This Privacy Statement describes the privacy practices of METAXA HOSPITALITY GROUP, a group of companies incorporated under the laws of Greece ("société anonyme") with its registered seat located at 28A Alexandrou Papanastasiou Ave., Heraklion, 71306 for data that we collect:
Collectively, we refer to the Websites, the Apps and our Social Media Pages, as the “Online Services” and, together with offline channels, the “Services.” By using the Services, you agree to the terms and conditions of this Privacy Statement.
"Applicable Data Protection Law" shall mean the Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons with regard to the Processing of Personal Data and on the free movement of such data which applies as of May 25th 2018, the “GDPR”, and any other applicable law implementing, amending, supplementing or replacing this Regulation;
The Corporation under the company name “METAXA HOSPITALITY GROUP”, in its capacity as the Controller of Personal Data, hereinafter referred to as the “Company”, in the context of the General Data Protection Regulation (EU) 2016/679 which entered into force on 25/05/2018, hereinafter referred to as the “GDPR”, as currently applicable, shall hereby provide the following update on the processing of your personal data and your rights as the data subject. The new Regulation shall replace the existing legal framework on the protection of individuals from the processing of personal data.
This update is addressed to individuals who perform any transaction with the Company, their respective legal representatives, as well as their special or universal successors, to representatives of legal persons and to any natural person who has business relations with the company in any capacity.
Personal data processing is the collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, transmission, restriction or erasure of personal data which was or will be brought to the attention of the Company, either as part of your business relations with it or as part of any update which is received by the Company from any third party, a natural or legal person or public sector body, while exercising a legal right of their own or the company.
In compliance with the current legislative framework, the Company has taken all steps required, by implementing all appropriate technical and organizational measures for the lawful adherence, processing and safe retention of personal data files, and is committed to ensure and protect in every way the processing of your personal data against any loss or leakage, alteration, transfer or any other unlawful processing.
METAXA HOSPITALITY GROUP hereby guarantees that it fully complies with the respective obligations under Applicable Data Protection Law.
Collection of Personal Data
“Personal Data” are data that identify you as an individual or relate to an identifiable individual.
We collect Personal Data in accordance with law, such as:
In more limited circumstances, we also may collect:
If you submit any Personal Data about other people to us or our Service Providers (e.g., if you make a reservation for another individual), you represent that you have the authority to do so and you permit us to use the data in accordance with this Privacy Statement.
How We Collect Personal Data
We only collect information which is necessary, relevant and adequate for the purpose you are providing it for.
We collect Personal Data in a variety of ways:
Collection of Other Data
“Other Data” are data that generally do not reveal your specific identity or do not directly relate to an individual. To the extent Other Data reveal your specific identity or relate to an individual, we will treat Other Data as Personal Data. Other Data include:
How We Collect Other Data
We collect Other Data in a variety of ways:
We collect certain data from cookies, which are pieces of data stored directly on the computer or mobile device that you are using. Cookies allow us to collect data such as browser type, time spent on the Online Services, pages visited, referring URL, language preferences, and other aggregated traffic data. We use the data for security purposes, to facilitate navigation, to display data more effectively, to collect statistical data, to personalize your experience while using the Online Services and to recognize your computer to assist your use of the Online Services. We also gather statistical data about the use of the Online Services to continually improve design and functionality, understand how they are used and assist us with resolving questions.
If you do not want data collected with cookies, you can learn more about controlling cookies at http://www.allaboutcookies.org/manage-cookies/
You can choose whether to accept cookies by changing the settings on your browser or by managing your tracking preferences by clicking on “Cookie Settings” located at the bottom of our homepage. If, however, you do not accept cookies, you may experience some inconvenience in your use of the Online Services. For example, we will not be able to recognize your computer, and you will need to log in every time you visit. You also will not receive advertising or other offers from us that are relevant to your interests and needs.
Unless specifically requested, we ask that you not send us, and you not disclose, on or through the Services or otherwise to us, any Sensitive Personal Data (e.g., social security numbers, national identification number, data related to racial or ethnic origin, political opinions, religion, ideological or other beliefs, health, biometrics or genetic characteristics, criminal background, trade union membership, or administrative or criminal proceedings and sanctions).
METAXA HOSPITALITY GROUP shall not process any personal data of yours which are related to your racial or ethnic origin, political opinions, religion or philosophical beliefs, trade union membership, genetic or biometric data, which confirm your identification as the data subject, and data concerning health or data concerning your sex life or sexual orientation, unless: a) you have given your explicit consent for a specific purpose; b) the data have been manifestly made public by you; c) processing is necessary for the provision of our services; d) processing is necessary for reasons of substantial public interest. In any case, we have taken all necessary technical and organizational measures to securely keep and process your personal data belonging to the special categories above.The personal data of minors shall be processed subject to the prior consent of their parents or the persons who have undertaken their parental responsibility, unless otherwise specified by law. For the purposes hereof, minors are persons who have not attained the age of 18 years.
Processing of Personal Data and Other Data- Purposes of processing
METAXA HOSPITALITY GROUP will only process information that is necessary for the purpose for which it has been collected. You will always have the option not to receive marketing communications from us (and you can withdraw your consent or object at any time). We will never send you unsolicited ‘junk’ email or communications or share your personal information with anyone else who might.
We use Personal Data and Other Data to provide you with Services, to develop new offerings and to protect the company METAXA HOSPITALITY GROUP and our guests as detailed below. In some instances, we will request that you provide Personal Data or Other Data to us directly. If you do not provide the data that we request, or prohibit us from collecting such data, we may not be able to provide the requested Services.
We use Personal Data and Other Data for our legitimate business interests, including the following:
We may use and process your personal information where this is necessary to perform a contract with you and to fulfil and complete your orders, purchases and other transactions entered into with us (or one of our third-party partners. We will use Personal Data and Other Data to manage our contractual relationship with you, because we have a legitimate interest to do so and/or to comply with a legal obligation.
We will use Personal Data and Other Data to provide personalized Services according to your Personal Preferences either with your consent or because we have a legitimate interest to do so.
We will use Personal Data and Other Data to communicate with you with your consent, to manage our contractual relationship with you and/or because we have a legitimate interest to do so.
We will use Personal Data and Other Data in this way with your consent, to manage our contractual relationship with you and/or because we have a legitimate interest to do so.
We use Personal Data and Other Data in this way to manage our contractual relationship with you, comply with a legal obligation and/or because we have a legitimate interest to do so.
Lawfullness of processing
The Company shall legally process personal data, provided that processing:
Withdrawal of Consent
You have the right to withdraw your consent, whenever required, at any time without said withdrawal affecting the lawfulness of processing based on consent before its withdrawal. The withdrawal of your consent may be submitted through sending a request at email@example.com.
Disclosure of Personal Data and Other Data
The Company shall not transmit or disclose your personal data to third parties, except in case of the following categories.
Our goal is to provide you with the highest level of hospitality and Services, and to do so, we share Personal Data and Other Data with the following:
We may use and disclose Other Data for any purpose, except where we are not allowed to under applicable law. In some instances, we may combine Other Data with Personal Data (such as combining your name with your location). If we do, we will treat the combined data as Personal Data as long as it is combined.
Non- METAXA HOSPITALITY GROUP Entities
This Privacy Statement does not address, and we are not responsible for the privacy, data or other practices of any entities outside of the METAXA HOSPITALITY GROUP, including Franchisees, Owners, Authorized Licensees, Strategic Business Partners or any third party operating any site or service to which the Services link, payment service, loyalty program, or website that is the landing page of the high-speed Internet providers at our properties. The inclusion of a link on the Online Services does not imply endorsement of the linked site or service by us. We have no control over, and are not responsible for, any third party’s collection, use and disclosure of your Personal Data.
In addition, we are not responsible for the data collection, use, disclosure or security policies or practices of other organizations, such as Facebook, Apple, Google, Microsoft, RIM or any other app developer, app provider, social media platform provider, operating system provider, wireless service provider or device manufacturer, including with respect to any Personal Data you disclose to other organizations through or the Apps or our Social Media Pages.
Third Party Advertisers
We may use third-party advertising companies to serve advertisements regarding goods and services that may interest you when you access and use the Online Services, other websites or online services. To serve such advertisements, these companies place or recognize a unique cookie on your browser (including through the use of pixel tags).
We seek to use reasonable organizational, technical and administrative measures to protect Personal Data.
In compliance with the current legislative framework, METAXA HOSPITALITY GROUP has taken all steps required, by implementing all appropriate technical and organizational measures for the lawful adherence, processing and safe retention of personal data files, and is committed to ensure and protect in every way the processing of your personal data against any loss or leakage, alteration, transfer or any other unlawful processing.
Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of your account has been compromised), please immediately notify us in accordance with the “Contacting Us” section, below.
LINKS TO OTHER WEB SITES
In order to anticipate your needs, our website provides links to other web sites and third parties for your convenience and information. We are not responsible for the collection, use, maintenance, sharing or disclosure of data (including personal data) by such third parties. We encourage you to contact these third parties to ask questions about their privacy practices, policies and security measures before disclosing any personal data. We recommend that you review the privacy statements and policies of linked web sites to understand how those web sites collect, use and store information.
Data subject rights
You have choices when it comes to how we use your data and we want to ensure you have the information to make the choices that are right for you.
As personal data subject, you have the following rights:
If you no longer want to receive marketing-related emails, you may opt out by following the instructions in any such email you receive from us
In addition, members of our loyalty programs can opt out from marketing-related emails through their program account, or by sending a letter to:
METAXA HOSPITALITY GROUP 28A Alex. Papanastasiou, Heraklion 713 06, Crete, Greece
We will try to comply with your request as soon as reasonably practicable. If you opt out of receiving marketing emails from us, we may still send you important administrative messages, from which you cannot opt out.
Special Notice for California Residents: Customers who reside in California and have provided their Personal Data to us can request, once per calendar year, information about our sharing of certain categories of Personal Data to third parties and within METAXA HOSPITALITY GROUP, for their direct marketing purposes. Such requests should be submitted to us firstname.lastname@example.org or:
METAXA HOSPITALITY GROUP 28A Alex. Papanastasiou, Heraklion 713 06, Crete, Greece
We will provide a list of the categories of Personal Data disclosed to third parties for their direct marketing purposes during the immediately preceding calendar year, along with the names and addresses of these third parties. We reserve our right not to respond to requests submitted to addresses other than the addresses specified in this paragraph.
How You Can exercise your rights and submit complaints
If you would like to review, correct, update, suppress, restrict or delete Personal Data that you have previously provided to us, or if you would like to receive an electronic copy of your Personal Data for purposes of transmitting it to another company (to the extent this right to data portability is provided to you by law), you can contact us at email@example.com or by mail:
METAXA HOSPITALITY GROUP 28A Alex. Papanastasiou, Heraklion 713 06, Crete, Greece
In your request, please make clear what Personal Data you would like to have changed, whether you would like to have your Personal Data suppressed from our database, or other limitations you would like to put on our use of your Personal Data. For your protection, we only fulfill requests for the Personal Data associated with the particular email address that you use to send us your request, and we may need to verify your identity before fulfilling your request. We will try to comply with your request as soon as reasonably practicable.
Please note that we often need to retain certain data for recordkeeping purposes and/or to complete any transactions that you began prior to requesting a change or deletion (e.g., when you make a purchase or reservation, or enter a promotion, you may not be able to change or delete the Personal Data provided until after the completion of such purchase, reservation, or promotion). There may also be residual data that will remain within our databases and other records, which will not be removed. In addition, there may be certain data that we may not allow you to review for legal, security or other reasons.
Any refusal of the Company or any unjustified delay in responding to your requests following the exercise of your rights, shall give you the right to recourse to the Hellenic Data Protection Authority as the competent supervisor for the application of the GDPR.
In any case, you reserve the right to submit a complaint to the competent supervisory authority, if you consider that your personal data processing infringes the current applicable legislation. For more information, please visit www.dpa.gr
We take reasonable measures to ensure that your personal information will be stored no longer than needed for the purpose for which it has been collected and no longer than required by the contract or the applicable legislation.
The criteria used to determine our retention periods include:
METAXA HOSPITALITY GROUP provides a global service. Sharing data cross-border is essential to the Services so that you receive the same high-quality service wherever you are in the world. By making a reservation, visiting or staying at a METAXA HOSPITALITY GROUP branded property or using any METAXA HOSPITALITY GROUP branded service, you understand that we might transfer your Personal Data globally, within the contest of the restrictions set out by applicable law.
The Company shall not transfer personal data to a third country or an international organisation unless it is expressly authorized by you to do so.
A transfer of personal data to a third country or an international organisation may take place where the Commission has decided that the third country, a territory or one or more specified sectors within that third country, or the international organisation in question ensures an adequate level of protection. Such a transfer shall not require any specific authorisation.
In the absence of a decision pursuant to Article 45(3) of GDPR, the company may transfer personal data to a third country or an international organisation only if the company has provided appropriate safeguards, and on condition that enforceable data subject rights and effective legal remedies for data subjects are available (article 46 GDPR).
The appropriate safeguards referred to in the previous paragraph may be provided for, without requiring any specific authorisation from a supervisory authority, by:
Transfers should only be allowed where the conditions of Regulation GDPR for a transfer to third countries are met.
Updates to This Privacy Statement
The “LAST UPDATED” legend at the top of this page indicates when this Privacy Statement was last revised. Any changes will become effective when we post the revised Privacy Statement on the Online Services. Your use of the Services following these changes means that you accept the revised Privacy Statement. If you would like to review the version of the Privacy Statement that was effective immediately prior to this revision, please contact us at (email)
At METAXA HOSPITALITY GROUP, we respect your privacy and want to provide you with information and choices. The options provided below allow you to express your preferences: what and how much you share with us and when and how you hear from us.
We want to learn what is relevant to you and ensure you have a personalized experience. As described earlier, we use digital tools like cookies and tags on our web pages. Cookies also help us provide, protect and improve our services.
To adjust your preferences, please visit our Cookie Settings page.
We want to engage with you in a way that is meaningful to you. We recognize that you may only want to hear from us in a limited way.
You may choose to unsubscribe from our newsletters by clicking the link at the bottom of one of our communications
*Please note that even if you choose to opt-out of communications with us, we will continue to send you transactional messages about your specific reservation or stay with us, such as pre-arrival, confirmation and guest satisfaction surveys.
If we intend to use your Personal Data for a purpose that is materially different from these purposes or if we intend to disclose it to a third party not previously identified, we will notify you and offer you the opportunity to opt-out of such uses and/or disclosures where it involves Personal Data or opt-in where Sensitive Personal Data is involved.
Disclosures to Service Providers
We sometimes contract with other companies and individuals to perform functions or services on our behalf such as spas and restaurants within our hotels, website hosting, data analysis, payment processing, order fulfillment, information technology and related infrastructure provision, customer service, email delivery, auditing and other services. They may have access to Personal Data needed to perform their functions but are restricted from using the Personal Data for purposes other than providing services for us or to us. METAXA HOSPITALITY GROUP requires that its Service Providers that have access to Personal Data received from the EEA and Switzerland provide the same level of protection as required by the Privacy Shield Principles. We are responsible for ensuring that our Service Providers process the Personal Data in a manner consistent with our obligations under the Principles.
We use reasonable physical, electronic, and administrative safeguards to protect your Personal Data from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into account the nature of the Personal Data and the risks involved in processing that information, according to the provisions of the General Data Protection Regulation (EU) 2016/679 which entered into force on 25/05/2018, (the “GDPR”) as currently applicable.
Data Integrity and Purpose Limitation
We limit the collection and use of Personal Data to the information that is relevant for the purposes of processing and will not process Personal Data in a way that is incompatible with the purposes for which the information has been collected or subsequently authorized by you. We take reasonable steps to ensure the Personal Data is reliable for its intended use, accurate, complete, and current to the extent necessary for the purposes for which we use the Personal Data.
Exercise your right towards your Personal Data -
You can ask to review, get a copy, correct, object to the process of your personal data, transfer to another controller, object to the process of your data or delete Personal Data that we maintain about you by sending a written request to firstname.lastname@example.org
You will receive a response from us within 30 days from the receipt of your request. In case, we will need more time to respond to you (up to 2 more months), we will contact you to communicate to you the reason of the delay.
METAXA HOSPITALITY GROUP
,28A Alex. Papanastasiou, Heraklion 713 06, Crete, Greece
Tel: +30 2810 300 520
Fax: +30 2810 300 523
This Policy may be changed from time to time, consistent with the requirements of the Privacy Shield. You can determine when this Policy was last revised by referring to the "LAST UPDATED" legend at the top of this page. Any changes to our Policy will become effective upon our posting of the revised Policy on the Site.