Privacy Policy

Emelisse Nature Resort considers the personal data protection as a matter of outmost seriousness and great importance. Respecting the personal data we collect and manage and ensuring their proper processing is one of the hotel’s priorities.

This is the reason why we take all appropriate technical and organizational measures in order to protect the personal data we process and to ensure that this processing will always meet the requirements of the current legal framework and in particular the General Data Protection Regulation (EU) 2016/679 (GDPR).

 

1. DATA CONTROLLER – CONTACT DETAILS

Emelisse Nature Resort is the data controller for all the personal data that collects, processes and stores.

Emelisse Nature Resort

Address: Emblisi Bay, 280 84, Fiskardo, Kefalonia

Phone Number+30 26740 41200

For the matters concerning the processing of personal data you can contact the hotel’s Data Protection Officer (DPO) at igallou@aristi-s.gr

 

2. CATEGORIES OF PERSONAL DATA COLLECTED AND PROCESSED

Emelisse Nature Resort collects and processes personal data for carrying out its business activity and in particular, the optimum personalized provision of hotel and leisure services.

In order to accomplish this purpose you have to provide us with the following personal information of yours: first name & surname, date & place of birth, passport or ID number, home address, phone number, email address, driving license number (if and when needed), car plate number (if and when needed), number and type of credit/debit/prepaid card, tax information (if you request the issue of invoice) and any other information will help us offer you the best possible services (i.e. eating habits, possible allergies, preferences etc.). Moreover, we keep to our records the dates of your accommodation and your room number

For the protection and security of the staff, guests, visitors and properties, the hotel operates closed circuit television (CCTV) that records the images of customers, visitors and employees in public areas (where permitted by law). The recording is done always in accordance with the relevant legislation.

 

3. PURPOSES OF THE PROCESSING & LEGAL BASIS OF THE PROCESSING

All the above mentioned personal data is being processed in Emelisse Nature Resort’s business framework and for the purpose of providing the optimum personalized hotel and leisure services to our guests. Some of the data may also be used for information and marketing purposes of the hotel’s services, only on the basis of an explicit consent given.

Legal basis of the data processing may be:

  • The performance of the contract between the hotel and its customers, so that they complete their booking and enjoy our services.
  • The Emelisse Nature Resort’s compliance with its legal and regulatory obligations, arising by the current legal framework regarding the hotel’s business activities.
  • The promotion, preservation and protection of the legitimate interests both of the hotel and its guests, in case we need to rise and support legitimate claims or to defend our rights and interests before courts. Legitimate interests include also among others the development and improvement of the services provided by the hotel and the hotel’s seamless and continuously improving operation.
  • The consent that may be provided by our customers (existing or potential) in order to receive information about the Emelisse Nature Resort’s services, the organization of various events and activities by the hotel etc.

 

4. RECIPIENTS OF THE PERSONAL DATA

Access to your data has the authorized personnel of Emelisse Nature Resort, during their job description duties.

The personal data may also be shared with third affiliated parties, such as tax consulting office, partners who support the hotel’s IT systems or provide other kind of services, always under strictly confidentiality.

Moreover, the data may be disclosed –as required or permitted by the applicable laws– to public authorities and bodies, in order that the hotel complies with its legal and/or contractual obligations.

 

5. TIME PERIOD OF STORAGE OF THE PERSONAL DATA

In the first place, we store the data at least for the time required in order to fulfil the processing purposes for which the data were collected. In addition and because a big number of our customers visit us repeatedly and for their better and faster future service, we keep their data up to 10 years after their last reservation.

Finally, we maintain the data for the time required by the legal framework applied to the hotel’s business operation.

If the process of personal data is based on consent, the data are stored until the consent is withdrawn. It must be clarified that the withdrawal of the consent does not affect the lawfulness of the processing based on the consent before its withdrawal.

In any case, Emelisse Nature Resort applies all the appropriate technical and organizational measures in order to ensure the protection of personal data processed and constantly takes care to prevent any unauthorised access to them.

 

6. RIGHTS IN RELATION TO THE PERSONAL DATA

You can exercise the following rights regarding the processing of your personal data:

  • Right of access

You have the right to know what categories of personal data of yours we keep and process, for what processing purposes and other additional relevant information. You also have the right to request a copy of your personal data undergoing processing.

  • Right to rectification

You have the right to request the rectification, modification and completion of your personal data.

  • Right to erasure («right to be forgotten»)

You have the right to request the erasure of your personal data when they are processed based on your specific consent. In cases where the processing is based on another legal basis (such as performance of a contract, legal obligation or protection of legitimate interests of the Company etc.), this right of yours may be subject to restrictions or not be exercised.

  • Right to restriction of processing

You have the right to request the restriction of processing of your personal data

  1. When their accuracy is contested by you and until we make their relevant verification
  2. Alternatively, instead of their erasure
  3. When they are no longer necessary for the processing purposes for which we have collected them, but they are required by you for the establishment, exercise or defence of legal claims
  4. When you object to their processing and until it is verified that there are legitimate reasons for such processing by the Company
  5. Right to object and automated individual decision-making including profiling

You have the right to object to the processing of your personal data when it is based on a legitimate interest, as well as for direct marketing and profiling purposes

  • Right to data portability

You have the right to request and receive your personal data in a format that allows you to access them, use them and process them with the commonly used editing methods. In addition, you have the right to request us to transmit your personal data to another controller where we process them by automated means and based on your consent or for the performance of a contract and if this is technically feasible.

  • Right to withdrawal of consent

If the processing of your personal data is based on your consent, you have the right to withdraw it at any time. The withdrawal of your consent does not affect the lawfulness of the processing based on the consent before its withdrawal.

You may exercise your above-mentioned rights as well as pose any question, complaint or ask other information regarding the processing of your personal data, by contacting igallou@aristi-s.gr

 

7. RIGHT TO LODGE A COMPLAINT WITH THE SUPERVISORY AUTHORITY

You have the right to lodge a complaint with the Hellenic Data Protection Authority (www.dpa.gr) on matters concerning the processing of your personal data.