Data Controller – Contact
For the purposes of the General Data Protection Regulation of EU 2016/679 (hereinafter the “Regulation”), your data controller is NEAPOLI VILLAS MIKE, based in Neapoli, Laconia, 23053, Hellas, with our official website (hereinafter “NEAPOLI VILLAS”, “we”, “us” or “our”).
Regarding data privacy issues, please contact us either by post at 4-6 Efplias str., 18537 Piraeus, Hellas, or by email.
We also cooperate with two companies that perform communications with our Customers and reservations on our behalf, as explained below. These companies are “data processors”, they are bound by written contracts according to the Regulation and are presented below:
Data Processor A
WebHotelier Technologies Ltd, based in Nicosia of Cyprus, 9 Mnasiadou str., (Demokritos Building, Office 16), CY1065, with contact information: firstname.lastname@example.org (hereinafter referred to as “WebHotelier”) is the “data processor” who manages the online reservations and payments system on behalf of us, through the https://neapolivillas.reserve-online.net/ link (hereinafter referred to as the “reservation site”). You will find yourself on this site every time you click the “BOOK NOW” button on our official website. WebHotelier is a certified PCI-DSS Level 2 service provider and is checked monthly by Trustwave.
What personal data we collect from you, on what purpose and legal basis
Directly from you, we collect your personal data when you voluntarily contact us. For example, we collect personal information when you visit our site or our facilities when you contact us to find out details or schedule your stay, or even during your arrival and state at Neapoli Villas. Your personal data include:
1. Contact and reservation data:
WebHotelier, who act as data processor on our behalf, collect certain information when you contact them or complete online forms, with the purpose to provide you with the information you need to plan your stay at Neapoli Villas. This information is necessary for your reservation, albeit temporary, in the context of a contract and is usually the following:
- Name and surname
- Phone number and/or email
- Desired arrival and departure dates, type of accommodation, number of rooms etc.
Upon your arrival, we collect from you the following information, based on police orders:
- Name and surname
- Father’s name
- Date and place of birth
- Home Address
- Identity/Passport number and issuing Authority
- Details of a minor
- Date of arrival and departure
- Customer’s code (provided by the system)
- Customer’s signature
We collect and process your payment data in order to charge you according to our contractual agreement, as well in order to comply with the tax legislation. Your payment data include:
- Number and other details of your debit or credit card
- Your bank account information
- Your TAX/VAT code
- Total cost of your stay.
When you select Neapoli Villas for hosting your private events, which involve personal data of your guests (e.g. a wedding celebration or a corporate event), then you provide us with personal data of your guests, such as the dates and duration of your event, number of guests, room details, budget and eventual dietary preferences of you and of your guests. We collect and process the personal data of your guests as provided by you – and we may also share some information with the organizers – as necessary, for the lawful purposes and within the framework of our contractual agreement.
We will ask for your written consent before we use your personal data for advertising purposes. Also, if you choose to participate in Neapoli Villas’ social activities or promotional offers, we may collect your personal data from our social networking account with your prior and explicit consent, such as: check-in, location, activities, interests, photos, status updates, and your friends’ list.
We collect personal data about you from the above-mentioned data processor (WebHotelier), as well as from partnering booking companies (Booking.com, Airbnb, HomeAway, etc.), from payment cards (e.g. VISA, MASTERCARD etc.), from social media according to your respective privacy arrangements, as well as from other sources that are legally authorized to share your personal data with us. We use and share such data and we may attach them to the other items of your personal data we maintain in our records, for the purposes of executing our contractual agreement.
The term refers to the processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation. Special categories of personal data include those relating to criminal convictions and offenses.
In general, we do not collect or process special categories of personal data unless you voluntarily provide them to us or in case there is a legal obligation, such as when we ask you to present to us your passport or identity card, for the sole purpose of identifying you, in accordance with applicable laws and regulations.
We may use health data provided exclusively by you to meet your specific needs, such as the provision of access to people with disabilities. In such cases, the processing of the data is based on the prior express consent of the data subject himself or his legal representative.
In any case you provide us with third party data (for example, when you book on line on behalf of your friends), you declare that:
1) You undertake the full responsibility and obligation to provide such third parties with all the information contained in this Policy,
2) Following such acknowledgment, you received the explicit consent of these third parties;
3) Their personal data you provide us with are appropriate and accurate.
In any case, you acknowledge and agree that you duly release Neapoli Villas and WebHotelier from any liability or liability for any damages that may occur to you or to such third parties or other persons, whether natural or legal, due to your initiative to provide us with personal data of third parties.
We retain your personal data for as long as necessary to accomplish the purpose for which it was collected and in accordance with relevant legal requirements, such as tax law.
We do not knowingly collect personal data from people under the age of 15. As a parent or legal guardian, please do not allow your children to submit personal data without your consent.
Under the Regulation, you can exercise the following rights as a natural person in the EEA:
The right to be informed regarding your personal data collected, the sources, how it is processed, for what purposes and on what legal bases, any recipients or transfers outside EU, retention period, safety measures etc.
The right to correct or update your personal data by submitting a statement with your correct personal data.
The right to delete your personal data in the following cases:
– When your personal data is no longer necessary for the purposes for which it was collected
– When you withdraw your consent on which your personal data has been processed and there is no other legal basis for such processing,
– When your personal data has been processed without the appropriate legal basis,
– When deletion is lawful.
The right to restrict the processing of your personal data in the following cases:
– When you dispute the accuracy of your personal data and until such accuracy is verified,
– When the conditions for deletion of the previous paragraph are met and instead of deletion you wish to restrict the processing of such data,
– When we no longer need your personal data but they are required by you to establish, exercise or defend legal claims.
The right to object to the processing of your data unless there are compelling and legitimate reasons for Neapoli Villas to establish, exercise and defend its legal claims overriding your own rights and freedoms.
The right of data portability, in an appropriate machine-readable format, provided that your personal data has been processed with your consent.
The right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
The above rights may be subject to restrictions due to our legal obligations, such as, for example, when you request your data deletion, but we are required to keep them in order to comply with tax legislation.
In order to exercise your rights and/or ask us to clarify any issues related to the protection of your personal data, you may contact us at our email or by post to: Efplias 4-6, Piraeus, Postal Code 18537, Hellas.
We will respond to your request free of charge, without undue delay and within 30 days after its receipt, except in rare cases, where our response time may be further delayed (at maximum by 60 days if necessary, taking into account the complexity of your request and the total number of requests). In the event of such delay, you will be informed about the reasons of the delay within 30 days after receipt of your relevant request. We may also need to contact you for identification.
If we consider your request manifestly unfounded or excessive, we have the right to charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the action requested; we also have the right to refuse to act on your request.
The right to lodge a complaint with a supervisory authority.
You have the right to file a complaint to the competent authority, following its instructions; in Greece, such information is provided at http://www.dpa.gr
In general, we do not transfer your personal data to countries outside the EU or international organizations, except in the following cases:
– Transfer to or from a foreign financial institution (bank), for the purpose of executing a contract between us; only the data required for such purpose will be transferred (SWIFT, SEPA, etc.)
– Where an obligation arises, on the basis of a provision of law, a contract, a court order, or when it is required to establish, support or exercise our rights or to defend our lawful interests.
We use the appropriate technical and organizational measures to protect your personal data, including firewall protection, encryption, security and breach monitoring and notification systems, along with a security policy. In particular, we will duly disclose a security breach to the Supervisory Authority (and / or the subjects if required), in accordance with applicable laws and regulations.
We provide for a personnel training program, in accordance with EU Regulation 2016/679. We also bind our partners and service providers with whom we share your personal data, with the appropriate confidentiality agreements as required, in accordance with the Regulation and the national laws.
In electronic transactions, we use reasonable technological measures to protect the personal data you send to us through our site. However, no security system or data transmission system over public Internet guarantees full security. For this reason, we recommend that you avoid sending us payment card numbers or other sensitive personal data via email.
This Policy does not cover the processing of personal data by third parties, such as corporate events or banqueting companies. The above are third companies and do not belong to Neapoli Villas. To learn about the privacy practices applied by each third party, please read the relevant privacy statements posted on their websites or contact the company’s data protection officer.
This Policy may be amended periodically. When we make substantial changes to our Policy, we will post a link to the revised Policy on our official website. The changes are effective as of the date of publication of the revised Policy on the website. The date of the last revision is indicated in the top of the page. The use of our site and services, and / or your consent to the Policy when required, indicates your acceptance of the published Policy.