- through the website operated by us from which you are accessing this Privacy Statement,
- through our social media pages that we control from which you are accessing this Privacy Statement (collectively, our “Social Media Pages”)
- through HTML-formatted email messages that we send you that link to this Privacy Statement and through your communications with us
- when you visit or stay as a guest at one of our properties, or through other offline interactions
Collectively, we refer to the Websites and our Social Media Pages, as the “Online Services” and, together with offline channels, the “Services.” By using the Services, you agree to the terms and conditions of this Privacy Statement.
At Villa Fulmar, we guarantee our commitment to respecting and protecting your privacy, as well as safeguarding your personal data. Therefore, Villa Fulmar with respect to the applicable national and European legal framework about data protection, especially the new European General Data Protection Regulation 2016/679 (GDPR) provides you hereby a lawful, fair and transparent policy in order to inform you about the personal data we collect, how we use it, and how the use of this information can benefit your experience while visiting our premises and enjoying our Services and/or our Online Services.
– what personal data we collect and how we use them;
– the purposes we process your personal data and the relevant legal basis under which we process your personal data;
– your rights related to your personal data.
You can always find out more by contacting us, as further described below (Your Rights).
Collection of personal data and use of them
1.2. Data collected for booking purposes
Online booking engine through our website:
If you decide to make a booking reservation through our website, we will collect your name and surname, address, city, country, telephone, email, any special requests you may have, as well as arrival date and departure.
Third parties’ online booking engines and/or travel agents:
In this case, we receive an email confirming your booking, including information such as your name and surname, country, arrival date and departure date and any (family) members that will accompany you.
1.2.1. Purposes of processing – legal basis
We collect your booking data in order to:
- Process and complete your booking reservation:
- Facilitate your booking. Our legal basis is that processing is necessary for the performance of a contract with you.
- Process the payment of the relevant services, fees and charges. Our legal basis is that processing is necessary for the performance of a contract with you.
- Collect and recover money owed to us. Our legal basis is our legitimate interest.
- Process your details in case of disputes. Our legal basis is our legitimate interest.
1.3. Registration Data – Check-in procedure
When you arrive at Villa Fulmar – Check-in procedure:
During your arrival at Villa Fulmar, you will provide us with the necessary information for the check-in procedure. More specifically, we collect your first and last name, your language, your address of residence (street, postcode, city, country), your telephone number, your email address, passport/ID number, as well as arrival date and departure date.
1.3.1. Purposes of processing – legal basis
We collect your registration data for
- Completion of the registration procedure. Identification data is necessary in order to comply with our legal obligations
- Serving your stay. Our legal basis is our legitimate interest.
- Facilitating administration. Our legal basis is our legitimate interest.
- Facilitating payment procedure. Payment information is necessary in order to issue your invoice and comply with fiscal obligations.
- Promoting our special offers and services which may interest you. Our legal basis is your prior consent, if provided.
2. Data collected through our website or online platforms
2.1. Personal Data Collected via your registration to our Newsletter
When you register for receiving our newsletter, we collect and store your email address and if you wish you can submit your name, surname and country.
2.1.1. Purposes of processing – legal basis
We use data you provide us when you register to our Newsletter for:
- Communication with you and sending you newsletters about our services and offers. We will proceed to relevant processing if you provide us with your consent.
2.2. Online Technologies
Special Categories of Personal Data – Sensitive Personal Data
When referring to the notions of “special categories of personal data” or “sensitive personal data”, they reflect the kind of personal information that reveal racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership and genetic data, biometric data which allows to uniquely identify a natural person, health data and/or data regarding sexual orientation. We may collect such data only if you voluntarily provide us, or when we ask you to do so and you provide us your explicit consent.
We do not seek or obtain personal data directly from minors (i.e. under the age of 18), instead we endeavor to collect such data from their legal guardian and when necessary we obtain relevant consent. However, as it is impossible to always determine the age of persons who access and use our websites, we encourage parents or guardians to contact us if they notice any case of unauthorized data provision by minors in order to exercise accordingly their rights such as deletion of their data.
Transfer of Personal Data
The personal information you provide us is being kept secured and safeguarded. We may share your information public services for the above described purposes.
Furthermore, we may disclose your personal data to third parties (legal entities or individuals). We always guarantee that these third parties imply the same measures for the protection of your personal data and act only under our written orders with respect to your personal data.
More specifically, in the context of pursuance of the processing purposes, personal data may be transferred to:
– Third parties which provide us relevant services (e.g. finance, legal or technical support etc). In any case, all these companies are contractually bound with us in order to ensure the observance of confidentiality, as well as commitment to the data protection legislation.
– Public authorities (Police, prosecuting authorities, tax authorities etc.) in the context of issuance of fines, or upon relevant request.
When information is transferred as afore-mentioned, we limit the extend of information that is being disclosed, to the strictly necessary for the performance of the specific purpose.
We do not transfer the data to any country the European Economic Area (EEA).
Third-Party Websites’ Disclaimer
We may provide hyperlinks to third-party websites as a convenience to our users; We do not control third-party websites and are not responsible for the content of any linked-to third-party websites or any hyperlink in a linked-to website. We are not responsible for the privacy practices or the content of third-party websites.
We warranty to protect and respect your rights, as set forth by General Data Protection Regulation, including more specifically:
(i) your right to be informed on the processing of your personal information (i.e. right of access) and to request and obtain further information on the processing applied;
(ii) your right to request for correction of their inaccurate personal data;
(iii) your right to request for deletion of personal information provided, unless prohibited by legitimate reasons;
(iv) your right to request for limitation of processing;
(v) your right to request for portability of your personal information; and
(vi) your right to objection/opposition to further processing thereof.
Xamoudochori, Chania, Crete , 730 14, Greece,
In case you consider that we have not properly responded to your request, you can always contact the relevant Greek Data Protection Authority (www.dpa.gr).
Although, no method of transmission over the Internet or method of electronic storage is 100 percent secure, we have taken all commercially reasonable measures and precautions in order to maintain your data accuracy and to ensure the appropriate use of information we collect about you, as well as to secure and protect your personal information from unauthorized access, while you enjoy services we provide you during your physical presence in our premises or your digital visits in our online environment, respectively.
Retention Period of Personal Data
Your personal data is retained for a predetermined and limited period depending on the purpose of processing, after the end of which, these personal data is being deleted from our files unless another retention period is required or permitted by applicable law.
Date: February 2021