SkySea Resort places great importance on the privacy and personal data protection of its visitors/users. It is duly noted that personal data comprise, with respect to the relevant legislation (General Data Protection Regulation 2016/679/EU) only the information relating to an identified or – based on specific attributes – identifiable natural person(data subject). Information relating to legal entities and groups of persons or information of a statistical nature, from which traceability to an identified or identifiable natural person in not possible, do not fall under this data category and are exempt from the scope of implementation of the relevant legislation.
This personal data protection policy is entirely compatible with the European Regulation on the protection of natural persons with regard to the processing of personal data (EU/2016/679) and the relevant Greek Legislation.
In the following terms you will find important information with regard to the nature, the purpose of use and the protection of your personal data, but also your rights as subjects with respect to this data. For any clarifications, you may contact the SkySea Resort at email@example.com
• Data Controller: SkySea Resort is the Data Controller of personal data.
• Collected personal data: During your visit on our website, you are not obliged to provide us with your personal information. The sole cases in which we request your consent to the collection of your personal data are:
1. When you fill in the electronic contact form. In this case, we request the following information:
Name and Surname (required)
SkySea Resort keeps a dedicated webpage in social network platforms, such as Facebook, Instagram and YouTube. You may contact the administrators of each of our hotel’s websites via messaging. In the event that the administrator of each page receives messages that contain personal data of natural persons, these are handled by us as strictly confidential and their use serves exclusively the purpose of communicating with us and upon fulfilment of the purpose for which they have been collected, they are deleted.
• Purpose and principles of personal data collection: SkySea Resort collects and processes its visitors’/users’ personal data solely and exclusively for the fulfilment of its purposes and services and, more precisely, the advancement of its communication with you within the scope of the rendering of our services, as well as for marketing purposes. Processing is limited to personal data which is necessary and appropriate for the fulfilment of the purposes and functionality of its node. Processing is subject to the rules of the General Data Protection Regulation and the relevant European Union legislation, to the Greek legislation and to the relevant international conventions and treaties.
• Use of collected personal data: The personal data collected through the contact platform available on our website, as well as any other data that may be sent to us via the profiles that we maintain in various social media systems are used solely for the fulfilment of communication purposes with you and for the better rendering of services to you. Cookies used during navigation on our website are utilised for the purpose of traffic analysis of our website, as well as for the better understanding of your preferences and the display of relevant advertisements in third-party websites. No further processing, forwarding or exchange of such data is carried out. In any event, for the aforementioned use of your personal data, your prior relevant consent is asked beforehand.
• Cookies Policy: During navigation on this website, SkySea Resort may collect user identification data using all relevant technologies, such as cookies and/or monitoring of Internet Protocol addresses (IP). Cookies are small text strings sent to the browsing application by a website visited by the user. Cookies are used to expedite the website in storing information relevant to the user’s visit, such as e.g. your preferred language, the storing of your preferences, with respect to safe browsing, the calculation of user traffic or the expedited registration to our services.
• Transmission/Notification of data to third parties: Personal data collected may be notified or passed over to third parties, in the even that this is mandated by lawful obligations or is necessary for the fulfilment of purposes and services on the website, on condition that relevant legislation is respected. We may assign to physical or legal entities the carrying out of certain services and functionalities of the website, such as the carrying out of linear reservations. These entities are only provided with such personal data as are necessary for the fulfilment of the assigned services and all entities involved are legally bound to us by confidentiality and the safe processing of your personal data.
• Your rights with respect to data processing that pertain to you: In accordance to provisions of the General Data Protection Regulation 679/2016/EU, you have the right, both during collection of your personal data and at a later time, to be informed of any processing taking place of your data pertinent to you, for the purpose of this, as well as any notification/transmission to third parties and of the identity of said parties (information and access right). You also have the right to ask for the amendment, updating or even the deletion of your personal data such as we keep a record of. Additionally, you have the right of limiting data processing as well as the right to an opposition procedure.
For information about the exercise of your legal rights, you may contact the Data Protection Administrator at firstname.lastname@example.org and we will expedite the exercise of the aforementioned rights. If, nevertheless, you may consider that the issue of your contention has not been resolved by us, you reserve the right to address the competent supervisory authority (for Greece, www.dpa.gr, where all relevant information may be retrieved).
• Confidentiality and security: Personal data collected by us within the scope of the website’s functionality are solely necessary for the purposes of our communication with you. They are strictly confidential and are kept on record solely for the uses of said communication. Access to the data is allowed only to a few executives of SkySea Resort, who are bound by confidentiality. In addition, we maintain adequate security systems and take all relevant, appropriate and necessary precautionary and recording measures, so as to avoid any security breach of personal data (leakage, disclosure, unauthorised access) of our systems.
Contact: If you have any queries with regard to this personal data protection policy you may contact the Data Protection Administrator at email@example.com
Information on the processing of personal data through a video surveillance system (Closed – circuit TV)
Profitis Ilias, 37002, Skiathos,
2. Purpose of processing and legal basis:
We use a surveillance system for the purpose of protecting persons and goods. Processing is necessary for the purposes of legal interests that we seek as controller (Article 6 par.1 of regulation (EU) 1493/1999. – GDPR).
3. Analysis of legal interests
Our legitimate interest is to protect our area and the goods in our property from illegal acts, such as theft. The same applies to the safety of life, physical integrity, health as well as the property of our staff and customers and visitors who are legally located in the supervised area. We only collect image data and limit reception in areas where we have assessed that there is an increased likelihood of committing illegal acts e.g. theft, such as in entrances, parking lots, perimeters, reception areas, our coffers and floors towards elevators, without focusing on areas where the privacy of the persons whose image is taken may be excessively restricted, including their right to respect for personal data.
The material must be accessed only by our competent / authorized personnel in charge for the security of the site. This material shall not be transmitted to third parties, except in the following cases: (a) to the competent judicial, prosecutorial and police authorities where it contains information necessary for the investigation of a criminal offence involving persons or goods of the controller, (b) to the competent judicial, prosecutorial and police authorities when requesting data, lawfully, in the performance of their duties, and (c) to the victim or perpetrator of an offence, in the case of data which may constitute evidence of the offence.
5. Maintenance time
We keep the data for seven (7) days, after which they are automatically deleted. In the event that we find an incident during this time, we isolate part of the video and keep it for up to one (1) month, with a view to investigating the incident and initiating legal proceedings to defend our legal interests, while if the incident concerns a third party we will observe the video for up to three (3) months more.
6. Rights of data subjects
Data subjects have the following permissions:
• Right of access: you have the right to know if we are editing your image and, if applicable, to obtain a copy of it.
• Right of limitation: you have the right to ask us to restrict processing, such as not to delete data that you consider necessary to establish, exercise or support legal claims.
• Right to object: you have the right to object to processing.
• Right to delete: you have the right to request that we delete your data.
You can exercise your rights by sending – to firstname.lastname@example.org or a letter to our postal address or by submitting the request to us in person, to the address of the Resort. Alternatively, we give you the opportunity to come to our facilities to show you the images you appear in. We also note that the exercise of a right of objection or deletion does not entail the immediate deletion of data or the modification of the processing. In any case, we will reply in detail as soon as possible, within the deadlines set by the GDPR.
7. Right to lodge a complaint
In case you consider that the processing of your data violates Regulation (EU) 2016/679, you have the right to lodge a complaint with a supervisory https://www.dpa.gr/, tel. 0030-210.6475600.