The ATHENA HOTEL acknowledges the importance of the security of your personal data, as well as of your electronic transactions and takes all the necessary steps, using the most modern and advanced methods, to protect your data from unauthorized access, disclosure, modification or deletion.
The security of the online store of ATHENA HOTEL is achieved with the cooperation of the Company with WebHotelier.
This security policy explains our practices regarding the personal information we collect from you or with reference to you on this website or via the travel agencies or online booking platforms and at the reception upon your arrival at our hotel. In addition, the policy explains the purposes for which we collect your personal data, the methods we use when collecting and the security practices.
- DATA WE COLLECT
When booking a room at our hotel either through our current website or otherwise, and upon arrival at our hotel, you may be asked for the following personal information:
- first name – last name
- IP address
- telephone number,
- passport or ID number
- date of birth-age
- place of birth
- booking reference
- flight number
- your credit card number, and optionally
We do not knowingly collect personal data from individuals under the age of 16.
As a parent or guardian, you should not allow the submission of personal data on our website by your children.
Free wireless network (wifi) is available on site. When you subscribe to this, the MAC address of your connected device is collected, which is deleted immediately after you have disconnected from the network. Parents or guardians of persons under the age of 16 are responsible for the connection of these persons to the network. We cannot identify you when you connect to the wireless network.
- PURPOSE – TIME PERIOD OF POCESSING
- The above personal data are necessary and are intended solely for:
- your room reservation
- the fulfilment of your requirements during your stay to our hotel
- ensuring our payment for your stay
- the pricing of travel agencies or other partners
- safeguard our legitimate interests
- our compliance with applicable Greek and European legislation.
Failure to provide such information would result in the failure or incomplete fulfillment of the above objectives.
We retain your personal information for as long as necessary for the fulfilment of the aforementioned purposes, unless the applicable laws require or permit their retention for a longer period.
After that we destroy the documents (with a document destroyer) or completely delete the electronic archives from our computers and the server and with such way that do not allow their recovery.
- PEOPLE TO WHOM WE TRANSFER DATA
We do not transfer your personal data to third parties, apart from the following specific reasons:
- To travel agencies or online booking platforms through which you have booked a room to our hotel, to fulfill the hotel contract
- To our corporate partners and service providers.In this case, we always require from our partners to provide us guarantees for processing your data lawfully and only within the scope of the purpose for which they were forwarded.
- To police, tax and other administrative authorities in accordance with the current applicable laws.
- INTERNATIONAL TRANSFER OF YOUR PERSONAL DATA (OUTSIDE EU)
- If you are a citizen of a country outside the European Union and have made a booking through a travel agency in your country with which we have a hotel contract, we receive your personal data from it.
- In order to execute your contract with our partner in the third country and the hotel contract with this partner ,we may re-send to him your data encrypted. We require our third-country providers to guarantee the security of your personal data as provided for in the European General Data Protection Regulation.
- The data collected through this website is stored in the cloud of Webhotelier, using Amazon Web Services in N. VirginaUSA , and in Frankfurt Germany.
- HOW WE SECURE YOUR DATA
It is an inevitable fact that the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of them transmitted while using our site and its hyperlinks; any transmission is at your own risk. Once we have received your information, We undertake all the necessary technical and organizational steps to prevent unauthorized access, disclosure, modification or deletion, as described below:
- a) Encryption
With regard to this website https://athenahotel.reserve-online.net/, there is SSL 128-bit encryption.
Every time you connect our online store (ONLINE BOOKING) in order to complete a booking, all the communication between your computer is transferred to the company Webhotelier https://athenahotel.reserve-online.net/ and is encrypted using a 128-bits key on our behalf. To this effect, your browser encrypts it first using a 128-bit key and then sends it to the system of Webhotelier.
Our system first decrypts the information it receives from Webhotelier using the same key (which is pre-defined by the start of your connection to the service) and then processes them, respectively. Webhotelier’s systems send you information following the same encryption process.
Entrance to the Webhotelier’s extranet from the ATHENA HOTEL users is done only with access passwords, while seeing credit card details requires additional passwords.
However, keep always in mind that no website is completely safe.
- b) Security of credit card payments
We confirm that Webhotelier’s extranet, where you enter your credit card details in order to complete your booking at our hotel, has successfully completed the rigorous Payment Card Industry (PCI) Security Standards Council Level-2 Service Provider certification. Its aim is to keep customer’s payment card data secure.
- c) Your identification through passwords
Only you are allowed access to the data collected through our website by entering the passwords used for your identification: your Access Password (e-mail or username) and the Personal Security Password (password) and you are solely responsible to preserve its secrecy and concealment from third parties. You are given the ability to change your Personal Security Password (password) as often as you like. In case of its loss or leakage, you must immediately notify us, otherwise we are not responsible for the use of the password by an unauthorized person.
For security reasons, we recommend that you change your password regularly and avoid the use of the same and easily detectable codes (e.g. birth date).
- d) Automatic Disconnection
If there is no activity at the Wifi of HOTEL ATHENA for 10 minutes, there is an automatic disconnection from the wireless network (wi-fi) and deletion of the MAC address from the connection server (MicrotikRouterboard).
- e) Controlled Access (firewall)
The access to our systems (servers) is done with passwords by an authorized user and is controlled by a firewall, which allows the use of specific services by customers / users, while at the same time prohibiting access to data systems and databases with confidential data and information of the Company.
We regularly educate our staff on the protection of your personal data and the methods that they will have to follow to secure them.
- g) We do not disclose your personal data to third parties for independent advertising or other business purposes.
- RIGHTS OF THE SUBJECTS OF PERSONAL DATA
- Right to access your data
You have the right to access with absolute security the data you have provided us through our website by entering the passwords used for your identification: your Access Password (e-mail or username) and the Personal Security Password (password).
You have the right, at any time, to request that we inform you of the personal data we hold for you.
- b) Right to correct, limit the processing, right of portability and of deletion of your data
You are entitled to request, at any time:
- To correct or limit the processing of your data, when possible.
- To delete your data if this is not contrary to our legal obligation under National and / or European law, to the fulfilment of our duty in the public interest or to reasons of public interest in the field of public health, to the foundation, exercising and support of our legal claims, and more generally, if this is not contrary to paragraph 3 article 17 and to other provisions of GDPR 679/2016.
- you have the right to object to the processing of personal data
- as well as the right to receive your data in a structured, commonly used format and the right to forward them to another controller, without our objection.
Your requests must be submitted in writing tothe IP address: email@example.com or by registered mail or courier at ATHENA HOTEL, address G. Leontos 27, GR85100 RODOS, GREECE. We are required to respond to your requests within one month.
- You have the right to file a complaint at the competent supervising authority at dpa.gr.
If you have any questions regarding the above, please contact us at (0030) 22410 22631-3 and, in particular, contactDr.Psarris Christos, our Company’s Data Processing Agent, or Aikaterini-IoannaKostaridi, Data Protection Officer, Tel. 22410 22631-3, firstname.lastname@example.org.
Last updated date: 18/06/2018