Privacy Policy

Welcome to our website, www.archipelagotinos.gr.

The protection of your personal data is a matter of significant importance to us. Therefore, we have created this policy, in order to provide you with adequate information regarding the processing of your data by our Company.

  1. Introduction – Data Controller

The website found at www.archipelagotinos.gr, hereinafter referred to as “Website”, is owned by ARCHIPELAGOTINOS Tourist Enterprises Limited Partnership based in Tinos, Agios Romanos, Postal Code 84200, hereinafter referred to as “Company” or “we”, which offers accommodation services.

Email: info@archipelagotinos.gr

In order to be able to provide you with our services, while also complying with our legal obligations, we process information concerning the Website visitors and users, which may lead to their identification, directly or indirectly.

According to the respective legal framework, some of this information is “personal data”, while you, the visitors or members, are characterized as “data subjects” and we, the Company, are the “controllers” of your data.

In case you have any questions regarding the processing of your data or the exercise of your rights, you are more than welcome to contact us.

  1. Basic data processing principles

We are committed to ensuring that your personal data will be processed in a fair and transparent manner, according to the legal framework, particularly the General Data Protection Regulation (GDPR). In plain terms, this means that:

  • We process your data only for specified, explicit and legitimate purposes (purpose limitation)
  • We process only data which are adequate, relevant and limited to what is necessary in relation to the purposes set (data minimisation)
  • We make every effort to ensure that your data are accurate (data accuracy)
  • We keep your data in a form which permits your identification for no longer than is deemed necessary for the purposes we have set (storage limitation).
  • We make every effort to ensure the security of your data (integrity and confidentiality).

In order to ensure the protection of your data, the Company takes all appropriate technical and organisational measures, trains its staff and uses technologies which ensure the security of your data [for example Secure Sockets Layer (SSL) certificate, encryption, certified hosting providers].

We monitor the security measures on a regular basis and, if deemed necessary, we align them with the new best practises.

  1. What types of data we process and under which conditions

Typically, we process your data through the Website only when you provide them in an active manner to us, e.g. by filling out a contact form, or making a reservation.

Τhis does not apply to your data that are automatically collected while visiting the Website or/and through cookies or similar technologies (check our cookies policy).

Α. Automatically obtained information

When you visit our Website, your IP address, as well as other information, such as the date and time of your visit, the browser type and the operating system you use to visit our website, is recorded by our server.

Our Company’s processing of your data is based on our legitimate interest, given that it is technically necessary for running the Website as well as for protecting the networks, the information and the services against unforeseeable circumstances, or illegal and malicious actions that compromise the availability, authenticity and confidentiality of stored or transmitted data (e.g. control of denial of service attacks), without entailing serious risks for your rights and liberties.

Β. Information provided to us

We process the personal data provided by you in the following cases:

  1. Contact the Company via contact form/email

Data we process

Purpose

Legal Basis

Full name

Email address

Phone number (in case of contact form)

Important note: Your message should include only the necessary information related to your request and not your or a third person’s personal data.

We process this data, in order to be able to contact you in response to your message. Sending an email or submitting a form does not make you our client, however it might show intention to enter into a contract.

We process your data based on your consent (article 6 (1) (a) GDPR), which you have the right to withdraw at any time and you can also request the erasure of your data. In case you withdraw your consent, the lawfulness of the processing already carried out will not be affected. Your withdrawal prevents us from communicating with you in the future.

 

  1. Booking a room

Data we process

Purpose

Legal Basis

Full name

Email address

Address (optional)

Phone number (optional)

Important note: Your message should include only the necessary information related to your request and not your or a third person’s personal data.

We process this data upon your request, to be able to proceed with your reservation and provide you our services.

We process the data provided by you in order to take appropriate measures before entering into a contract with you as well as to carry out our contractual obligations (article 6 (1)(b) GDPR).

Important Note: The obligation to submit accurate data falls upon the person who provides the data. Find out about your right to rectification of your inaccurate data by reading the policy section regarding your rights.

  1. Who has access to your data

Typically, access is permitted to authorized members of the Company staff, who process your data in a strictly confidential manner, and only to the extent and in the context of the purposes which you have already been informed about.

Furthermore, in order to be able to provide our services to you, we share some of your data with other companies (our partners). These companies (the Processors) process your data only for the purposes mentioned above and only on behalf and for the Company, with the exception of any legal obligations. During the transfer of your data, the Company takes all appropriate technical and organisational measures in order to ensure the best possible level of security.

Respect for the rules regarding the security of the processing of your data is one of the most important criteria when choosing our partners. In addition, our partners are contractually bound to provide the necessary safeguards and to take all appropriate technical and organisational measures so as the processing to be lawful and to ensure the protection of your data and rights.

These companies provide us with: (a) web hosting services, (b) online booking services and (c) booking management services.

Booking management services are provided to us by Webhotelier, a company based in Nicosia, Cyprus, 9 Mnasiadou Street (Democritos Building, Office 16).  Webhotelier service is provided in compliance with the General Data Protection Regulation (GDPR).

Please note: Booking a room online via our Website is technically feasible with the use of Webhotelier’s platform, while online payments also take place in this safe environment. You can learn more about Webhotelier’s privacy policy here.

Our Company is a member of Airbnb, which is owned by Airbnb Ireland UC, based in Dublin, The Watermarque Building, South Lotts Road, Ringsend.

According to its policy, Airbnb service is provided in compliance with the General Data Protection Regulation (GDPR) while the Company participates in the Privacy Shield for the safe transfer of data between the EU and the US.

Please note: The use of Airbnb services on your behalf is independent from your use of our services. We have no influence over the way Airbnb processes your data and Airbnb is considered to be an independent data controller, not a data processor. You can learn more about Airnbnb’s privacy policy here.

Our Company is a member of Booking.com, which is owned by Booking B.V.,  based in Amsterdam, 597 Herengracht Street, 1017 CE, Netherlands.

According to its policy, Booking.com service is provided in compliance with the General Data Protection Regulation (GDPR).

Please note: The use of Booking.com services on your behalf is independent from your use of our services. We have no influence over the way Booking.com  processes your data and Booking.com is considered to be an independent data controller, not a data processor. You can learn more about Booking.com privacy policy here.

Finally, our Company uses the services of Papaki for the hosting of its Website. According to its policy, Papaki, which is based in Heraklion, Greece, S Street, Industrial Area, offers its services in compliance with the General Data Protection Regulation (GDPR).

You can learn more about Papaki privacy policy here.

  1. Where and for how long we store your data

Your data is stored in the Company’ server, which is hosted in a data center located within the EU. In any case, while appropriate technical and organisational measures, required to avoid any data breach, are constantly applied.

The data is stored strictly for a period of time considered necessary for each processing purpose.

For example, if you make a reservation and stay at our apartments, the data included in the relevant tax documents remain stored for as long as the respective legislative framework requires.

  1. What rights you have and how you can exercise them

Under the current legal framework, you have a set of rights regarding the processing of your rights by the Company. In particular, you have the right:

  1. To submit a request to the Company to be informed whether we process data and, if so, what types of data (right of access).
  2. To request the rectification of the data (right to rectification).
  3. To request, under conditions, the erasure of the data (right to erasure).
  4. To request, under conditions, the restriction of the data processing (right to restriction of processing).
  5. To object, under conditions, to the processing of your data by us (right to object), mainly regarding the processing relating to marketing purposes (e.g. newsletter).
  6. To request the data that you have provided to us in a structured, commonly used and machine-readable format (right to data portability), as long as it is technically feasible.
  7. In case of a data breach, which is likely to result in a high risk to your rights and freedoms and as long as it does not fall under any of the exceptions provided in General Data Protection Regulation, the Company has the obligation to communicate the breach to you without undue delay.

Compliance with the legal framework regarding the processing of personal data and, in this context, the exercise of your rights, are our top priority. Therefore, we have the right to request additional information, which are considered necessary for your identification confirmation before exercising your rights.

In principle, the Company has the obligation to respond to your request promptly and within one month at the latest. If deemed necessary, taking into account the complexity of the request and the number of the requests, that period may be extended by two further months. In any case, we will inform you as soon as possible, and in any case within one month after the submission of your request, concerning the progress made and the reason for any possible delay in dealing with it.

In case your requests are manifestly unfounded or excessive, in particular because of their repetitive character,the Company may either charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the action requested, or refuse to act on the request.

In case you consider that we do not comply with the personal data protection laws, you have the right to lodge a complaint with the Hellenic Data Protection Authority (www.dpa.gr).

  1. Hyperlinks

Within our Website you can find hyperlinks which allow you to access third party websites. These links have the sole purpose of facilitating your surfing the Web and they do not show, in any way, our endorsement or approval to the content of these websites.

Accessing these websites through hyperlinks in our Website takes place on your sole responsibility and we encourage you to read each website’s privacy policy carefully.

  1. Social Media

Facebook

Our Website has an official Facebook page ( https://www.facebook.com/archipelagotinos/ ) .

You can contact us via our Facebook page in order to get more information about our services using the ‘send message’ function. In order to respond to your queries, we process your Facebook username and other information publicly available through your profile (e.g. your email address). Sending a message for the purposes of communication between us provides us with your consent to the abovementioned processing of your data. Access to and use of our webpage is subject to the present Privacy Policy.

In case you choose to click “LIKE” on our page, this means that you give your consent to view news and promotions (via the newsfeed) made by the Company through its Facebook page. If you do not wish to receive such updates, you can click “UNLIKE” at any time and withdraw your consent.

Facebook Ireland Limited, Hanover Reach, 5-7 Hanover Quay, Dublin, Ireland, is responsible for Facebook’s operations in the European Union. You can learn more about the processing of your Facebook data via the following links:

https://el-gr.facebook.com/policy.php?CAT_VISITOR_SESSION=c7b73ebc78d1681ade25473632eae199

https://el-gr.facebook.com/business/GDPR

Instagram

Our Website has an official Instagram account ( https://www.instagram.com/archipelagotinos/?hl=en  ) .

You can follow the Company’s account on Instagram and comment on its posts, thus providing data to be processed on the platform. Instagram, which belongs to Facebook Inc., 1601 S California Ave, Palo Alto, CA 94304, USA, and Facebook Ireland Limited, Hanover Reach, 5-7 Hanover Quay, Dublin, Ireland, has its own cookie and data protection policies, over which we exercise no control and are not in a position to influence. Access to Instagram is solely at your own risk, and we encourage you to read its Data Protection Policy carefully since you are accepting its terms by using its services.

YouTube

The Company has an official YouTube channel (https://www.youtube.com/channel/UCsaDBR4euaNdgMYu4mlITig).

You can follow the Company’s account on Youtube, watch our video posts and comment on them, thus providing data to be processed on the platform. YouTube, which belongs to Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA, has its own cookie and data protection policies over which we exercise no control and which we are not in a position to influence. Access to YouTube is solely at your own risk, and we encourage you to read Google’s Data Protection Policy carefully since you are accepting its terms by using its services.

 

General information regarding social media and online booking services

The Company takes all appropriate technical and organisational measures to ensure the security of data processing via social networking platforms and online booking platforms, including, but not limited to, restricting the number of persons with administrator-level access to each page.

The Company is responsible only for the method and means by which it processes your data for its own purposes (communication, information and promotions) and to the extent that it exercises control over your data. On the other hand, it bears no responsibility for the method or means that any social networking or online booking platform processes your data.

In any case, we urge you to be particularly careful about the content you post on our social media or online booking pages, especially when you provide your own or third party personal information, and you must ensure that the page you are contacting is indeed our official page.

Comments on Social Media

We encourage users to comment on posts and/or on our pages on social media or online booking platforms, in an effort to review and improve our services. We do not have a general obligation to review the content submitted by users of these platforms, although we make every effort to provide a secure online environment.

We reserve the right to remove any kind of content found to be in violation of its terms of use, such as content that is abusive, vulgar, pornographic, threatening, constitutes advertising, or infringes intellectual property rights or contains a false statement about the user, and at the same time it reserves the right to block users who submit such material. The terms of use of each media where the comments are published shall apply concurrently.

In case you think that there is content on our Company’s pages on social media or online booking platforms which affects you in a negative way or otherwise violates our terms of use, please contact the administrators immediately.

  1. Minors

The Company directs its services exclusively to individuals over 18 years of age. Since it is not technically feasible to effectively control the age of the visitors/users of the Site, we are committed to deleting all relevant information if a submission of personal data relating to minors is reported. This deletion is without prejudice to the need to keep the data in the event of provision of grounds for, or exercise or support of our legal claims or the fulfillment of a legal obligation.

  1. Changes in policy and updates

This policy may be changed at any time and without prior notice. Guided by the principle of transparency, we are committed to notifying you of any major changes in our policy. In any case, however, you should periodically review our policy, since the use of our services means that you accept these terms.