The ‘Mouzaki Palace’ (hereinafter referred to as the ‘Hotel’), has as its main priority the protection of personal data, which it processes. For this reason, it collects and processes data in accordance with the principles set out in Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (hereinafter the ‘General Data Protection Regulation’ or ‘GDPR’) and in accordance with the applicable national and European legislation on the protection of personal data. It also takes all appropriate technical and organisational measures necessary to protect the personal data it collects and processes in the context of its commercial activities.

We invite you to carefully read this personal data protection policy of our Hotel, the aim of which is to inform you about the terms and conditions governing any processing of personal data by the Hotel in the context of our commercial activity and the services we provide to you in any way, as well as about your rights under the applicable legislation.

The Hotel reserves the right to amend, update, revise or otherwise change this Privacy Policy from time to time, as it deems necessary, without prior notice, in accordance with applicable law. For this reason, we invite you to check this Policy periodically in order to be informed of the existence of any modified versions.

For the purposes of this Protection Policy, the following definitions apply:

«personal data»:any information relating to an identified or identifiable natural person (’data subject"). An identifiable natural person is one whose identity can be established, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or one or more factors specific to the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person,

«Processing»:Means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction."

«Controller of Processing (Data Controller)»:Means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law."

«Recipient»:Means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.

«Third party»:Third party" means a natural or legal person, public authority, agency or body other than the data subject, the controller, the processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

“You” or “your” or “visitor”: »:Any natural person who enjoys the services of the Hotel, visits the present website of the Hotel, or whose personal data is processed by us in accordance with the terms of this Privacy Policy.

The Company «*******************», headquartered at **************** No. **, in *******, with VAT number **********, is the data controller responsible for the collection, storage, and overall processing of your personal data, as collected and stored for the processing purposes specified in this Privacy Policy.

The Hotel is fully committed to safeguarding your privacy and the personal information you entrust to us. We typically collect and process the following personal data:

• Full name, nationality, ID card number/passport number, date of birth, profession, address, car license plate, and contact phone number, e-mail
• Information related to your payment, credit or debit card details, transfer number, and bank account number.
• Signature sample
• Car license plate (your own or rented)
• Stay details (arrival – departure, number of guests, total number of nights)
• Guest profile (special preferences, history of previous visits, health information, allergies, dietary habits, personal interests, informational brochures)
• Contact details (e.g. email), where the guest consents to receive informational and promotional material from the Hotel
• Images from the video surveillance system operating in the Hotel premises for the purpose of security of people and property
• πληροφορίες, που τυχόν Information that may be collected when the guest connects to the Hotel’s WIFI, necessary for the best experience during internet use (device type, location, IP/MAC address, operating system, cookies, etc.)
• Technical data collected when using the Hotel’s website (cookies)

Your personal data is collected by the Hotel when you personally make a reservation online, by phone, through a third party, via our website, or through a third-party platform (such as Booking, Expedia). It is also collected when you make a payment to the Hotel for services by any means, when you check in at the Hotel, during your stay, when you participate in an event held at the Hotel, when information is provided by third parties (e.g., travel agencies, online booking systems), when you connect with an electronic device to our website or the Hotel’s Wi-Fi, when you fill out online booking or customer satisfaction forms, or when you complete the contact form on the Hotel’s website.

The Hotel processes your personal data solely and exclusively with your explicit written consent, which you provide either when making a reservation through our website or during check-in at the Hotel. For minors under the age of fifteen (15), consent must be provided by their legal guardian.

The Hotel processes your personal data in a lawful and legitimate manner. Under no circumstances does it collect or process more information or data than is necessary to fulfill the purposes of the processing. Your data is stored securely. Its collection and processing are carried out exclusively for the purposes explicitly stated. Your information is not used for profiling.

The Hotel collects and processes your personal data solely for the purpose of providing you with personalized and continuously improved services. Indicatively:

a) For managing room bookings and other hospitality services
b) For managing your stay at the Hotel or providing catering services
c) To improve our hotel services
d) For managing our relationship with the guest before, during, and after their stay
e) For the security of the Hotel and our systems
f) To comply with Greek and EU legislation
g) To ensure quality and optimize our services
h) To satisfy our guests and for the Hotel’s policy regarding promotional marketing activities (direct marketing) and sales promotion

In order to provide you with the best possible service, we grant access to your personal data or to special categories of such data to specific and expressly authorized personnel of our Hotel, including but not limited to:

a) In the Reservations Department
b) In the IT Department
c) In the Marketing Department
d) In the Legal Department, if deemed necessary
e) In our Accounting Department

The Hotel will disclose your personal data if required by law, judicial or regulatory decision, or in order to exercise its legal rights.

These third parties may be located in Greece, in countries within the EU, or anywhere else in the world. When personal data is stored by us outside the EU, we ensure an adequate level of protection for the personal data transferred in accordance with applicable legislation and require service providers to use appropriate measures to protect the confidentiality and security of personal data. If we are to transfer your personal data to a third country, meaning a country outside the EEA or to an international organization, you will be informed prior to the transfer, in accordance with the provisions of Article 13(1)(f) of the GDPR.

Your personal data is retained solely for the period necessary to fulfill the aforementioned purpose for which it was collected, in full compliance with applicable law. Once the purpose of processing your personal data is completed, the data is deleted.

The Hotel, as well as certain third parties providing content, advertisements, or other functionalities for our services, may use cookies, beacons, and other similar technologies to improve the performance and traffic of our website.

We may use third-party advertising companies to display advertisements about goods and services that may interest you when you access and use our electronic services, other websites, or online services. To display such advertisements, these companies place or recognize a unique cookie in your browser (including the use of pixel tags). If you want more information about this practice and to learn about your choices regarding it, please visit http://www.networkadvertising.org/managing/opt_out.asp and http://www.aboutads.info/. To opt out of this practice, you can download the AppChoices application at www.aboutads.info/appchoices.

Cookies: Cookies are small files that store information on your electronic device and are used: a) for your convenience, so you don’t have to enter the same login credentials each time you access a service, b) by the Hotel or third parties, to understand which advertisements you have seen, so you don’t receive the same advertisement repeatedly, c) by the Hotel or third parties, to examine which of our websites or their sections are more popular, in order to improve the services we provide, d) by the Hotel or third parties, to collect information and content regarding your use of our services and other sites.

When you use a web browser, you can adjust the settings related to accepting, controlling, opposing, or rejecting cookies, or be notified when cookies are sent.

However, please be informed that some services may be designed to operate using cookies, and disabling them may affect your ability to use these services or parts of them.

Types of cookies we use (indicatively):

• Necessary Cookies: These are essential for the proper functioning of our website. They allow you to browse and use its features. These cookies do not identify you personally. Without these cookies, we cannot provide an effective operation of our website.
• Functionality (Preference) Cookies: These cookies allow the website to remember user choices such as username, language, or region to provide enhanced and personalized features. They may also be used to deliver services requested by the user, like video playback or social media sharing. The information collected by these cookies can be anonymized and cannot track your browsing activity on other websites. If you do not accept these cookies, the website’s performance and functionality may be affected, and your access to certain content could be limited.
• Performance cookies (statistics): these cookies collect information about how visitors use our website, for example, which pages they visit most often and whether they receive error messages from web pages. These cookies collect aggregate, anonymous information that does not identify a visitor. They are used solely to improve the performance of a website.
• Advertising Cookies: These cookies are used to deliver content that is more relevant to you and your interests. They may be employed to send targeted advertisements or offers, limit the number of times you see an ad, or measure the effectiveness of an advertising campaign. These cookies can also track the websites you have visited to help determine which online marketing channels are most effective and allow us to reward external websites and partners who referred you to us.
• Unclassified Cookies: Unclassified cookies are cookies that are currently in the process of being classified, together with the providers of the individual cookies.

Beacons: The Hotel, as well as certain third parties, may use technologies called beacons (or “pixels”) that send information from your device to a server. Beacons can be embedded in online content, videos, and emails, allowing a server to read certain types of information from your device, know when you have viewed specific content or an email message, determine the time and date you viewed the beacon, and record your device’s IP address. The Hotel, along with certain third parties, uses beacons for various purposes, such as analyzing the use of our Services and (in combination with cookies) providing you with more relevant content and advertisements.

By accessing our website and using our services, you agree to the storage of cookies, other technologies, beacons, and other information on your devices. You also consent to our access, as well as that of third parties, to these cookies, other technologies, beacons, and information for the purposes described above.

Every natural person whose data is subject to processing enjoys the following rights:

RIGHT TO INFORMATION & ACCESS: You have the right to be informed and to access the data held by us, as well as to receive additional information regarding its processing.

RIGHT TO RECTIFICATION: You have the right to request the correction, modification, supplementation, and updating of your data held by us.

RIGHT TO ERASURE (RIGHT TO BE FORGOTTEN): Έχετε δικαίωμα να ζητήσετε τη διαγραφή των προσωπικών σας δεδομένων όταν τα επεξεργαζόμαστε με βάση την συγκατάθεσή σας ή προκειμένου να προστατεύσουμε τα έννομα συμφέροντα μας.

RIGHT TO RESTRICTION OF PROCESSING: You have the right to request the restriction of the processing of your personal data when: (a) the accuracy of your personal data being processed is contested, pending verification, (b) the processing is unlawful and you request the restriction of use instead of deletion of your personal data, (c) the personal data is no longer needed for the purposes of processing but is necessary for the establishment, exercise, or defense of legal claims, and (d) you object to the processing and pending verification whether there are legitimate grounds that override your objection.

RIGHT TO OBJECT TO PROCESSING: You have the right to object at any time to the processing of your personal data when there is no compelling and lawful reason for us to continue such processing.

RIGHT TO DATA PORTABILITY: You have the right to receive your personal data free of charge in a format that allows you to access, use, and process it, as well as to request us—where technically feasible—to transfer your data directly to another data controller. This right applies to the data you have provided to us and which is processed by automated means, based on your consent or in execution of our contract.

RIGHT TO WITHDRAW CONSENT: You have the right to withdraw your consent, to the extent it was given for the intended processing activities, at any time.

To exercise any of your rights, you may send a message to the following email address: mouzakipalace@outlook.com.gr.

RIGHT TO FILE A COMPLAINT WITH THE HELLENIC DATA PROTECTION AUTHORITY (HDPA): You have the right to lodge a complaint with the Hellenic Data Protection Authority (HDPA): Hellenic Data Protection Authoritywww.dpa.grWebsite: www.dpa.gr Address: 1-3 Kifisias Ave., 115 23 Athens, Greece Telephone: +30 210 6475600 Email: complaints@dpa.gr complaints@dpa.gr.