Privacy Policy

PRIVACY POLICY AND GDPR COMPLIANCE

The Greek Retreats PC (herein after The Greek Retreats, or we/ us) is the leading luxury villa rental specialist in Greece, based in Athens, 10 Vissarionos Str,Tel: +30 210 64 10 280, featuring the finest selection of luxury villas in Greece. This Privacy Policy outlines The Greek Retreats’s general policy and practices for complying - among others - with the applicable EU General Data Protection Regulation 2016/679 (GDPR), including the types of personal data we process, the purpose and the legal basis for that processing, the technical and security measures that we apply and the rights that individuals have under GDPR. This Privacy Policy applies to all personal information (as these are defined under the GDPR) of natural persons received by our company, whether in electronic, paper or verbal format.

 

Notice

The Greek Retreats shall inform individuals of the purpose for which it collects and uses their personal data and the types of third parties to which it may disclose that information. The Greek Retreats shall provide individuals with the choice and means for limiting the use and disclosure of their personal information, where applicable. Notice will be provided in clear and conspicuous language when individuals are first asked to provide personal information to The Greek Retreats, or as soon as practicable thereafter, and in any event before The Greek Retreats uses or discloses the information for a purpose other than that for which it was originally collected. 

 

1. What are the personal data?

1.1.Personal data means any information relating to you which allows us to identify you, such as your name, contact details, booking reference number, payment details and information about your access to our website.

1.2.We may collect personal data from you when you do a reservation with us (either directly or indirectly through our trusted third party partners), use our website and other websites accessible through our website, or when you contact us.

 

2. What Types of Personal Data Does the Greek Retreats Process and How do we Use your Personal Data?

 

2.1.We will only use your personal data in ways that are compatible with the purposes for which it was collected or authorized by you. Unless required or authorized by law, The Greek Retreats will not process sensitive personal information about individuals for purposes other than those for which the information was originally obtained or subsequently authorized by the individual. In case we need to process such data, we shall implement high security standards, according to the law.

2.2.Personal details about your physical or mental health, alleged commission or conviction of criminal offences, or photographs of you in electronic version are considered special categories of personal data under applicable data protection law. We will process any such data only if you have given your explicit consent, or you requested special assistance, or you have deliberately made these information public.

2.3.We will only process your information, where:

            - you have given your consent to such processing (which you may withdraw at any time, as detailed below);

            - the processing is necessary to provide our contractual services to you;

- the processing is necessary for compliance with our legal obligations (e.g. for tax reasons or to prevent a threat to life, health or safety of a customer); and/or

            - the processing is necessary for our legitimate interests (e.g. safety internet connection) or those of any third party recipients/partner of ours that receive your personal information.

 

2.4.More specifically, we may process your personal data for specific purposes, as follows: 

a) Provision of our booking services

Following your request for a reservation, either if you act as an individual client, a villa owner, or a villa management company, we shall collect and process your personal data in order to provide you the services that you require from us.

We may collect:

i) Your name, age, address, telephone number, email, ID or passport number, nationality and country of residence, necessary for the provision of our services to you.

ii) Information for the payment of our services, such as credit/ debit card number(s), including associated billing address(es) and expiration date(s), according to your explicit consent, as provided by you at a specific authorization form and as described below.

iii) Other information necessary to facilitate your travel or other services, including travel companion(s) names/ passport numbers/age, any dietary or other restrictions

 - Use of products and services such as self-service devices, flight status notification and web check-in, necessary for the services required by us.

 

b) Payment Information 

When you use our Payment Services, such as when booking accommodation or a travel-related experience through us or establishing a supplier relationship via us, we require certain financial information (like your bank account or credit card information) in order to process payments and comply with applicable law. If you are a Supplier, we may require additional information such as your ID or tax ID (where permitted by applicable law), and other proof of identification or verification in order to verify your identity, provide the Payment Services to you, and comply with applicable law. If you are a Guest, we may retain your financial information to assist you with booking travel-related experiences with third parties. We only process such data according to your explicit consent and written authorization. 

 

c) Advertising and Marketing Related Purposes

According to your explicit consent we may process information such as your email address or your IP address, in order to:

i) Send you promotional messages, marketing, advertising, and other information that may be of interest to you, based on your communication preferences (including information about The Greek Retreats or our partners’ campaigns and services).

ii) Administer referral programs, rewards, surveys, sweepstakes, contests, or other promotional activities or events sponsored or managed by The Greek Retreats or its third party business partners.

iii) Carry out profiling on your characteristics and preferences (based on the information you provide to us, your interactions with our services, and your search and booking history) in order to send you promotional messages, marketing, advertising and other information that we think may be of interest to you.

 

d) Employee and Human Resource Related Purposes

i)The Greek Retreats collects personal information from applicants to open positions within The Greek Retreats, including private contact details, CVs, professional qualifications and previous employment history, necessary to reach to employment decisions. Once employed, The Greek Retreats collects information on staff for human resource, performance, payroll and tax purposes. The Greek Retreats may process similar information relating to consultants contracted on a freelance basis.

ii)For security reasons in commonly used spaces within our offices we have installed security cameras systems (CCTV). We ensure that any recording within the offices of our company is not directed to any of our employee’s office/working space. All our employees are officially informed of this security measure and of the processing of some of their personal data that may arise thereof, which does not aim to the recording of their performance.

 

e) Web visitors- IP addresses - Cookies

i)The Greek Retreats collects named information about visitors to our website, www.thegreekvillas.com, where this is provided by them by filing our online contact form, for example where a client requests information on a The Greek Retreats service or where someone wants to apply for a vacant position with The Greek Retreats. Through the use of cookie-based technologies, The Greek Retreats may collect various data linked to virtual identities (IP addresses) allocated to visitors when they access our website. This data is used for various purposes, including site analytics and first party or third party marketing. In certain cases, these virtual identities are linked to the real world identities of visitors only when they choose to provide their named information at the contact form, as described.

ii) Automatically Generated Data 

In the course of using the pages on our website personal data may be automatically processed. Typically, this relates to the name of your internet provider, your IP address, your location, the time and date of access, the browser you are using, your operating system, the web pages you visited on our website and the website from which you accessed our website. This information is used to analyse trends, administer the Site, track user's movement, and gather broad demographic information for aggregate use. 

 

iii). Cookies Policy 

More specifically, our website, www.thegreekvillas.com, uses cookies to improve and optimize your experience as a user. Cookies are small text files that are placed on your computer, smartphone or other device when you access the internet.A cookie cannot read data from your hard disk or read cookie files created by other sites.

- We use cookies to: a) Ensure that our web page can function properly, b) Know your experience navigation and c) Collect anonymous statistical information, such as which sections you have visited, and how long you have been in our environment. You may modify and / or block the installation of cookies sent by our website; however, the quality of the operation of the services may be affected.

- Moreover, we use Google Analytics cookies to monitor and understand more about how our websites and services are used and accessed, which in turn lets us optimise the user experience and build a website that suits the needs of our users and drive the direction of our business.Information generated by Cookies about your use of the website (including your IP address) will be directly transmitted and stored by Google on servers in the United States. Google will use this information on our behalf for the purpose of keeping track of your use of the website and generate anonymous reports and statistics.You may refuse to treat data or information by refusing to use Cookies by selecting the appropriate settings from your browser.

- In addition to using cookies and related technologies as described above, we also may permit certain third party companies to help us tailor advertising that we think may be of interest to users and to collect and use other data about user activities on our Sites and/or Services (e.g., to allow them to tailor ads on third party services). These companies may deliver ads that might also place cookies and otherwise track user behaviour.

- This website uses the Google AdWords remarketing service to advertise on third party websites (including Google) to previous visitors to our site. With remarketing, you may see ads for our products you have previously looked at. For this to happen, Google, or other remarketing providers will read a cookie that is already in your browser, or they place a cookie in your browser when you visit our site (This can only happen if your browser is set to let it happen). You can set preferences for how Google advertises to you using the Google Ad Preferences page, and opt out of interest-based advertising entirely by cookie settingsor by using the Google Analytics Opt-Out Browser add on.

3. Is personal information disclosed to third parties?

3.1.We do not and will not sell, rent out or trade your personal information. We will only disclose (transfer, share, send, or otherwise make available or accessible) your personal information to third parties in the ways set out in this Policy. 

3.2.The Greek Retreats may disclose your personal information to a third party or use it for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual, only if you consent to such further processing, or if it required by law.

3.3.We may also share generic aggregated demographic information not linked to any personal identification information regarding visitors and users with our business partners, trusted affiliates and advertisers for the purposes outlined above.

3.4. In case we need to transfer your information to our affiliate companies, such as The Greek Villas LTD, or to other service providers (e.g. in the course of sending goods or promotional material, or in the case of competitions), we will ensure that they adhere to our contract and to the relevant legal data protection regulations and obligations thereof. 

3.5.We may share individuals’ personal information with our agents, contractors or partners in connection to services that they perform for, or with, The Greek Retreats,such as tour operators, airlines, hotels, car rental companies, transfer handlers and other related service providers. We shall ensure that any third party to which personal information may be disclosed subscribes to the principles set hereby and is subject to applicable legal framework (including GDPR), providing the same level of privacy protection as is required by these principles and agree in writing to provide an adequate level of privacy protection. For example, we may receive logs of the installed security systems from the processing security company, according to our written contract. Also, our employees’ information may be transferred to travel agencies in order to facilitate the arrangement of business travels and bookings and to arrange travel related services and/or products. 

3.6.We may transfer your data to our external business advisers (such as lawyers, accountants, auditors and recruitment consultants), and our contractors, suppliers including suppliers of IT based solutions that assist us in providing products and services to you (such as any external data hosting providers we may use);

3.7.In some cases, The Greek Retreats may disclose personal information if required to do so by law, if disclosure is required to be made to law enforcement authorities, if we believe disclosure is necessary or appropriate to prevent vital individual’s interests (e.g. from physical harm) or in connection with an investigation of suspected or actual illegal activity. 

3.8.We may also transfer personal information in the event we sell or transfer all or a portion of our business or assets. Should such a sale or transfer occur, The Greek Retreats will direct the transferee to use personal information in a manner that is consistent with this Policy. 

3.9.Finaly, we may disclose your personal information to certain overseas recipients. We will ensure that any such international transfers, which are lawfully enforced or are necessary for the performance of our contract, are made subject to appropriate contractual and technical safeguards, as required by GDPR and any other applicable law. We will provide you with copies of the relevant safeguard documents upon request.

3.10. For example, we may transfer your information to Google, mainly for the provision of Google Analytics, Google AdWords and Google Maps/Earth services, as described above and in accordance to Google’s Privacy Policy.

4. Security measures

4.1.The Greek Retreats employs reasonable physical, electronic, managerial and technical procedures to safeguard and secure any personal information from loss, misuse, unauthorized access or disclosure, alteration or destruction. Applied information security management helps us not only to grow, innovate and expand our services, as well as identify the risks related to these information, and to put in place appropriate controls to mitigate and manage the risk thereof. We destroy or de-identify personal information once we no longer require it for our business purposes, or as otherwise required by law. 

4.2.Moreover, we train all personnel meticulously and we expect them to follow the principle of compliance with all relevant legal requirements. 

4.3.We have a privacy incident response policy designed to promptly respond to and escalate all privacy-related questions, complaints, concerns, including any potential privacy or security breach incident.

4.4.Furthermore:

a) General Controls:Controls are implemented on workstations (automatic computer locking, regular updates, physical security, etc.) to reduce the possibility to exploit software properties (operating systems, business applications etc.) to adversely affect personal data. Our offices are supplied with shredders, in order to eliminate the possibility of unauthorized access to files containing personal data. Regular back-up procedures to our CRM server are implemented. Also, data saved to our server are encrypted at our Network Attached Storage (NAS Server).

b) Paper format files storage and protection:The Greek Retreats needs to store and process some necessary files (such as contracts, consent forms, invoices etc) containing personal information in hard-copy versions. All such paper-formatted files are archived and stored in specially designed storage areas within our company. These areas are locked and access is only granted to personnel at a need-to-know basis. Also, safety measures in the event of fire are implemented, as we have fire-fighting equipment. 

c) Electronic Filing and Storage:Some of your personal information will be stored in the database of this site or of our company’s system (CRM). Each of our personnel accesses this database with his/her personal log-in passwοrds and have access to files saved at our network containing personal data, and especially personal data of special categories only on a need-to-know basis. Also, restrictions to the number of unsuccessful log-in attempts are provided. Also, we have applied strong anti-virus protection to all our computers.

d) File Transfer and Email:We use Microsoft Office 365 Exchange On-line and Microsoft Outlook mailbox, thus securing at a high level way the content of our communications with you.

 

5. Data Integrity

The Greek Retreats shall only process personal information in a way that is compatible with and relevant for the purpose for which it was collected or authorized by the individual. To the extent necessary for those purposes The Greek Retreats shall take reasonable steps to ensure that personal information is accurate, complete, current and reliable for its intended use. 

 

6. Access – Individuals’ rights

6.1.Upon request, and as required by law, The Greek Retreats will provide the individuals access to their personal information, transmit their personal data in a common digital format (e.g., pdf) to themselves or another organization, allow them to correct, amend or delete inaccurate information, except where the rights of other persons would be violated, legal provisions prohibit it and in any case in accordance to the relevant provisions of GDPR.

6.2.The Greek Retreats reserves the right to charge in some cases a reasonable fee to cover costs for providing copies of Personal Information requested by Individuals. 

 

7. Data retention

7.1.We will not retain data longer than necessary to fulfil the purposes for which it was collected or as required by applicable laws and regulations.

7.2.The information you provide to us may be archived or stored periodically by us, according to backup processes and will only be retained for as long as is it required for the purposes for which it was collected, unless the law requires us to hold your personal information for a longer period, or delete it sooner, or unless you exercise your right to have the information erased (where it applies) and we do not need to hold it in connection with any of the reasons permitted or required under the law.

7.3.We will delete your personal data when the associated business purpose ceases to apply or as required by the relevant legal data protection framework. For instance, we will delete the CVs that individuals have sent us after 6 months upon the vacancy is filled, unless if the individuals have consented to their data being collected, processed and used for any relevant future purpose. In cases we process your data based on your consent, we will delete your data following the retraction of your approval or the discontinuation of the purpose of your consent.

7.4.Moreover, according to Direction no 1/2011 of the National Data Protection Authority, data logs of the security cameras system shall be stored for a specified time, according to the purpose for which they are processed. Unless otherwise provided by law, or unless it is necessary for the investigation of a security breach incident, such files should be destroyed every 15 working days. 

 

8. Our commitment to children's privacy

8.1.Protecting the privacy of children is especially important for us. For that reason, we do not intend to collect or maintain information at our Website from those we know are under 16 years of age, and no part of our Website is structured to attract anyone under 16. 

8.2.Also, in cases we need to collect and process personal data of children under 18 years old, we only do that after obtaining explicit consent from their parents or legal guardians.

 

9. Changes to this privacy policy

The Greek Retreats has the discretion to update this privacy policy at any time. When we do, we will revise the updated date at the bottom of this page. We encourage you to frequently check this page for any changes to stay informed about how we are helping to protect the personal information we collect. You acknowledge and agree that it is your responsibility to review this privacy policy periodically and become aware of modifications.

 

10. Contact Information

10.1.The Greek Retreats assesses their compliance to the GDPR, to assure compliance with this privacy policy and periodically verifies that the policy is accurate and comprehensive for the information intended to be covered. We encourage interested persons to raise any concerns using the contact information provided and we will investigate and attempt to resolve any complaints and disputes regarding use and disclosure of personal information in accordance with this policy and GDPR. Questions, comments or complaints regarding The Greek Retreats’s Privacy Policy or data collection and processing practices can be sent by email to: info@thegreekvillas.com

10.2.Moreover, we inform individuals within the EU, that they the right in law to complain about how their information is handled to a supervisory authority that is responsible for regulating compliance with the Regulation. A list of all EU supervisory authorities is available on the European Commission website: http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm.