General Data Protections Regulation (GDPR)

Date of entry into force: 25/05/2018

INTRODUCTORY NOTE

Dear friends, due to legislation changes, we kindly ask you to read our privacy policy regarding the collection of personal data of our customers, in order to continue to provide you our services.

Your personal data and information is of major importance for us, therefore we do our utmost to attentively store and process the information that you share with us.

Our Company uses your personal data for:

- Tax- related purposes

- Security

- Information to competent Authorities

- Information & Marketing

The personal data entered by the customer shall not be disclosed to third parties, unless required by the law or court decision, or upon request of any national and regulatory Authority; also as long as the explicit consent of the individual allows such a disclosure by any means of their personal data.

According to the new REGULATION (EU) 2016/679 the EUROPEAN PARLIAMENT AND COUNCIL of 27th April 2016 on the protection of individuals regarding the processing of personal data and their free movement (General Data Protection Regulation- GDPR), the Company and the personal data Controller shall keep a relevant record as well as handling procedures of personal data in full compliance for their protection at a time period determined by the law.

Hereby the Customer gives explicit consent for further processing of the personal data given, exclusively for the above mentioned purposes. The Customer shall retain all applicable rights provided by the current legislation (right to access, to rectification, to erasure, to object to the processing of personal data etc.).

WHICH PERSONAL DATA WE COLLECT

When the Customer registers in our system and during his/her stay in our hotels for all purposes mentioned above he/her is requested to provide the following information/ data:

- Contact Details (Name, Surname, father's name, passport's number, ID data, phone number, current home address, e-mail etc.)

-Personal Details (Date of birth, nationality, place of birth)

-Invoice Data (Credit card's Nr, VAT Identification Nr)

-Date of Arrival and Departure, Flight and Room Number

-Preferences and Interests (such as non- smokers' room, floor preferred, type of bed)

-Health- related medical- data, such as (indicatively mentioned) medical reports or certificate, health conditions' data etc.

-Questions and comments made during or after their stay in one of our hotels. The Company may retain the personal data of the Customer for a reasonable period of time exclusively for the purposes mentioned above, with the exception of lis pendens or administrative proceedings; therefore the maintenance of data extends until the irreversible judicial decision or the completion of proceedings before the competent administrative authority. The Company guaranties its full compliance with the general data protection framework and the Customer retains all the statutory rights, especially those regarding the access, objection and judicial protection.

DATA COLLECTION METHODS

The Company collects personal data:

a) when the visitor/ user subscribes to our services

b) when using those services

c) when visiting those websites

During the user's/ visitor's register to the websites, the data requested is the above mentioned. The Company uses its users'/ visitors' personal data for the following three general purposes:

- Confirmation of their account for services' operation

- Update of the account on services' operation and changes of all kinds, financial policy etc.

- Users' certification to prevent malicious acts.

What is optional from all those data, shall be declared by you on your choice at your free will. In case you wish to subscribe in our Newsletter list please give your e-mail address (without necessarily subscribing as member).

RECTIFICATION OF PERSONAL DATA

The Company entitles the users to correct/ update their personal data at any time, simply by visiting the relevant service.

PERSONAL DATA NOTIFICATION

The Company may supply personal data of its users/ visitor to third parties legal or/ and natural persons exclusively when:

- the explicit consent of the individual for transferring the personal data does exist.

- after a violation of terms of use is observed and upon official request of the competent authority.

COOKIES

The company may use cookies to identify the visitor / user of certain services and pages. "Cookies" are small text files stored on the visitor's /user's hard disk without any knowledge of documents or files from his computer. They are used only to facilitate the visitor's / user's access to specific services and for statistical purposes in order to define those areas where the services are useful or popular or for marketing purposes. The visitor /user can configure the server (browser) in such a way so as the browser warns him about the use of cookies or refuses to accept the use of cookies at any time. Where the visitor /user of particular services and websites does not wish to use cookies, then he shall not have further access to these services.

LINKS TO OTHER WEBSITES

The Company may include in its homepage links to other websites, in which it has no control and third parties manage those (natural or legal persons). The Company shall not carry further responsibility regarding the Terms of personal data protection of visitors/ users, which those third persons/ entities apply, in any case.

IP ADDRESS

The IP address through which the visitor's /user's PC accessed the internet, is kept for technical reasons and used only for statistical purposes or after a violation of terms of use is observed and upon official request of the competent public authority. If a visitor / user does not agree with the terms of personal data protection provided herein, shall not use these services. The Company does not store those data and credit card details, which are managed safely and on his own responsibility, solely by the payment service provider, through the website of which, the processing and execution of payments are made. The company is in no case responsible for actions from third-parties/ websites on your personal data, through which you were connected or accessed the Website.

VISITORS/ USERS HAVING PROVIDED THEIR PERSONAL DATA TO OUR WEBSITE HAVE THE FOLLOWING RIGHTS:

The right to access data relating to them and which are in our possession. The right to request further information on (a) all personal data concerning them and their origin; (b) the purposes of processing, (c) the recipients or categories of recipients (c) the development of the processing at the time between their last update or notification, (d) the logic of automated processing, (e) when appropriate the rectification, erasure, or blocking (locking) of data, the processing of which does not comply with the provisions of the Regulation (GDPR).. The right to object to the processing of their data. The consent of the individuals participating in the collection and processing of their personal data may be withdrawn at any time, without retroactive effect.

SAFEGUARDING AND PROTECTION OF PERSONAL DATA

The Company shall take all technical and organizational measures to ensure and protect the privacy and security of your personal information. Shall the user receive a name and /or a password, agrees that this will be kept safely confidential and agrees to (i) inform the Company as soon as any unauthorized disclosure or use of the name and / or password is observed; (Ii) the user is responsible for any loss or damage arising from unauthorized use or disclosure. The Company carries no responsibility for any damage that may arise from the unauthorized or illegal use of the password by third parties due to leakage or for any other reason, and retains the right to demand compensation damage from the user, in case of any kind of damage due to unauthorized or illegal use of that password.

MINORS/ CHILDREN

Minors are forbidden to use or access the Company's sites and services, thus according to the law they address exclusively to adults. However, if Minors visit websites or use services that may be considered inappropriate for them, the Company is not responsible. The Company opposes to the collection of Minors' personal data and its policy is not to collect or process any data of those individuals.

REFUSAL OF PROVIDING PERSONAL DATA & UNSUBSCRIBE

You always have the choice not to share any personal information with us. Nevertheless if you choose to do so, you limit yourself to the activities and actions that we are able to supply you. If you choose not to submit any personal information when prompted, you may not have the opportunity to participate in some activities and personalized effects and you may restrict the services and special offers we can provide you. For example, if you refuse to share the address of your e-mail, you may not be able to receive any Newsletter with offers.

If you wish to unsubscribe from the Website, you may contact the e-mail: mngd@xeniosgate.gr. Since you unsubscribe as member, we will erase any personal information and data that you so far had provided us.