PRIVACY POLICY (PERSONAL DATA PROCESSING POLICY & TRACKERS’ POLICY) This Personal Data Processing Policy & Trackers’ Policy, e.g., Cookies (“Privacy Policy”) was posted on 07/02/2023. We regularly review our Privacy Policy to ensure that it is up-to-date and accurate, in accordance with applicable law.
About us
Welcome to www.grandbluehotel.gr a website managed by the company under the name "KONSTANTINOS KOULIAS S.A." and distinctive title "GRAND BLUE BEACH HOTEL", which is based on the island of Kos (Lambi area) with G.E.MI number 123307020001, TIN 094034654 ["we", "us", "our", "GRAND BLUE BEACH HOTEL"].
The use of our website [hereinafter the "Website"] is subject to the Terms of Use and this Privacy Policy. The Privacy Policy has been updated to ensure compliance with the General Data Protection Regulation [Regulation (EU) 2016/679, GDPR] and Law 4624/2019.
Via the use of our website you unconditionally declare that you have reviewed, understood, and accepted all terms included in the Terms of Use and the Privacy Policy. If you do not agree with any of the terms included in the Terms of Use and/or the Privacy Policy, you must refrain from browsing and using the Website and its services.
The Privacy Policy may be amended from time to time, whenever needed, without prior notice to you. The amendments will apply on the date they are published in Website. We encourage you to regularly review the Privacy Policy, as your continued use of our Website implies that you have accepted such amendments.
If you do not agree with the use of your data according to Privacy Policy, please stop using the Website.
GRAND BLUE BEACH HOTEL is committed to respecting and protecting your privacy. This Privacy Policy describes how GRAND BLUE BEACH HOTEL, as controller within the meaning of GDPR, collects and processes the personal data and other information of you, the users of our website, and how our website uses cookies and other identification technologies.
Privacy Policy Scope
This Privacy Policy explains how we process your personal information when you contact us or use any of the services on our Website. Especially, by reading the Privacy Policy you are able to understand, among others:
- the purpose that we process your personal data;
- which personal data we collect directly from you and which from third parties;
- the time of their retention,
- the categories of recipients of your personal data, if any;
- if we intend to transfer this information to a non-EU country;
- if we make automated decision-making or profiling;
- and your rights have in relation to the processing of your personal data, as well as the way of their exercise.
This Privacy Policy explains:
1. Types of data we collect for you, how we collect them & how we use them
Data we collect directly from you
Data we collect using cookies and other tracking technologies
Data we collect by third parties
Anonymized and statistical data – Special Categories, Sensitive Data
2. Types of data we share with third parties
Service Providers
Other recipients
International transfers of data
3. How we use cookies and other tracking technologies (trackers)
Types of trackers
How do I change my trackers’ settings?
4. Legal basis for the processing
5. How long do we keep your data
6. How we ensure your data security
7. Your rights
Right to lodge a complaint with the Authority
8. Communicate with us
1. What data we collect about you, how we collect it and how we use it
At first, we inform you that in the premises of the Hotel, a CCTV (video surveillance system) operates in specific areas (with warning signs) for the purpose of security and protection of persons and goods. Kindly be informed in the section "CCTV Policy" about the processing of personal data of hotel guests through a video surveillance system and specifically about:
-The purpose for which the processing is carried out,
-The mode of operation of the CCTV system in use,
-The installation areas and range of the cameras,
−The retention period of the data,
-The categories of persons operating the CCTV system,
-Your rights regarding your personal data, which are processed by the operating CCTV system.
Moreover, when you visit the Website and when you contact us, we may collect and process certain personal data of you in order for you to be able to benefit from the functionalities and services offered via the Website and also in order to understand the need for our services and to improve the way we operate.These data might also contain “personal data”, meaning any information related to you as an identified or identifiable natural person, i.e. as a natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, communication details;
The Website is not intended for use by minors (under 18 years old) and we do not knowingly collect personal data related to minors, unless submitted directly by the child's guardian for the purposes of booking.
Data we collect directly from you We collect some of your personal data for communication purposes, such as to answer your requests for information and to better understand your expectations and needs.
More specifically, when you use the “How to contact us” form of our Website, or or communicate with us in person or in any other way (e.g. participation in a survey, competition, draw, etc.), we collect and process information about you that you directly provide to us, which may include: name, email address, country, the reason for your communication and the content of the communication that you address to us. We will use this information to communicate with you.
When you make a reservation or order a service (via the Website or by phone or email), we process certain data about you, including your name, email, address, telephone number, date of birth, booking details (e.g. arrival date, etc.), travel information (e.g. visa, passport), special remarks (e.g. dietary preferences) and billing information (credit/debit card number; name on the card, type of card, security code, expiration date, all this of course in pseudonymous form of token), in order to complete and manage your reservation and also in order to manage your requests and preferences. You can register and create a user account in the booking system of our Website. We use the information which you give us in order to manage the account, providing you with useful options like making your reservations, managing your bookings, taking advantage of members' special offers, making future bookings easily and managing your personal settings. You may register and/or have access through a third party account (e.g. Gmail) or social media (e.g. Facebook), in which case we collect and have access to certain information of the User's profile, only for the purposes mentioned above.
We also collect and process certain information about you when you send us your CV and when you apply for a job using the "Job Openings" section of our Website, e.g., your identification and contact details and information about your studies and work experience. A separate privacy policy applies here, which can be found here.
Based on your prior consent, we may use information to provide you with promotional material or when you submit your information to send you newsletters. When you provide your consent to receive such communication, you have the right to revoke it at any time.
Data we collect using cookies and other tracking technologiesWe also use cookies and other tracking technologies and we may collect information about how you use our Website, technical data including data and time of access, data volume transmitted, status of transmission, browser type, version and language, browser plug-in types and versions, your internet protocol (IP) address, operating system and interface, time zone setting and location and profile data, including your referral website, pages you visit, actions you take, patterns of page visits and information from forms you fill in.
Based on your prior consent, we may use your data in order to deliver advertising relevant to you based on the use of cookies. For further details on this and how to opt-out of such processing, please see the 'How we use cookies and other tracking technologies (trackers)' section of this Privacy Policy.
Data we collect by third parties
Your personal data that we collect from third parties is in particular technical data, concerning the details of your device (e.g. manufacturer, model, screen characteristics, operating system, etc.), or financial data (e.g. token with some card details through which you pay for a reservation at our hotel, which means that we do not know the full details of your card, your card is stored pseudonymised to facilitate your future transactions through the Website), as well as statistics or data of your behavior (e.g. clicks, choices). For example, we receive some of the aforementioned technical data from analytics providers such as Google.
ΑΝΩΝΥΜΟΠΟΙΗΜΕΝΑ ΚΑΙ ΣΤΑΤΙΣΤΙΚΑ ΔΕΔΟΜΕΝΑ
We may process anonymized and statistical data, for any purpose, especially for statistical reasons and for the improvement of the provided services-information of the Website. While such data may be derived from your personal data, these are not considered personal data as such data does not directly or indirectly reveal your identity (e.g., we may aggregate your usage data to calculate the percentage of users accessing a specific website feature).
Special Categories of Personal Data- Sensitive Data
Generally, we do not knowingly collect or process through the Website special categories of personal data ("sensitive" personal data), such as information about your health, race or ethnicity, religious or philosophical beliefs, sex life, etc. We may collect health data that you provide to us directly, in case we need to fulfill a request of yours during your stay at our hotel (e.g. if you have a mobility problem, or suffer from allergies or eating disorders and need to take special care).
2. Types of data we share with third parties Service ProvidersGRAND BLUE BEACH HOTEL may engage external/third parties as service providers, who act as data processors of GRAND BLUE BEACH HOTEL to provide certain services to GRAND BLUE BEACH HOTEL, such as, website service providers, marketing service providers or IT support service providers. When providing such services, the external service providers may process your personal data.
Other Recipients GRAND BLUE BEACH HOTEL may transfer, in compliance with applicable data protection laws, your personal data to courts, law enforcement agencies, governmental authorities.
In case of a corporate merger or acquisition of GRAND BLUE BEACH HOTEL with another legal entity, personal data may be transferred to the third parties being involved in the merger or acquisition (e.g. the previous mentioned legal entity, legal counsels, and auditors).
International Transfers of Personal DataGRAND BLUE BEACH HOTEL transfers personal data in accordance with applicable law. To the extent that, in the context of and for the needs of the above-mentioned purposes, if your personal data need to be transferred outside the EU, such data transfer will take place in accordance with applicable law and GRAND BLUE BEACH HOTEL will ensure an adequate level of data protection. By way of entering into appropriate data transfer agreements based on Standard Contractual Clauses, which are accessible upon request at info@grandbluehotel.gr, or taking other measures to provide an adequate level of data protection, GRAND BLUE BEACH HOTEL establishes or confirms that all data recipients will provide an adequate level of protection for your personal data.
3. How we use cookies and other tracking technologies (trackers)
GRAND BLUE BEACH HOTEL may collect identification details of Website’s users, using related technologies, such as cookies and other trackers.
The Website uses trackers, therefore when you visit the Website, a tracker may be installed in your device.
Τrackers are techniques such as: HTTP/S cookies, flash cookies, local storage in HTML 5, identification via the footprint of your device, identification marks created from software (for advertising purposes or not: IDFA, IDFV, Android ID etc.), material identification marks (MAC address, serial number, or other equipment identifier), etc.
The use of trackers allows GRAND BLUE BEACH HOTEL to recognize your device, gather information about your usage patterns when you navigate our website, store some information about your preferences or past actions, improve your online experience and enhance your personalized experience. Moreover, it allows the automatic collection of information of locations you visit and links of third parties’ websites, which you may choose via the use of our Website.
Trackers may also be used to provide advertising tailored to your interests on websites you visit and to analyse the effectiveness of such advertising.
You can manage your browser to be warned for the use of trackers in specific services. Specifically, you can manage your browser in not accepting the use of trackers in some cases or in any case. In case the visitor/user of specific services and webpages does not wish the use of trackers for his/her identification, he/she cannot have access to such services. Specifically, you can opt in or out of trackers at any time – except strictly necessary trackers (these are used to help make our Website work efficiently) and you can delete trackers, e.g. cookies installed on your device at any time, prevent new cookies being saved and receive notification before installation of a new cookie by configuring your browser software.
When certain types of trackers require your prior consent to be installed and used, you are asked through a relevant banner. If you choose not to enable or delete certain cookies, you will still be able to browse our website, but it will restrict some of the functionality of our Website. In other words, when you opt out of trackers, e.g. cookies, this could influence your experience in our Website and the services we may offer to you.
Types of trackers
We may use ‘persistent’ trackers as well as 'session-based' trackers. A 'persistent' tracker will be saved on your device, is not deleted automatically when you close your browser and will remain for a period set for that tracker. On the other hand, a 'session-based' tracker is allocated only for the duration of your visit to our Website and automatically expires when you close your browser.
A | Strictly necessary trackers | Used to help make our Website work efficiently and enable you to browse around our website and use its features; used e.g. to keep track of your input when filling online forms over several pages and help us ensure that the content of your page loads quickly and effectively by distributing the workload across numerous computers (load balancing). | These trackers are session trackers that are allocated only for the duration of your visit to our Website and are erased when you close your browser. |
B | Analytical/performance trackers | Used to analyse the way our Website works and how we can improve and optimize it; e.g. for statistical audience measuring, to estimate the number of unique visitors, to detect the most preeminent search engine keywords that lead to a webpage or to track down website navigation issues. | We use such trackers only on the basis of your prior consent. These are typically persistent trackers, are stored on your device, are not deleted automatically when you close your browser and will remain for a period set for that trackers. They remain on your device for us to use during a next visit to our Website. For information on how to delete these trackers, please refer below to ‘How do I change my trackers’ settings?’ section of this Privacy Policy. |
Γ | Functionality trackers | Help to enhance your experience by doing things like remembering preferences, choices you make while browsing the Website or past actions; e.g. such trackers may remember preferences such as text size, fonts, and other customizable site elements of the Website. | We use such trackers only on the basis of your prior consent. These are typically persistent trackers, are stored on your device, are not deleted automatically when you close your browser and will remain for a period set for that trackers. They remain on your device for us to use during a next visit to our Website. For information on how to delete these trackers, please refer below to ‘How do I change my trackers’ settings?’ section of this Privacy Policy. |
Δ | Targeting/advertising trackers | They are used by us and our trade partners for the provision of content, that best suits your interests. They may be used for targeted advertisements/offers, to measure effectiveness of an advertising campaign and for the display of relevant advertisements in our advertising business partners’ websites. Used to share some information with third parties who we advertise with, so we know how you have reached our Website. These trackers record your visit to our Website, the parts of our Website you have visited and you are interested in and the links you have followed to recognize you as a previous visitor and to track your activity on our website and other websites you visit. This information is used to show you advertisements we think may be of interest to you, to tailor how we communicate with you, or to tailor the contents of the communications we send to you. | We use such trackers only on the basis of your prior consent. These are typically persistent trackers, because they remain on your device for us to use during a next visit to our website. These are typically persistent trackers, are stored on your device, are not deleted automatically when you close your browser and will remain for a period set for that trackers. They remain on your device for us to use during a next visit to our Website. For information on how to delete these trackers, please refer below to ‘How do I change my trackers’ settings?’ section of this Privacy Policy. |
FIRST AND THIRD PARTY COOKIES OF GRAND BLUE BEACH HOTEL Cookie | Domain | Description | Duration | Type |
PHPSESSID | www.grandbluehotel.gr | This cookie is native to PHP applications. The cookie is used to store and identify a users' unique session ID for the purpose of managing user session on the website. The cookie is a session cookies and is deleted when all the browser windows are closed. | session | Necessary |
YSC | .youtube.com | YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages. | session | Advertisement |
VISITOR_INFO1_LIVE | .youtube.com | A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface. | 5 months 27 days | Advertisement |
_gcl_au | .grandbluehotel.gr | Provided by Google Tag Manager to experiment advertisement efficiency of websites using their services. | 3 months | Analytics |
test_cookie | .doubleclick.net | The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies. | 15 minutes | Advertisement |
_ga | .grandbluehotel.gr | The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors. | 1 year 1 month 4 days | Analytics |
_gid | .grandbluehotel.gr | Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously. | 1 day | Analytics |
_dc_gtm_UA-109654204-5 | .grandbluehotel.gr | Installed by Google Analytics, | 1 minute | Other |
_dc_gtm_UA-222574309-1 | .grandbluehotel.gr | Installed by Google Analytics, | 1 minute | Other |
_ga_* | .grandbluehotel.gr | This cookie is installed by Google Analytics. | 1 year 1 month 4 days | Analytics |
CONSENT | .youtube.com | YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data. | 2 years | Analytics |
How do I change my trackers’ settings?
Most web browsers allow some control of most trackers, e.g. cookies, through the browser settings. To find out more about cookies, including how to see what cookies have been set on your device, you can visit: http://ec.europa.eu/ipg/basics/legal/cookies/index_en.htm, or www.aboutcookies.org, or www.allaboutcookies.org.
Find out how to manage cookies on popular browsers:
4. Legal Basis for the processing We will only process your personal data when the law allows us to, that is, when we have a legal basis for processing. Οn a case per case basis, we may carry out the processing of your personal data on the following legal basis:
- You have provided your consent to the processing of your data for one or more specific purposes (e.g. when you register for receiving our newsletter, for the installation and use of certain types of trackers);
- The processing is necessary for the performance of a contract to which you are party or in order to take steps at the request of yours prior to entering into a contract (e.g., when you make a reservation/booking).
- The processing is necessary for compliance with a legal obligation to which GRAND BLUE BEACH HOTEL is subject to (e.g. in case access to your personal data is required by a competent judicial authority);
- The processing is necessary for the purposes of the legitimate interests pursued by BLUE BEACH HOTEL, provided that your fundamental rights do not override such interests; such legitimate interests include:
(a) monitoring in order to ensure the efficient and secure running of the website and fraud and misuse detection and prevention;
(b) the improvement of our services and our Website;
(c) monitoring how our Website is used, e.g. via data analytics, to help us improve the layout and information available on our website, our services, marketing, and customer relationship.
If you decide not to provide your personal data in certain cases, this may result in some disadvantages for you, for example, we may not be able to provide you with a service or respond to your request or provide you with marketing communications that we believe may be useful to you.
Not providing your personal data may in certain cases result in disadvantages for you, e.g., we may not be able to provide you with a service.
We do not use automated decision-making without human intervention, including profiling, in a way that produces legal effects concerning you or otherwise significantly affects you.
5. How long do we keep your data Generally, we retain your personal data for as long as needed by legislation, depending on the purpose and type of processing.
Specifically, your personal data will be retained for as long as necessary to fulfil the purposes we collected them for, e.g., for as long as necessary to provide you with the functionalities of our Website and the services requested. Once the data processing purpose is completed, we will either delete your personal data or anonymize your personal data, unless statutory retention requirements apply.
Especially:
- We retain your personal data collected from you when you subscribe to the Newsletter (e.g., e-mail address) for as long as you remain subscribed to our newsletter list and delete them in case of withdrawal of your consent.
- We retain your personal data that we collect from you when you deal with our hotel, such as in the case of making a reservation (e.g. name, contact details, product delivery address, billing information) for a maximum period of 10 years from the conclusion of the contract between us, in order to respond to the exercise of any of your rights, until they are time-barred.
- We retain your personal data that we collect from you for the submission of a question or complaint, when you address us through our Website or any other available means of communication for the necessary period of time until the final resolution of the relevant issue.
- We keep your personal data collected from you, when you send your CV for the purpose of finding a job and if our relevant announcement for the recruitment of associates has been posted, for the time period provided in our policy for the information of potential employees’ personal data processing.
6. How we ensure your data security Considering the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, GRAND BLUE BEACH HOTEL implements appropriate technical and organizational measures to ensure a level of security appropriate to the risk of processing.
7. What are your Rights Pursuant to the conditions provided in the relevant legislation (GDPR) you may have the following rights for the protection of your personal data:
Right of access
You may contact us to explain to you if and which data we retain about you, as well as the way we process such data. You may also request a copy of your personal data which retain about you.
Right to rectification
If you believe that your data are not accurate or need to be updated, you have the right to obtain the rectification of inaccurate personal data and to have incomplete data completed.
Right to erasure
Under certain circumstances, e.g., personal data are no longer necessary, you withdraw your consent, the data have been unlawfully processed, you have the right to obtain the erasure of personal data.
Right to restriction of processing
If you believe that your data are not accurate or their processing is unlawful or you think that GRAND BLUE BEACH HOTEL does no longer need your data or you have objections to automated processing, you have the right to obtain the restriction of processing.
Right to object
You have the right to object to processing of your personal data from GRAND BLUE BEACH HOTEL on grounds relating to your particular situation, unless, inter alia, there are compelling legitimate grounds for the processing which override your interests, rights and freedoms. You also have the right to object when a decision concerning you is based solely on automated processing, including profiling, and produces legal effects concerning you or significantly affects you (statutory exceptions apply).
Right to data portability
You may request to receive your data in a structured, commonly used and machine-readable format, as well as to transmit your data to another organization (controller), which you will indicate to GRAND BLUE BEACH HOTEL.
If you have provided your consent with regard to specific collection, process and use of your personal data (e.g. to receive communication for direct marketing of products and services), you may withdraw that consent at any time with effect for the future.
You can find more detailed information regarding your rights on the Hellenic Data Protection Authority’s (HDPA) website here.
In order to exercise your rights, you can contact GRAND BLUE BEACH HOTEL by mail at info@grandbluehotel.gr
Right to lodge a complaint with the Authority We inform you that you have the right to lodge a complaint with the HDPA for issues regarding the processing of your personal data. HDPA is seated in Athens (Kifisias Avenue, 1-3, 115 23). With regard to HDPA’s competency and the submission of a complaint, you may visit HDPA’s webpage (www.dpa.gr).
8. How to contact us
If you have any doubts or questions about this Privacy Policy or if you wish to exercise any of your rights included in the "What are your rights" section of this Privacy Policy, you can contact us by mail at the following address: KARDAMENA, KOS 85302, Greece or by email at:
info@grandbluehotel.grWe may modify this Privacy Policy from time to time to comply with regulatory changes and for operational purposes. Updated versions of this Privacy Policy will be posted on the Website with a date indication, so that you know which is the most recently updated version.
This Privacy Policy was posted on 07. 02.2023.