Privacy Policy Statement
Preface.
Domes Operator GP runs www.domesresorts.com and www.ledracrete.gr websites.
Domes Operator GP established in Tsifliki Region,
Elounda, Agios Nikolaos, Lasithi,
Crete, Greece (Registration Number 133802441000) is the Controller of your
Personal Data according to the General Data Protection Regulation EU 2016/679
of the European Parliament and the Council of 27 April 2016 (GDPR) and the
national law 4624/2019 (Government Gazzette
137/A/2019). Domes
Operator GP also hosts the internal websites of Domes Resorts Hotels, thus acting
as the processor of your personal data in each webpage. We provide an index so
that you can easily identify the controller and the processor in each webpage:
URL |
Controller |
Processor |
Domes Operator GP |
- |
|
Domes Operator GP |
- |
|
https://domesresorts.com/domesofelounda/ |
Touristikai Epiheiriseis Driros S.A. |
Domes Operator GP |
https://domesresorts.com/domesnoruzchania/ |
Domes of Chania S.A. |
Domes Operator GP |
https://domesresorts.com/domeszeenchania/ |
Domes of Crete Single Member S.A. |
Domes Operator GP |
https://domesresorts.com/domesauluselounda/ |
Elounda Blue Hotels Single Member S.A. |
Domes Operator GP |
https://domesresorts.com/domesmiramare/ |
Domes of Corfu S.A. |
Domes Operator GP |
https://domesresorts.com/domesofcorfu/ |
Domes of Attica S.A. |
Domes Operator GP |
https://domesresorts.com/domesauluszante/ |
Domes of Attica S.A. |
Domes Operator GP |
For the establishment of each company please read the
relevant privacy policy which you can find at the bottom of each hotel’s
webpage. If you cannot find what you seek, do not hesitate to contact our DPO
at dpo@ledrahotelsandvillas.com.
1. Definitions.
1.1. «personal data» means any
information relating to an identified or identifiable natural person (data
subject) in particular by reference to an identifier such as name, gender,
postal and email address, telephone number, language preference, date and place of
birth, nationality, passport, visa or other government-issued identification
data, important dates, such as birthdays, anniversaries and special occasion,
membership or loyalty program data (including co-branded payment cards, travel
partner program affiliations), prior guest stays or interactions, goods and
services purchased, special service and amenity requests, geolocation
information, social media account ID, profile photo and other data publicly
available, or data made available by linking your social media and loyalty
accounts.
1.2. «other data» are data
that generally do not reveal your specific identity or do not directly relate
to you as an individual. To the extent Other Data reveal your specific identity
or relate to you as an individual, we will treat Other Data as Personal Data.
Other Data include
browser and device data, app usage data, data collected through cookies, pixel
tags and other technologies, demographic data and other data provided by you,
aggregated data.
1.3. «processing» means any operation
or set of operations which is performed on personal data or on sets of personal
data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or
alteration, retrieval, consultation, use, disclosure by transmission,
dissemination or otherwise making available, alignment or combination,
restriction, erasure or destruction.
1.4. «profiling» means any form of
automated processing of personal data consisting of the use of personal data to
evaluate certain personal aspects relating to a natural person, in particular
to analyse or predict aspects concerning that natural
person's performance at work, economic situation, health, personal preferences,
interests, reliability, behaviour, location or
movements.
1.5. «pseudonymisation»
means the processing of personal data in such a manner that the personal data
can no longer be attributed to a specific data subject without the use of
additional information, provided that such additional information is kept
separately and is subject to technical and organisational
measures to ensure that the personal data are not attributed to an identified or
identifiable natural person.
2. The
collection of Personal Data.
We collect
Personal Data from:
2.1 Online
Services. We
collect Personal Data when you visit our website, make an online reservation,
purchase of goods or services, communicate with us, or otherwise connect with
us or post to social media pages, or sign up for our newsletter or participate
in a survey, contest or promotional offer.
2.2. Customer
Care Centers. We
collect Personal Data when you make a reservation over the phone, communicate
with us by email, fax or via online chat services or contact customer service.
These communications may be recorded for purposes of quality assurance and
training.
2.3. Marriott Group, Other Marriott
Group Companies, Owners of Marriott Group and Franchisees. We collect Personal Data from the Marriott Group, other Marriott Group
companies, Owners of Marriott Group branded properties and their Franchisees.
2.4. Your browser or device. We collect certain data
through your browser or automatically through your device, such as your
computer type (Windows or Macintosh), operating system name and version,
internet browser type and version and the name and version of the Online
Services (such as the Apps) you are using. We use this data
to assess levels of usage.
2.5. Your use of the Apps. We collect
certain data when you download and use an App, such as App usage data, the date
and time the App on your device accesses our servers and what data and files
have been downloaded to the App based on your device number.
2.6. Cookies, Pixel
Tags other similar technologies. Our website uses cookies and trackers in order to provide you with the
best possible online experience. For further information, please read our Cookies
Policy.
2.7. Analytics. We may collect data through
Google Analytics and Adobe Analytics, which use cookies and technologies to
collect and analyze data about use of the Services. For further
information, please read our Cookies Policy.
2.8. Your IP Address. We collect your IP address, a
number that is automatically assigned to the computer that you are using by
your Internet Service Provider (ISP). An IP address is identified and logged
automatically in our server log files when a user accesses the Online Services,
along with the time of the visit and the pages that were visited. We use IP
addresses to calculate usage levels, diagnose server problems and administer
the Online Services. We also may derive your approximate location from your IP
address.
2.9. Aggregated
Data. We may aggregate
data that we collected and this aggregated data will not personally identify
you or any other user.
3. The purpose of the processing.
We use Personal Data and Other Data to provide you with our Services, to
develop new offerings and to protect the legal rights of Domes Operator GP. In some
instances, unless you provide the data we request, or prohibit us from
collecting such data, we may not be able to provide the requested Services. We
use Personal Data and Other Data for our legitimate business interests,
including the following:
3.1.
Provide the Services you request. We use
Personal Data and Other Data to manage our contractual relationship with you, upon
your consent and/or to comply with a legal obligation. We use Personal Data and Other Data to
provide Services you request, including:
3.2. Personalise the Services according to your Personal
Preferences. We use Personal Data and Other Data to
provide personalised Services according to your
Personal Preferences either with your consent or because we have a legitimate
interest to do so. In
so doing, we improve your experiences, including when you contact our call
center or use the Online Services, to customize your experience according to
your Personal Preference and to present offers tailored to your Personal
Preferences.
3.3. Communicate
with you about goods and services according to your Personal Preferences. We will use Personal Data and Other Data to
communicate with you with your consent, to manage our contractual relationship
with you and/or because we have a legitimate interest to do so. We use Personal Data
and Other Data to send you marketing communications and promotional offers, as
well as periodic customer satisfaction, market research or quality assurance
surveys.
3.4. Loyalty
Programs. We
use Personal Data and Other Data to offer and manage your participation in your
global loyalty programs, as well as others that are specific to certain
properties or tailored to your interests, send you offers, promotions and
information about your account status and activities, assess your benefits,
administer points earned through co-branded credit cards, manage your choices
regarding how you wish to earn, track and use your points, we will use Personal Data and Other Data in this way
with your consent, to manage our contractual relationship with you and/or
because we have a legitimate interest to do so.
3.5.
Sweepstakes, activities, events and promotions. We use Personal Data
and Other Data to allow you to participate in sweepstakes, contests and other
promotions and to administer these activities. Some of these activities
have additional rules and may contain additional information about how we use
and disclose your Personal Data. We suggest that you read any such rules
carefully. We use Personal Data and Other Data in
this way with your consent, to manage our contractual relationship with you
and/or because we have a legitimate interest to do so.
3.6.
Business Purposes. We
use Personal Data and Other Data for data analysis, audits, security and fraud
monitoring and prevention, developing new goods and services, enhancing,
improving or modifying our Services, identifying usage trends, determining the
effectiveness of our promotional campaigns and operating and expanding our
business activities. We use Personal Data and Other Data in
this way to manage our contractual relationship with you, comply with a legal
obligation and/or because we have a legitimate interest to do so.
4. The
processing and sharing of personal data.
Our goal is to
provide you with the highest level of our Online Services, and to do so, we
share Personal Data and Other Data with the following:
4.1. Domes Resorts Hotel Group. We
disclose Personal Data and Other Data to “Domes Resorts” Hotel Group
(Companies: TOURISTIKAI EPIHEIRISEIS DRIROS SA, ELOUNDA BLUE HOTELS SINGLE
MEMBER SA, DOMES OF CHANIA SA, DOMES OF CORFU SA, DOMES OF CRETE SINGLE MEMBER
SA, DOMES OF ATTICA SA) for the purposes described above, such as providing and
personalising the Services, communicating with you
and to accomplish our business purposes. We share your Personal Data and Other
Data used for making a reservation to fulfill and complete it.
4.2. Owner of
the Hotel. In the case of Domes Aulus Zante and Domes of
Corfu, we disclose Personal Data and Other Data to Leonidas Hotel 1 Single
Member SA and to Leonidas Hotel 2 Single Member SA respectively, for the
purposes described in this Privacy Statement, to accomplish our business
purposes. The Owner of the Hotel shall process your Personal Data as a separate
data controller. For further information about the processing of your Personal Data
by the Owner please refer to each Owner’s Privacy Policy. For Domes Aulus Zante
click here and for Domes of Corfu click here.
4.3. Marriott Group, Other Marriott Group
Companies, Owners and Franchisees.
We disclose
Personal Data and Other Data to the Marriott Group for the purposes described
above, such as providing and personalising the
Services, communicating with you, facilitating loyalty programs, and to
accomplish our business purposes. The abovementioned partner is the party
responsible for the management of your Personal Data. We share your Personal
Data and Other Data used for making a reservation to fulfill and complete it.
For more you can access directly https://www.marriott.com/about/privacy.mi.
4.4. Service Providers. We disclose Personal Data and Other Data to third-party service
providers for the purposes described in this Privacy Statement. Examples of
service providers include companies that provide website hosting, data
analysis, payment processing, order fulfillment, information technology and
related infrastructure provision, customer service, email delivery, marketing,
auditing and other services.
4.5. We will use and disclose Personal Data
as we believe to be necessary or appropriate: (a) to comply with
applicable law, including laws outside your country of residence; (b) to
comply with legal process; (c) to respond to requests from public and
government authorities, including authorities outside your country of residence
and to meet national security or law enforcement requirements; (d) to enforce
our terms and conditions; (e) to protect our operations; (f) to protect
the rights, privacy and safety of the Domes Operator GP, you or others; and (g) to allow us to pursue available
remedies or limit the damages that we may sustain.
5. Principles relating to our processing of personal data.
Your Data are:
(a) processed lawfully, fairly and in a
transparent manner.
(b) collected for the
specified, explicit and legitimate purposes explained above and not further
processed in a manner that is incompatible with those purposes.
(c) adequate, relevant
and limited to what is necessary in relation to the above purposes.
(d) accurate and, where necessary, kept up to
date.
(e) processed in a manner
that ensures appropriate security, including protection against unauthorised or unlawful processing and against accidental
loss, destruction or damage, using appropriate technical or organisational
measures.
6. Consent.
6.1. Where applicable, we process your data after your prior freely given, specific, informed and unambiguous statement or your clear
affirmative action signifies agreement.
6.2. You have
the right to withdraw your consent at any time. Withdrawal of consent shall be
in written form and bears no detriment to the provision of our services. However, withdrawal of your consent will not affect
the lawfulness of processing based on consent before its withdrawal.
7. Retention
We will retain your Personal Data for the period
necessary to fulfill the purposes outlined in this Privacy Statement unless a
longer retention period is required or permitted by law. The criteria used to
determine our retention periods include:
·
The
length of time we have an ongoing relationship with you and provide the
Services to you (for example, for as long as you have an account with us or
keep using the Services)
·
Whether
there is a legal obligation to which we are subject (for example, certain laws
require us to keep records of your transactions for a certain period of time
before we can delete them)
·
Whether
retention is advisable considering our legal position (such as, for statutes of
limitations, litigation or regulatory investigations)
8. Security
We seek to use the necessary
organizational, technical and administrative measures to protect your Personal
Data. Unfortunately, no data transmission or storage system can be guaranteed
to be 100% secure. If you have reason to believe that your interaction with us
is no longer secure (for example, if you feel that the security of your account
has been compromised), please immediately notify us in accordance with
the “Contact Us” section.
9. Your Rights.
As the
Data Subject subjected to processing, you reserve and can exercise any time the
following rights:
·
you can obtain access to your Personal Data that we process and to
request a copy (Right of Information).
·
you can obtain not only the rectification of inaccurate Data but also
the completion of incomplete Personal Data, always according to the purposes of
the processing (Right to Rectification).
·
you have the right to obtain the erasure of your Personal Data, without
prejudice to our obligations and legal rights regarding their retention on the basis
of the specific implemented statutory and regulatory provisions (Right to
Erasure).
·
you can obtain restriction of processing your Personal Rights, when it
is not clear whether your Data is being used and for how long, when you contest
their accuracy, when their processing is unlawful or the purpose of the
processing has come to an end and under the provision that there is no
legitimate reason for their retention, while your clear consent will be
requested for any other processing except from filing (Right to Restriction).
·
you can object at any time to the processing of your Data, on grounds
relating to your particular situation, in case your Personal Data are processed
for the purposes of our legal interests, without prejudice that we can
demonstrate compelling and legitimate grounds for the respective processing
that override your interests, rights and freedoms or for the establishment,
exercise and defence of legal claims (Right to
Object).
·
you can receive your Personal Data which are retained with automated
means electronically (in a commonly used and machine – relatable format) or you
can demand their transmission to others (Right to Portability).
10. How you can exercise your rights – the right to
lodge a complaint.
In case you want to exercise your rights regarding Personal Data that
you have previously provided to us, please contact us at 0030 2310 810624 or by mail at privacy@ledrahotelsandvillas.com.
In your request, please make clear what right is
exercised and what Personal Data it regards. For your protection, we only
fulfill requests for the Personal Data associated with the particular email
address that you use to send us your request, and we may need to verify your
identity before fulfilling your request. We will try to comply with your
request as soon as reasonably practicable and consistent with the applicable
law.
Please note that we
often need to retain certain data for recordkeeping purposes and/or to complete
any transactions that you began prior to requesting a change or deletion (e.g.,
when you make a purchase or reservation, or enter a promotion, you may not be
able to change or delete the Personal Data provided until after the completion
of such purchase, reservation, or promotion). There may also be residual
data that will remain within our databases and other records, which will not be
removed. In addition, there may be certain data that we may not allow you
to review for legal, security or other reasons.
In case
there is undue refusal or delay on our behalf to grant your requests, as
established in your rights, or if you feel that your Personal Data are
processed in contravention of the law, you have the ability to file a complaint
with the Hellenic Data Protection Authority, which is established in Athens, Kifisia Str. 1-3, PC 115 23, tel
0030 210 6475600 and fax 0030 210 6475628, as the national competent authority
concerning the implementation of the General Data Protection Regulation (GDPR).
For further information, you can visit the official website of the above
authority www.dpa.gr (an English version is available).
11. DPO.
Conforming
ar. 37 and 38 of the GDPR, on regard to your best interest, Domes Operator GP has designated Anastasios Nikolakopoulos, Attorney at law admitted in
Thessaloniki Bar Association, resident at 15 Komninon
str. Thessaloniki, Greece, Zip Code 54625, tel. 2310 240224, as the Data
Protection Officer responsible for overseeing compliance with EU data
protection. If you have any concerns about the way in which your personal data
is being used or processed by us or you are not satisfied, you can contact him
directly at dpo@ledrahotelsandvillas.com
12.
Final Provisions.
Domes Operator GP values you as our guest and recognize that privacy is important to you. We
revise and update this Privacy Statement when any changes become effective. Its
former versions are at your disposal upon request. In any case, your use of the
Services following these changes means that you accept the revised Privacy
Statement. We remain at your disposal for any addition information using the
above contact.
March 2022