In AMMOS Hotel, hereinafter referred to as “hotel”, we commit to protecting and respecting your confidentiality. Compliance with the Protection Policy (“policy”) on Personal Data (“PD”), together with any disclaimers, is the basis on which PD is collected on you. PD are either provided directly by you, with your free consent or they are provided to us via third parties who have already obtained your free consent and are always processed in accordance with the GDPR. We kindly request, that you read carefully the below, in order to understand the use of PD.

Information and PD we collect on you

We collect information and PD from you which you provide with your free consent, either directly or via third party services with which you interact and which have already requested your free consent. We may collect and process data, including the below, during the provision by us of hosting services and use of our facilities by you, which may contain PD or may be deemed PD:

Name and surname, residence address or/and address of employment, email, telephone (land line or mobile), ID or passport number, nationality, date of birth. In the event that you accompany minors (under 16 years of age), you will be requested, as the official guardian, to declare their details. Please note, that all the above details are required by Greek legislation for the provision of hosting services in tourist accommodation establishments.

Financial information regarding you, including your bank account details, credit or debit card details or other payment details.

Information regarding your profession or your participation in professional or other organizations.

Dietary habits or any allergies.

Concluding, any other details which your request us to process on your behalf or which are necessary in order for us to be able to offer you the best possible accommodation, gym and leisure services.

In addition we would like to inform you that:

• There is a CCTV system in the hotel, in areas which are specified by respective Greek legislation and the Hellenic Data Protection Authority. The CCTV system operates for reasons of protection of health and safety of our employees and clients, as well as for reasons of protection of property.
• When you visit our hotel’s site, your navigation program provides us with information such as your current IP address, your navigation program type, your access time and the pages of our site which you visited, which are collected and used in order to compile statistical data. Your IP address is anonymized. This information may be used in order to assist us in enhancing our site, our services and to design new services for you.
• We might use cookies and similar technologies in order to enable the provision of data of our site. In any case, please feel free to not accept the proposed cookies.

Purposes of processing of PD

We process PD for the following purposes:

• Due to the respective provisions of Greek legislation and taxation.
• Due to the legal interests of our company.
• In order to offer you the hosting and recreational services in our accommodation establishment which you have requested through your reservation.
• In order to inform you on all our services and any offers (e-mail), provided we have your respective consent.
• In order to inform you of changes in our policy.

PD security

The hotel commits to take all measures possible in order to protect your PD. For this reason, we use a variety of technologies and security procedures for the protection of PD from non-authorized access and use. Please take into account, however, that no natural or electronic security system is completely safe.

We commit, however, to review and enhance our security policies and to implement additional technical and organizational measures, when such new technologies become available.

We do not permit third parties to use your PD for their purposes. Once PD are obtained by AMMOS Hotel, we take the necessary security measures in order to avoid non-authorized access.

Retention of PD

The period of time which PD is retained at the hotel is specified by the provisions of Greek legislation on the protection of the state’s interests and the hotel’s retaining policy on the protection of the entity’s legal interests.

Transfer of PD

We commit to not transfer PD to third parties other than those to whom you have already given your consent

Your rights

In accordance with the GDPR and the EU, you may submit an application for the provision of information or change in the method with which we process data related to you, without any charges. Consequently, you have the following rights:

• The “right to access” data related to you
• The “right to correct” data related to you.
• The right of deletion/deletion of data related to you (“right to be forgotten”).
• The right to restrict the processing of data relating to you (“right to restrict”).
• Right to “transfer” specific data related to you from one organization to another (“right to transfer data”).
• Right to object to the processing of data related to you (“right to object”).

You may contact, our Data Controller (see details below) to make use of your rights.

Services which are covered by this policy

• Hotel stay
• Gym
• Social events
• Restaurant, bar and other services related to food
• Use of our web site and credit card data transfer page

Email messages

We do not send advertising and promoting email. Please take into account that we may need to send you communication in respect of services, such as confirmations of any future reservations you may make.

Wi-Fi Service

For the Wi-Fi service within the hotel please see the respective policy (Wi-Fi disclaimer).

Data Controller

Nikos Tsepetis is our Data controller, whom you may contact in respect of GDPR matters at the following email address:

Policy changes

We reserve the right to change this policy by implementing the new provisions of EU and Greek legislation and at our discretion. If we make any changes, we will record these changes here so that you can have immediate access.

Processed data for specific website areas

This section provides more details on processed personal data on specific areas of AMMOS Hotel information systems. The details provided here apply in addition to the privacy policy described above.

Booking Form

AMMOS Hotel provides a booking form on it’s website. Potential customers can make inquiries for accommodation availability through this form, by providing personal details about themselves and their desired dates.

Purpose: in addition to the purposes of processing data described above, the data provided through our booking form is used in order to communicate an offer to our potential customers tailored to the individual preferences provided through the form.

Storage locations and access: the data is stored on our web information system. The data is also sent through email to our Hotel. Both systems are protected through encrypted communication and password access control. Access to this data is limited to our hotel staff.

Duration of storage: data stored on our web information system is regularly deleted, and is kept for up to 1 month. Data on our email system is kept indefinitely for archiving purposes, without limiting the potential customer rights as described above.

Credit Card Data Form

AMMOS Hotel provides a special purpose form that allows potential customers to securely send their credit card details to the hotel after a booking is confirmed.

Purpose: in addition to the purposes of processing data described above, the data provided through this form is used as a means to guarantee a booking, and as a potential payment method.

Storage locations and access: the data is stored in an encrypted form on our web information system. Only our hotel staff can decrypt the data locally on the computer systems of the hotel. The web information system is protected through additional encrypted communication and password access control. After the hotel staff gains access to the credit card data, it is stored locally on the computer systems of the hotel. Access to this data is limited to our hotel staff.

Duration of storage: data stored on our web information system is deleted right after it is transferred to AMMOS. Data that is stored locally on the computer systems of the hotel is deleted after the customer leaves our hotel, or the booking is cancelled. AMMOS Hotel may keep the credit card data in case the customer explicitly agrees to it for a potential future booking. Traces of the data may be kept for a longer period according to Greek accounting laws.