PERSONAL DATA PROTECTION POLICY
This website recognizes and respects the right to protect the personal data of internet users (European Regulation 2016/679 and Law 3471/2006). Every visitor to this website must carefully read the terms and conditions for the protection of their personal data.
This website does not collect data other than what is voluntarily provided by visitors to our website through the contact form in case the visitor wants to contact us.
What is personal data?
According to the law, it is any information that concerns an identified or identifiable natural person (“data subject”), such as name, e-mail address, VAT number, etc. Identifiable is defined as a natural person whose identity can be ascertained, directly or indirectly, in particular by reference to an identification element, such as a name, an identification number, location data, an online identifier (IP address, e-mail, etc. .) or to one or more factors that characterize his physical, physiological, genetic, psychological, economic, cultural or social identity.
What personal data do we collect and for what purpose
The Company ensures the legitimate and legal collection and processing of personal data. When completing and submitting the electronic contact form or expression of interest form, which may be available on the Website, the user fills in their name and email address. No other data is stored to determine the physical, physiological, genetic, psychological, economic, cultural or social identity of the visitor.
In addition, cookies are collected, to the processing of which you need to give your consent when navigating the website.
Data retention time
The personal data concerning the visitors of the Website and/or users of our electronic services are collected and kept for the absolutely necessary time and then deleted.
Data Security
To protect the personal data of our website users and visitors, we use a secure connection (https://) and data security measures to prevent the risk of loss, misuse, unauthorized access and disclosure of your personal information.
Your rights
Regarding the protection of your personal data, you have the following rights:
- a) right of access, i.e. the right to be informed if personal data concerning you is being processed,
- b) right of rectification, i.e. the right to request the correction of inaccurate personal data,
- c) right to erasure, i.e. the right to request the erasure of personal data concerning you,
- d) right to limit the processing when the accuracy of the data is disputed, is illegal or for other reasons
- e) right to portability, i.e. the right to request to receive the data concerning you in a structured, commonly used and machine-readable format, as well as to transmit said data to another controller and
- f) right to object to the processing of your personal data, unless there are compelling and legitimate reasons for the processing that override your interests, rights and freedoms.
To exercise your rights, you can email us here:
Linking to third-party websites
Any interconnection of the Website through special hyperlinks (links, hyperlinks, banners) with any other website of third parties does not imply that the Company assumes any responsibility for the policy followed on this website regarding the protection and management of personal data . The Subjects should ensure that they themselves are informed about the protection and management of their data from the above websites.
Right of termination
In the event that the Subject considers that the protection of his personal data is affected in any way, he can appeal to the Personal Data Protection Authority, at the postal address Personal Data Protection Authority, Offices: Kifisias 1-3, P.O. 115 23, Athens, phone 210 6475628, e-mail contact@dpa.gr
Information on the processing of personal data through
closed-circuit video surveillance system
- Data Controller
The data controller responsible for the processing of the data collected through the
closed-circuit video surveillance system is Mr. Panagiotis Stamatelopoulos, Filiatra
Messinias, P.C. 24300, telephone number +30 6972941100.
2.. Purpose of processing and legal basis
We use a surveillance system for the sole purpose of protecting persons and goods.
The processing is necessary for legitimate interests pursued by us as the data
controller (Article 6(1) GDPR).
- Analysis of legitimate interests
Our legitimate interest consists in the need to protect our premises and the goods
located there from illegal acts, such as theft. The same applies to the security of the
life, physical integrity, health, and property of our staff and third parties lawfully
present in the premises. We only collect image data and limit collection to the exterior
of the Hotel, so as not to unduly infringe and restrict the privacy of the persons whose
image is taken, including their right to respect for their personal data.
- Recipients
The material held, is accessible only by our authorized personnel who are
responsible for the security of the site. This material is not transmitted to third parties,
except for the following cases: a) to the competent judicial, prosecutorial and police
authorities when it contains data necessary for the investigation of a criminal offence
involving persons or goods of the data controller, b) to the competent judicial,
prosecutorial and police authorities when they request data, lawfully, in the exercise
of their duties, and c) to the victim or perpetrator of a criminal offence, when it
concerns data which may constitute evidence of a criminal offence.
- Time of retention
We keep the data for seven (7) days, after which they are automatically deleted. If
during this period we detect an incident, we isolate part of the video and keep it for
up to one (1) month, to investigate the incident and initiate legal proceedings to
defend our legitimate interests, whereas if the incident concerns a third party, we will
keep the video for up to three (3) months.
- Rights of data subjects
Data subjects have the following rights:
– Right of access: you have the right to know whether we are processing your image
and, if so, to receive a copy of it.
– Right to restriction: you have the right to ask us to restrict processing, such as not
deleting data that you consider necessary for the establishment, exercise, or
maintenance of legal claims.
– Right to object: you have the right to object to processing.
– Right to erasure: you have the right to request that we erase your data.
You can exercise your rights by sending an e-mail to info@mastresidences.com or a
letter to our postal address or by submitting the request to us in person at the Hotel's
address. For us to consider a request related to your image, you will need to identify
approximately when you were in the range of the cameras and provide us with an
image of you to help us identify your data and to help us conceal the data of third
parties depicted. Alternatively, you may visit our premises to show you the images
you appear in. We also point out that exercising the right to object or erasure does
not imply the immediate deletion of data or modification of processing. In any case,
we will reply to you in detail as soon as possible, within the time limits set by the
GDPR.
- Right to file a complaint
If you believe that the processing of your data infringes Regulation (EU) 2016/679,
you have the right to file a complaint to the supervisory authority. The competent
supervisory authority for Greece is the Data Protection Authority, Kifissia 1-3, 115 23,
Athens, Greece, https://www.dpa.gr , tel. 2106475600.