"Personal data" means any information that is collected or recorded in a form that may allow direct (e.g. surname) or indirect (e.g. phone number) your identification as a natural person.
3. For what purposes do we collect data?
We collect and use your personal data in order to manage your relation with STENDOR SA and in order to offer our Services to you. Certain personal data are collected to provide you with personalised and improved services. We collect personal data with the following purposes:
a. Management of reservations and other hospitality services
•Creation and storage of legal documents in accordance with applicable law
•We collect data in order to prepare and meet requests relating to your stay (e.g. room preferences)
b. Management of your stay at the Hotel
•We manage the access to your room
•We may monitor the use of services (room telephone, WiFi access etc.)
•We manage lists with customers’ personal data for operational purposes such as, e.g., daily customer arrival and departure lists and a list with special category customers
c. Improvement of our hotel services
•In order to tailor our products and Services to better meet your requirements
•We process your personal data to better understand your requirements and wishes
•We provide you with useful information for offers or other promotional messages
•We inform you about special offers and new Services
•We provide customised content and suggestions based on previous activities with our Services
d. Management of our relations with you before, during, and after your stay
•Management of loyalty programmes
•Management of customer databases
•We evaluate and analyse the market, our customers, our products and Services
•We create statistical data and reports
•We acquire knowledge and manage the preferences of recurring and new customers
•In order to send newsletters, promotion offers, or to contact you by telephone
•We manage requests for deletion from update lists
•We create and manage questionnaires and statistics
•We organise lotteries, contests and offers, to the extent allowed by law
e. Improvement of our Services
•We conduct market research and analysis of questionnaires and customer comments
•We manage customers’ claims and complaints
•We offer loyalty programme privileges
f. System security
•We record data to ensure security and to avoid fraud
g. Compliance with Greek and European law
h. Safe use of the services of our facilities
4. What personal data do we collect?
Information provided directly by you
A number of our Services may offer the possibility to provide information directly to us. For example:
•Several of our Services allow users to create accounts or user profiles. In conjunction with these Services, we may ask you to provide certain details about yourself in order to set up your account or profile, such as your name and email address.
•When ordering a paid product or service from us, we may ask certain details for the processing of your order, such as your name, room details and billing data.
•When participating in an online or offline contest or promotional action organised by us, we may ask you for your name, contact details, email address, age and gender, personal and occupational interests, other personal characteristics, and your opinion of our products and/or services.
•Some of our Services allow you to communicate with other people. This communication will be transmitted through, and stored on our systems.
The information we are obliged to request about you and/or your family members is the following:
•Contact details (e.g. surname, given name, father’s name, passport number, ID-card details, telephone, home address, email)
•Personal data (e.g. date of birth, nationality, place of birth)
•Information on your children (e.g. given name, date of birth, passport number)
•Billing details (e.g. credit card number, VAT number)
•Loyalty programme member number (member number for loyalty programmes of STENDOR SA or other parties, such as airline operators)
•Date of arrival and departure, flight number and room number
•Preferences and interests (e.g. non-smoking room, preferred floor, type of bed, sports, cultural interests)
•Questions and comments submitted during or after your stay in one of our Hotels.
The data we collect on persons under the age of 18 are restricted to given name, surname, nationality, and date of birth, and can be provided only by an adult / guardian. We thank you for your efforts to ensure that children do not send us personal data without your consent (especially through the internet). Should any information of this type be sent to us, you can communicate with the Data Privacy department (see section “Questions and contact”) to schedule the deletion of such information.
Moreover, information such as your passport number, your recreational activities, your hobbies, any health issues that you may have, or whether you are a smoker or not, can possibly be described as sensitive. We retain such information only if we are obliged to do so by applicable law or if you have explicitly given us your consent (e.g. in order to provide you with an appropriate Service, such as a special diet)
Information on your use of our Services
Apart from the information provided directly by you, we may also collect information on your use of our Services through the software of your device, or by other means. For example, we may collect:
•Device information - such as hardware model, International Mobile Equipment Identity (IMEI) and other unique device identity data, MAC address, IP address, operating system issue, and setting of the appliance you use to access our Services.
•Connection information - such as the time and duration of use of the Service, search commands entered in the Services, and information that may be stored in cookies we have placed on your device.
•Location information - such as GPS signal of your appliance, or information on WiFi access points that may be transmitted to us when you use our Services (e.g. WiFi, Guestportal, Mobile Apps).
•Audiovisual information - such as recordings we make of your voice (and which may be stored on our servers) when you use voice commands to use a Service, or audiovisual information collected through closed circuit tv circuits (CCTV) for security reasons.
•Other information that relates to your use of our Services, such as the applications that you use, the websites that you visit, and the way in which you interact with content offered through a Service.
Information from third parties
We may receive information about you from available public and commercial sources (to the extent permitted by law), which we may combine with other information that we receive directly from you, or in relation to you. We may also receive information about you from third party social networking services when you choose to connect to such services.
Other information we collect
We may also collect other information about you, your device or your use of services in manners described at the point of collection, or otherwise with your consent.
You may choose not to provide certain types of information, but this may influence the possibility to use certain Services.
5. When do we collect personal data?
We may collect personal data in various cases, such as:
a. Hotel activities:
•Check-in and payment
•Reservation of seat and/or use of hotel services, such as catering and recreational services
•Various requests, complaints and/or disputes
b. Participation in marketing programmes or events:
•Registration in loyalty programmes (e.g. Privilege)
•Participation in online and offline surveys (for example, Customer Satisfaction Survey)
•Participation in contests and games
•Subscription to mailing lists, in order to receive offers and other promotions by email
c. Transmission of information from third parties:
•Tourist agencies, tourist offices, GDS reservation systems, online reservation systems (such as e.g. booking.com, expedia.com, etc.) and other reservation systems
d. Actions through electronic devices
•Login on our websites
•Connection to the WiFi network of our hotels
•Completion of online forms (e.g. reservation forms, precheck-in forms, satisfaction survey forms, etc.)
6. Third party access terms to your personal data
At STENDOR SA, it is part of our philosophy and basic principles to not disclose your information with third parties for their unrelated business or marketing purposes, without your consent. However, we may disclose your information to the following entities.
•Business associates. We may also share your information with trusted business partners. These entities may use your information in order to provide you with services you have requested, to make provisions relating to your interests, and possibly to provide you with promotions, advertisements and other material.
•Service providers and/or any third parties that may process information on our behalf. We may also share your information with companies that provide services on our account or behalf, such as IT contractors, bulk mailers, banks, credit card institutions, law firms, mail service companies, printing services companies, etc.
•Other third parties, if so required by law or in order to protect our Services. Situations may arise in which we share your information with other third parties:
- in order to comply with the law or in order to comply with a mandatory legal procedure (such as search warrants or other court orders),
- in order to confirm or implement our compliance with the policies governing our Services; and
- in order to protect the rights, ownership or security of STENDOR SA, business partners or customers.
•Other third parties in relation to corporate transactions. We may share your information with third parties within the context of a merger or transfer, or in the event of bankruptcy.
In order to provide you the best possible service, we allow access to your personal data or to certain categories thereof to competent, authorised members of our personnel. This includes:
•Marketing/Guest Relations department
•Legal Services department, if and when required
•Medical Services, if and when required
7. Protection of personal data during international transfer
For the purposes set out in Article 3 of this Charter, we may transfer your personal data to internal or external recipients who may be located in countries that offer different levels of protection for personal data. Kindly note that data protection and other laws in the countries to which your information may be transferred may not be equally protective as in your country. The transfer will take place according to the legislation on the processing of personal data, in order to ensure sufficient protection of your personal data.
STENDOR SA implements suitable measures in order to ensure safe transfer of your personal data to an external recipient located in a country that offers a different level of privacy than the one proposed by the country where the personal data are collected.
8. What we do to keep your information safe
We have taken reasonable organisational and technical measures in order to protect the information we collect in relation to our Services, especially with regard to any sensitive personal data that happen to be collected. Our IT department implements the international standards and practices in order to ensure the safety of the networks and the encryption of the data. However, you should bear in mind that despite the reasonable measures that we take for the protection of your information, no website, internet transmission, computer system or wireless connection is ever completely safe.
9. Data storage
We take reasonable measures in order to ensure that the information concerning you will be stored no longer than needed for the purpose for which it has been collected and no longer than required by the contract or the applicable legislation.