Please ensure Javascript is enabled for purposes of website accessibility

SEARCH SITE BY TYPING (ESC TO CLOSE)


BOOK
YOUR
STAY

Skip to Content

PRIVACY POLICY

1. Purpose

With this Policy, the Company with the name “ARCADI HOTEL SOCIETE ANONYME” based in Chania Town Crete, 1866 Square, to which this website belongs (hereinafter referred to as the “Company”), aims, as Data Controller, under the meaning of the applicable legislation, to provide its website users/visitors with more specific information regarding the processing of their personal data during the browsing and use thereof, which is necessary based on the relationship – cooperation between them.

2. Basic terms

«Data Subject»: Τhe website user and any other natural person, coming into contact with our website.

«Personal data»: Any information that can directly or indirectly identify a natural person (the “Data Subject”), such as name, postal address, contact details (phone number, e-mail), etc.

«Processing»: Εvery act or series of acts performed with or without the use of automated means on personal data or sets of personal data, such as collection, registration, organization, structuring, storage, adaptation or alteration, retrieval, research of information, use, disclosure by transmission, dissemination or any other form of disposal, correlation or combination, restriction, deletion or destruction of personal data that haW come to or will come to the Company’s knowledge, either directly by you through the website, or in the context of your transactional relationship.

«Data Controller»: the Company named «ARCADI HOTEL SOCIETE ANONYME» which owns this website and determines the purposes and way of processing personal data.

«Data Processor»: the natural or legal person, public authority, agency or other entity that processes personal data on behalf of the controller.

«Recipient»: the natural or legal person, public authority, agency or other body to which the personal data is disclosed, whether it is a third party or not.

«Data Protection Officer, DPO»: the Data Protection Officer designated by the Company who holds the position and duties defined by the current legislative framework on personal data protection.

3. What kind of data we collect, why and on which legal basis

We collect and process your following personal data in the following cases:

Activity

Data

Purpose

Legal basis

Entrance to our website

IP address, date and time of access (timestamp-time zone), access provider, browser and its version, operating system and its version, user id/device id

Provision of personalized services to you, proper connection establishment, security and system stability

a) legal obligation

b) legitimate interest as part of making our website available to the public securely and providing services to it

Contact form

Name, e-mail address, subject of the message, content of the message

Contact, dealing with or resolution of your request, question or complaint and providing information

a) the transactional relationship between us and your specific request

b) legitimate interest, in the context of your service

Reservation request

Country, first name, last name, e-mail address, phone number, payment details,

(optional: address, city/ location, postal code, state/region, company, purpose of stay, special requests/remarks)

NOTE: The registration of your data is done through the secure environment of Webhotelier as Data processor, after redirection.

Details’ registration and booking
  1. legal obligation
  2. the transactional relationship between us and your specific request

Cookies

(see Cookies policy)

We must inform you that the personal data you provide to us through our website, for the above purposes, is necessary for us, for your optimal service and the arrangement, management or resolution of your request, question or complaint. Therefore, not providing your data may block our communication through the website and even our transactional relationship in general.

4. Processing of personal data of special categories

Our Company does not process personal data of special categories through this website, such as data related to your racial or ethnic origin, your religious or philosophical beliefs, health data or data concerning your sexual life or your sexual orientation, since the above data are not necessary for us. We therefore ask you not to include such data when filling in any message field. Otherwise, they will be processed by us on your own initiative, as an integral part of your request.

5. Data concerning minors

Our website does not address to individuals who have not reached the age of eighteen (18). Therefore, our Company does not process personal data of minors.

6. Who are the recipients of your data

Access to your personal data is available to:

  1. the authorized and trained personnel of our Company bound by absolute confidentiality and non- disclosure,
  2. our Company’s partners in which the Company entrusts the execution of specific tasks on its behalf, in accordance with Article 28 GDPR, and with which it has ensured the accordant to the Regulation (GDPR) processing, for the protection of your data, through signed contracts and legal binding of upholding sufficient measures, under the accordant provisions of the GDPR (articles 28, 32), such as, indicatively but not limited to, third party partners – companies that support this website or our applications. In case that you attempt to make a reservation through this website, you will be redirected to the reservation environment of Webhotelier Technologies Ltd, which processes personal data included in your reservations, on behalf of the hotel, as Data Processor, providing relevant guarantees (PCI DSS) .
  3. public bodies and authorities, such as public agencies and bodies, independent authorities, regulatory authorities, police, competent authorities, prosecutors, other administrative agencies, etc., when we are required to do so by the applicable legal framework.

In principle we do not transmit your personal data to third countries or international organizations (outside the EU or EEA), which do not ensure an adequate level of protection. Any transmission will comply with the relevant provisions of the applicable legislative framework (such as adequacy decision), in particular Article 44 and following of the GDPR.

7. Retention time of personal data

We retain your personal data for as long as it is required, based on the nature and purpose of every case of data processing, or it is provided by the legislative and regulatory framework, taking into account the legal obligations of our Company, our contract and any legal claims that may arise thereof.

In any case, we apply a maximum retention period of twenty (20) years (general limitation of action). After the above period, data which are no longer necessary will be deleted in a secure and non-recoverable way.

8. Your rights based on the GDPR

In any case, you have control over the processing of your personal data. Any user, as data subject, preserves the following rights, as provided in the GDPR and especially Articles 12 to 23 thereof, and the relevant national legislation:

1. Right to be informed, announced and briefed about exercising your rights (art. 12, 13, 14 GDPR), meaning your right to be informed about how your personal data are used (as it is thoroughly done in this Privacy Policy).

2. Right of access. This means that you have the right to request access to the data we process and to be provided with information about how the Company processes it (Art. 15 GDPR).

3. Right to rectification. This means that you have the right to have your personal data rectified, if it is inaccurate and/ or incomplete (Art. 16 GDPR).

4. Right to erasure (“right to be forgotten”). This means that you have the right to some or all of your personal data erased under certain conditions, such as if there is no legal basis for us to continue processing it or there is a legal obligation to erase it (Art. 17 GDPR).

5. Right to request restriction of processing. This means that you have the right to request restriction of processing your personal data. After a valid request we may be entitled to store your personal data but not to further process it. (Art. 18 GDPR).

6. Right to data portability. It allows you to obtain and reuse the personal data you have provided to us for your own purposes in various services. You have the right to receive and transmit an electronic copy of your personal data easily and ask us to transmit it to another data controller (Art. 20 GDPR).

7. Right to object. This means that you can ask us to no longer process your data, unless we demonstrate compelling reasons why further processing is required. (art. 21, 22 GDPR).

8. Right to withdraw your already given consent (Art. 7 par. 3 GDPR) at any time for processing based on consent. The lawfulness of your data processing is not affected by the withdrawal of consent until the point at which you requested the withdrawal.

You also have the right to submit a complaint to the competent supervisory authority, particularly in the Member State of your residence or your place of work or the place of the infringement, if you consider that the processing of your personal data violates the GDPR (art. 77 GDPR) and your request has not been sufficiently satisfied by us. The competent Supervisory Authority in Greece is the Hellenic Data Protection Authority (1-3 Kifissias Avenue, PC 115 23, +30 210 6475600, contact@dpa.gr).

9. How to exercise your rights

You may exercise your rights either by sending an e-mail to the e-mail address info@arkadi-hotel.gr or by sending a letter to our Company’s Headquarters.

Our Company will make every effort to proceed with the necessary actions within (1) month from the date of receipt of your request, unless the tasks related to the satisfaction of the request are characterized by particularities and/or complications, based on which the Company retains the right to extend the time to complete the actions. In any case, you will be informed about the progress of your request within one (1) month of its submission.

10. Security of your data

Our Company ensures, among other things, that sufficient and appropriate technical and organizational measures are taken in order to ensure the appropriate level of security against risks during processing and in particular from accidental or illegal destruction, loss, alteration, unauthorized disclosure or access of personal data transmitted, stored or otherwise processed but also the preservation of both technical and physical security in accordance with Article 32 of the GDPR. Our Company has relevant Policies and generally observes the principles of processing in accordance with the GDPR (Art. 5 GDPR), to ensure availability, integrity and confidentiality of your data.

11. Social media

Our company uses the following social media: Instagram, Facebook, Trip Advisor.

Regarding certain processing, we and the Data Controllers of the social media platforms act as joint Data Controllers of your data, within the meaning of Article 26 GDPR. As for the processing of the Social Media Data Controllers, we can only have a limited influence. Therefore, we act within the framework of our possibilities and in accordance with the applicable legislation on the protection of personal data.

The social media platform Data Controller manages the overall information infrastructure of each service, maintains their own technical and organizational data protection measures and their own relationship with you as a user and, therefore, as a data subject (if you are a registered member of the respective social media service).

For more information regarding the processing of your data by the providers of social media platforms and in general about your rights, please refer to the respective Privacy/Protection Policies of each provider.

The data you provide us with when visiting our social media page, such as comments, videos, images, “likes”, public messages, etc., are made public on the social media platform you choose and are neither used nor processed by us for purposes other than your information regarding our promotional actions, such as discounts, special offers, competitions that we may organize, but also as part of your service, when you wish to contact us in this way.

The processing of your personal data is carried out based on art. 6 par. 1 f GDPR, in the context of the provision of our services to you.

12. Company’s Declarations

  1. The Company declares that it is not responsible for any damage (direct, indirect, positive, deponent) that may be caused to the visitor on the occasion of the website or its use. The visitor is solely responsible for the protection of their system against viruses and other malware.
  2. The Company does not make decisions or proceed to profiling based on an automated processing of your data.
  3. The Company declares that the present Privacy Policy is likely to be amended / updated at any time but will always be updated on our website.
  4. The Company declares that it will not process the user’s/visitor’s personal data for any purpose not mentioned herein, without prior notice and, where required, his consent.

13. Useful contact details

  1. Details of the Data Controller

ARCADI HOTEL SOCIETE ANONYME

Address: 1866, Square, Chania Town, Crete

Phone number: 2821090181

E-mail: info@arkadi-hotel.gr

Website: https://www.arkadi-hotel.gr/

  1. Details of the Hellenic Data Protection Authority

Address: 1 – 3 KIfissias Avenue, PC  115 23, Athens

Call Centre: +30 210 6475600

E-mail: contact@dpa.gr

Website: www.dpa.gr

Last update: [ date of last amendment]

Arkadi Hotel8.8RECOGNITION OF EXCELLENCE 2022

Contact

1866 Square, Chania Town, 73100, Greece
Tel:  (+30) 28210 92418
Email: info@arkadi-hotel.gr

Follow Us

OUR SOCIAL MEDIA CHANNELS

to-topto-top