GDPR Policy

This GDPR Policy (“Policy”) outlines how Parthenon Souda Hotel (“Hotel”) collects, uses, stores, and protects personal data in compliance with the General Data Protection Regulation (GDPR).

1. Data Controller:
   The Hotel acts as the data controller for the personal data it collects and processes. You can contact us at any time using the contact information provided at the end of this Policy.

2. Personal Data Collection and Use:
   a. The Hotel collects and processes personal data for the purpose of providing accommodation and related services. This may include collecting information such as your name, contact details, payment information, and any additional information necessary for your stay.
   b. We may also collect personal data for marketing purposes, with your consent. You have the right to withdraw your consent at any time.
   c. The Hotel ensures that personal data is collected and processed lawfully, transparently, and for a specific purpose. We do not collect more data than is necessary for the intended purpose.

3. Legal Basis for Processing:
   The Hotel processes personal data based on one or more of the following legal bases:
   a. The processing is necessary for the performance of a contract with you.
   b. The processing is necessary for compliance with a legal obligation.
   c. The processing is based on your consent.
   d. The processing is necessary for the legitimate interests pursued by the Hotel or a third party.

4. Data Sharing and Disclosure:
   a. The Hotel may share personal data with trusted third parties, such as payment processors or service providers, who assist in providing our services. We ensure that these third parties are GDPR-compliant and have appropriate data protection measures in place.
   b. We may also share personal data if required by law or to protect our legal rights.
   c. We do not sell, rent, or lease personal data to third parties for marketing purposes.

5. Data Retention:
   The Hotel retains personal data for as long as necessary to fulfill the purposes for which it was collected, unless a longer retention period is required or permitted by law. We have implemented appropriate measures to securely delete or anonymize personal data when it is no longer needed.

6. Data Subject Rights:
   Under the GDPR, you have certain rights regarding your personal data. These include the right to access, rectify, erase, restrict processing, object to processing, and the right to data portability. You also have the right to lodge a complaint with a supervisory authority if you believe your rights have been violated.

7. Data Security:
   The Hotel takes appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction. We regularly review and enhance our security practices to ensure the ongoing confidentiality, integrity, and availability of personal data.

8. International Data Transfers:
   If personal data is transferred outside the European Economic Area (EEA), we ensure that appropriate safeguards are in place to protect the data, such as using standard contractual clauses or relying on the recipient’s Privacy Shield certification.

9. Changes to the Policy:
   The Hotel reserves the right to update or modify this Policy at any time. Any changes will be effective immediately upon posting on the Hotel’s website.

If you have any questions or concerns about our GDPR Policy or the processing of your personal data, please contact us at [Hotel’s contact information].