Privacy Policy Statement

 

Preface.

Domes Operator GP runs www.domesresorts.com and www.ledracrete.gr websites. Domes Operator GP established in Tsifliki Region, Elounda, Agios Nikolaos, Lasithi, Crete, Greece (Registration Number 133802441000) is the Controller of your Personal Data according to the General Data Protection Regulation EU 2016/679 of the European Parliament and the Council of 27 April 2016 (GDPR) and the national law 4624/2019 (Government Gazzette 137/A/2019).  Domes Operator GP also hosts the internal websites of Domes Resorts Hotels, thus acting as the processor of your personal data in each webpage. We provide an index so that you can easily identify the controller and the processor in each webpage:

URL

Controller

Processor

www.domesresorts.com

Domes Operator GP

-

www.ledracrete.gr

Domes Operator GP

-

https://domesresorts.com/domesofelounda/

Touristikai Epiheiriseis Driros S.A.

Domes Operator GP

https://domesresorts.com/domesnoruzchania/

Domes of Chania S.A.

Domes Operator GP

https://domesresorts.com/domeszeenchania/

Domes of Crete Single Member S.A.

Domes Operator GP

https://domesresorts.com/domesauluselounda/

Elounda Blue Hotels Single Member S.A.

Domes Operator GP

https://domesresorts.com/domesmiramare/

Domes of Corfu S.A.

Domes Operator GP

https://domesresorts.com/domesofcorfu/

Domes of Attica S.A.

Domes Operator GP

https://domesresorts.com/domesauluszante/

Domes of Attica S.A.

Domes Operator GP

 

For the establishment of each company please read the relevant privacy policy which you can find at the bottom of each hotel’s webpage. If you cannot find what you seek, do not hesitate to contact our DPO at dpo@ledrahotelsandvillas.com.

 

1. Definitions.

1.1. «personal data» means any information relating to an identified or identifiable natural person (data subject) in particular by reference to an identifier such as name, gender, postal and email address, telephone number, language preference, date and place of birth, nationality, passport, visa or other government-issued identification data, important dates, such as birthdays, anniversaries and special occasion, membership or loyalty program data (including co-branded payment cards, travel partner program affiliations), prior guest stays or interactions, goods and services purchased, special service and amenity requests, geolocation information, social media account ID, profile photo and other data publicly available, or data made available by linking your social media and loyalty accounts.

 

1.2. «other data» are data that generally do not reveal your specific identity or do not directly relate to you as an individual. To the extent Other Data reveal your specific identity or relate to you as an individual, we will treat Other Data as Personal Data. Other Data include browser and device data, app usage data, data collected through cookies, pixel tags and other technologies, demographic data and other data provided by you, aggregated data.

 

1.3. «processing» means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

 

1.4. «profiling» means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

 

1.5. «pseudonymisation» means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

2. The collection of Personal Data.

We collect Personal Data from:

2.1 Online Services. We collect Personal Data when you visit our website, make an online reservation, purchase of goods or services, communicate with us, or otherwise connect with us or post to social media pages, or sign up for our newsletter or participate in a survey, contest or promotional offer.

2.2. Customer Care Centers. We collect Personal Data when you make a reservation over the phone, communicate with us by email, fax or via online chat services or contact customer service. These communications may be recorded for purposes of quality assurance and training.

2.3. Marriott Group, Other Marriott Group Companies, Owners of Marriott Group and Franchisees. We collect Personal Data from the Marriott Group, other Marriott Group companies, Owners of Marriott Group branded properties and their Franchisees.

 

2.4. Your browser or device. We collect certain data through your browser or automatically through your device, such as your computer type (Windows or Macintosh), operating system name and version, internet browser type and version and the name and version of the Online Services (such as the Apps) you are using. We use this data to assess levels of usage.

         

2.5. Your use of the Apps. We collect certain data when you download and use an App, such as App usage data, the date and time the App on your device accesses our servers and what data and files have been downloaded to the App based on your device number.

               

2.6. Cookies, Pixel Tags other similar technologies. Our website uses cookies and trackers in order to provide you with the best possible online experience. For further information, please read our Cookies Policy.

 

2.7. Analytics. We may collect data through Google Analytics and Adobe Analytics, which use cookies and technologies to collect and analyze data about use of the Services. For further information, please read our Cookies Policy.

         

2.8. Your IP Address. We collect your IP address, a number that is automatically assigned to the computer that you are using by your Internet Service Provider (ISP). An IP address is identified and logged automatically in our server log files when a user accesses the Online Services, along with the time of the visit and the pages that were visited. We use IP addresses to calculate usage levels, diagnose server problems and administer the Online Services. We also may derive your approximate location from your IP address.

 

2.9. Aggregated Data. We may aggregate data that we collected and this aggregated data will not personally identify you or any other user.

3. The purpose of the processing.

We use Personal Data and Other Data to provide you with our Services, to develop new offerings and to protect the legal rights of Domes Operator GP. In some instances, unless you provide the data we request, or prohibit us from collecting such data, we may not be able to provide the requested Services. We use Personal Data and Other Data for our legitimate business interests, including the following:

3.1. Provide the Services you request. We use Personal Data and Other Data to manage our contractual relationship with you, upon your consent and/or to comply with a legal obligation. We use Personal Data and Other Data to provide Services you request, including:

3.2. Personalise the Services according to your Personal Preferences. We use Personal Data and Other Data to provide personalised Services according to your Personal Preferences either with your consent or because we have a legitimate interest to do so. In so doing, we improve your experiences, including when you contact our call center or use the Online Services, to customize your experience according to your Personal Preference and to present offers tailored to your Personal Preferences.

3.3. Communicate with you about goods and services according to your Personal Preferences. We will use Personal Data and Other Data to communicate with you with your consent, to manage our contractual relationship with you and/or because we have a legitimate interest to do so. We use Personal Data and Other Data to send you marketing communications and promotional offers, as well as periodic customer satisfaction, market research or quality assurance surveys.

3.4. Loyalty Programs. We use Personal Data and Other Data to offer and manage your participation in your global loyalty programs, as well as others that are specific to certain properties or tailored to your interests, send you offers, promotions and information about your account status and activities, assess your benefits, administer points earned through co-branded credit cards, manage your choices regarding how you wish to earn, track and use your points, we will use Personal Data and Other Data in this way with your consent, to manage our contractual relationship with you and/or because we have a legitimate interest to do so.

3.5. Sweepstakes, activities, events and promotions. We use Personal Data and Other Data to allow you to participate in sweepstakes, contests and other promotions and to administer these activities.  Some of these activities have additional rules and may contain additional information about how we use and disclose your Personal Data. We suggest that you read any such rules carefully. We use Personal Data and Other Data in this way with your consent, to manage our contractual relationship with you and/or because we have a legitimate interest to do so.

3.6. Business Purposes. We use Personal Data and Other Data for data analysis, audits, security and fraud monitoring and prevention, developing new goods and services, enhancing, improving or modifying our Services, identifying usage trends, determining the effectiveness of our promotional campaigns and operating and expanding our business activities. We use Personal Data and Other Data in this way to manage our contractual relationship with you, comply with a legal obligation and/or because we have a legitimate interest to do so.

4. The processing and sharing of personal data.

Our goal is to provide you with the highest level of our Online Services, and to do so, we share Personal Data and Other Data with the following:

 

4.1. Domes Resorts Hotel Group. We disclose Personal Data and Other Data to “Domes Resorts” Hotel Group (Companies: TOURISTIKAI EPIHEIRISEIS DRIROS SA, ELOUNDA BLUE HOTELS SINGLE MEMBER SA, DOMES OF CHANIA SA, DOMES OF CORFU SA, DOMES OF CRETE SINGLE MEMBER SA, DOMES OF ATTICA SA) for the purposes described above, such as providing and personalising the Services, communicating with you and to accomplish our business purposes. We share your Personal Data and Other Data used for making a reservation to fulfill and complete it.

 

4.2. Owner of the Hotel. In the case of Domes Aulus Zante and Domes of Corfu, we disclose Personal Data and Other Data to Leonidas Hotel 1 Single Member SA and to Leonidas Hotel 2 Single Member SA respectively, for the purposes described in this Privacy Statement, to accomplish our business purposes. The Owner of the Hotel shall process your Personal Data as a separate data controller. For further information about the processing of your Personal Data by the Owner please refer to each Owner’s Privacy Policy. For Domes Aulus Zante click here and for Domes of Corfu click here.

 

4.3. Marriott Group, Other Marriott Group Companies, Owners and Franchisees. We disclose Personal Data and Other Data to the Marriott Group for the purposes described above, such as providing and personalising the Services, communicating with you, facilitating loyalty programs, and to accomplish our business purposes. The abovementioned partner is the party responsible for the management of your Personal Data. We share your Personal Data and Other Data used for making a reservation to fulfill and complete it. For more you can access directly https://www.marriott.com/about/privacy.mi.

 

4.4. Service Providers. We disclose Personal Data and Other Data to third-party service providers for the purposes described in this Privacy Statement. Examples of service providers include companies that provide website hosting, data analysis, payment processing, order fulfillment, information technology and related infrastructure provision, customer service, email delivery, marketing, auditing and other services. 

4.5. We will use and disclose Personal Data as we believe to be necessary or appropriate: (a) to comply with  applicable law, including laws outside your country of residence; (b) to comply with legal process; (c) to respond to requests from public and government authorities, including authorities outside your country of residence and to meet national security or law enforcement requirements; (d) to enforce our terms and conditions; (e) to protect our operations; (f) to protect the rights, privacy and safety of the Domes Operator GP, you or others; and (g) to allow us to pursue available remedies or limit the damages that we may sustain.

5. Principles relating to our processing of personal data.

Your Data are:

(a)  processed lawfully, fairly and in a transparent manner.

(b)  collected for the specified, explicit and legitimate purposes explained above and not further processed in a manner that is incompatible with those purposes.

(c)  adequate, relevant and limited to what is necessary in relation to the above purposes.

(d)  accurate and, where necessary, kept up to date.

(e) processed in a manner that ensures appropriate security, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.

6. Consent.

6.1. Where applicable, we process your data after your prior freely given, specific, informed and unambiguous statement or your clear affirmative action signifies agreement.

6.2. You have the right to withdraw your consent at any time. Withdrawal of consent shall be in written form and bears no detriment to the provision of our services. However, withdrawal of your consent will not affect the lawfulness of processing based on consent before its withdrawal.

7. Retention

We will retain your Personal Data for the period necessary to fulfill the purposes outlined in this Privacy Statement unless a longer retention period is required or permitted by law. The criteria used to determine our retention periods include: 

·          The length of time we have an ongoing relationship with you and provide the Services to you (for example, for as long as you have an account with us or keep using the Services)

·          Whether there is a legal obligation to which we are subject (for example, certain laws require us to keep records of your transactions for a certain period of time before we can delete them)

·          Whether retention is advisable considering our legal position (such as, for statutes of limitations, litigation or regulatory investigations)

8. Security

We seek to use the necessary organizational, technical and administrative measures to protect your Personal Data. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of your account has been compromised), please immediately notify us in accordance with the “Contact Us” section.

 

9. Your Rights.

As the Data Subject subjected to processing, you reserve and can exercise any time the following rights:

·         you can obtain access to your Personal Data that we process and to request a copy (Right of Information).

·         you can obtain not only the rectification of inaccurate Data but also the completion of incomplete Personal Data, always according to the purposes of the processing (Right to Rectification).

·         you have the right to obtain the erasure of your Personal Data, without prejudice to our obligations and legal rights regarding their retention on the basis of the specific implemented statutory and regulatory provisions (Right to Erasure).

·         you can obtain restriction of processing your Personal Rights, when it is not clear whether your Data is being used and for how long, when you contest their accuracy, when their processing is unlawful or the purpose of the processing has come to an end and under the provision that there is no legitimate reason for their retention, while your clear consent will be requested for any other processing except from filing (Right to Restriction).

·         you can object at any time to the processing of your Data, on grounds relating to your particular situation, in case your Personal Data are processed for the purposes of our legal interests, without prejudice that we can demonstrate compelling and legitimate grounds for the respective processing that override your interests, rights and freedoms or for the establishment, exercise and defence of legal claims (Right to Object).

·         you can receive your Personal Data which are retained with automated means electronically (in a commonly used and machine – relatable format) or you can demand their transmission to others (Right to Portability).

 

10. How you can exercise your rights – the right to lodge a complaint.

In case you want to exercise your rights regarding Personal Data that you have previously provided to us, please contact us at  0030 2310 810624 or by mail at privacy@ledrahotelsandvillas.com.

In your request, please make clear what right is exercised and what Personal Data it regards. For your protection, we only fulfill requests for the Personal Data associated with the particular email address that you use to send us your request, and we may need to verify your identity before fulfilling your request. We will try to comply with your request as soon as reasonably practicable and consistent with the applicable law. 

Please note that we often need to retain certain data for recordkeeping purposes and/or to complete any transactions that you began prior to requesting a change or deletion (e.g., when you make a purchase or reservation, or enter a promotion, you may not be able to change or delete the Personal Data provided until after the completion of such purchase, reservation, or promotion).  There may also be residual data that will remain within our databases and other records, which will not be removed.  In addition, there may be certain data that we may not allow you to review for legal, security or other reasons.

In case there is undue refusal or delay on our behalf to grant your requests, as established in your rights, or if you feel that your Personal Data are processed in contravention of the law, you have the ability to file a complaint with the Hellenic Data Protection Authority, which is established in Athens, Kifisia Str. 1-3, PC 115 23, tel 0030 210 6475600 and fax 0030 210 6475628, as the national competent authority concerning the implementation of the General Data Protection Regulation (GDPR). For further information, you can visit the official website of the above authority www.dpa.gr (an English version is available).

 

11. DPO.

Conforming ar. 37 and 38 of the GDPR, on regard to your best interest, Domes Operator GP has designated Anastasios Nikolakopoulos, Attorney at law admitted in Thessaloniki Bar Association, resident at 15 Komninon str. Thessaloniki, Greece, Zip Code 54625, tel. 2310 240224, as the Data Protection Officer responsible for overseeing compliance with EU data protection. If you have any concerns about the way in which your personal data is being used or processed by us or you are not satisfied, you can contact him directly at dpo@ledrahotelsandvillas.com

 

12. Final Provisions.

Domes Operator GP values you as our guest and recognize that privacy is important to you. We revise and update this Privacy Statement when any changes become effective. Its former versions are at your disposal upon request. In any case, your use of the Services following these changes means that you accept the revised Privacy Statement. We remain at your disposal for any addition information using the above contact.


March 2022