We take the protection of your personal data seriously!
The company under the name “ASLANIDIS HOTELS AND TOURIST ENTERPRISES S.A.” and the distinctive title “ALEXANDROS PALACE” (hereinafter “Alexandros Palace”) has long been providing high-quality hotel services in a friendly environment that guarantees a unique accommodation experience.
Respecting your privacy is a top priority for us which is why we take all necessary technical and organizational measures to protect your personal data and guarantee that they are securely and lawfully processed.
You can find all information in relation to data protection such as:
- the principles on the basis of which Alexandros Palace process your personal data
- the type of data we collect
- the way in which the data are collected
- the purposes of their processing
- the data retention period
- the recipients to which they may be disclosed
- your rights and the ways in which you can exercise them
The persons for whom the Policy is a concern: The present Policy is a concern for all those who visit Alexandros Palace and use its services (customers, visitors, tour operators etc.) or visit and navigate the official website https://www.alexandroshotel, use the online services, such as the booking form and the contact form, subscribe to the Newsletter, deal with us in any way during the provision of our services or interact with Alexandros Palace through comments and ratings in the company’s Social Media accounts, such as Facebook, Instagram, Twitter.
Data Controller: The above company under the name “ASLANIDIS HOTELS AND TOURIST ENTERPRISES S.A.” and the distinctive title “ALEXANDROS PALACE”, based in Tripiti, Ouranopoli, Chalkidiki, Greece, and legally represented, with VAT No 094296088, Registration No with the Hellenic Business Registry (G.E.MI.) 123990699000, Tourism Enterprise Registration No (MI.TE.) 1234567891011121, shall be responsible for the processing of your personal data in accordance with the data protection legislation and the Regulation.
Scope of Policy: This Policy applies to the data we collect in any lawful manner directly from you or from selected partners:
- on our official website https://www.alexandroshotel-halkidiki.com/
- through our online services and applications, such as when you fill in the online booking or contact form when you log in or you join the loyalty club
- the tour operators we cooperate with including their websites/platforms / applications (such as booking.com, Web Hotelier, HOTELBEDS PRODUCTS S.L.U)
- when you interact with us on our Social Media accounts, such as when you post comments or questions, or when you sign in using your Social Media accounts (social login)
- when we fulfil our responsibilities towards you under our client relationship by providing you with our accommodation services as well as with our personalized services throughout your stay at Alexandros Palace (such as spa services, concierge, sports activities, Mini Club activities, Babysitting)
- room hire for conferences, corporate and social events etc.
Which personal data we collect: According to the relevant definition of the Regulation, “personal data” means any information relating to an identified or identifiable natural person (“data subject”); an “identifiable person” means a person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Moreover, “special categories of personal data” mean data concerning health, revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning a natural person’s sex life or sexual orientation.
More specifically, we collect in accordance with the law and only to the extent necessary the following appropriate and necessary data for the relevant legal purposes explicated below:
- Your identity details (such as your name and surname, nationality, ID card or passport number, date of birth), password were required to login our online services (for instance if you are a tour operator)
- Your e-mail, country, date of check-in and check-out in online booking through third parties and/or tour operators (such as Booking)
- Date of check-in and check-out in combination with the room number, as they are included in the booking form.
- Any special request/preference you may have as well as the details of your arrival/departure at the airport in case you request transportation
- Financial and invoicing details (such as profession, VAT No, Tax Office (D.O.Y.), credit/debit card information).
- Contact details (such as postal address, telephone number, e-mail, mobile phone) you state in the booking form. Moreover, your e-mail will be required in order for you to modify (cancel/modify) your booking.
- In exceptional cases and in accordance with the current legislation, personal data belonging to the aforementioned special categories, such as allergies, nutritional needs, health data, facilities required for disabled people, that you disclose to us freely and with your explicit consent in order for us to ensure that your accommodation is safe and comfortable and that you are provided with the appropriate services.
- Preferences and interests: such as rooms with a view, nonsmoking rooms, the purpose of the trip (business or recreation)
- Facebook or Google account or e-mail when you join the loyalty club
- If you participate in a promotion, your name and surname, date of birth, contact details, e-mail, personal or professional interests may be required
- Data entered when you order a product or you use an additional service inside or outside the Alexandros Palace (e.g., Concierge service, transportation, participation in sports activities, spa, eating and drinking, purchasing products inside Alexandros Palace, Mini Club services, Babysitting services, lost & found services etc.)
- Data provided for room hire or the organization of events (for instance, in the organization of conferences, wedding receptions etc.)
- Your e-mail in order to receive our newsletter about offers/discounts and/or other promotions upon your prior and explicit consent
- Furthermore, when you visit our website https://www.alexandroshotel-halkidiki.com/, personalized information on the device by which you accessed the website, such as your IP address, geographical access data, unique device identifier, information on the browser, on the language of the browser and/or other relating information may be recorded. In no case is the use of the website revealed by personal IP addresses, while this data (web server logs) is periodically erased.
Data of minors: Please note that our services are not provided directly to minors and for this reason we do not collect the data of people under the age of 18 except for that provided to us by their parents or guardian during their stay at Alexandros Palace.
The purposes for which we use your data: In order for us to better fulfil our responsibilities towards you under our client relationship and to offer you the best accommodation experience possible, as well as to improve our services to better meet your needs pursuant to our legitimate interests, the following legal purposes support the collection of your data:
- The management of the room booking system, including online booking (such as keeping documents required by the current legislation) [GDPR article 6 (1) (b) and (f)]
- The provision of our services starting from the date of your check-in to the date of your check-out [GDPR article 6 (1) (b) and (f)]
- The fulfilment of our responsibilities towards you under our client relationship/mandate and for the correct and comprehensive provision of our services during your stay at Alexandros Palace, which is the main purpose of the processing of your data [GDPR article 6 (1) (b)]
- Invoicing and payment of the provided services [GDPR article 6 (1) (b), (c) and (f)]
- To respond to the requests/questions you send us through the communication channels both before and during your stay at Alexandros Palace or after your check-out [GDPR article 6 (1) (a)]
- For purposes of commercial communication, marketing, promotion of our services by electronic and/or conventional means, in case you have consented to such communication [GDPR article 6 (1) (a), (f)]
- To conduct customer satisfaction surveys and/or ratings regarding the quality of services provided by us (e.g., when you fill in a customer satisfaction questionnaire, etc.) as well as in any other case in which you have given your explicit consent [GDPR article 6 (1) (a), (f)]
- To manage entries in the loyalty club and discounts (GDPR article 6 (1) (a), )f)]
- To serve our legitimate interests after deeming that they are not overridden by your interests or fundamental rights and freedoms that require the protection of your data against the interests of Alexandros Palace [GDPR article 6 (1) (f)]
- In order to comply with the current Greek and European legislation as well as any other legislation on the basis of our legal or contractual obligations, as well as to fulfil our legal obligations under the current legislation, such as that on tourism, tax, accounting and administration [GDPR article 6 (1) (c)]
- To establish, exercise or defend our legal claims [GDPR article 6 (1) (f)]
Data Retention Period: Alexandros Palace shall retain your personal data in written and/or electronic form only for as long necessary to fulfil our legal and contractual obligations in accordance with the lawful purposes for which we collected them, after which it is securely erased unless a different retention period is provided for in the applicable law.
– The data collected through the contact form or through any other way of communication with Alexandros Palace, are kept for a maximum period of 6 months from the completion of the communication.
– The data collected through the social media accounts of Alexandros Palace, such as Facebook, Instagram and Twitter, shall be retained for as long as you remain connected in any way to these accounts and in accordance with the corresponding terms contained in the data protection policy of these social networks.
– Cookies shall be retained for a period specified according to their nature, the website that created them and the purpose for which they are used. For more information, please read the Cookies Policy [link]
– Moreover, personal data shall be retained for the period laid out in the relevant Legislation such as that on tourism, tax, accounting, e-privacy and the corresponding provisions of the law regarding their maximum retention period.
– If there are any civil legal claims/requirements, Alexandros Palace may retain the personal data until the completion of the legal time limit of such claims.
– The data we retain in order to send newsletters or for your participation in our promotional activities is kept until you tell us that you no longer wish to receive newsletters and/or promotional newsletters and/or promotions from us.
Access of data by third parties: We ensure that your personal data are processed legally and fairly. Alexandros Palace may on a case-by-case basis – and only to the extent necessary for the above mentioned purposes – disclose your personal data to our selected and trusted partners, who process the data on our behalf, on condition that they observe the confidentiality of said data, within the framework of our contractual commitments and maintaining the right to control over them, for the proper and efficient operation of Alexandros Palace.
Indicatively, the following categories of recipients are mentioned on a case by case basis:
- providers of IT products and services, as well as support services of all kinds of information and electronic systems and networks
- online booking management companies. Especially on our online booking system we collaborate with Webhotelier which is certified according to the PCI-DSS Level 2 standard and is controlled by Trustwave.
- Delivery services (courier)
- For tax purposes related to the repayment of the services provided by us and the issuance of the corresponding tax documents / invoices, Alexandros Palace discloses the personal data absolutely necessary
- to collaborating accountants / accounting – tax offices,
- to credit / debit card providers who process any payments by card. Your card details are encrypted, is not recorded and cannot be used for any purpose other than the above.
- Alexandros Palace, under the current legislation, may occasionally disclose only the absolutely necessary personal data for the performance and effectiveness of the agreements concluded between us, to safeguard our legitimate interests as regards the collection and settlement of debts that may have arisen as well as any other legal right and claim, to law firms, accounting / tax offices and accountants / tax preparers, notaries and bailiffs.
- Cooperating third-parties, in case you have given your consent for personalized services (such as transportation services from/to the airport, Concierge, Babysitting, Mini Club etc.)
- Alexandros Palace, in compliance with the current legislation, may be legally obliged to disclose your personal data, as the case may be, to the competent police, judicial, administrative, tax and other public authorities and bodies, upon their valid request, without prior notice to you.
Alexandros Palace ensures and guarantees that it only discloses the appropriate, relevant, suitable data and only the number of them required in view of the above mentioned purposes.
Transfers to third countries: Data may be transmitted by processors on our behalf to third parties outside the EEA for the purposes described herein only if appropriate safeguards have been provided. If the processors are based outside the EU and the EEA or the data are intended for processing outside the EU, the transfer of personal data takes place on condition that an adequate level of their protection is not undermined, for instance: (i) on the basis of an adequacy decision issued by the European Commission, or (ii) where appropriate guarantees are provided and enforceable data subject rights and effective legal remedies exist for data subjects are available, or (iii) binding corporate rules have been approved by the bodies, as well as in any other case provided for in the Regulation. Especially online booking data are stored in the cloud of Amazon Web Services based in North Virginia, USA, and in Frankfurt.
Information on your rights: We respect your rights as specifically laid out in the Rules of Procedure and we ensure that their exercise is facilitated. Said rights are:
- Right of access, that is, your right to be informed about which data, collected directly from you or from third parties, are processed by Alexandros Palace, the purposes and legal basis of their processing, any recipients or categories of recipients of your personal data, their retention period, as well as the rights of the data subject provided for in the relevant legislation and detailed in this section
- Right to rectification of any inaccurate personal data in order for them to be accurate, as well as the right to have incomplete personal data completed, by providing Alexandros Palace with a supplementary statement with your accurate and complete personal data
- Right to erasure of your personal data where one of the following grounds provided for in the Regulation applies: i. the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; ii. you withdraws consent on which the processing is based and there is no other legal ground for the processing; iii. the personal data have been unlawfully processed; iv. the personal data have to be erased for compliance with a legal obligation in law, v. the personal data of a child have been collected in relation to the offer of information society services following consent given by the child or the holder of parental responsibility over the child
- Right to restriction of processing of your personal data where one of the following applies: i. when you contest the accuracy of your personal data, for a period enabling Alexandros Palace to verify the accuracy of your personal data; ii. the processing is unlawful and you oppose the erasure of the personal data and requests the restriction of their use instead; iii. Alexandros Palace no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims
- Right to object to processing of your personal data in the specific cases provided for in Article 21 of the Regulation, including profiling, unless Alexandros Palace demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims
- Right to data portability, that is, your right to receive your personal data, which you have provided to Alexandros Palace in a structured, commonly used and machine-readable format, to the extent that this is technically feasible and provided that you have consented to the processing of your personal data or that such processing was necessary for the performance of the contract concluded between us, and to transmit those data to another controller
- Right to withdraw the consent (without any retroactive effects) that you have provided regarding an issue relating to the protection of personal data.
It is highlighted that the above rights may be restricted due to a legal obligation, such as in case you request that your data be erased, but we are obliged to retain them by law, e.g., tax law etc. or for the exercise of legal claims. Also, your rights to erasure, object or to restriction of the processing of your personal data may not be satisfied, in whole or in part, if they concern data necessary for the preparation and / or continuation of the contract / mandate between us, regardless of the source of their collection.
How to exercise your rights: In order to facilitate the exercise of your rights, we suggest, for your convenience, that you fill in the relevant form (link Exercise of Rights Form).
To exercise the rights described above and for any questions regarding the legislation applicable to personal data, you may simply and at any time contact Alexandros Palace as follows:
- through the online contact form
- by sending Alexandros Palace a letter to the postal address: Tripiti, Ouranopoli, 63075 Chalkidiki, Greece
- by telephone at: +302377031100
Alexandros Palace will respond to your request free of charge, without delay and in any case within one month of receipt of the request, except in exceptional cases in which the above deadline may be protracted for two more months, if required, depending on the complexity of the request or the number of requests. We will make every possible effort to respond to your request within thirty (30) days, in order to comply with it or to justify the legal reasons that do not allow us to do so.
We remain at your disposal to respond to your questions or requests at the e-mail firstname.lastname@example.org at the Reception or at the telephone number +302377031424.
In case your consent is the legal ground for the processing of your personal data, we inform you that you may withdraw it at any time, in which case we may not be able to continue providing you with our services.
Data Security – Confidentiality: Alexandros Palace protects the confidentiality of your data and takes appropriate material and digital security measures (such as antivirus, firewall and SSL certificate) to prevent any unauthorized access and to ensure the integrity and availability of your data.
Disclaimer for third-party: We may provide links and hyperlinks to third party websites to facilitate the visitors and users of our website. Alexandros Palace does not control the websites of third parties and holds no responsibility for the content or hyperlinks of any of the websites to which the links point, nor is it responsible for the privacy practices they apply or for the content of the websites of third parties.
Competent Supervisory Authority in Greece: We would also like to inform you that if you have any complaint, you can contact the Hellenic Data Protection Authority at the following details: email email@example.com, telephone: +30 210 6475600, postal address: 1-3 Kifisias Avenue, P.C. 115 23, Athens. or, according to your place of residence, the relevant competent national Authority in accordance with the Regulation.
The applicable law to the processing of personal data by us: The Greek Law, as formulated according to the General Data Protection Regulation (EU) 2016/679, the implementing Law 4624/2019 and in general the current national and European legal and regulatory framework for the protection of personal data are the applicable law.
Settlement of disputes: The Parties mutually agree to make an effort to resolve in an amicable way any dispute arising out of this Policy in a spirit of mutual respect, by bringing them in out-of-court procedures, such as Mediation.
In the event that an amicable dispute settlement is not possible, the competent courts for any disputes related to your data shall be the Courts of Polygyros, Halkidiki.
Last version: June 2021