user name and password, preferences, comments and responses to surveys), as well as data from the use of social networking media (e.g., comments, photographs, video).
Data from questionnaires: included in these are your responses to the questionnaire we gave you and which you may – provided you so wish – fill-out at your arrival to our hotel.
* ΟΝΟΜΑ Hotel collects sensitive information (as such are defined in article 9 of the General Data Protection Regulation), only if such are provided with your express consent or if we are required to do so, in compliance with laws or regulations in force. We may use the health data you have provided us with to ensure your well-being or to improve our services and upgrade your experience.
The information we may collect from prospective employees includes the following:
• Full name, address, telephone number(s) and e-mail address.
• Qualifications, skills, experience and employment history.
• Possible additional information contained in a prospective employee’s CV.
The Data Controller shall process this information, to assess whether to conclude an employment contract with a particular prospect, while may also process personal data in order to comply with his legal responsibilities and obligations.
We have a lawful interest to process personal information during the hiring process and to maintain records of the process. We may also need to process the data of prospective employees to defend against legal claims.
We shall not disclose the data of a prospective employee to any third parties, save if said prospective employee grants his/her consent for this, in case where his/her job application is successful and a job offer is made.
2. How do we collect your personal information?
We utilize different methods to collect data from you, including:
Directly from you: you may give us your identity particulars, contact and financial information by filling out a form or by contacting us over the post, telephone or/and by e-mail. You may also provide your personal information to us when making a booking over e-mail, phone, social media, fax or/and via our website or/and on-line booking platforms or engines (for example, booking.com), as well as when you register or check in our facilities (for example, by filling out the printed arrival form, when you come to us in person). Finally, you can provide us with your personal information regarding your interests and preferences through your interaction with the various services of our hotel (e.g. in the restaurant, in the bar, through your interaction with the housekeeping department or by completing the questionnaire given to you upon arrival at our hotel).
From third parties or publicly available sources: it is possible for us to receive your Identification Particulars from a reservation made in your name by your relatives, a travel agency / travel agent, the company you work for, booking websites or social networking pages.
Information provided by you on your relatives: you can provide to us personal information on members of your family, your friends, dependents or other third parties for the purposes of a booking. In such cases, you are responsible to inform them with respect to this Policy and their rights ensuing from it.
Competition, Coupons, Offers, Surveys: it is possible for us to receive your personal data should you choose to participate in competitions, make use of coupons and offers, or take part in surveys.
Website / Application / Social Media: we may collect your personal data when you visit and interact with our hotel’s website, when you download and use our application, as well as when you contact our hotel via social media pages or use Internet connections via our social media.
Loyalty Program: should you choose to become a member of our loyalty program, we will collect your information in order for us to offer you the benefits associated with the program.
Events (meetings, weddings, etc.): we may collect your personal information in the process for the organization of such an event, directly from you, in order to organize said event in one of our spaces.
CCTV: we may record video or take photographs of you in public spaces and via our CCTV system, mainly for your protection, the protection of our other visitors or guests, as well as our staff.
Hotel’s Wi-Fi Service: when you use the Wi-Fi services at our hotels, your personal access and identification data may be collected and used.
3. Information about or from minors
4. How to we use your personal data?
Bookings: we may use your data in order to make a booking for any of our services on your behalf (stay, restaurant/bar reservation).
Payments: in order to make a booking or any other purchase, your payment particulars are required.
Services: to be able to provide and charge any services relating to our hotel; to facilitate possible special requests or assistance you may have asked for, as well as to personalize and tailor our services to better respond to your personal preferences and to thus optimize your experience.
To improve our products and services: during your stay we may ask for your opinion on our services, which will be later used towards their further improvement.
Marketing/Promotion: We may use your personal data in order to share with you products or services we feel that you may want or need or be interested in.
Subject to the condition that we will have received your prior express consent and provided that you have not withdrawn this consent, we reserve the right to send you messages with promotional/advertising content, either by email, by telephone, or by personal message (sms), or through various communication applications (e.g. viber / whatsapp), so that you are informed on our news and occasional offer packages.
Participation in our loyalty program: we will collect your personal information if you choose to become a member of our loyalty program.
To comply with our legal obligations: your data may be used for our compliance with orders imposed by our auditors for the purposes of the submission of financial reports and statements, by government authorities and to collaborate with police authorities, regulatory authorities and/or courts.
When you check-in at our hotel, but also throughout your stay, you will have the opportunity to answer an on-line questionnaire. By filling out this questionnaire and depending on your answers, we shall recommend various activities and events (inside and outside our hotel), in order to optimize your stay and experience of our city (Thessaloniki). At any circumstance, filling out the questionnaire is optional.
Moreover, if you wish to fill-out the questionnaire, you can decline to answer any of its questions. Finally, you can stop filling it out at any time and without any justification. In any case, the completion of the questionnaire silently entails your consent to the storage and processing of your data by our hotel.
The information we will collect will be confidential and will be exclusively and only used for us to offer personalized recommendations for recreational activities that will take place in our hotel or in our city during your stay. The database with the information you will provide by means of your answers is kept in our hotel’s computers. The IP address and other potential personal data are not recorded.
6. Photo Booth
There is a Photo Booth inside our hotel, where you can have your picture taken and capture your precious memories. A necessary condition for the use of the photo booth is to offer your express consent (by selecting the corresponding box which will appear as you enter the booth) for your photographs to be stored on the memory card, so that they can then be printed on paper.
In addition, you may – provided you so wish – consent (by selecting the corresponding box which will appear as you enter the photo booth) to the further use of the photographs you have taken at our hotel. Your consent to such further use is in any case optional. The further use of your photographs includes their posting in the various social media pages of our hotel (Facebook, Instagram, LinkedIn etc) and generally serves marketing and promotional goals. The photographs taken at the photo booth are stored and may be used – provided you have granted your consent – for a period of one year from them having been taken, upon the lapse of which they will be permanently deleted.
It is important for you to know that the consent you offer, both for the storage of the photographs on the memory card, as well as for their further use by our hotel, by clicking on the corresponding box on each occasion, shall be valid and applicable for all individuals in the photograph. In any case, the use of the Photographic Booth silently entails your consent to the storage and processing of your photographs by our hotel.
7. Legal grounds for processing
Performance of contract: The use of your personal data may be required for the performance of a contract you may have concluded with us (for example, the making of a booking).
Legitimate interest: Processing is necessary for our legitimate interests or the legitimate interest of a third party, save if the grounds for the protection of your interests supersede those of our legitimate interests. For example, it is a legitimate interest of ours to process your data in order for us to improve our services and the contents of our website or to protect the health and bodily integrity of our staff.
Vital interest: In cases where it is impossible to obtain your consent, we may need to process your personal data, including sensitive personal data you provided us with at the rendering of our Services, where such processing serves your vital interest or the vital interest of a third party (for example in the case of a medical emergency).
8. Data Disclosure
Our company explicitly states that it will not proceed with any unlawful or illicit use of your personal data and will not in any way or on any grounds transmit your personal data and the user/visitor/client information to any third parties.
However, we may share the personal data you have given us with your express consent, with exclusively the third parties cited below, for the purposes referred to below and always subject to the condition that your personal data do not undergo any unlawful processing:
To the Hotel’s associates: in order for us to be able to help you cater for your needs during your stay at our hotels and to provide you with promotional material to your preference.
To external associates: It is possible for us to disclose your Personal Data to other third parties, our associates, including technical experts and consultants offering their services to us. These other third parties include credit card issuers, financial institutions, external auditors and legal consultants.
To travel agencies/our corporate travel associates: We may disclose your Personal Data to associates engaged in the provision of travel-related services. Such may be travel agencies, airlines and car rental companies, in order to facilitate them to offer you the unique opportunity to purchase travel-related services.
To government authorities: In order for our business to comply with legal requirements.
International Data transfers: Subject to specific conditions, the need to transmit personal data and other information collected from you to so-called “third” nations outside the European Union (EU) / European Economic Area (EEA), may ensue. It is possible, for example, for your personal data to be processed by personnel operating in third nations which works for us, or by other entities which act as those carrying out the processing, who process data on our behalf.
Every transmission of personal data to countries outside those for which the European Commission has adopted an adequacy resolution with respect to the level of data protection, will be carried out based on contractual agreements and by using standardized contractual clauses approved by the European Commission or other appropriate assurances in accordance with the legislation in force, in order for us to provide suitable and adequate guarantees for your personal data.
9. How long do we keep your personal information for?
We shall keep your personal information only for as long as it is necessary in order to fulfill the purposes for which they were collected and principally for the satisfaction of any legal or accounting obligations or liabilities or obligations to file reports with regulatory authorities. Parallel to this, we limit access to your personal information only to those individuals who must use them to the corresponding purpose on a case-by-case basis.
In order for us to determine the period we need to keep your personal data, we take account of the quantity, nature and sensitiveness of your personal data, the potential risk of harm from unauthorized use or/and disclosure of your personal data, the purposes for which we process them and whether we can attain such objectives using other means, as well as our current legal obligations and responsibilities.
You can, under certain circumstances, request that we delete your data (cf. 11 below). We may keep your data anonymized in certain cases (for example, statistical or demographic data), in such a format that they will no longer be able to be associated with you or/and to identify you. In such a case, we may use them without further reminder or warning, since such data may originate from your personal data but are no longer considered as personal by the Law, as they do not directly or indirectly lead to your identity.
10. The safety of your personal data
The data you provide to us are protected using SSL (Secure Socket Layer) technology. SSL technology is the principal method utilized in the field of personal data and credit card information encryption, in order to ensure their safe transmission over the Internet. All payment particulars are transmitted via a secure SSL connection to an exclusive network infrastructure (Multiprotocol Label Switching – MPLS) and are stored in compliance with the Payment Card Industry Data Security Standard (PCI DSS).
11. Your rights
You are entitled to a series of rights with respect to the personal information – data you have disclosed to ONOMA hotel. In more detail:
The right of access: Yous right to obtain a copy of the personal information we keep on you, as well as information relating to how your personal data is being used.
The right to rectification: You reserve the right to request the rectification of the data we keep on you, where such are erroneous or incomplete.
The right to erasure: Known also as the right to be forgotten, this right grants you the ability to demand the deletion of your personal data from our files and systems. In this case, our business is obliged to delete your data, without undue delay and where one of the following grounds applies: (a) the personal data are no longer necessary in relation to the purposes for which they were collected by our company or were otherwise processed; (b) you have withdrawn your consent for the collection, processing and storage of your personal data by our company and there is no other ground for the processing and to the extend where no such other legal grounds subsists; (c) you object to the processing of your personal data and there are no overriding and lawful grounds for the processing; (d) the personal daa have been unlawfully processed; (e) the personal data need to be erased for compliance with a legal condition in the National or Union law our company is subject to; (f) the personal data have been collected in relation to the offer of information society services directly to a child, as such are more specifically referred to in article 8§1 of the General Data Protection Regulation.
The right to restriction of processing: This right allows you to limit the processing of your personal data by us. Should you exercise this right, our hotel may store your personal data, but any other use thereof is prohibited, save for specific and limited cases.
The right to object: You reserve the right to object to the use of your personal data by use in certain circumstances. However, it is possible that we will continue to use your personal data, despite your objection, in cases where there are urgent legal reasons to do so or where we have to use your personal data with respect to possible legal claims of ours.
The right to data portability: This right allows you to acquire your personal data in a format permitting you to transfer them to some other company/organization, in cases where we process your personal rights based on your consent or the performance of a contract and provided processing is carried out using automated means. You reserve the right to the portability of your personal data directly from us to some other company/organization, provided this is technically feasible.
The right to lodge a complaint with a supervisory authority: You reserve the right to lodge a complaint with the Hellenic Data Protection Authority should you believe that we do not process your data in compliance with the legislation on data protection, and
The right to withdraw your consent: You reserve the right to withdraw your consent to the processing of your personal information by us at any time. This will not affect the legality of our processing before the revocation.
Provided you exercise any of the aforementioned rights, we shall take every necessary step to satisfy your request within a deadline of thirty (30) working days from the receipt of your relevant request. Occasionally, it may take more than one month to satisfy it, should your request be very complex or in case you have submitted more requests. In such a case, we shall inform you and keep you updated. In any case, we will immediately inform you either with respect to the satisfaction of your request or the objective reasons hindering it.
We may require additional information from you, to help us verify your identity and ensure your right to gain access to your personal information (or to exercise any of your other rights).This is a security measure to safeguard against the unintended or accidental disclosure of your personal information to unauthorized parties. We may also contact you in order to ask for additional information to expedite our response.
12. Amendments to this policy
We may occasionally revise this Policy by posting a new version on our website. You can visit our website on a regular basis to note possible changes.
13. Data Controller’s Contact Information
You can contact us in one of the following ways: