POLICY SECURITY OF ELA TINOS

At Ela Tinos we are committed to protecting and respecting your privacy. Please read this Privacy Policy as it contains important information about how we use the Personal Data we collect from you or that you provide to us.

1. Identity

When this policy refers to “we”, “us” or “our”, “Controller”, it refers to Ela Tinos of Platina I.K.E Company. Our website is https://elatinos.gr and uses the https protocol. In the https protocol, the connection between your device (PC, laptop, mobile) and the remote server is encrypted. This means that the data transferred between your device and the server is converted into an unintelligible format and if a malicious user intercepts this data, he will not be able to use it. When the encrypted data reaches its correct destination, it is decrypted and returned to its original form.

2. Controller

The Ela Tinos has an integrated reservation system on its website, as well as using various reservation systems through Processors (such as Booking , webhotelier, Expedia, etc.). For the purposes of the General Data Protection Regulation GDPR – EU – 2016/679, we are the Data Controller. There is a strict contractual framework between the Data Controller and the Processors for the protection of your Personal Information. We are:

3. Processors

Booking, Web Hotelier, Expedia etc. make certain reservations on behalf of Ela Tinos and are fully committed to protecting the privacy of users of their systems. Please inform yourself about their Data Protection Policy on their Websites (click on the aforementioned Links in this paragraph 3).

4. Obligation to provide the data

All information requested on electronic or physical booking forms is, in general, mandatory (unless otherwise specified in the required fields) to fulfill the stated purposes. Therefore, if they are not provided or not provided correctly, we will not be able to process your requests.

5. What information we collect from you

6. How we use your information

Depending on the user’s requests, the Personal Data collected will be processed according to the following purposes:

• To manage bookings made, including managing payments (where applicable) and managing user requests and preferences.
• To manage your enrollment in loyalty or participation programs and the acquisition and redemption of points.
• To manage the user’s communication requests with us through the channels provided for this purpose.
• To manage the sending of personalized commercial communications by us, by electronic and/or conventional means, in cases where the User expressly agrees.
• To manage the provision of the contractual accommodation service, as well as additional services.
• To administer surveys and/or evaluations regarding the quality of services provided and/or the perception of our image as a company.

7. Who we share your information with

With your consent, we may share your information with the following entities:

• Suppliers such as car rentals and activity providers who fulfill your bookings/wishes. All services provided by a third-party vendor are described as such. We therefore encourage you to consider the privacy policies of any travel suppliers whose products you purchase through this website. Please note that these suppliers may also contact you to obtain additional information about you, facilitate your travel booking or respond to a review you may submit.
• Third-party servers that provide services or functions on our behalf, such as credit card processing, data analysis, customer service, marketing, distribution of survey or sweepstakes programs, and fraud prevention. We may also authorize third-party vendors to collect information on our behalf, including as necessary to operate the features of our website or our applications or to facilitate the delivery of online advertising tailored to your interests. Third party vendors have access to and may collect information only as necessary to perform their functions and may not share or use the information for any other purpose. They are also required to follow the same data security practices that we follow. Please note that these third-party service providers may be in countries that may not provide a level of protection for your personal information that is equivalent to that offered in your country of residence. However, we will endeavor to protect all personal information we collect from you in accordance with strict data protection standards.
• Referring websites If you have been referred to this website from another website (for example, through a link you clicked on another website that directs you to it), we may share some information about you with that referring website. We encourage you to review the privacy policies of any website that refers you here.
• Social media providers. When you access certain social media features through our website, you share information with the social media provider (such as Facebook), and the information you share will be governed by their privacy policies (including that we may access this information through of the social media provider). You may be able to modify the privacy settings for these social media providers.

We will disclose your Personal Data as we believe is necessary or appropriate:

• Comply with applicable law, including laws outside your country of residence.
• To comply with any Legal procedures.
• To respond to requests from Public and Governmental Authorities, including Authorities outside your country of residence, and to respond to National Security or Law enforcement requirements.
• To enforce our terms and conditions.
• To protect our business.
• To protect your rights, privacy, safety, or property, and those of third parties.
• To enable us to pursue available Remedies or to limit the damages we may suffer from the activities of third parties.

8. Third Party Data (eg Booking for a Third Party)

If the User provides Third Party Data, he is obliged to declare that he has the consent of the third party and undertakes to provide the interested data owner with the information contained in this Privacy Policy, duly exempting us from any responsibility. However, we can carry out the necessary verifications to verify this fact, adopting the corresponding measures of due protection, in accordance with the Data Protection regulations.

9. Sensitive Data

Unless you wish to do so, we ask that you do not send/disclose to us, directly or through third parties, any Sensitive Personal Data (e.g. social security numbers, data related to racial or ethnic origin, political opinions, religious, ideological, or other beliefs, biometrics or genetic characteristics, trade union membership or administrative or criminal proceedings and sanctions).

10. Use of Services by Minors

This website is a general audience website and is not intended for use by children under 18 years of age. If you know that a child under the age of 18 has provided Personal Data through the Website, please notify Ela Tinos by sending an email to [email protected]. If Ela Tinos finds that a child under the age of 18 has provided personal information through this website, Ela Tinos will take steps to delete it immediately.

11. Data Retention

We will retain your Personal Information for the period necessary to fulfill the purposes described in this Privacy Policy unless an extended retention period is required or permitted by law or if the User requests that it be deleted from our records or withdraw his consent.

The criteria used to determine our retention periods include:

• The length of time we have an ongoing relationship with you and provide the Services to you (for example, if you have an account with us or continue to use the Services, or if you have a booking that has not yet been completed)
• Whether there is a Legal obligation that obliges us (for example, some Laws require us to keep records of your transactions for a certain period of time before we delete them)
• Whether the retention is appropriate considering the Legal status (e.g. conducting investigations by Public Authorities).

12. How we protect your personal data

We want you to feel confident about using this website and our apps to travel, and we are committed to protecting the information we collect. Although no website or application can guarantee security, we have implemented appropriate administrative, technical, and physical security procedures to protect the Personal Information you provide to us. For example, only authorized employees are permitted to access Personal Information and may do so only for permitted activities. In addition, we use encryption when transmitting your sensitive Personal Information between your system and ours, and we use security and intrusion detection systems to prevent unauthorized persons from accessing your information.

13. Legal Basis Processing of Your Data

The Data Processing required to fulfill the aforementioned purposes requiring the User’s consent cannot be done without it. Likewise, whenever the user withdraws his consent to any Processing, this will not affect the Lawfulness of the processing previously carried out. To revoke this Consent, the User may contact us through the appropriate communication channels. Also, in the cases where the Processing of the User’s Data is necessary for the fulfillment of a Legal obligation or for the execution of the existing contractual relationship between you and the User, the Processing is provided as it is necessary to comply with the purposes in question.

14. External links

If any part of this website or any application links you to other websites, those websites are not governed by this Privacy Policy. We encourage you to review the Privacy Statements posted on these other websites to understand their Policies on the collection, use and disclosure of Personal Information.

15. User Responsibility

User:

• Certifies that he/she is an adult, and that the information he/she provide us is true, accurate, complete, and up to date. For these purposes, the User is responsible for the correctness of all the Data he/she transmits and will keep the information updated so that the Data in question reflects reality.
• He/she certifies that he/she has informed third parties on whose behalf he has provided Data about the references contained in this Policy. He/she also certifies that he/she has obtained the authorization of a third party to provide its Data for the purposes stated in this Policy.
• He/she will be responsible for false or inaccurate information that he/she provides through our website and for damages, direct or indirect, that may be caused to us or to third parties.

16. Exercise of Rights

The User can contact us at any time free of charge, to:

• To obtain confirmation as to whether the User’s Personal Data is being Processed by us.
• To access his personal information.
• To correct any inaccurate or incomplete data.
• To request the deletion of Personal Data when, among other things, the Data is no longer necessary for the purposes for which it was collected in the first place.
• To confirm withdrawal of Consent.
• To request the restriction of Data Processing when any of the conditions provided for in the General Data Protection Regulation (GDPR) are met.
• To request the transfer of his/her data.

Similarly, the user is informed that he can at any time submit a complaint regarding the protection of his Personal Data to the Data Protection Authority. If you wish to access any of these rights, you can contact us (see <2. Controller>).

17. Changes to this Security Policy

This Security Policy is valid from 01/02/2024.This Policy may need to be amended, so please check our website for any new revisions to this Policy.