Privacy Policy
PRIVACY STATEMENT
With this Statement, the Company wishes to inform its customers about the processing of their personal data during the provision of accommodation services. The Company has taken all necessary technical and organizational measures to fully comply with the General Data Protection Regulation 2016/679 (GDPR), Law 4624/2019, the Decisions, Guidelines and Opinions of the Hellenic Data Protection Authority (HDPA), and, in general, the national and EU legislation and case law regarding the protection of personal data (hereinafter referred to as “Applicable Legislation”), aiming at the security, integrity, and confidentiality of your personal data.
Personal Data Collected:
Identity data such as full name, nationality, date and place of birth, client number in the case of a loyalty program, and preferred language of communication, as well as data related to my stay, such as room number, duration of stay, information on consumption of goods and/or services, and check-out details, are collected. Additionally, data related to my preferences or requests (such as special dietary requirements, allergies, and other health-related data), image data (photos or video recordings), contact information (residential address, postal address, email address, and mobile phone number), and payment method data (e-cards, credit or debit card details) are collected for the following purposes: to reserve a room or other facilities and provide the corresponding services, to offer additional services, to assist with transportation arrangements, to plan and organize events, to send useful updates before, during, and after my stay at the hotel, and to charge for services and purchases and process payments.
For the purposes of booking a room or other facilities and providing the corresponding services, offering additional services, facilitating or assisting with the use of transportation, planning and organizing events, sending useful updates before, during, and after my stay at the hotel, as well as charging for services and consumptions and processing payments.
Although the Company avoids collecting personal data directly from minors (under the age of 18), in cases where this is required, such data will be collected from the minors’ parents or legal guardians, provided that their consent has been obtained (if deemed necessary). Furthermore, the Company does not seek to collect or process “sensitive personal data”, i.e. data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic data, biometric data, health data, or data concerning a natural person’s sex life or sexual orientation. By way of exception, the Company may collect sensitive personal data that you voluntarily provide, or where it has obtained your prior explicit consent (e.g. for the disclosure of allergies). Your personal data are retained for a limited period of time, depending on the purpose of the processing, after which the data are deleted and/or securely destroyed in accordance with clearly defined standards and procedures under the responsibility of the Company. Personal data collected and processed for the performance of a contract are retained for as long as is necessary for the execution of that contract and for the establishment, exercise and/or defense of legal claims arising from it. When the processing is required by law or a specific retention period is provided, your personal data will be stored for the duration set out in the relevant provisions. Personal data collected based on your consent will be retained until such consent is withdrawn.
The Company may transfer the above-mentioned personal data to its staff, management, or to third parties to whom it has assigned the processing of personal data on its behalf (e.g., reservation management systems). After your departure, the Company may share personal information such as your full name, length of stay, room number, number of guests, and email address with an external partner who is responsible for sending you a guest satisfaction survey and collecting your responses (completion of the survey is optional). In all cases, any third parties to whom your data may be transferred are contractually bound to the Company to ensure the required confidentiality obligations, as well as full compliance with all responsibilities defined by the Applicable Legislation. Additionally, your personal data may be disclosed to supervisory, independent, judicial, prosecutorial, public, and/or other authorities or entities to whom oversight or monitoring of the Company’s activities has been assigned, within the scope of their responsibilities. The Company will not process your personal data for any purposes other than those for which they were collected, nor will it transfer them to unauthorized third parties. Although, as a general rule, the Company does not transfer your personal data to countries or organizations outside the EU/EEA, should such transfer take place, it will ensure that the conditions set forth in Articles 44 et seq. of the GDPR are met. According to the Applicable Legislation, you have the right to be informed, to access, correct, and delete your personal data, to restrict their processing, as well as the right to data portability and to object to the processing of your personal data. You also have the right to object to automated decision-making and profiling. In addition, you have the right to withdraw your previously given consent and to file a complaint with the Hellenic Data Protection Authority (HDPA), should you believe your personal data are being violated. To exercise any of the above rights, or to receive further information regarding the processing of your personal data, you may contact the Company’s Data Protection Officer via email at: [email protected].
PERSONAL DATA PROTECTION POLICY
I. What personal data is collected, for what purposes, and what are the corresponding legal bases
For the purpose of communication with the users of our website, it is necessary to collect the name, surname, email address, phone number, and any personal data that may be included in the message. This action is in accordance with Article 6(1)(b) of the GDPR, according to which processing is necessary for the performance of a contract to which the data subject is a party, or to take steps at the request of the data subject prior to entering into a contract.
Through additional social plugins (Facebook), we can only access publicly shared information on the respective social networking platforms. The operation of these plugins is governed by the terms of the privacy policy of each respective platform.
II. For how long do we retain your personal data
We retain your personal data for as long as required based on the purpose for which they were collected, as described in section I, unless otherwise specified by law. Upon completion of the prescribed retention period, your data will be permanently deleted or securely destroyed according to clearly defined standards and specifications under the responsibility of the Data Controller.
III. To whom do we disclose and/or transfer your personal data
1.To entities entrusted with the execution of specific tasks, such as, but not limited to, providers of IT products and/or services and/or support of all kinds of information and electronic systems and networks, marketing companies, consulting firms, etc. These entities provide sufficient assurances for the implementation of appropriate technical and organizational measures, ensuring that data processing is carried out in accordance with the requirements of the GDPR and related personal data protection legislation
2.To supervisory, independent, judicial, prosecutorial, public, and other authorities or bodies or parties assigned with the control/monitoring of our activities within the scope of their responsibilities.
Under no circumstances will we process your personal data for purposes other than those for which they were collected, nor will we transfer them to unauthorized third parties. Although, as a rule, we do not transfer your personal data to countries/organizations outside the EU/EEA, if such a transfer becomes necessary, we will ensure that the conditions of Articles 44 et seq. of the GDPR are met.
IV. Your rights
According to the applicable law, you have the right to request from us:
1. to inform you about the data we hold about you and the way we process it.
2. to correct inaccuracies or errors, to complete omissions, or to update your data.
3.to delete data, provided that we do not keep it for a specific, lawful, and declared purpose.
4. to suspend the processing: a) while you dispute the accuracy of the data, b) if you consider the processing unlawful (but do not wish the data to be deleted), c) when the data is no longer necessary for the purpose of processing, and d) for as long as it is contested whether the reasons for which we process your data outweigh those you claim to permanently stop this specific processing.
5. to object at any time, for reasons concerning you, to the processing of personal data we carry out, especially for direct marketing purposes or profiling. The objection may specifically also concern your compliance with a decision we made by automated means. In this latter case, you may require us to allow you to intervene. (Right to object – Automated individual decision-making)
6.to provide you with your data in a specific format (usually machine-readable) or to transfer it directly to another controller upon your request, provided, of course, that this is technically feasible and always under the conditions set by law. (Right to data portability).
7. to no longer process your data going forward, giving you the ability to freely withdraw the consent you have given us.
You can submit your requests via email at [email protected]. We commit to responding to all your requests promptly and, in any case, within one (1) month. In exceptionally rare cases, where fulfilling your rights is almost impossible for us, we will inform you immediately, explaining the reasons for our inability. If you believe that the applicable law is being violated, you retain the right to file a complaint with the Hellenic Data Protection Authority (HDPA).
V. DATA PROTECTION OFFICER (DPO) CONTACT DETAILS
Email: [email protected]. Phone: +30 6945 046 588
This website uses cookies
We use cookies to personalise content and ads, to provide social media features and to analyse our traffic. We also share information about your use of our site with our social media, advertising and analytics partners who may combine it with other information that you’ve provided to them or that they’ve collected from your use of their services.
Necessary Cookies
Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.
Preferences
Preference cookies enable a website to remember information that changes the way the website behaves or looks, like your preferred language or the region that you are in.
Statistics
Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.
Marketing
Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers. Cookies are text files that contain bundles of information that are stored on the directory of the web browser of a user’s computer or mobile device (e.g. notebook, tablet, smartphone, etc.) every time a website is accessed online through the browser. Whenever this website is visited again subsequently, the browser sends these cookies to the website that originated them or to another website. The cookies allow these websites to memorize some information so that the person visiting the website can explore it quickly and easily. A cookie cannot bring up any other data from the user’s hard drive, nor can it transmit computer viruses or obtain email addresses. Every cookie is unique to the user’s browser. Similar technologies, e.g. web beacons or transparent GIFs, can be used to gather information on a user’s behavior and his/her use of the services. In this Cookie Policy, all such technologies will be referred to as “cookies”. There are various types of cookies, some devised to make use of the website more efficient and to improve the browsing experience of the user, others enabling particular functions to operate.
TYPES OF COOKIES USED
1.1 TECHNICAL COOKIES
Technical cookies are used to make certain sections of the WEBSITE function correctly. The Website uses only technical cookies, those that are “strictly necessary to transmit a communication or provide a specific service as requested by a subscriber or user” (Article 4 par. 5 of Law 3471/2006). They can be divided into browser cookies and session cookies, which ensure that the Website functions properly: Analytics cookies, which are technical cookies when they are used to measure and analyze overall user numbers and behavior on a particular website; Functionality cookies, which make it possible to tailor the website according to various choices made by the user (e.g. language, etc), in order to provide improved service. The acquisition and processing of data obtained by the use of technical cookies is necessary if the Website is to function properly. If a user objects to the use of these technical cookies, he/she will not be able to access and view the Website properly. We have divided technical cookies in two categories:
1.1.1 REQUIRED COOKIES
Cookie Name Provider Purpose Type Expiry __cf_bm mitsis.zendesk.com This cookie is used to distinguish between humans and bots. This is beneficial for the website, in order to make valid reports on the use of their website HTTP 1 day _zlcid mitsis.com Unique id that identifies the user's session HTML Persistent __zlcstore mitsis.com This cookie is Required for the chat-box function on the website to function . HTML Persistent AWSALBCORS zopim.com Registers which server-cluster is serving the visitor. This is used in context with load balancing, in order to optimize user experience. HTTP 6 days __cfduid Webserver - Cloudflare Used by the content network, Cloudflare, to identify trusted web traffic. HTTP 29 days __cfruid mitsishelp.zendesk.com - Cloudflare This cookie is a part of the services provided by Cloudflare - Including load-balancing, deliverance of website content an d serving DNS connection for website operators. HTTP Session XSRF-TOKEN mitsis.com Ensures visitor browsing-security by preventing cross-site request forgery. This cookie is essential for the security of the website and visitor. HTML Persistent mitsis_session mitsis.com Session cookie allow users to be recognised within the website so the user to be remembered from page to page HTTP 1 day XSRF-TOKEN app.triparound.com This cookie is used to help with site security in preventing Cross-Site Request Forgery attacks. HTML 4 hours laravel_session app.triparound.com This cookie is used to identify a session instance for the user.
1.1.2 FUNCTIONAL COOKIES
User’s consent is requested for the installation of this type of cookies. Users are informed that by rejecting this type of cookies they may not be able to take advantage of all capabilities and benefits provided by our site & services. Below you may find a list of Functional technical and analytics cookies used by the Website with relevant information:
Cookie Name Provider Purpose Type Expiry ZD-settings mitsis.com Arbitrary settings for the user's preferences when browsing a Zendesk knowledge base. HTML Persistent ZD-store mitsis.com Registers whether the self-service-assistant Zendesk Answer Bot has been displayed to the website user HTML Persistent ZD-buid mitsis.com Unique id that identifies the user on recurring visits. HTML Persistent ZD- currentTime mitsis.com Registers the date and time for the user's latest visit to the website. HTML Persistent _ga mitsis.com Registers a unique ID that is used to generate statistical data on how the visitor uses the website. HTTP 2 years _gat mitsis.com Used by Google Analytics to throttle request rate HTTP 1 day _gid mitsis.com Registers a unique ID that is used to generate statistical data on how the visitor uses the website HTTP 1 day _ga app.triparound.com This cookie is asssociated with Google Universal Analytics and is used to distinguish unique users by assigning a randomly generated number as a client identifier. It is included in each page request in a site and used to calculate visitor, session and campaign data for the sites analytics reports. HTTP 2 years _gat_gtag_ [Property-ID] app.triparound.com This cookie is asssociated with Google Universal Analytics and is used to limit requests (throttle request rate). HTTP 1 minute _gid app.triparound.com This cookie is asssociated with Google Universal Analytics and is used to to store and update a unique value for each page visited.
1.2 ADVERTISING COOKIES
Apart from technical cookies, the general rule governing the use of an electronic communication network “to gain access to information stored in the terminal equipment of a subscriber or user” is that prior informed consent must be given by the user, i.e. that the user should opt in rather than opt out. This means that all cookies that cannot rightly be termed “technical”, and which therefore are more critical for user privacy protection, e.g. those used to provide a profile of the user, promote our products and services or for relevant advertising and marketing issues, may not be installed on users’ terminals unless the user has been adequately informed in advance and has given a valid consent. Below you may find a list of advertising cookies used by this website with relevant information:
Cookie Name Provider Purpose Type Expiry __zlcmid mitsis.com Preserves users states across page requests HTTP 1 year zte# mitsis.com Saves a Zopim Live Chat ID that recognises a device between visits during a chat session . HTTP Session gaexp mitsis.com This cookie is used by Google Analytics to determine if the visitor is in volved in their marketing experiments. HTTP 85 day ads/ga- audiences mitsis.com Used by Google AdWords to re-engage visitors that are likely to convert to customers based on the visitor's on line behaviour across websites. Pixel Session IDE doubleclick.net Used by Google DoubleClick to register and report the website user's actions after viewing or clicking one of the advertiser's ads with the purpose of measuring the efficacy of an ad and to present targeted ads to the user. HTTP 1 year pagead/1p- user-list/# google.com Tracks if the user has shown interest in specific products or events across multiple websites and detects how the user navigates between sites. This is used for measurement of advertisement efforts and facilitates payment of referral-fees between websites. Pixel Session test_cookie doubleclick.net Used to check if the user's browser supports cookies. HTTP 1 day _fbp mitsis.com Used by Facebook to deliver a series of advertisement products such as real time bidding from third party advertisers. HTTP 3 months fr mitsis.com Used by Facebook to deliver a series of advertisemen t products such as real time bidding from third party advertisers. HTTP 4 months tr facebook.com Used by Facebook to deliver a series of advertisement products such as real time bidding from third party advertiser
THIRD-PARTY WEBSITES
When browsing a website, the user may receive cookies from third parties. Third-party cookies are installed by a different website from the one the user is browsing. This is because every website may contain elements (pictures, maps, sounds, specific links to web pages of other domains, etc,) that are on servers other than that of the website being viewed. In the above three tables we designate under “providere” whether cookies originate from third parties.
HOW TO MANAGE COOKIES BY CONFIGURING THE BROWSER
Some users may not consent to the storage of information collected through cookies by their computer. Each browser includes detailed instructions regarding their policy for the use of cookies. If you do not wish to receive cookies, you may modify the settings of your browser so as to be warned, when cookies are being sent, to deactivate all or some of the cookies used by the Website or to delete cookies already installed by the Website. Several functions of our website may operate properly without the use of cookies. However, if you deactivate cookies, you shall not have access to certain services and features of the Website. Below you may find the pages of browser suppliers that give detailed instructions on how to set your privacy preferences according to the browser used: Mozilla Firefox: Enable and disable cookies Google Chrome: Manage cookies and other website data Safari 6/7 (Mavericks): Manage cookies and other website data Safari 8 (Yosemite): Manage cookies and other website data Internet Explorer: Enable and disable cookies Opera: Cookies Safari iOS (mobile): Safari web setting on your IPhone, iPad or Pad touch If you wish further information regarding the Website’s cookies please contact us at………………..
AMENDMENTS
We may revise our Cookie Policy at any time and publish any amended provisions in this page. If we do, we will post the revised version here and change the “Last Updated Version” date (the date it applies from) at the end of this document. You are advised and expected to check this page from time to time and regularly, in order to be informed of any changes we have made, since they will be binding on you. Some of the provisions contained in this Cookie Policy may, also, be superseded by provisions or notices published elsewhere on our Site or in the revised Cookies Policy.
LAW & JURISDICTION
This Cookie Policy and your use of our Website are governed by and construed in accordance with the Laws of Greece, without regard to their choice of Law provisions. The courts of Athens Greece will have exclusive jurisdiction over any and all disputes arising out of, relating to or concerning this Cookies Policy, their interpretation, effect and application and / or this Website or in which this Cookies Policy and / or our Website are a material fact.
