The company is based in Heraklion, Dimokratias Av. 75- P.C. 71306 Greece and its web site is www.galaxy-hotel.com.
Information and Consent
By accessing the platform www.galaxy-villas.com or providing personal information, you agree to our privacy practice and policy as set out in this privacy statement. We may revise, update and change this policy from time to time in order to ensure you are aware of the most recent version.
ECONOMOU S.A. operates this booking system by its web site www.galaxy-villas.com, through a data processor, as explained below. For the purposes of the General Data Protection Regulation (“GDPR”) (EU) 2016/679, our company is the Data Controller. There is a strict contractual framework between the data controller and the data processor for the protection of your personal information, described below.
The Data Controller has been contracted with the company under the name “WebHotelier Technologies”, based in Nicosia Cyprus, which provides software support, computer data services and direct “on line” electronic documentation while operating the booking system of the Data Controller on the site www.galaxy-villas.com.
The types of personal data that we collect include:
- Your first name, last name, email address, phone number and home address;
- Credit card details (type of card, credit card number, name on card, expiration date and security code);
- Guest stay data, including date of arrival and departure, special requests made, observations about your service preferences (including room preferences, facilities or any other services used, nutrition preferences );
- Data you provide regarding your marketing preferences or in the course of participating in surveys, contests or promotional offers;
- The Data Controller may collect and process only the data given by the data subject at the reservation and according to our guidelines. Those data Webhotelier is not allowed to process in any other way or for any other scope.
You may always choose what personal data (if any) you wish to provide to us. If you choose not to provide certain details, however, some of your transactions with us may be impacted.
Data we collect automatically
We may use your personal data for the following purposes:
- a. Reservations: We use your personal data to complete and administer your online reservation or reservations made at the front office or telephonically
- b. Customer service: We use your personal data to provide customer service and to improve our services to you during your stay with us.
- c. Guest reviews: We may use your contact data to invite you by email to write a guest review after your stay. This can help other travellers to choose the accommodation that suits them best. If you submit a guest review, your review may be published on our website.
- d. Marketing activities: We also use your data for marketing activities, as permitted by law. Where we use your personal data for direct marketing purposes, such as commercial newsletters and marketing communications on new products and services or other offers which we think may be of interest to you, we include an unsubscribe link that you can use if you do not want us to send messages in the future.
- e. Other communications: There may be other times when we get in touch by email, by post, by phone or by texting you, depending on the contact data you share with us. There could be a number of reasons for this:
1. We may need to respond to and handle requests you have made.
2. If you have not finalised a reservation online, we may email you a reminder to continue with your reservation. We believe that this additional service is useful to you because it allows you to carry on with a reservation without having to search for the accommodation again or fill in all the reservation details from scratch.
3. When you use our services, we may send you a questionnaire or invite you to provide a review about your experience with our website. We believe that this additional service is useful to you and to us as we will be able to improve our website based on your feedback.
- f. Analytics, improvements and research: We use personal data to conduct research and analysis. We may involve a third party to do this on our behalf. We may share or disclose the results of such research, including to third-parties, in anonymous, aggregated form. We use your personal data for analytical purposes, to improve our services, to enhance the user experience, and to improve the functionality and quality of our online travel services.
- g. Security, fraud detection and prevention: We use the information, which may include personal data, in order to prevent fraud and other illegal or infringing activities. We also use this information to investigate and detect fraud. We can use personal data for risk assessment and security purposes, including the authentication of users. For these purposes, personal data may be shared with third parties, such as law enforcement authorities as permitted by applicable law and external advisors. In that case processing of your data is lawful in order to comply with our legal obligations
- h. Legal and compliance: In certain cases, we need to use the information provided, which may include personal data, to handle and resolve legal disputes or complaints, for regulatory investigations and compliance, or to enforce agreement(s) or to comply with lawful requests from law enforcement insofar as it is required by law.
If we use automated means to process personal data which produces legal effects or significantly affects you, we will implement suitable measures to safeguard your rights and freedoms, including the right to obtain human intervention.
Lawfulness of Processing Personal Data
- In view of purposes a and b we rely on the performance of a contract: The use of your data may be necessary to perform the contract that you have with us. For example, if you use our services to make an online reservation, we will use your data to carry out our obligation to complete and administer that reservation under the contract that we have with you.
- In view of purposes c-h, we rely on its legitimate interests: We use your data for our legitimate interests, such as providing you with the best appropriate content for the website, emails and newsletters, to improve and promote our products and services and the content on our website, and for administrative, fraud detection and legal purposes. When using personal data to serve our legitimate interests, we will always balance your rights and interests in the protection of your information against our rights and interests.
- In respect of purpose h, we also rely, where applicable, on our obligation to comply with applicable law.
- Where needed under applicable law, we will obtain your consent prior to processing your personal data for direct marketing purposes.
- If needed in accordance with applicable law, we will ask your consent. You can withdraw your consent anytime by contacting us at any of the addresses at the end of this Privacy Statement.
In cases a to f above we shall always ask for your explicit and unambiguous consent to process your personal data, in a lawful, fare and transparent way. We inform you that we collect data only for the above purposes. In the case we shall collect or process data for another purpose beyond the above, we shall inform you in detail before processing your data, in order to receive your prior consent. The data we process are absolutely necessary for your service and the improvement of the quality of services we offer you. At your reservation we will ask you to update the data we store and to give your consent for their retention and processing. The time period for the retention and processing of data is set out in the national legislation, the E.U. treaties and the purpose of processing.
You may withdraw your consent at any point by communicating with us at the e mail: firstname.lastname@example.org
- Our Staff: Some of your data may be processed by authorized people, which are appointed to that purpose. Our Company retains an organizational structure and technical means that prevent the access to your data from third non authorized parties.
- Third-party service providers: We use service providers to process your personal data strictly on our behalf. This processing would be for purposes as included in this Privacy Statement such as facilitating reservation payments, wi-fi offering, the sending out marketing material or for analytical support services, your security while staying in our premises, improving the services we offer you and fulfilling your requests (e.g. transfer, sightseeing etc). These service providers are bound by confidentiality clauses and are not allowed to use your personal data for their own purposes or any other purpose.
- Competent authorities: We disclose personal data to law enforcement and other governmental authorities insofar as it is required by law and the EU treaties (e.g. Schengen Treaty) or is strictly necessary for the prevention, detection or prosecution of criminal acts and fraud.
Minor Data Protection:
Our Company does not process minor’s personal data that lead to identification of the subject. At check in we might collect only the ages of minors. In the case we are obliged to comply with a legal obligation that includes the processing of minor s data, we shall request the consent of one of the parents.
The services on our website are addressed to people above the age of 18. We are not in place to have knowledge and we bear no responsibility if the data processed on the website of our company are placed there by a person below the age of 18. If such an event comes into our knowledge we shall proceed to their erasure immediately.
If you are under the age of 18, we kindly request not to proceed with an online reservation and to communicate with the person who has your parental responsibility or is your guardian.
Data Transfers to non E.U. Countries
Security Measures against the unlawful processing of your data.
For the secure processing of personal data we implement appropriate technical and organizational measures to ensure the protection of data. Those include:
- Physical Security and Access Control in every part of our Company where data is stored
- Our Company demonstrates every possible effort to use products and services (electronic or not) that by design create friendly conditions for the protection of subject’s data. We also demonstrate a continuous and systematic effort to use appropriate technical and organizational measures which ensure that by default, only those data are processed that are necessary for the purposes of the process.
- Software and hardware access is possible only by passwords from authorized persons and we use updated firewall and antivirus systems. Additionally, information back up is done with encryption codes. All information stored by cloud systems is encrypted.
- It is of our concern to frequently update the software we use, in order to retain the highest possible information security.
- Frequent education and training of our staff regarding the secure data processing.
- We have security cameras for monitoring the storage rooms of our files.
- While payment we use secure protocols that have information encryption.
- We take any possible measure so the data we transfer to third parties, necessary for the operation of our company, are the minimum required and do not lead to the identification of their subject.
Your choices and rights
The data subject has the following rights according to the processing of its data, which we communicate to you:
- We understand that you may request to have knowledge of the personal data we process on your behalf. In order to comply with such a request and to protect your personal data, you should submit, along with your request (either electronically at the e mail email@example.com, or personally at reception, or telephonically at 2810 238812) a photocopy of your id card or other official document that proves your identity and put your signature on your request form. Our Company reserved the right to decline your request, if it is not possible to verify the identity of the requesting party from the submitted documents.
- If you wish to correct, erase, restrict the processing of your personal data, to object to the processing of your data or to request to have knowledge of your personal data or to transmit to another controller, you should submit a written request either electronically at firstname.lastname@example.org or personally at reception, or telephonically at 2810 238812. In every case you should submit adequate data for your identification, in order to be able to assist you at your request without delay and to ensure that your personal data will be processed solely by their subject and not by non authorized people.
We rely on you to ensure that your personal data is complete, accurate and current. Please do inform us promptly of any changes to or inaccuracies of your personal data by contacting our Privacy Department at email@example.com. We will handle your request in accordance with the applicable law.
Questions or Complaints
If you have questions or concerns about our processing of your personal data, or if you wish to exercise any of the rights you have under this notice, you are welcome to contact us via firstname.lastname@example.org . You may also contact your local data protection authority with questions and complaints.
Changes to the Notice
Our Company is subject to Greek Law. Any disputes arising under or in relation to this Policy and the Services provided there under shall be resolved exclusively by the Courts of Heraklion Creta.
Last Reviewed: 24.05.2018