Privacy Policy
Privacy Policy
Effective as of :  16/07/2018
 
TOURISTIKAI EPICHIRISEIS APOLLON A.E. (Tourism Enterprises Apollo S.A.)  has placed the protection of your personal data high on our list of priorities, as part of our philosophy to build on a relationship of trust we mean to maintain with our guests and customers.
We therefore make an express commitment to respect your privacy as well as observing applicable legislation in the matter of protection of personal data and privacy.
This Personal Data and Privacy Protection Policy reflects the terms and conditions of the General Regulation on Private Data Protection (EU) 2016/679 – GDPR in the sense of and in accordance with the provisions of Article 13 thereof (Transposed in the Greek Legal Order by virtue of Law 2016/679 – GDPR).
 
Fully conscious as we are of the critical character of your personal data, we commit ourselves to spare no effort in carefully storing and processing whatever information you may be brought to share with us.
 
Your trust in us is something we highly appreciate: this is why we have come up with the present Data Protection Policy, so that you are kept informed on the ways whereby we collect, use and eventually disclose data concerning you.  Our collecting, using and/or notifying data shall at all times be conditional on your consent unless otherwise prescribed under the applicable legislation.
 
At TOURISTIKAI EPICHIRISEIS APOLLON A.E. we have chosen to enhance the efficiency of the protection of your personal data through technical security modules, internal data administration processes as well as by adopting physical safety measures. Our firm has been relentlessly developing its systems and procedures in an effort to safeguard whatever personal information you may at times furnish us with.
 
1. INTRODUCTION
 
The term “Personal Data” is understood to designate whatever information eventually collected or otherwise recorded in a format allowing a direct (e.g. surname) or indirect (e.g. passport number) identification of yours as a physical person.
 
Our “Privacy Policy” forms part of the set of terms and conditions governing operations of our hotel establishments. By endorsing such terms and conditions you are also deemed to expressly condone the provisions of this policy.
 
2. SCOPE OF EFFECT
 
TOURISTIKAI EPICHIRISEIS APOLLON A.E. is fully aware of the importance our guests and customers place on the protection of their privacy, hence our endeavour at being unequivocally clear as to the ways whereby we are eventually brought to collect, use, notify, cause to transfer and/or store your data. This policy should be seen as a summary of the practices we have been adopting with respect to data.
 
Our Privacy Policy applies with respect to this website as well as to any services anyhow provided by us, if and whenever relevant to privacy and data protection.
 
We strongly recommend that you take a moment to carefully read through this privacy policy, all the more since every time you make use of our services, you are deemed to be in agreement with the practices described below.
 
Should you be in disagreement with any of the practices of ours, described in our Privacy Policy, you are advised to refrain from using our services.
 
3. WHAT IS THE PURPOSE OF OUR COLLECTING DATA?
 
Our firm may be brought to collect personal data as part of our activity of managing of your stay at our establishment(s) as well as monitoring your exchange with TOURISTIKAI EPICHIRISEIS APOLLON A.E., the ultimate purpose being for us to be in a position to cater to be of service to you in the best and most efficient way possible.
 
We may therefore be collecting personal data in order to:
 
a) Manage room and other hospitality services reservations. This may include:                            
Drafting and storing legal documents in accordance with applicable legislation locally in effect;           
 
  • Collecting information bound to help us anticipate and eventually cater any requests relevant to your stay (e.g. room preferences)
 
b) Manage your stay at the Hotel, by way of:
 
   • Drawing up and managing customer personal data lists for operational reasons: such are, for instance, lists of guests expected to check-in/check-out within the day etc.
 
c) Improve the quality of our hospitality services, by:
 
   • Processing your personal data, albeit solely upon your consent, for marketing purposes, as explained in detail in the consent form you are invited to endorse.
 
d) Manage our exchanges and interaction with you before, during and subsequent to your stay with us. This we endeavour to attain by:
 
   • Managing requests for removal of a customer’s address from our marketing lists;                                                  
   • Drawing up and managing questionnaires and whatever statistical data are collected through answers thereto.
 
e) Bettering our services, by:
 
   • Efficiently managing customer claims and eventual complaints.
 
f) Ensuring system safety, by:                     
 
  • Taking such targeted actions as may be necessary to warrant safety and prevent fraud
 
g) Conformation with applicable Hellenic and European legislation
 
h) Making sure that our customers and guests make safe use of our SPA services and fitness facilities.
 
4. What type of Personal Data is our firm bound to collect?
 
Although personal data are typically collected by having you furnishing them to us, there may be cases when such information is provided to us by a business partner, tourist agencies as well as through online reservation platforms (such as booking.com, expedia.com ea.), conditional on your having previously authorized such systems to act on your behalf in arranging for a stay at our establishment.
 
Type of data provided directly by you to us
Here’s a list of types of personal data we are our bound to collect directly from you, during your stay at our establishment:
 
Contact data: (e.g. name and surname, passport number, national identification document number, home address and telephone   number)
Personal identification data: (e.g. date of birth, nationality)
Information relevant to your offspring: (e.g. name  and surname, date of birth, passport number)
Invoicing-relevant data (e.g. credit card info, fiscal identification number)
Check-in/Check-out dates, flight numbers, room number (e.g. non-smoking room, preferred storey, type of room selected).
Health-relevant data such as information about any allergies you may have reported to be suffering from.
Information collected in the case of persons under the age of 16 may only be supplied to us by an adult / guardian / tutor shall be limited to their Name and Surname, Passport Number and Date of Birth.
 
We would highly appreciate any action on your side that will ensure that no information is supplied to us by your offspring without your consent (especially while using the Internet). If, despite all, any such data does eventually reach us under the circumstances, you have the possibility to contact our reservations department and arrange for data thus supplied to be removed from our system.
 
We would highly appreciate any action on your side that will ensure that no information is supplied to us by your offspring without your consent (especially while using the Internet). If, despite all, any such data does eventually reach us under the circumstances, you have the possibility to contact our reservations department and arrange for data thus supplied to be removed from our system.
 
Moreover, any information in the matter of allergies or any other health-related concern you eventually have, may qualify for classification as sensitive. Data of this kind may only be preserved by our enterprise if compelled to do so under the applicable legislation or if you have previously given your express consent thereto (e.g. to the purpose of obtaining that we provide customized services, as is, for example, special meals etc).
 
5. At what moment in time are Personal Data collected?
 
Personal data are bound to be collected under a variety of circumstances, for instance:
 
a) In the event of participation in activities hosted on our facility premises, namely:                         
• Booking a room with us
• Customer check-in and payment
• Booking /using a service on the premises, for example booking a table, ordering a meal, getting access to our SPA facility or participating in animation/entertainment activities
• Management of complaints/problem reports, attending to claims etc.
 
b) In the event of a customer participating in marketing campaigns:
• Such is the case of your details being put on a mailing list - albeit only upon your consent – to the purpose of our business being in a position to send you a wishing card or forward promotional material to you, by mail.
 
c) In the event of such data provided to us through a third party:
• Such is the case of data supplied to our company by tourist agents, tourist offices, online booking platforms (in the likes of www.booking.com , www.expedia.com ea.) or other reservation systems.
 
6. Terms and Conditions under which Third Parties may have access to your Personal Data.
 
Part of our philosophy – and indeed a fundamental principle in our practice – at TOURISTIKAI EPICHIRISEIS APOLLON A.E. – is making sure that no personal data of yours be notified to third parties for any business purpose of theirs or for marketing reasons, unless you have previously provided your consent thereto.
 
Still, there is a possibility that we disclose such data of yours to any of the agencies or organisations and under such circumstances as quoted below:
 
Service providers and/or any third party eventually involved in data processing on our account. In that sense, it may be that we are brought to disclose personal data of yours to businesses providing services on our account or in our name, such as IT companies, banking corporations, credit card issuers, law offices, postage/mail firms e.g.
 
Credit Approval: Upon requesting for a credit approval, your personal data shall be disclosed to and used by third parties, in accordance with applicable legislation, within the process of granting or maintaining a credit limit to your benefit.
 
Other third parties, whenever so required by law or as part of our duty to safeguard our services. There may, indeed, be circumstances under which our company shall be compelled to notify personal data of yours to third parties. This may, for instance, happen in those cases when we have to conform to applicable legislation or to abide with a specific, compelling legal procedure (for instance, a search/investigation warrant or any other kind of  judicial decree whatsoever) or whenever our enterprise may be called upon to make good of its commitment to conform with established policies meant to govern our services or to the purpose of safeguarding our rights, protecting our property and consolidating the safety of TOURISTIKAI EPICHIRISEIS APOLLON A.E. or any of our business partners and no less of our customers.
For us to be in a position to be of better service to all of our customers and guests, we need to allow for our expressly, ad-hoc authorized personnel to have access to certain types of your personal data. Such staff includes:       
                          
• Hotel managers
• F&B
• Reservations Department
• Front Office Department
• Guest Relation
• Medical services staff, on an as-need basis.
 
7. Actions our firm takes to the purpose of warranting the safety of your Personal Data
 
You will be relieved to know that our company has taken all measures, both at the organizational and at the technical level, bound to safeguard information collected from our guests as well as to actively protect any sensitive personal data of yours, in possession of which we may come to be. Our IT Manager has had specialized training in the matter of investigation digital crime as well as in digital forensics. We moreover assure you of our adoption of all international standards and practices aimed at protecting networks and having data encrypted whenever so is required.
You are nevertheless kindly requested to consider that however meticulous we may be in adopting whatever measures may reasonably be expected to safeguard your personal data, there is no transmission over the Internet nor any information system capable of warranting faultless safety at all times.
 
8. Data storage
 
Our company has adopted all measures reasonably expected to warrant that your personal data shall solely be stored over such period of time as may be required to serve the specific purpose for which such data have originally been collected or over such term as so is provided for under the respective agreement or under the applicable legislation, as the case may be.
 
9. About Video Surveillance (CCTV)
 
Set forth in this particular section are the terms and conditions of the policy under which our company is handling the activity of security camera footage (alias Video Surveillance – CCTV) with respect to personal data of persons likely to be video-recorded. When it comes to security camera footage, our policy is aimed at comforting the following aspects:
 
• Monitoring and further handling of security camera footage-generated material shall at all times conform with all relevant legislative prescriptions, included but not limited to the GDPR of the European Union.
• Information collected through such footage shall solely and exclusively be used for security purposes as well as for the protection of our members of staff and of our customers and guests.
• Our facility has set up a CCTV security camera footage network for prevention and detection purposes as well as to the purpose of the protection of property. Whenever footage concerns a subject of data, such footage shall be treated as constituting personal data.
• Our establishment wishes to inform you of the operationality of our CCTC system, a fact also notified to our guests through relevant signs in various points of relevance throughout the network. Such notices are also reinforced by further alert signs within the video-monitored area.
• Disclosure of information collected through CCTV systems is always monitored for strict conformity with and accordance to the purposes the system is meant to serve. Images recorded through the video-surveillance system are bound to be projected within a monitored space – for instance, in the establishment’s Computer Room, access to which is also limited by license. Moreover, the right to project and watch footage of this type is limited to authorized members of staff.
• The establishment is meant not to preserve footage for more than the period of time required – whether under the applicable legislation or/and under the system configuration – for the purposes such security camera footage has been commissioned in the first place.
 
Confidentiality and Safety of the Processing
 
Our establishment has put in place and is implementing all appropriate organisational and technical measures for the protection of privacy and personal data from any form of illegitimate processing.
 
More specifically, this establishment is committed to warranting:
 
• The safety of the recorded material as well preventing that such material be unduly taken hold of by unauthorized parties.
• Monitoring access to camera-generated material
• Appropriate training of the staff entrusted with the operation of the CCTV system, with special emphasis on an ongoing familiarization of such members of staff with any and all aspects relevant to the personal data protection.
• Safe transmission of video-taped incidents to lawfully implicated addressees. 
• Restriction of notification of recorded material which shall expressly be limited to third parties holding a statutorily legitimate interest thereto. For instance, records of this kind might be of use to the police authorities as part of their investigating into a given incident.
 
10. Your rights under the General Data Protection Regulation 
 
As persons concerned by the personal data thus collected, you are entitled to specific rights and prerogatives, namely:
 
• To request to be informed each time personal data of yours are collected (Right to be Informed).
• To have access to and receive a copy, upon request, of any personal data of yours thus collected (Right of Access to Data)
• To request and obtain that any imprecisions in your personal data thus collected be amended as well as that whatever incomplete personal data of yours, eventually collected, be duly completed (Right to Amend).
• To revoke your consent to the collection of your personal data as well as requesting that any personal data of yours, eventually stored in our system, be eliminated or that processing thereof be discontinued, unless there is any legal justification that such storage and processing be pursued. Such request of yours shall, for instance, be granted if data thus stored are no longer relevant, in the light of the purpose for which they had originally been collected (Right to Oblivion).
• To request that your data be transferred – whether by you or directly by us – to any other party in charge of processing thereof, conditional on this being technically feasible (Right to Portability).
• To oppose yourself to your personal data being processed by our company, provided we have no longer a legitimate claim upon such processing or to request that such processing being henceforth limited to specific circumstances (Right to Opposition).
 
Our company may decline to grant requests found to be unreasonable or requiring a disproportionately intense technical effort, requests deemed likely to undermine confidentiality or found to be impractical or requests relevant to access not imposed by law.
Should you wish to lodge a request for access to your personal data under any circumstances, please e-mail our Reservations Department (contact details under the “Contact us” rubric).
 
11. Data Tampering
 
We wish to assure you that all necessary measures have been put in place to make sure that all and any personal data of yours are stored in our data base are kept safely.
 
Any cases of tampering/leakage of data eventually to occur shall immediately be notified both to the subjects of such data and to the competent authorities within 72 hours from the moment such tampering/leakage has been detected, conditional to the obviousness of personal data stored in a readable form having been illegally extracted.
 
12. Updates and Notifications
 
The terms and conditions of this Policy are subject to amendments. You are therefore kindly urged to keep yourself regularly updated on the latest version hereof, especially before you proceed to lodge a booking with our establishment, so as to ensure that you are at all times informed of any changes. The latest, updated version of this Privacy Policy shall at all times be available for consultation at this address: «http://www.apollobeach.gr/privacypolicy/en»  . You may check the “Date of Entry into Effect” on top of this document, so as to know when it was that the terms of this Privacy Policy were updated last.
 
A printout of this Privacy Policy shall also be available at the Reception Desk of our Establishments; such printout may also be sent to you by regular mail upon request: please contact our Reservation Department for details (contact details under the “Contact us” rubric).
 
13. Contact us
 
Details of Controller: TOURISTIKAI EPICHIRISEIS APOLLON A.E.,FALIRAKI GR-85105, RHODES, GREECE
 
Apollo Beach Hotel
FALIRAKI GR-85105, RHODES
GREECE
Phone: +30 22410 85513
Fax: +30 22410 85823
 
SENTIDO Apollo Beach Hotel
FALIRAKI GR-85105, RHODES
GREECE
Phone: +30 22410 85000
Fax: +30 22410 86360

Facebook Apollo Beach
Google Plus Apollo Beach
YouTube Apollo Beach
Apollo Beach
Faliraki 851 05
Rhodes Dodecanese Greece
Telefon : +30 22410-85513, 085535
Fax : +30 22410-85823
Email : apollorh@otenet.gr

(c) 2018 Apollo Beach