Privacy Policy

PRIVACY POLICY

The security of your personal data constitutes one of our highest priorities. That is why, we are committed to respecting and protecting your privacy and safeguarding your personal data.

In this Privacy Statement, where the terms “we”, “us”, “our company”, “SUMMER PEARLS P.C.” are used, it means the private company under the name “SUMMER PEARLS P.C.” and the distinctive title “SUMMER PEARLS P.C.”, headquartered in Polychrono, Municipality of Kassandra, Halkidiki, at the location of Smardela, 63085, Greece, as legally represented, with VAT number 801198396.

Before you provide us with any information, we recommend that you read this document thoroughly, where we inform you, in a clear and understandable way, about our policy for the management of your personal data, with respect to the applicable national and European legal framework on data protection, especially the European General Data Protection Regulation (EU) 2016/679 (GDPR) and the provisions of the national law 4624/2019.

In particular, through this Private Policy we inform you about the type of your personal data that we collect, the purpose of processing your personal data and the relevant legal basis under which we process these data, the security practices we apply to protect your personal data and, finally, your rights regarding your personal data.

 

1. Definitions

The data protection statement of SUMMER PEARLS P.C. is based on the terms used by the European legislator in the General Data Protection Regulation (EU) 2016/679 (GDPR). Therefore, in this statement we use, among others, the following terms:

1. “Personal data”: means any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
2. “Data subject”: any identified or identifiable natural person, whose personal data are processed by the controller.
3. “Processing”: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
4. “Controller”: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
5. “Processor”: a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
6. “Third party”: a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
7. “Consent” of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’ s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

 

• Controller’ s Details

For all services provided by our company, “Controller” of your personal data is the private company under the name “SUMMER PEARLS P.C.” and the distinctive title “SUMMER PEARLS P.C.”, headquartered in Polychrono, Municipality of Kassandra, Halkidiki, at the location of Smardela, 63085, Greece, as legally represented, with VAT number 801198396.

In order to ensure the effective protection of your personal data, SUMMER PEARLS P.C. has appointed a Data Protection Officer, to whom data subjects may address their requests and questions in relation to this privacy policy. Data Protection Officer’ s details can be found in the “Contact us” section available below.

 

 

• Details of the Processor of online reservations

As far as the providing service of online reservations is concerned, “processor” is the company named “WebHotelier Technologies Limited”, headquartered in Nicosia, Cyprus, 9 Mnasiadou Street (Demokritos Building, office 16), 1065, as legally represented. For more information concerning the collection and purposes of your personal data processing by WebHotelier, please refer to the Privacy Policy of the latter.

“WebHotelier Technologies Limited” operates the online booking system on our behalf, has aligned with the obligations derived from the GDPR and is committed to protecting the privacy of the users of the above system.

 

2. What Personal Data we collect
   • Data we collect during reservation

If you decide to make a reservation at our villas either via our website, by email or by telephone, we will collect some personal data of yours such as: your full name, address, city, country, telephone number, email address and any special request you may have. In cases where a deposit is required to complete your reservation, we may also ask you for your credit card details (card type, card number, security code, expiration date, cardholder details).

• Processing purposes – legal basis

We collect the above data during your reservation in order to:

– To process and complete your booking details.

– To process the payment of the relevant services, fees and charges.

• Legal basis: the processing of your personal data in these cases is necessary for the performance of the contract between us.

– To process your details in case of disputes between us (e.g. to exercise our legal claims in the event of defective performance of the contract by you).

• Legal basis: the processing of your personal data in this case is necessary for the purposes of our legitimate interests.

 

• Data collected from your subscription to the newsletter of our website

When you sign up to receive newsletters, we collect and store your email address.

• Processing purposes – legal basis

• We use the data you provide us when you subscribe to our newsletter in order to contact you and send you information about our services and offers.
• Legal basis: The processing of the aforesaid data for the purposes mentioned above is only performed with your prior consent.

 

2.3 Cookies Policy

On our websites we may use cookies to collect information about your browsing experience. Cookies are small text files that a website stores on your computer or mobile device (phone, tablet, etc.) when you visit it. In this way, the website memorizes your actions and preferences (e.g. login code, language, font size and other display preferences) for a period of time, so you do not have to enter these preferences each time you visit the website or when you navigate from one page to another. Cookies help you to create a more user-friendly navigation environment.

Depending on their lifespan, cookies can be divided into two main categories:

Session Cookies: These types of Cookies are stored only temporarily during a browsing session and are deleted from your device when you close the browser. We use Session Cookies to support the functionality of the website, as well as to understand how visitors use it.

Persistent Cookies: These types of Cookies are not deleted when you close your browser but are saved on your device for a fixed period of time or until you delete them.

Most browsers automatically accept the use of cookies. However, you can modify your browser options at any time, in order to receive notifications about the use of cookies in relation to certain services on the website or to reject the use of cookies in any case. You should be aware, though, that if you disable cookies the site may not function properly. For example, if you do not allow the use of cookies for certain services, you may not be able to access those services any longer.

It is clarified that, under no circumstances, the use of cookies can reveal your identity, your contact details or other personal information.

Finally, cookies cannot cause any damage to your computer or mobile device and their use in no way provides access to documents and files on your device.

Special Categories of Personal Data – Sensitive Personal Data

The terms “special categories of personal data” or “sensitive personal data”, refer to personal information that reveal racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, as well as genetic data or biometric data which allows to uniquely identify a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.

We may collect such data only if you voluntarily provide us with the relevant information or if we ask you to do so and obtain your prior explicit consent or if we are obliged to do so in accordance with applicable national and EU legislation.

We may use the health data you provide us voluntarily in order to better serve you and satisfy your special needs (for example, to provide access to people with special needs).

 

Minors Data

We do not knowingly collect personal data directly from minors (i.e. under the age of 18). Instead, when necessary, we endeavor to collect such data from their parents or their legal guardians or to obtain the relevant consent of the latter. However, as it is not always possible to determine the age of persons who access and use our websites, we encourage parents or legal guardians to contact us if they notice any case of unauthorized data provision by minors in order to exercise accordingly their rights such as deletion of their data.

 

Transfer of Personal Data

The personal information you provide us is being kept secured and safeguarded. We may share your information with third parties when necessary, in accordance with the following:

We may transfer your personal data to third parties (legal or natural persons) who will process your personal data according to our detailed instructions and formalities. We guarantee that these third parties always apply the same measures to protect your personal data and they only act in accordance with our written instructions and with respect to your personal data.

In particular, in order to achieve the purposes of processing, personal data may be transferred to:

– The processor of the online reservation system. We recommend that you refer to their Privacy Policy (see section 1.2. Details of the Processor of online reservations).

– Banking and financial institutions to facilitate and properly execute your payments to us, for the security of your transactions, and to prevent, detect and monitor any criminal activity.

– Third party companies – service providers, whose products or services you can purchase through our website (e.g. car rental companies). We recommend that you refer to their Privacy Policy.

– Travel agencies/corporate travel partners, to help them assess compliance with travel policies or participation in special pricing programs or marketing promotions.

– Third party companies that provide us with services such as financial, legal or technical support, customer service, marketing, etc..

– Public Authorities (police, prosecuting authorities, tax authorities, etc.) in the context of issuing fines, upon relevant request or in order for our company to comply with its legal obligations.

– To professional legal advisors and law enforcement agencies for the exercise of our legal claims.

When information is transferred in accordance with the above, we limit the extend of the information disclosed to what is strictly necessary for the performance of each specific purpose.

Moreover, in cases where third parties provide some services on our behalf, we seek contractual guarantees to ensure that your personal data is processed in a secure and fully compliant manner with this privacy policy.

 

Transfer of Personal Data across boarders

In order to process your data as described in this policy, we may need to transfer your information to other countries, including countries outside the European Economic Area (EEA), whose legal framework fully complies with the provisions and the level of security required by Regulation (EU) 2016/679. We always take measures to ensure that your personal data is transferred, stored and processed in compliance with the appropriate security standards set out in the above Regulation and in accordance with the terms of this Privacy Policy and applicable data protection laws.

When the transfer of data concerns a country outside the European Union (EU) or the European Economic Area (EEA), we always check whether:

• The Commission has issued an adequacy decision on the third country to which the transfer is addressed to.
• Appropriate safeguards are in place in accordance with the Regulation for the transfer of such data.

In any other case, the transfer to a third country is not allowed and we will not transfer your personal data unless one of the specific derogations provided for by the Regulation applies (e.g. explicit consent of the data subject, upon informing him/her on the risks of the transfer, the transfer is necessary for the performance of a contract at the request of the subject, there are reasons of public interest, it is necessary to support the legal claims and the vital interests of the subject etc.).

 

Third-Party Websites’ Disclaimer

We may provide hyperlinks to third-party websites as a convenience to our users (e.g. social media such as Facebook, Instagram, Youtube). SUMMER PEARLS P.C. is not responsible for the content of any linked-to third-party website or any hyperlink in a linked-to website. We are not responsible for the privacy practices they apply and therefore we recommend that you refer to their Privacy Policy.

 

Your rights

As a Data Subject of the data we process, you have the following rights:

Right of access – You have the right to access your personal data. You also have the right to receive some information about how we handle your personal data. This information is provided in this document.

Right to rectification – You have the right to request the correction of inaccurate personal data, as well as the right to fill in incomplete personal data. Please note that, in some cases, we may not be able to correct the inaccurate personal data you have given us and that this change may be charged.

Right to erasure – You have the right to request the erasure of your personal data where one of the following grounds applies:

(a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;

(b) you withdraw your consent on which the collection, processing and storage of your personal data is based and there is no other legal ground for the processing and to the extent that there is no such legal basis;

(c) you object to the processing of personal information and there are no overriding legitimate grounds for the processing;

(d) the personal data have been unlawfully processed;

(e) the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which our company is subject;

(f) the personal data have been collected in relation to the offer of information society services directly to a child, as specifically mentioned in Article 8(1) GDPR.

This is the so-called “right to be forgotten”. In some cases, such as, but not limited to, where there is a contract or a legal obligation which requires processing of personal data or where the processing is necessary for purposes of public interest, this right is subject to specific restrictions or excluded, as the case may be.

Right to restriction of processing –  You have the right to request the restriction of processing of your personal data, where one of the following applies: (a) when you contest the accuracy of the personal data and until the accuracy is verified, (b) when you oppose the erasure of the personal data and request the restriction of their use instead, (c) when the personal data are no longer necessary for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims, (d) when you object the processing, pending the verification whether there are legitimate grounds concerning us which override the grounds on which you object to the processing.

Right to data portability – You are entitled to receive your personal data or to transmit or to request that we transmit your personal data directly to another data controller in a structured, commonly used and machine- readable format.

Right to object – You have the right to object at any time to processing of your personal data where it is necessary for the purposes of the legitimate interests pursued by us as data controllers, including processing for marketing and consumer profiling purposes.

Right to withdraw your consent – We inform you that where processing is based on your consent, you have the right to freely withdraw it at any time. The withdrawal of consent shall not affect the lawfulness of processing based on your consent before its withdrawal.

Right to lodge a complaint to Hellenic Data Protection Authority  – You have the right to lodge a complaint to Hellenic Data Protection Authority  (www.dpa.gr): telephone: +30 210 6475600, Fax: +30 210 6475628, email: contact@dpa.gr.

 

Security of your personal data

We recognize the importance of protecting all your personal information and for this reason we process your data with absolute confidentiality and in compliance with the mandatory duty to secrecy, with respect to the applicable regulatory provisions. We adopt the appropriate technical and organizational measures required to guarantee the security of your data and prevent them from being illegally accessed, altered, lost or processed.

 

Retention Period of Personal Data

Your personal data is retained for a predetermined and limited period depending on the purpose of processing, after the end of which, these personal data will be deleted from our records unless another retention period is required or provided for under applicable law.

In particular, where processing is carried out on the basis of a contract, your personal data are stored for as long as necessary for the performance of the contract and for the potential establishment, exercise and support of legal claims based on the contract.

Your personal data collected for marketing purposes are kept until your consent is withdrawn. You may withdraw your consent at any time without affecting the lawfulness of the processing based on your consent in the period prior to its withdrawal.

Where processing is imposed as an obligation by provisions of the applicable legal framework, your personal data will be stored for as long as required by the relevant provisions.

 

Applicable law – Jurisdiction

Any dispute arising from the application and/or interpretation of the present policy  – provided that an amicable/conciliatory settlement is unsuccessful- shall be governed by greek law and subject to the exclusive jurisdiction of the courts of Thessaloniki, Greece.

 

Changes to privacy policy

SUMMER PEARLS P.C. may amend this Privacy Policy in order to adapt it to any possible changes in the regulatory framework, business needs or the needs of our guests, business partners and service providers. Updated versions will be uploaded to our website with the last modified date, so that you are always aware of our most up-to-date Privacy Policy.

 

Contact us

Ιf you have any question or comment in relation to this Privacy Policy or if you are willing to exercise any of your rights mentioned above, please contact our Data Protection Officer (DPO):

DOP Theodora Papakonstantinou

SUMMER PEARLS P.C.

Polychrono, Municipality of Kassandra, Halkidiki, 63085

Greece

Telephone: +30 6978444866

Email: info@summerpearls.gr

Last update: 10.03.2023