BOOK NOW

PRIVACY POLICY

Purpose of this policy

The protection of your personal data is very important to ‘ROCCA A MARE SINGLE MEMBER PRIVATE CAPITAL COMPANY’. This policy informs you about the personal data collection practices of ‘ROCCA A MARE SINGLE MEMBER PRIVATE CAPITAL COMPANY’ through its website, including the categories of data collected, retained and processed, the purpose of their collection, the categories of persons to whom your data are disclosed, as well as your rights. ‘ROCCA A MARE SINGLE MEMBER PRIVATE CAPITAL COMPANY’ makes every possible effort to protect your personal data, on the condition that the personal data you have provided are true and accurate. It also outlines certain security measures taken by the company in order to protect data confidentiality, and provides certain guarantees for things the company will not do.

 

Commitment of ‘ROCCA A MARE SINGLE MEMBER PRIVATE CAPITAL COMPANY’

We at ‘ROCCA A MARE SINGLE MEMBER PRIVATE CAPITAL COMPANY’ consider the protection of the privacy and data of our customers to be of the utmost importance and are committed to providing them with personalised services that meet their requirements in a manner that safeguards their privacy. Your personal information (personal data) is used exclusively by ‘ROCCA A MARE SINGLE MEMBER PRIVATE CAPITAL COMPANY’ and its employees in order to respond to your requests and better serve you, in accordance with this policy. The persons who handle personal information are trained for using appropriate procedures. The representatives and service providers of ‘ROCCA A MARE SINGLE MEMBER PRIVATE CAPITAL COMPANY’ are required to keep your personal information private and not to use them for any purpose other than those serving the provision of specific services.

In addition, ‘ROCCA A MARE SINGLE MEMBER PRIVATE CAPITAL COMPANY’ may ask you in certain cases if we could share information with other reliable third parties. In any event, you will be informed when collecting such information, if this kind of information sharing with certain third parties is expected. ‘ROCCA A MARE SINGLE MEMBER PRIVATE CAPITAL COMPANY’ will define the types of businesses at the relevant point of collection of the information, describe the type of information to be transmitted (such as your address or your e-mail address) and will transmit the data to the other parties only if you consent.

 

Legal and regulatory framework

The company under the name ‘ROCCA A MARE SINGLE MEMBER PRIVATE CAPITAL COMPANY’, trading as ‘ROCCA A MARE’, with registered offices in Heraklion, Crete (at 3, Minoos Avenue Tel.: +30 2810 260000, E-mail: info@roccamare.gr h the object of providing hotel and tourist services in general, collects and processes personal data in order to process its electronic services and perform its legal obligations. For the purposes hereof, ‘ROCCA A MARE SINGLE MEMBER PRIVATE CAPITAL COMPANY’ shall be referred to as the “Controller” within the meaning of Article 4(7) of the General Data Protection Regulation. The management and protection of the personal data of visitors/users of the website roccamarehotel.gr, owned by ‘ROCCA A MARE SINGLE MEMBER PRIVATE CAPITAL COMPANY’ are subject to these terms, as well as the relevant provisions of European Regulation 2016/679 on the Protection of Personal Data (GDPR) and Law 4624/2019. These terms are set out taking account of both the radical development of technology and particularly the Internet and the existing set of legal regulations regarding these issues. The website roccamarehotel.gr, shall not engage in any misuse without your prior approval, in conformity with the personal data protection principles laid down in the relevant laws and international conventions. The website (roccamarehotel.gr), shall in no way disclose, make public or exchange the personal data and information you entrust to us. Furthermore, it shall not transmit users’ personal information and data, e-mail addresses and any other information, in general, regarding its users to any other organization or associate not affiliated with the company.

 

What is “GDPR” – Applicable Legislation.

The GDPR (General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, hereinafter the “Regulation”) aims at the establishment of a single legislative framework for the processing of personal data in the EU member states and replaces the previous Legislation (Directive 95/46/ΕC). The protection of individuals in relation to the processing of personal data is a fundamental right. Article 8(1) of the Charter of Fundamental Rights of the European Union (the ‘Charter’) and Article 16(1) of the Treaty on the Functioning of the European Union (TFEU) provide that everyone has the right to the protection of personal data concerning him or her. The Regulation shall be binding in its entirety and directly applicable in all Member States (i.e. no special adaptation of the national legislation is required, as per Article 83 of the Regulation).

 

What are personal data?

The term “personal data” refers to an individual’s information, such as their full name, postal address, e-mail address, telephone number, etc. that establish or may establish your identity, hereinafter referred to as “Personal Data or Data”.

 

What is the processing of personal data?

Any operation or set of operations performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

 

Who is the Controller?

Controller means the individual or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

 

Who is the Processor?

A Processor is the individual or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

 

Is it compulsory to provide your Data?

Providing your Data to ‘ROCCA A MARE SINGLE MEMBER PRIVATE CAPITAL COMPANY’ via this website may be necessary in order to achieve the goals set out in this Policy, or optional. If you refuse to provide the data marked as mandatory on the website (roccamarehotel.gr), it will be impossible to achieve the main objective of collecting specific Data and, it could, for example, become impossible for ‘ROCCA A MARE SINGLE MEMBER PRIVATE CAPITAL COMPANY’ to provide the services available on the website (roccamarehotel.gr).

 

What type of data does ‘ROCCA A MARE SINGLE MEMBER PRIVATE CAPITAL COMPANY’ collect through this website?

Any information within the meaning of personal data under the Personal Data Protection Regulation, the collection of which is not based on the law or the conclusion or performance of a contract, is collected by ‘ROCCA A MARE SINGLE MEMBER PRIVATE CAPITAL COMPANY’ through this website only in the event that you choose to expressly consent.

We collect the following personal data:

  • Identification Data: Full name, nationality/citizenship, identity card/passport number, date of birth, telephone number.
  • Contact Data: Postal address, e-mail address, telephone number.
  • Transaction Data: TIN, type, place, time of products or services provided.
  • Contractual relationship Data: Contractual documents, information and consent forms, electronic statements of intention, declarations of honor
  • Transactional Behaviour Data: Information concerning interests, preferences and participation in events, contests, surveys.

We do not collect or acquire any type of access to special categories of (“sensitive”) personal data or criminal data of our customers. Customers are obligated to abstain from providing such data that concern them or third data subjects. In the event that customers provide such data to ‘ROCCA A MARE SINGLE MEMBER PRIVATE CAPITAL COMPANY’, these data will be deleted as soon as we are made aware of them . We at ‘ROCCA A MARE SINGLE MEMBER PRIVATE CAPITAL COMPANY’ shall bear no liability whatsoever towards customers or third parties for any provision and/or processing of sensitive data due to acts or omissions on the part of customers in breach of the above obligation. Visits to the website of ‘ROCCA A MARE SINGLE MEMBER PRIVATE CAPITAL COMPANY’ does not absolutely require the provision of any type of personal data on your part. However, in several cases, it is necessary for you to provide specific personal data indicated in the corresponding data entry fields on the website of ‘ROCCA A MARE SINGLE MEMBER PRIVATE CAPITAL COMPANY’.

 

We at ‘ROCCA A MARE SINGLE MEMBER PRIVATE CAPITAL COMPANY’ may collect and store the following personal information about you from the following exhaustive list of sources:

  • Contact data when you contact us to submit questions or requests or to ask information concerning the services provided by ‘ROCCA A MARE SINGLE MEMBER PRIVATE CAPITAL COMPANY’.
  • identification data, communication data, transactional data, contractual relationship data and transactional behaviour data when you book a room or a table at the restaurant, irrespective of the means used to complete the booking (electronically, via telephone, via the reception desk, etc.).
  • identification data, communication data, transactional data, contractual relationship data and transactional behaviour data when you conclude an agreement with us for the provision of any services by ‘ROCCA A MARE SINGLE MEMBER PRIVATE CAPITAL COMPANY’.
  • identification data, communication data, transactional data, contractual relationship data and transactional behaviour data when you electronically purchase products or services provided by ‘ROCCA A MARE SINGLE MEMBER PRIVATE CAPITAL COMPANY’.

The data collected through this website may also be combined with data provided in other cases, e.g. when you call its call centre or participate in promotional actions. The personal data provided to ‘ROCCA A MARE SINGLE MEMBER PRIVATE CAPITAL COMPANY’ in these cases may be incorporated in existing databases and stored in order to simplify the systems used to manage your data.

‘ROCCA A MARE SINGLE MEMBER PRIVATE CAPITAL COMPANY’ does not store and does not collect payment details during electronic or online payments via debit, credit or prepaid card. More specifically, upon recording the number, security code, holder’s full name and expiry date of the credit or debit card and upon completing the payment, these data are automatically transmitted to the competent Bank. The Bank collects the data, carries out the payment and then confirms the completion of the transactions to ‘ROCCA A MARE SINGLE MEMBER PRIVATE CAPITAL COMPANY’.

 

Collection and purposes of use of personal data

‘ROCCA A MARE SINGLE MEMBER PRIVATE CAPITAL COMPANY.’ collects personal data from you for the following purposes:

Transactions: ‘ROCCA A MARE SINGLE MEMBER PRIVATE CAPITAL COMPANY’ may use the personal data of visitors/users to process any transactions, such as credit card payments etc.

Advertising/Marketing: ‘ROCCA A MARE SINGLE MEMBER PRIVATE CAPITAL COMPANY’ may use the personal contact data of visitors/users for information purposes and promotional actions concerning contests, gifts, discounts on products and services of ‘ROCCA A MARE SINGLE MEMBER PRIVATE CAPITAL COMPANY’ and associated companies and sponsors, following their express consent.

Improvements and adjustments to the website: ‘ROCCA A MARE SINGLE MEMBER PRIVATE CAPITAL COMPANY’ will use this information solely for the reasons for which they were collected and in order to provide you with information. It will also use this information in order to adapt the content of the website to your needs and to improve its compositions, changes and dynamic.

Provision of online services through user authentication processes: ‘ROCCA A MARE SINGLE MEMBER PRIVATE CAPITAL COMPANY’ will use this information in order complete your electronic application and more specifically for registration or authentication on its applications.

Credit check: In certain cases, we at ‘ROCCA A MARE SINGLE MEMBER PRIVATE CAPITAL COMPANY’ may carry out certain credit checks with the competent bodies when you request a service or product. If this applies, then it will be listed in the terms and conditions of the activity between you and ‘ROCCA A MARE SINGLE MEMBER PRIVATE CAPITAL COMPANY’ or the company that will carry out the processing.

Legal use: We at ‘ROCCA A MARE SINGLE MEMBER PRIVATE CAPITAL COMPANY’ may collect, store, disclose and, generally speaking, process the personal data of visitors/users when this is required by the Personal Data Protection Regulation and/or the law or when necessary in order to protect the interests of both sides, as they derive from the transactional and contractual relationship between them or the business-consumer relationship.

DISCLAIMER: As regards the collection of personal data not conducted online through the websites owned by ‘ROCCA A MARE SINGLE MEMBER PRIVATE CAPITAL COMPANY’ and concerning the processing of the personal data of employees, candidate employees, associates, contractors, suppliers, private citizens, customers and, generally speaking, natural persons, separate detailed notification is provided in writing to the data subjects during the collection of the above data, in line with the relevant requirement set forth in Articles 13 and 14 of the GDPR.

 

Data Retention – Storage

We at ‘ROCCA A MARE SINGLE MEMBER PRIVATE CAPITAL COMPANY’ store your personal data solely for the time required to provide a service you requested or approved, with the exemption of legal provisions to the contrary, as is the case with issues governed by commercial and/or taxation legislation, the various applicable provisions, etc. In any event, the personal data you provide us and which are recorded in written agreements, contracts and electronic correspondence concerning the execution of a contract or a commercial transaction are stored for a period of 20 years in a physical and electronic archive kept at the legal department, the sales/contracts department and the accounting department of ‘ROCCA A MARE SINGLE MEMBER PRIVATE CAPITAL COMPANY’ or any other third party that directly or indirectly provides the above services or assists the departments in question in the discharge of their duties or provides management services to us.

 

Data erasure

Your data shall be erased on a case-by-case basis and always in accordance with the provisions laid down in the applicable legislation.

 

Personal data transmission

‘ROCCA A MARE SINGLE MEMBER PRIVATE CAPITAL COMPANY’ does not transmit personal data to third parties unless it is required for legitimate purposes in order to respond to your requests and/or provided that it is required or permitted by law. In any event, access to your personal data is only allowed to authorized persons, who are required to have access to allow the attainment of their collection, use and processing, as hereby notified. In certain cases, ‘ROCCA A MARE SINGLE MEMBER PRIVATE CAPITAL COMPANY’ may transmit your personal data to competent Public Authorities or natural or legal persons entrusted with processing, on the condition that we inform you in advance and receive your prior consent, where it is required for the processing in question. Persons with access to the data shall respect their confidentiality.

 

Log files

We use IP (Internet Protocol) addresses to analyze trends in the use of Internet, manage the resources of our computers and our network, monitor any unauthorized illegal or malicious activity (attacks) and collect general demographic data (country of origin) for aggregate use.

 

IP Addresses

The IP address of the computer used by the visitor/user/member to have access on the Internet and then on the Website/Application, is stored and can be used, if necessary, in case of infringement of the Terms of Use of the Website/Application by the visitor/user/member. IP addresses do not constitute personal data.

 

Data security

The internet, just like any other medium used to transmit information, cannot be considered 100% secure. Security on the Internet is a sensitive issue and mainly relies on reliable organizations and companies respecting the confidentiality and safety of its Users’ data. ‘ROCCA A MARE SINGLE MEMBER PRIVATE CAPITAL COMPANY’ endeavours to apply strict security and control measures for the protection of your personal data, in order to ensure compliance with all applicable legal requirements. We at ‘ROCCA A MARE SINGLE MEMBER PRIVATE CAPITAL COMPANY’ employ security measures at a technical and organizational level aiming at the security of the data collected from you against any intentional or unintentional attempt of handling, loss, destruction and, generally speaking, access , to them by unauthorized individuals. Our security measures undergo continuous controls and updates in accordance with the latest technological developments. ‘ROCCA A MARE SINGLE MEMBER PRIVATE CAPITAL COMPANY’ uses state-of-the-art encryption and data protection tools ( secure pages, network protection system-firewall, digital signatures, etc.). Access to your personal data is limited solely to employees authorized for this purpose, so that they may provide you with products and services by accessing these data. Physical, electronic and procedural safeguards, harmonized with personal data protection regulations, have been activated. We at ‘ROCCA A MARE SINGLE MEMBER PRIVATE CAPITAL COMPANY’ take every precaution possible to keep your personal data secure. However, due to the nature of the Internet, the company cannot guarantee the protection of communications or the data stored in its browsers from any unauthorized access by third parties.

 

Internet Access

If you contact ‘ROCCA A MARE SINGLE MEMBER PRIVATE CAPITAL COMPANY’ online, we may occasionally use e-mail or postal address or telephone number to contact you, provided that you have provided them to us voluntarily. Please note that online communications such as emails etc. are not secure unless they are encrypted. ‘ROCCA A MARE SINGLE MEMBER PRIVATE CAPITAL COMPANY’ shall bear no liability for any unauthorized access or loss of your personal information that is beyond its control.

 

Privacy policy and children

This website has been designed for and is intended to be used by adults. If you are a minor and parental consent is required in your country (in Greece this limit is 15 – Law 4624/2019), you need to review the terms of this Privacy Policy together with your parent or guardian to make sure that you understand and accept these terms. If it is found that we have collected the information of a minor without the consent of their parent or guardian when such consent should have been obtained , we will delete the information in question as soon as possible.

 

Contact through the platform website

If a user contacts us through the contact form or in any other way, the provision of their personal data takes place voluntarily and exclusively at the user’s free will. We will process the personal data in question solely to the extent that it is necessary for the specific purpose.

 

Social Networking Sites

Our Website may offer the possibility to share items on Social Networks and other related tools that allow you to share your actions on the Website to other applications, websites or mass media, and vice versa. The use of such features allows the exchange of information with your friends or the public in general, depending on the settings you have set on your personal profile. Please read and consult the Privacy Policies of the social network services for more information on the processing of your data.

 

Special Categories of Data

Please do not send us your sensitive personal data by e-mail or disclose such data using the contact platform. The processing of personal data under this category by no means serves the purpose of processing, as defined in this Policy.

 

Monitoring of communication

All communications of ‘ROCCA A MARE SINGLE MEMBER PRIVATE CAPITAL COMPANY’ with you (including phone calls, e-mails, etc.) are neither monitored nor recorded.

 

Links

Our website may contain links to other websites. This personal data protection Statement applies solely with regard to the access of users to this website and other websites exclusively managed by ‘ROCCA A MARE SINGLE MEMBER PRIVATE CAPITAL COMPANY’. The administrator of this web portal shall in no way be held liable for the personal data protection terms of other websites under the responsibility of third parties (natural or legal persons).

 

Revisions to the Policy

‘ROCCA A MARE SINGLE MEMBER PRIVATE CAPITAL COMPANY’ reserves the right to modify or revise this Policy periodically, at its unfettered discretion. Where changes occur, ‘ROCCA A MARE SINGLE MEMBER PRIVATE CAPITAL COMPANY’ shall record the data of modification or revision herein and the updated Statement shall apply to you as of that date. We encourage you to periodically review this Statement in order to examine whether the way we process your personal data has changed.

 

Applicable law and Jurisdiction

With regard to any dispute arising between users and ‘ROCCA A MARE SINGLE MEMBER PRIVATE CAPITAL COMPANY’, Greek law shall be the applicable law, and the courts of the Prefecture of Heraklion, Crete shall have jurisdiction ratione materiae over the dispute.

 

What are your rights?

Under the Personal Data Protection Regulation [EU General Data Protection Regulation (GDPR) 2016/679], as in force, you have the following rights:

  1.  the right to access;
  2. the right to rectification;
  3. the right to erasure, under certain conditions, such as when processing is no longer necessary for the purpose for which the data were initially collected and there is no imperative reason to continue processing (or storing) your information;
  4. the right to restriction of processing;
  5. the right to data transmission;
  6. the right to object and the right not to be subject to a decision based solely on automated processing, including profiling;
  7. the right to lodge a complaint to the supervisory authority.

In other words, you have the right to receive, upon request, free information on the personal data we have stored that concern you, to object, upon request, to the processing of data that concern you, valid thenceforth, and to withdraw your consent, and, in accordance with the applicable provisions, the right to rectification, restriction of processing, data transmission, erasure of the data in question and the right to lodge a complaint with a supervisory authority. In such cases, please contact the competent Personal Data Protection department of the Company listed below in writing via original letter or e-mail.

 

Right to lodge a complaint

Should you believe that the processing of your data infringes Regulation (EU) 2016/679, you have the right to lodge a complaint to the supervisory authority. The competent supervisory authority for Greece is the Hellenic Data Protection Authority, 1-3, Kifisias Street, GR-11523, Athens, https://www.dpa.gr, tel.: +30 2106475600.

 

Contact

‘ROCCA A MARE SINGLE MEMBER PRIVATE CAPITAL COMPANY’ informs you that it has appointed a Data Protection Officer, whom you may contact at: info@roccamare.gr. If you have questions or recommendations concerning this Policy, please contact the above address. Constant Internet developments in general necessitate the adaptation of our rules concerning the protection of online data from time to time. ‘ROCCA A MARE SINGLE MEMBER PRIVATE CAPITAL COMPANY’ reserves the right to make any recommended changes to these rules at any time.