CUSTOMER PERSONAL DATA PROTECTION POLICY
At S. MICHOPOULOS S.A. (KIVOTOS) and its affiliates, we prioritise the protection of your personal data as part of our general philosophy to aim for the highest possible customer satisfaction and to build strong relations of trust.
We understand the importance of your personal data and make every possible effort to store and process the information you share with us with utmost care.
At S. MICHOPOULOS S.A. (KIVOTOS) and our affiliates, we enhance the protection of your personal data by implementing technical data security measures and internal management procedures, as well as physical data protection measures. We continuously evolve our systems and procedures in order to stand out in relation to others.
We thank you for your continued interest and support.
“Personal data” means any information that is collected or recorded in a form that may allow direct (e.g. surname) or indirect (e.g. phone number) your identification as a natural person.
This “Customer Personal Data Protection Policy” is a part of the terms and conditions that govern our hotel services. By accepting these terms and conditions, you explicitly accept the provisions of this Charter.
For what purposes do we collect data?
We collect and use personal data in order to manage your relation with S. MICHOPOULOS S.A. (KIVOTOS) and in order to offer our Services to you. Certain personal data are collected to provide you with personalised and improved services. We collect personal data with the following purposes:
a) Management of reservations and other hospitality services
b) Management of your stay at the Hotel
- We manage the access to your room
- We monitor the use of services (room telephone, mini bar, online room service, WiFi access etc.)
- We manage lists with customers’ personal data for operational purposes such as, e.g., daily customer arrival and departure lists and a list with special category customers (e.g. VIP, Privilege members, Club members, etc.)
c) Improvement of our hotel services
- In order to tailor our products and Services to better meet your requirements
- We process your personal data using marketing programs for marketing and promotional purposes, but also to better understand your requirements and wishes
- We provide you with useful information for offers or other promotional messages
- We inform you about special offers and new Services
- We provide customized content and suggestions based on previous activities with our Services
d) Management of our relations with you before, during, and after your stay
- Management of loyalty programs
- Management of customer databases
- We evaluate and analyze the market, our customers, our products and Services
- We create statistical data and reports
- We acquire knowledge and manage the preferences of new and recurring customers
- In order to send newsletters, promotion products and offers, or to contact you by telephone
- We manage requests for deletion from update lists
- We create and manage questionnaires and statistics
- We organize lotteries, contests and offers, to the extent allowed by law
e) Improvement of our Services
- We conduct market research and analysis of questionnaires and customer comments
- We manage customers’ claims and complaints
- We offer loyalty program privileges
f) System security
- We record data to ensure security and to avoid fraud
g) Compliance with Greek and European law
h) Safe use of the services provided by our spas and fitness facilities
What personal data do we collect?
Information provided directly by you
A number of our Services provide the possibility to provide information directly to us. For example:
- Several of our Services allow users to create accounts or user profiles. In conjunction with these Services, we may ask you to provide certain details about yourself in order to set up your account or profile.
- When ordering a paid product or service from us, we may ask certain details for the processing of your order, such as your name, room details and billing data.
- When participating in an online or offline contest or promotional action organized by us, we may ask you for your name, contact details, email address, age and gender, personal and occupational interests, other personal characteristics, and your opinion of our products and/or services.
- Some of our Services allow you to communicate with other people. This communication will be transmitted through, and stored on our systems.
We are obliged to request the following details about you and/or your family members:
- Contact details (e.g. surname, given name, father’s name, passport number, ID-card details, telephone, home address, email)
- Personal data (e.g. date of birth, nationality, place of birth)
- Information on your children (e.g. given name, date of birth, passport number)
- Billing details (e.g. credit card number, VAT number)
- Loyalty program member number (member number for loyalty programs S. MICHOPOULOS S.A. (KIVOTOS) or other parties, such as airline operators)
- Date of arrival and departure, flight number and room number
- Preferences and interests (e.g. non-smoking room, preferred floor, type of bed, sports, cultural interests)
- Medicine data about your health, such as medicine reports and certifications, medical test results, data on pathological diseases, etc.
- Questions and comments submitted during or after your stay in one of our Hotels.
The data we collect on persons under the age of 16 are restricted to given name, surname, nationality, and date of birth, and can be provided only by an adult / guardian. We thank you for your efforts to ensure that children do not send us personal data without your consent (especially through the internet). Should any information of this type be sent to us, you can communicate with the Data Privacy department to schedule the deletion of such information. Moreover, information such as your passport number, your recreational activities, your hobbies, any health issues that you may have, or whether you are a smoker or not, can be described as sensitive. We retain such information only if we are obliged to do so by applicable law or if you have explicitly given us your consent (e.g. in order to provide you with an appropriate Service, such as a special diet)
Information on your use of our Services:
Apart from the information provided directly by you, we may also collect information on your use of our Services through the software of your device, or by other means. For example, we may collect:
- Device information – such as hardware model, International Mobile Equipment Identity (IMEI) and other unique device identity data, MAC address, IP address, operating system issue, and setting of the appliance you use to access our Services.
- Connection information – such as the time and duration of use of the Service, search commands entered in the Services, and information that may be stored in cookies we have placed on your device.
- Location information – such as GPS signal of your appliance, or information on WiFi access points that may be transmitted to us when you use our Services (e.g. WiFi, Guestportal, Mobile Apps).
- Audiovisual information – such as recordings we make of your voice (and which may be stored on our servers) when you use voice commands to use a Service, or audiovisual information collected through closed circuit tv circuits (CCTV) for security reasons.
- Other information that relates to your use of our Services, such as the applications that you use, the websites that you visit, and the way in which you interact with content offered through a Service.
Information from third parties
We may receive information about you from available public and commercial sources (to the extent permitted by law), which we may combine with other information that we receive directly from you, or in relation to you. We may also receive information about you from third party social networking services when you choose to connect to such services.
Other information we collect
We may also collect other information about you, your device or your use of services in manners described at the point of collection, or otherwise with your consent.
You may choose not to provide certain types of information, but this may influence the possibility to use certain Services.
When do we collect personal data?
We collect personal data in various cases, such as:
a) Hotel activities:
- Room reservation
- Check-in and payment
- Reservation of seat and/or use of hotel services, such as catering, spa, and recreational services
- Various requests, complaints and/or disputes
b) Participation in marketing programs or events:
- Registration in loyalty programs
- Participation in online and offline surveys
- Participation in contests and games
- Subscription to mailing lists, in order to receive offers and other promotions by email
c) Transmission of information from third parties:
- Tourist agencies, tourist offices, GDS reservation systems, online reservation systems (such as e.g. booking.com, expedia.com, etc.) and other reservation systems
d) Actions through electronic devices
- Login on our websites
- Connection to the WiFi network of our hotels
- Completion of online forms (e.g. reservation forms, precheck-in forms, satisfaction survey forms, etc.)
Third party access terms to your personal data
At S. MICHOPOULOS S.A. (KIVOTOS) and its affiliates, it is part of our philosophy and basic principles to not disclose your information with third parties for their unrelated business or marketing purposes, without your consent.
However, we may disclose your information to the following entities:
- Affiliates. Your information may be shared between affiliates of S. MICHOPOULOS S.A. (KIVOTOS).
- Business associates. We may also share your information with trusted business partners. These entities may use your information in order to provide you with services you have requested, to make provisions relating to your interests, and possibly to provide you with promotions, advertisements and other material.
- Service providers and/or any third parties that may process information on our behalf. We may also share your information with companies that provide services on our account or behalf, such as IT contractors, bulk mailers, banks, credit card institutions, law firms, mail service companies, printing services companies, etc.
- Other third parties, if so required by law or in order to protect our Services. Situations may arise in which we share your information with other third parties:
- in order to comply with the law or in order to comply with a mandatory legal procedure (such as search warrants or other court orders),in order to comply with the law or in order to comply with a mandatory legal procedure (such as search warrants or other court orders),
- in order to confirm or implement our compliance with the policies governing our Services; and
- in order to protect the rights, ownership or security of S. MICHOPOULOS S.A. (KIVOTOS) or any of our affiliates, business partners or customers.
- Other third parties in relation to corporate transactions. We may share your information with third parties within the context of a merger or transfer, or in the event of bankruptcy.
In order to provide you the best possible service, we allow access to your personal data or to certain categories thereof to competent, authorised members of our personnel. This includes:
- Hotel staff
- Reservations departments
- IT department
- Marketing/Guest Relations department
- Legal Services department, if and when required
- Medical Services, if and when required
Protection of personal data during international transfer
For the purposes we may transfer your personal data to internal or external recipients who may be located in countries that offer different levels of protection for personal data.
Please note that data protection and other laws in the countries to which your information may be transferred may not be equally protective as in your country. The transfer will take place according to the legislation on the processing of personal data, in order to ensure sufficient protection of your personal data.
S. MICHOPOULOS S.A. (KIVOTOS) implements suitable measures in order to ensure safe transfer of your personal data to an external recipient located in a country that offers a different level of privacy than the one proposed by the country where the personal data are collected.
What we do to keep your information safe
We have taken reasonable organizational and technical measures in order to protect the information that we collect in relation to our Services, especially with regard to any sensitive personal data that happen to be collected. Our IT department implements the international standards and practices in order to ensure the safety of the networks and the encryption of the data.
However, you should bear in mind that despite the reasonable measures that we take for the protection of your information, no website, Internet transmission, computer system or wireless connection is ever completely safe.
We take reasonable measures in order to ensure that the information concerning you will be stored no longer than needed for the purpose for which it has been collected and no longer than required by the contract or the applicable legislation.
Cookies, beacons and similar technologies
Cookies are small files that store information on your computer, mobile phone, or other device. They allow the entity who places these files on your device to identify you across different websites, services, devices and/or browsing times. Cookies serve a range of useful purposes. For example:
- Cookies can remember your login credentials, so you do not have to enter them again each time you connect to a service.
- Cookies help us and third parties to understand what parts of our Services are the most popular; they help us see which pages and features are visited by the users, and how much time is spent on each. By studying this kind of information, we can better customize our Services and provide you with better experience.
- Cookies help us and third parties to understand which advertisements you have viewed, so that you do not receive the same advertisement each time you access the Service.
- Cookies help us and third parties to provide you with relevant content and advertisements by collecting information about your use of our Services and other websites and applications.
When you use a web browser in order to access our Services, you can make settings in your browser to accept all cookies, to reject all cookies, or to notify you when cookies are sent. Each browser is different. Refer to the “Help” menu of your browser in order to find out how you can change your cookie preferences. The operating system of your device may offer more control settings for cookies.
However, please note that certain Services may have been designed in order to work with cookies and that deactivating cookies may affect your ability to use these Services or a specific part thereof.
Other local storage
We, as well as certain third parties, may also use other kinds of local storage technologies, such as Local Shared Objects (commonly called “Flash cookies”) and local HTML5 storage (HTML5 Web Storage) in conjunction with our Services. These technologies are similar to the aforementioned cookies, in the sense that they employ storage on your device and can be used to store information concerning your activities and preferences. However, these technologies may use different parts of your device than typical cookies, and therefore may not be controlled with the standard tools and browser settings.
We, and certain third parties, may also use technologies called “beacons” (or “pixels”) that send information from your device to a server. Beacons can be incorporated in internet content, videos and emails, and allow a server to read certain types of information from your device, to know when you have viewed specific content or a specific email message, to determine the time and date on the beacon was viewed, and IP direction of your device. We and certain third parties use beacons for a variety of purposes, such as to analyze the use of our Services and (in combination with cookies) to offer you more relevant content and advertisements.
By accessing and using our Services, you agree to the storage of cookies, other local storage technologies, beacons, and other information on your devices. You also allow us and the aforementioned third parties to access these cookies, local storage technologies, beacons and information.
Access and correction of your data – Right to erasure (‘right to be forgotten’)
According to the legislation in certain jurisdictions, you may be entitled to request details on the information that we collect and to correct any inaccuracies that may be contained in such information. All other lawful user rights remain unaffected. If permitted by law, we may charge you a small fee for the provision of this possibility. We may refuse to handle requests that are repeated to an unreasonable degree, require disproportional technical effort, jeopardize the privacy protection of others, are extremely unpractical, or involve access that is not otherwise required by domestic law. If you wish to submit a request for access to your data, please contact the Data Privacy department.
Υου have the right to obtain from the controller the erasure of your personal data.
Questions and contact
If you have any questions with regard to this policy or the protection and safety of data at S. MICHOPOULOS S.A. (KIVOTOS) and our affiliates in general, please contact the Data Private Department at the following address:
Ornos Bay, 84600, Mykonos, Greece
+30 22890 24094 / firstname.lastname@example.org