Privacy Policy

PRIVACY NOTICE FOR THE PROTECTION OF PERSONAL DATA OF WEBSITE VISITORS

This privacy notice has been prepared in accordance with the provisions of the Regulation (EU) 2016/679 on the Protection of Personal Data (“GDPR”). We recommend that you read carefully this notice in order to be informed about the processing of your personal data when you visit our website. This Policy updates and supersedes previous versions. We may amend this notice at any time. Any changes to this Policy will become effective when we make the revised Policy available on or through our website. Please check this notice regularly to be informed of any amendments.

In the event any translation of this privacy statement is prepared, the English version of this privacy statement shall prevail in case of conflicts between the different language versions.

Our company, Hospitality Stories, collects and processes personal data from visitors of our website (https://hospitalitystories.com/) for marketing purposes, at your request and with your explicit consent, when you sign up for our Newsletter on our website. This Privacy Notice includes all the information the Company, as controller under the General Data Protection Regulation, Regulation (EU) 2016/679 (“GDPR”) and the relevant applicable law, has an obligation to provide you with, as data subject of the data it collects and processes.

Privacy statement

Hospitality Stories (hereinafter only referred to as”we”) takes the protection of your personal data as the Data Controller very seriously. We treat your personal data confidentially and in accordance with the provisions of data protection law. This privacy statement informs you about how, to what extent and for what purposes we process the personal data of customers using the our website .
Version No.: 1.0 
Date: 27/07/2020

 

SUBJECT OF DATA PROTECTION

Subject of data protection is personal data. Data is personal if it can be assigned to an identified or identifiable natural person. This includes information such as names, addresses, email addresses and telephone numbers. 

COLLECTION, PROCESSING AND USE OF PERSONAL DATA ON REQUEST

The use of our website is generally possible without providing personal data. You are neither obliged to visit our website nor to provide any personal data. If you do not provide us with personal data, you might not be able to use individual functionalities of this website. Otherwise there will be no consequences for you. The collection of users’ personal data on our site is always on a voluntary basis, except in the cases described in the following. We would like to point out that data transmission over the Internet (e.g. communication by email) can have security gaps. A complete protection of data against access by third parties is not possible. We use technical, administrative and procedural measures in an attempt to safeguard your personal data from unauthorized access or use. No such measure is ever 100% effective though, so we do not guarantee that your personal data will be secure from theft, loss, or unauthorized access or use, and we make no representation as to the reasonableness, efficacy, or appropriateness of the measures we use to safeguard such data. Users are responsible for maintaining the secrecy of their own passwords. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any account you might have with us has been compromised), please immediately notify us by contacting us at dataprivacy@hospitalitystories.com.

We collect, process and use your personal data, which you have provided us with when booking or registering an account for our member area, to the extent necessary in each case for the following purposes:

1. Registration and execution of the contract.
- Data that you provide when setting up an account, such as your name, email address, telephone number, mobile phone number, address and data which will be provided depending on the service you use.
- We collect, process and use transaction data regarding your activities on the websites (e.g. purchases, content that you generate, comments).
- Billing and other data you provide for the purchase.
- Data collected in the context of reviews, correspondence on the website or by email.
- Other personal data that we may ask you to provide for special purposes.
- If you voluntarily provide us with additional personal data during registration, this data will also be used for the implementation of the usage relationship.


2. Contact establishment
If you provide us with personal data for the purpose of contacting us, this data will be used by us as this is necessary for the purpose of the respective communication.

Categories of personal data, purpose and legal basis of processing personal data, and storage periods

When you visit our website we collect from you and process personal data depending on your use of our website.  Therefore:
a) When you visit our website we collect and process your IP address and your activity in our website. The purpose of processing these personal data is to monitor the use of our website in order to improve it and protect it.  The legal basis for processing these personal data is our legitimate interest to safeguard the smooth operation of our website and optimize its function and management.  We will retain these personal data for a period of 24 months from the day of your last visit to our website.
b) When you contact us either through a communication form hosted on our website or email we collect and process your full name, your country of origin, your email address, your mobile number and any information you include in the communication form or in your email. The purpose of processing these personal data is to address your request, query or comment, and suggest you the best alternative options. The legal basis for processing of these personal data is our (a) legitimate interest to conduct our activities through our website in the best possible manner and support our visitors.
c) We will retain your personal data for as long as needed or permitted in light of the purpose(s) for which it was obtained and as outlined in this Privacy Policy. The criteria used to determine our retention periods include: (i) the length of time we have an ongoing relationship with you and provide the Site to you; (ii) whether there is a legal obligation to which we are subject; or (iii) whether retention is advisable in light of our legal position (such as in regard to the enforcement of the Site Terms of Use, applicable statutes of limitations, litigation or regulatory investigations).

A portion of your personal data is collected through cookies and other similar techniques.  Please refer to our cookies policy for more information. 
Your personal data is not subject to any automated-decision making including profiling.  You have no statutory or contractual obligation to provide your personal data to us.  Unless you do so, we will not be in a position to address your request or consider your resume.

What Information we Collect

The personal data we collect from you when you visit our website and you proceed with a booking are the following:
1. Full name
2. Postal Address
3. Telephone number- mobile 
4. Email address
5. Country of origin 

All the above are necessary elements for the experience’s requests and the booking. 

Furthermore, when you visit our website, we may collect additional information from you for marketing purposes, either directly or through third party service providers, including the following:
1. Information about your activity on our website
2. Device and browser information
3. Ad data, about the online ads served to you
4. Email and CRM data
5. Email communications exchanged with us
6. Business contact information (business email address/ street address/ phone number, etc)
7. Identifiers that help identify your browser or device, but do not directly identify you as a person – for example, your “Customer ID”, a pseudonymous identifier (such as a cookie) associated with a hashed version of your email address, or demographic data such as age range.

Purpose of the Collection

We collect your personal data so that we can communicate with you for the following purposes:
• To communicate with you about our products and services that may be of interest to you, including meeting and event planning and generally for retargeting and advertising purposes.
• To communicate with you about products and services of our affiliates that may be of interest to you.
• To inform you about promotional events, activities, special offers, etc.
• Το inform our suppliers about your reservations, in order to confirm your reservation with them and to communicate with you in case of emergency or any change.  
• To obtain feedback from you that will help us to improve and/ or further the provision of our facilities, products and services.
• For receiving our newsletter.
• Any other purpose specifically requested and/ or agreed by you. We do not collect, and we do not use any personal data other than that specifically mentioned above without your explicit consent unless you ask us to do so. You do not have an obligation to provide us with your personal data, but if you don’t we will not be able to take advantage of our marketing initiatives. When you visit our website we use automated decision-making processes and profiling while processing your personal data collected through the internet, through specialized third party service providers, to serve ads for targeting and advertising. Data about your browsing activity on our website (pages you visit, items clicked on, etc), your device and browser information, email communications, etc may be collected and processed in this context to identify and serve ads to you that are more relevant to you and, in turn, improve performance of our ad campaigns. 

How we Keep your Data

We process your personal data at our offices, in Athens, where they are kept and stored. For the storage and security of your personal data the Company takes all the necessary technical and organizational measures to ensure that the processing is carried out in accordance with the law and the GDPR (access control, firewalls, antivirus, cryptography, etc). 

Access to your Data

Within our Company, your personal data is accessible only to those who need to, with a duty of confidentiality and only for the purposes mentioned in paragraph “Purpose of the Collection” above.
Outside our Company, we may share your personal data with the third parties to whom you have consented, such as when you authorise a third party to contact you in relation to a service. We will instruct those recipients that they must use the personal data only for the purposes described in this Policy. 

Third party recipients of your personal data may include:

• Business partners, who may provide you with information about their products, services.
• Third parties who provide targeted advertising and marketing services for us.We choose our business partners and associates very carefully, after the necessary checks have been carried out and sufficient guarantees have been provided to implement appropriate technical and organizational measures in such manner that processing will meet the requirements of the GDPR and the relevant laws and ensure the protection of your rights. 

Retention Period

In accordance with Company policy, your data is kept only for as long as necessary to fulfil the purposes stated in paragraph “Purpose of the Collection" above, or – in the case of consent – until you withdraw your consent. In any case, for a period no longer than 24 months. After this period, your personal data will be irreparably destroyed. Any data kept by us for marketing and information purposes will be retained until you inform us that you no longer wish to receive such information.  

Transfer to Third Countries

If your data will be transferred to entities or other third parties whose headquarters or place of data processing is not located in a member state of the European Union or the European Economic Area, we ensure before forwarding the data that, outside of legally permitted exceptional cases pertaining to the recipient, either an appropriate level of data protection exists (e.g., through an adequacy decision of the European Commission, through suitable guarantees such as a self-certification by the recipient for the EU-US Privacy Shield, or the agreement of EU standard contractual clauses between us and the recipient as published by the Commission of the European Union, or any other contractual agreement approved by the competent authorities), or your sufficient consent exists. We can provide you with an overview of the recipients in third countries and a copy of the specifically agreed regulations to ensure the appropriate level of data protection. To obtain a copy of the contract/agreement template, please contact us at info@hospitalitystories.com. 

Your Rights 

Our company ensures your rights with respect to processing of personal data and ensures that you may exercise them.

You have the right to request:
Access to your personal data and information on which data do we process, the purposes of processing, the recipients and the duration of processing.
Rectification of your personal data if it is inaccurate or incomplete.
Deletion of your personal data, unless their processing is necessary for the exercise of the legal rights of the Company or of third parties, for the fulfillment of a legal obligation, for public interest reasons or for defending our legal rights before judicial or other Authorities.
Restriction of processing of your personal data only for specific purposes.
Ask for the portability of your data, that is to receive the data you have provided in a structured, commonly used format, or ask to send it to a third party designated by you.
To withdraw at any time your consent to the processing of your personal data, when processing is based on consent.

Should you believe that any personal information we hold on you is incorrect or incomplete, you have the ability to request to see this information, rectify it or have it deleted by contacting us at the email address info@hospitalitystories.com.
If you have questions about this Privacy Policy and/or would like to exercise any individual rights, please contact us through email info@hospitalitystories.com. 

Caution: these rights are not absolute and remain limited. Any unfounded or abusive requests in particular with relation to the security imperatives, laws and regulations may be rejected.

The company responsible for collection, use and disclosure of your personal data under this Privacy Policy is Hospitality Stories.