TERMS OF USE OF PERSONAL DATA
Our website and its sub-domains collect, store, process, and use your personal data for the relevant legislation on protection of personal not vibrating known as GDPR. All of them assure the safe storage of your personal data, which does not undergo any other processing, are not disclosed to third parties, and are not assigned to another user. If you wish, anytime you may request the change or delete your personal data from their online database. Our website and its subdomains do not hold any other personal data and cookies are accepted for your best browsing on our site alone.
COOKIES
Our site and its sub-domains may use cookies to identify you and the better performance of certain services in the pages and some internally installed apps also use cookies. Cookies is a file that contains an identification code (a sequence of numbers and letters) and has been sent from a server to your browser where it is stored. Each time the browser requests a page from our server, it is sent back to him and your identification code. This can be either a permanent or a single period connection. Persistent cookies are stored by your browser and remain active until they reach their expiry date or until you delete them either with your request. Those that relate to a single period, expire at the end of the connection, that is just when the navigator is turned off. Suspension of use of all cookies may have a negative impact on the use of multiple sites.
COLLECTION AND USE OF DATA
Our website and its sub-domains do not collect or hold personal data than the strictly necessary via the respective communication form to either contact either with our site and its sub-domains and its management team and vice versa. (i.e. name and email). As a user of consent either prior to sending the e-mail to us and after being affixed at the end either read the text telling you that these will only be kept for the necessary contacts on this requested either via the contact forms, to keep our website, its sub-domains and associated applications secure and to avoid any attempts of fraud and to verify compliance with the terms and conditions governing the use of the site and its sub-domains. Without your consent, our website and its sub-domains will not sell your personal information to any third party for purposes of the same or any third party.
CORRECTION/DELETION OF PERSONAL DATA
Our website and its sub-domains give you the right to correct, update or delete your personal data at any time by sending an email with your demand on the site or its sub-domains. Our website’s and its sub-domains administrator is required to confirm that it has received the request and that within 48 hours (except weekends or holidays) to act with all the necessary movements for deletion of your personal data except any personal data used for any of your billing and those will be kept only under the law terms.
BALANCING AND DISCLOSURE OF PERSONAL DATA
Our website and its sub-domains are committed not to sell (partially or totally), rent, publish and share your personal data to any third party. Our website and its sub-domains can stream your personal data to third parties legally only if:
• We have your written consent for passing your personal data and did not initiate anything described above.
• Sharing your personal data into legal or natural persons working with the site may become necessary for the realization of your requests or your orders. Natural and legal persons who cooperate with the website have the right to process your personal data necessary to provide support to our website and its sub-domains.
• Enforced due to compliance with the relevant provisions of the law and to the competent authorities alone. Our website and its sub-domains may disclose your personal information to any employee, executive, consultant, supplier or sub-contractor to the extent only if it is necessary for the purposes set out in this privacy policy statement. Our website and its sub-domains may disclose your personal information to the extent required by law, to protect or exercise its legal rights. Apart from the cases provided for in this privacy policy, the website and its sub-domains will not sell your personal information to any third parties.
PRESERVATION OF PERSONAL DATA
This notification defines the policies and procedure compliance with personal data, which are designed to ensure that our website and its sub-domains comply with all the legal obligations with respect to maintaining the deletion of your personal information.
Personal information processed by our website and its sub-domains for any reason, will not be retained for longer than the one required for that purpose or for these purposes. Subject to all these terms, our website and its sub-domains will usually delete the personal information that falls under the following categories at the date/time specified below:(a) Personal data communications will be cleared at the end of 12 months.(b) Personal order data will be deleted after the expiry of the time limit set by law and the tax authority. Our website and its sub-domains will keep documents containing personal data required by law, by judging the responsible site and its sub-domains that those documents are of any actual or potential legal and judicial procedures, to exercise or protect his / her legitimate rights.
PROTECTION OF PERSONAL INFORMATION
Our website and its sub-domains will take every precaution to prevent the loss, misuse, or alteration of your personal information. Our website and its sub-domains will store all of your personal information provided on secure servers protected by passwords and firewalls. All online financial transactions running through our website and its sub-domains or linked apps will be protected by encryption technology.
You are responsible to keep the secret password used either for logging into our website, its sub-domains, or related applications. You will not be asked to tell us your code by email.
USERS ‘RIGHTS
You may request our website and its sub-domains to provide you with any personal information held about you.
Our website and its sub-domains have the right to withhold your personal information permitted by law.
You may request anytime to our website and its sub-domains not to process your data for marketing purposes.
APPLICABLE LAW AND OTHER TERMS
The above terms and conditions of use of our website and its sub-domains, as well as any modification, are governed by and supplemented by Greek law, European Union law and relevant international treaties, and Courts for the settlement of any dispute are designated by the Courts of Athens. Any provision of these terms becomes legally unenforceable, without any effect being prejudiced by the validity of the other terms. This is the overall agreement between our website and its sub-domains and you and its services and are binding only on them. No change to these terms will be taken into account and will be part of this agreement unless it has been drafted in writing and has not been incorporated into it. These Terms of Use prevail over any other terms and are applicable to all our website, its sub-domains, and in–site services without exception, without the need for other specific terms. The user who uses our website, its sub-domains and its services is presumed to accept these terms unreservedly unless it makes a request for objection. Our website and its sub-domains may update this privacy policy from time to time by publishing the new version on the site or in related applications.
You must check regularly either to our website and its sub-domains to make sure about the complies / or any changes to the terms of this policy. Our website and its sub-domains may inform you of changes to this policy (either via email or via the personalized message service of the site or linked apps). Managing and protecting your personal data is subject to the terms of this section and to the relevant provisions of Greek law (Law 2472/1997 on the protection of the individual and the protection of personal data, as supplemented by the decisions of the Chairman of the Commission for the Protection of Personal Data, 207/1998 and 79/2000 and Article 8 of Law 2819/2000 as well as Law 2774/1999 and European law (Directives 95/46 / EC and 97/66 / EC) because of the rapid development of technology and, in particular, of the internet,- though not fully developed – necessary regulations created on these issues. In any case, our website and its sub-domains reserve the right to change the person in data protection terms. If you do not agree with the terms of protection of personal data provided herein, please do not use our services. Our website and its sub-domains are not responsible for any damage that you may have which is made with your own initiative and with the knowledge of the terms. Our website and its sub-domains have an SSL mechanism for safer access to it.
What is SSL?
The main function of SSL (Secure Sockets Layer) is the creation of an encrypted connection between our web server and visitor’s browser, ensuring secure data exchange between the two sides, preventing them from being intercepted by malicious users. The server that hosts and serves our website and its sub-domains is fully certified and bounds under the new GDPR regulations. The staff is trained to understand the role of the compliance of data protection, our internal policies, and procedures. They have tested all of their systems, processes, and services to meet the GDPR requirements, especially in terms of the security of the data and third-party services we use. They only allow specific staff members, access servers, and perform strictly defined processes. Datacenter’s staff have physical access to servers but have strict protocols to ensure that they do so only if they ask for members of the technical support team and this request will only be done in cases where a visual inspection of a server or physical maintenance on the server itself. The data (websites, databases, e-mails) are stored only on dedicated servers rather than cloud VPS, so there is no third-party access (e.g. infrastructure managers).
Systems are constantly being tested for security gaps and we are rapidly upgrading the applications we use. In the unlikely event of a violation in their system, we are obliged by GDPR to inform you within 72 hours, but our goal is to inform you in less than 24 hours. The log files of both the web server and other services (e.g., mail server) are kept for the minimum time required to complete the original purpose and for the security of our infrastructure. The connection to their infrastructures is SSL, SSH, SFTP, and FTP with TLS. Our procedures will continue to improve after 25 May 2018.
Yours faithfully,
Hotel Castro
Folegandros, Cyclades, Greece