1. Greco Philia's COMMITMENT TO PROTECTING PRIVACY Your complete satisfaction and confidence in Greco Philia are absolutely essential to us. Our main priority is to offer you exceptional times and stays with us. That's why, as part of our commitment to meeting your expectations, we have set up a customer privacy protection policy according to the new GDPR. This Charter formalizes our commitments to you and describes how Greco Philia uses your personal data. 2. CONSENT By the word "Personal data" we mean any information collected and logged in a format that allows you to be identified personally, either directly or indirectly. Before providing us with this information, we recommend that you read this document describing our customer privacy protection policy. This Personal Data Protection Charter forms part of the terms and conditions that govern our hotel services. By accepting these terms and conditions, you expressly accept the provisions of this Charter. 3. THE HOTEL'S COMMITMENT TO PROTECTING YOUR DATA The principles below are applicable when using our services: Transparency: When collecting and processing your personal data, we will communicate all information to you and inform you of the purpose and recipients of the data. Legitimacy: We will collect and process your personal data only for the purposes described in this Charter. Relevance and accuracy: We will only collect personal data that is necessary for data processing. We will take all reasonable steps to ensure that the personal data we hold is accurate and up to date. Storage: We will hold your personal data for the period necessary for processing the same in compliance with the provisions of the law. Access, rectification, opposition: You may access, modify, correct or delete your personal data. You may also oppose the use of your personal data, particularly to avoid receiving sales and marketing information. The details of the department to contact in this respect are shown below in the clause "Access and modification". Alternatively, upon completing your registration card you may clearly state and fill in that you dont want to receive marketing information. Confidentiality and security: We will ensure reasonable technical and organizational measures are in place to protect your personal data against alteration or accidental or unlawful loss, or unauthorized use, disclosure or access. Sharing and international transfer: We may share your personal data within the Hotel or with third parties (such as commercial partners and/or service providers) for the purposes set out in this Charter. We will take appropriate measures to guarantee security when sharing or transferring such data. For any questions concerning our principles, please contact the Data Privacy Officer whose details appear in the clause "Access and modification". 4. SCOPE OF APPLICATION This Charter applies: To all data processing implemented in our hotel. To all Greco Philia reservation websites, including www.grecophilia.com but also other hotel web sites (such as grecophilia.reserve-online.net and other sites or applications we use such as drift, mews and mailchimp). Although our customer privacy protection policies cannot be imposed in external applications or partners we cooperate we our utmost to promote our principles set out in this Charter so that our partners comply with the applicable laws in relation to the processing of your personal data. 5. WHAT PERSONAL DATA IS COLLECTED? We may collect and process the following data about you: 5-A. Data you give us that include personal data about you by: * filling-in a registration form at check-in, or upon check-out; * providing payment in our restaurant, bar, hotel and leisure facilities; * in the process of making a booking, an inquiry, completing a survey, or participating in a prize draw or promotion; * corresponding with us by phone, e-mail, social media, online chat, fax or other means; * providing post-stay surveys, feedback or guest review information regarding your stay or experience of our services and products; * registering for a loyalty programme offered to our guests and prospective guests; and linking a social media or loyalty other hotel accounts. Specifically we collect the following information: * Contact details (for example, last name, first name, telephone number, email) * Personal information (for example, date of birth, nationality) * Information relating to your children if they accompany you in the hotel (for example, first name, date of birth, age) * Your credit card number (for transaction and reservation purposes) * Dates you are interested in staying with us * Your arrival and departure dates * Your preferences and interests (for example, smoking or non-smoking room, preferred type of bedding, cultural interests, etc) * Your questions/comments, during or following a stay in one of our establishments. We do not deliberately collect sensitive information, such as information concerning race, ethnicity, political opinions, religious and philosophical beliefs, union membership, or details of health or sexual orientation. Moreover, depending on applicable local laws, other information could be considered sensitive, such as your credit card number, your leisure activities, personal activities and hobbies, and whether or not you are a smoker. We may be obliged to collect such information in order to meet your requirements or provide you with an appropriate service, such as a specific diet. In this case, depending on the laws in force in the European Union, your prior consent may be required with regard to the collection of sensitive information. 5-B. Data we receive from other sources. We may receive information about you if you use any of the other websites we operate, other services offered by us or by our partners and affiliates. In this case you will have been informed when the data was collected that it may be shared internally and combined with data collected on this website. We are also working closely with third parties (including, for example, travel agents and booking services, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies, among others) and may receive information about you from them. 5-C. Data we collect about you. With regard to each of your visits to our site we may automatically collect the following information: * Technical data Including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, etc.; Data about your website visit Including the full Uniform Resource Locators (URL) through and from our site (including date and time); products you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any phone number used to call our customer service number. Data about your use of our marketing emails Our e-mails may contain single, campaign unique “web beacon pixel” to tell us whether our e-mails are opened and verify any clicks through from links or advertisements within the e-mail. We may use this information for purposes including determining which of our e-mails are more interesting to users, to query whether users who do not open our e- mails wish to continue receiving them. * Anonymised data Whenever you visit our web site, we automatically obtain some information about your computer. We will, for example, obtain your IP address, information regarding your web browser software, such as Firefox, Safari or Internet Explorer. we may store information about your preferences, compile anonymous statistics about the manner in which our websites are accessed and used, assisting you to retrieve stored information you have provided, recognise you when you return to our website and the referral web page. The information you give us and information we may receive from other sources may include: your name, address, e-mail address and phone number and financial and bank account/debit/credit card information, information included in any identification document you provide, your travel history, amounts spent on services at our hospitality departments, your gender, room preferences or other special requests, pre-arrival transportation, nationality and residence, event details, and any additional information you provide us. We use the information you give us and the information we receive from other sources to: * carry out our obligations under any contracts, such as bookings and reservations, between you and us; * provide you with information where you have enquired; * communicate with you about your loyalty account or booking with us and to personalise your experience of our website, your stay or a service we are providing you; * provide pre-arrival information, reservation confirmation and electronic receipts/invoices; * provide post-stay communications to improve our service, offers and website; * provide services to you before, during or after your stay; and to respond to your enquiry. * Information about a travelling companion: When booking on behalf of another person, we will ask for personal data pertaining to that person, since their data may only be reviewed or changed through your account. When providing the personal data of your travelling companions, you warrant and agree that you have obtained, on our behalf, a prior approval of that travelling companion as regards the use of their data in accordance with this Privacy Policy. * Data collected for employment purposes: we may collect personal information in order to consider and process any enquiries or applications regarding job vacancies. * Sensitive Data: Please note in some instances we may collect or be provided with personal information which is sensitive, such as your: nationality (as recorded on your passport or identification card); membership in a political, professional or trade association (where this relates to a group booking or event with which you are associated during any stay at a hotel, mobile home, accommodation units or any of our campsites); and health and/or medical information (where this relates to your preferences, special requests or needs). * Third party websites: Our website may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that they have their own privacy policies and we do not accept any responsibility or liability for these policies. Please check these policies before you provide any personal information using these websites. * Limited and specific use: Company will not collect or process any more data than necessary to fulfil the purposes mentioned above. Internally, a limited number of persons from our marketing, business development and customer loyalty divisions are likely to access your information to process it in accordance with this Privacy Policy and in compliance with European regulations, notably the European Directive 95/49/EC on the protection of individuals with regard to the processing of personal data. 6. WHY IS PERSONAL INFORMATION COLLECTED? 6-1. To Provide Superior Customer Service to our Guests Your Personal Information is collected to assist us in making your reservation and providing the services you request at any of our properties, to ensure we meet your needs while you are staying with us and/or to allow us to contact you in relation to matters that arise from your stay with us. Our goal is to provide you with superior customer service, whether you stay with us once or many times. 6-2. To Keep Our Guests Informed We may use the Personal Information you provide and that we collect from our business partners to send you newsletters regarding our properties and to advise you of promotions or to inform you of offers or other information that may be of interest to you. In order to do this, your information may be shared with a third party, for example, a customer relationship management company and/or a marketing and communications company. These companies are under contract with Greco Philia Boutique Hotel and are contractually required to protect all Personal Information to which they have access. If you do not wish to receive information from Greco Philia Boutique Hotel, you may indicate your wishes on your registration card when you stay with us or you may advise one of our properties or send an e-mail to: info@grecophilia.com 6-3. For Marketing Research Finally, we may wish to contact Guests and Owners to conduct surveys or focus groups to receive your views of our properties and service delivery. Such information may be collected by us or a third party under contract with us and they will be contractually required to protect your Personal Information as explained below. Occasionally we will combine information from a number of Guests to better understand trends and Guest expectations. When this occurs, all identifiers are removed and the aggregate information cannot be linked to any specific Guest or Owner. 6-4. Due to the legislation and for tax purposes. By keeping certain stay related Personal Information on file, such as information regarding guest history and itemized spending, Guests and Owners have the ability to confirm prior transactions and reconcile statements or invoices. 7. HOW IS PERSONAL INFORMATION COLLECTED? 7-1. On Our Web Site A. Initially upon contact with our Web Site B. While browsing our Web Site C. Making a booking on our Web Site 7-2. When making a reservation A. On our Web Site B. Through our worldwide reservations external partners C. Via phone call or email to our reservations department 7-3. During your stay at our Hotel A. When visiting the reception to complete the registration form B. When visiting the spa for a treatment C. When visiting our f&b departments (in case of informing the hotel for your food intolerance or a special dietary requirement) D. When using our concierge services 7-4. When receiving an email from our marketing department / reservations / reception A. Through Drift B. Through Mews C. Through Mailchimp 7-5. Data collected for employment purposes: we may collect personal information in order to consider and process any enquiries or applications regarding job vacancies. A. When you send your CV to our emails B. When you hand-in your CV to our hotel C. Through HR external partners upon your response to our job posts. 7-6. In business partnerships A. For accounting purposes 8. DISCLOSURE OF YOUR INFORMATION FOR LEGITIMATE PURPOSES - CONDITIONS OF THIRD-PARTY ACCESS TO YOUR PERSONAL DATA We may share your personal data in so much as required for our compliance with our legal obligations and to comply with laws and regulations imposed upon us. We may share your personal data with other parties where we have obtained your consent or, without your consent where required to fulfill our obligations to you. Under such circumstance your data with internal and external recipients subject to the following conditions: 8-A. Within the Hotel, in order to offer you the best service, we can share your personal data and give access to authorized personnel, including: * Hotel staff * Reservation staff using Greco Philia HOTEL's reservation tools * IT department * Commercial partners and marketing services * Medical services if applicable * Legal services if applicable * Generally, any appropriate person within the Hotel for certain specific categories of personal data. 8-B. With service providers and business partners: your personal data may be sent to a third party for the purposes of supplying you with services and improving your stay, for example: * External service providers: IT sub-contractors, banks, credit card issuers, external lawyers, dispatchers, printers. * Commercial partners: Greco Philia Hotel may, unless you specify otherwise to the Data Privacy department, enhance your profile by sharing certain personal information with its preferred commercial partners. In this case, a trusted third party may cross-check, analyze and apply certain devices to your data. * through social media channels and in particular our social media pages * a third party where you have already published the same information; and a third party where you have consented for us to share your personal data. * Advertisers and advertising networks to whom we provide information in aggregate demographic and statistical form only (from which you cannot be identified as an individual) for marketing and statistical purposes; 8-C. Local authorities: We may also be obliged to send your information to local authorities if this is required by law or as part of an inquiry and in accordance with local regulations. 9. DATA SECURITY Greco Philia Hotel takes appropriate technical and organizational measures, in accordance with applicable legal provisions, to protect your personal data against illicit or accidental destruction, accidental alteration or loss, and unauthorized access or disclosure. To this end, we have taken technical measures (such as firewalls) and organizational measures (such as a user ID/password system, means of physical protection etc.). When you submit credit card data when making a reservation, SSL (Secure Socket Layer) encryption technology is used to guarantee a secure transaction. 10. COOKIES You are advised that the company uses cookies or other tracers on its web sites (www.grecophilia.com, grecophilia.reserve-online.net) These tracers may be installed on your device depending on the preferences that you expressed or may express at any time in accordance with this policy. 10-1. Why have a cookies policy? With a view to provide information and ensure transparency, Greco Philia Hotel established this policy so that you can learn more about: * The origin and purpose of the information processed when you browse our Websites * Your rights with regard to cookies and other tracers used by our Websites 10-2. What is a cookie? Cookies and other similar tracers are packets of data used by servers to send status information to a user's browser and return status information to the original server through this same browser. The status information can be a session identifier, a language, an expiration date, a response field or other types of information. During their validity period, cookies are used to store status information when a browser accesses various pages of a website or when the browser returns to this website at a later point. There are different types of cookies: Session cookies, which are deleted as soon as you exit the browser or leave the website Persistent cookies, which remain on your device until their expiration or until you delete them using the features of your browser 10-3. Why use cookies? We use cookies and other tracers primarily for the following purposes: Cookies strictly necessary for browsing the Greco Philia Websites and the ability to use all of their features, and intended in particular to: * Manage authentication of website visitors and the associated security measures, and ensure proper functioning of the authentication module * Optimize the user experience and facilitate browsing, in particular determining "technical routes" for browsing * Store information regarding the "cookies" information banner seen by website visitors who then continue to browse the website after agreeing to accept cookies on their device * Implement security measures (for example, when you are asked to log in again for content or a service after a certain period of time, or to ensure basic operation of Greco Philia Websites and use of their major technical features, such as monitoring of performance and browsing errors, management of user sessions, etc.) Cookies for features intended in particular to: * Adapt Greco Philia Websites to the display preferences of your device (language, currency, display resolution, operating system used, configuration and settings of the display of web pages based on the device you are using and its location, etc.) * Store specific information that you enter on Greco Philia Websites in order to facilitate and customize your subsequent visits (including displaying the visitor's first and last names if the visitor has a user account) * Allow you to access your personal pages more quickly by storing the login details or information that you previously entered * Cookies for visitor tracking are aimed at improving the comfort of users by helping us understand your interactions with Greco Philia Websites (most visited pages, applications used, etc.); these cookies may collect statistics or test different ways of displaying information in order to improve the relevance and usability of our services. Advertising cookies are intended to (i) offer you, in advertising spaces, relevant, targeted content that may be of interest to you (best offers, other destinations, etc.) based on your interests, browsing behavior, preferences, and other factors, and (ii) reduce the number of times that the advertisements appear. Affiliate cookies identify the third-party website that redirected a visitor to Greco Philia Websites. Social network cookies, set by third parties, allow you to share your opinion about and content from Greco Philia Websites on social networks (for example, the "Share" or "Like" application buttons for social networks). The social network applications on Greco Philia Websites as mentioned above can in some cases allow the social networks concerned to identify you even if you did not click on the application button. This type of button can allow a social network to track your browsing on Greco Philia Websites, simply because your account in the social network concerned is enabled on your device (open session) while you are browsing. We recommend that you read the policies of these social networks to familiarize yourself with how they use the browsing information they may collect, especially with regard to advertising. These policies must specifically allow you to make choices on these social networks, particularly by configuring your user accounts for each of them. 10-4. Consent The installation of certain cookies is subject to your consent. Also, when you first visit the Greco Philia Websites, you are asked whether you agree to the installation of this type of cookie, which is only activated after your acceptance. This process is supported by means of an information banner on the home page of the Greco Philia Websites, which informs you that by continuing to browse, you are agreeing to the installation of cookies that require consent on your device. You can change your mind at any time using the various methods described in section "Deleting and/or blocking cookies". 10-5. Deleting and/or blocking cookies You have several options for deleting cookies and other tracers. 11. STORAGE OF DATA We retain your personal data only for the period necessary for the purposes set out in this Charter or in accordance with the provisions of applicable law. 12. ACCESS AND MODIFICATION You have the right to access your personal data collected by Greco Philia Hotel and to modify it subject to applicable legal provisions. You may also exercise your right to object by writing to the address below. In the event of difficulty exercising your rights, please contact the Data Privacy department for the Greco Philia Hotel by sending an email to info@grecophilia.com mentioning in the title DATA PRIVACY or by writing to the address below: Greco Philia Data Privacy Department 84600, Mykonos, Greece For the purposes of confidentiality and personal data protection, we will need to identify you in order to respond to your request. You will be asked to include a copy of an official piece of identification, such as a driver's license or passport, along with your request. If your personal data is inaccurate, incomplete or not up to date, please send the appropriate amendments to the Data Privacy department as indicated above. All requests will receive a response as swiftly as possible and in accordance with applicable law. You may also exercise your rights in respect of your personal data that is stored and processed by a hotel following a stay. To do this, you must contact the hotel directly. 13. UPDATES We may modify this Charter from time to time. Consequently, we recommend that you consult it regularly, particularly when making a reservation at our hotel. 14. QUESTIONS AND CONTACTS For any questions concerning the Greco Philia personal data protection policy, please contact the Data Privacy department.