Effective Date: May 2018
This Privacy Statement applies to www.palazzovecchio.gr owned and operated by Palazzo Vecchio Exclusive Residence (firm name I. Apostolakis AXTE), called "the hotel" bellow. This Privacy Statement describes how we collect and use the information, which may include personal data, you provide on our website: www.palazzovecchio.gr. It also describes the choices available to you regarding our use of your personal data and how you can access and update this data.
The types of personal data that we collect include:
- Your first name, last name, email address, phone number, and home address;
- Credit card details (type of card, credit card number, name on card, expiration date, and security code);
- Guest stay data, including date of arrival and departure, special requests made, observations about your service preferences (including room preferences, facilities, or any other services used);
- Data you provide regarding your marketing preferences or in the course of participating in surveys, contests, or promotional offers;
You may always choose what personal data (if any) you want to provide to us. However, if you choose not to provide certain details, some of your transactions with us may be impacted.
Data We Collect Automatically
When using our website, we also collect information automatically, some of which may be personal data. This includes data such as language settings, IP address, location, device settings, device OS, log information, time of usage, URL requested, status report, user agent (information about the browser version), operating system, result (viewer or booker), browsing history, user Booking ID, and type of data viewed. We may also collect data automatically through cookies.
We use your personal data for the following purposes:
- A. Reservations: We use your personal data to complete and administer your online reservation.
- B. Customer Service: We use your personal data to provide customer service.
- C. Guest Reviews: We may use your contact data to invite you by email to write a guest review after your stay. This can help other travelers to pick the accommodations that suits them best. If you submit a guest review, your review may be published on our website.
- D. Marketing Activities: We also use your data for marketing activities, as permitted by law. Where we use your personal data for direct marketing purposes (e.g. commercial newsletters and marketing communications on new products and services or other offers we think may be of interest to you), we include an unsubscribe link that you can use if you do not want us to send messages in the future.
- E. Other Communications: There may be other times when we contact you by email, mail, phone, or texting, depending on the contact data you share with us. There could be a number of reasons for this:
- a. We may need to respond to and handle requests you've made.
- b. If you haven't finalized a reservation, we may email you a reminder to continue with your reservation. We believe this additional service is useful to you because it allows you to carry on with a reservation without having to search for the accommodation again or filling in all the reservation details from scratch.
- c. When you use our services, we may send you a questionnaire or invite you to provide a review about your experience with us. We believe this additional service is useful to you and to us, as we will be able to improve our services based on your feedback.
- F. Analytics, Improvements, and Research: We use personal data to conduct research and analysis. We may involve a third party to do this on our behalf. We may share or disclose the results of such research (including to third-parties) in anonymous, aggregated form. We use your personal data for analytical purposes to improve our services, enhance the user experience, and improve the functionality and quality of our services.
- G. Security, Fraud Detection, and Prevention: We use the information, which may include personal data, in order to prevent fraud and other illegal or infringing activities. We also use this information to investigate and detect fraud. We can use personal data for risk assessment and security purposes, including the authentication of users. For these purposes, personal data may be shared with third parties, such as law enforcement authorities as permitted by applicable law and external advisers.
- H. Legal and Compliance: In certain cases, we need to use the information provided, which may include personal data, to handle and resolve legal disputes or complaints, for regulatory investigations and compliance, or to enforce agreement(s), or to comply with lawful requests from law enforcement insofar as it is required by law.
- If we use automated means to process personal data which produces legal effects or significantly affects you, we will implement suitable measures to safeguard your rights and freedoms, including the right to obtain human intervention.
- In view of purposes A and B, we rely on the performance of a contract: The use of your data may be necessary to perform the contract that you have with us. For example, if you use our services and make a reservation, we will use your data to carry out our obligation to complete and administer that reservation under the contract that we have with you and to issue the legal receipt for your stay, which also will contain your personal data and will be held from our accounting for the legal period for such a document.
- In view of purposes C - H, we rely on its legitimate interests: We use your data for our legitimate interests, such as providing you with the best appropriate content for the website, emails, and newsletters to improve and promote our products, services in the hotel, as well as for administrative, fraud detection, and legal purposes. When using personal data to serve our legitimate interests, we will always balance your rights and interests in the protection of your information against our rights and interests.
- In respect of purpose H, we also rely, where applicable, on our obligation to comply with applicable law.
- Where needed under applicable law, we will obtain your consent prior to processing your personal data for direct marketing purposes.
If you want to object to the processing set out under C-F and there's no opt-out mechanism available to you directly, to the extent applicable, please contact firstname.lastname@example.org .
International Data Transfers
We observe reasonable procedures to prevent unauthorized access to, and the misuse of information, including personal data. We use appropriate business systems and procedures to protect and safeguard information including personal data. We also use security procedures, technical, and physical restrictions for accessing and using the personal data on our servers. Only authorized personnel are permitted to access personal data in the course of their work.
This Cookie Notice applies to www.palazzovecchio.gr owned and operated by Palazzo Vecchio Hotel and describes how we use personal data collected through Cookies and other techniques including pixels on our website www.palazzovecchio.gr ('Site').
When entering the Site or viewing our targeted advertisements, we automatically collect data using Cookies.
The types of information that we collect through Cookies include IP address; device ID; viewed pages; browsing information; browser type; operating system; internet service provider; timestamp; the referring URL; and location data depending on the device you use.
More information on Cookies: Cookies are small bits of electronic information that a website sends to a visitor’s browser and are stored on the visitor’s hard drive. We place Cookies on your computer if you visit our website. If you are concerned about having Cookies on your device, you can set your browser to refuse all Cookies or to indicate when a cookie is being set, allowing you to decide whether to accept it. You can also delete Cookies from your device. However, if you choose to block or delete Cookies, certain features of the websites you visit may not operate correctly.
More information on pixel tags: Pixels (also known as 'web beacons' or 'clear gifs') are electronic files that usually consist of a single-pixel image and can be embedded in a web page or in an email to send information, such as a newsletter. We may use pixels to place or recognise a Cookie on your device if you use our services.
Third-party Cookies: We allow certain third parties to place Cookies. If you have questions about which Cookies are used and which parties place such Cookies, please contact us using the contact details set out below.
We use your information, including personal data, collected through Cookies for the following purposes:
- C. Providing targeted advertisements: We use information that we collect through Cookies to pursue our legitimate interests by providing targeted advertising. Where necessary, we will obtain prior consent before Cookies are placed for this purpose. If consent is given, you can withdraw it at all times. Moreover, you can object to our processing of your personal data for advertising purposes at all times.
- D. Market research: We use information that we collect through Cookies to pursue our legitimate interests to engage in market research (such as the analysis of market segmentation or trends, preferences and behaviours, research about products or services, or the effectiveness of marketing or advertising) or product development (such as the analysis of the characteristics of a market segment or group of customers or the performance of our Site, in order to improve our Site).
- WebHotelier: Your personal data may be shared with BM Severality Consulting Ltd., located at 9 Mnasiadou str., 1065 Nicosia, Cyprus, the company which operates our booking engine WebHotelier. This data may include your name, your contact details, your payment details, the names of guests traveling with you, and any preferences you specified when making a booking.
- PrimalRES: Your personal data may be shared with PrimalRes Technologies Ltd., located at 9 Mnasiadou str., 1065 Nicosia, Cyprus, the company which operates our channel manager PrimalRES. This data may include your name, your contact details, your payment details, the names of guests traveling with you, and any preferences you specified when making a booking.
- Competent authorities: We disclose personal data to law enforcement and other governmental authorities insofar as it is required by law or is strictly necessary for the prevention, detection or prosecution of criminal acts and fraud.
We will retain your information, which may include personal data, for as long as we deem it necessary to provide services to you, comply with applicable laws, resolve disputes with any parties, and otherwise as necessary to allow us to conduct our business, including to detect and prevent fraud or other illegal activities. All personal data we retain will be subject to this Privacy Pollicy. The minimum period to hold all the personal data collected from you during a reservation process is the PCI compliant minimum of 12 months from the date of your payment, departure, invoicing or cancellation, whichever comes last. If you have a question about a specific retention period for certain types of personal data we process about you, contact us using the contact details included below.
In relation to data retention of Cookies, there is a difference between session Cookies and permanent Cookies. Session Cookies only exist until you close your browser. Permanent Cookies have a longer lifespan and are not automatically deleted once you close your browser. We strive to serve Cookies or allow the serving of Cookies with a maximum lifespan of 5 years. Only in exceptional circumstances, such as for security purposes (such as fraud detection) and where absolutely necessary, will a Cookie have a longer lifespan. If you have questions about specific retention periods, please contact us via the contact details included below.
Your Choices and Rights
We want you to be in control of how your personal data is used by us. You can do this in the following ways:
- You can ask us for a copy of the personal data we hold about you;
- You can inform us of any changes to your personal data, or you can ask us to correct any of the personal data we hold about you;
- In certain situations, you can ask us to erase, block, or restrict the processing of the personal data we hold about you, or object to particular ways in which we are using your personal data; and
- In certain situations, you can also ask us to send the personal data you've given us to a third party.
Where we are using your personal data on the basis of your consent, you are entitled to withdraw that consent at any time subject to applicable law. Moreover, where we process your personal data based on legitimate interest or the public interest, you have the right to object at any time to that use of your personal data, subject to applicable law. If you wish to remove any part of the data about you ar all of it from our data archive, please contact us with a request, according to REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR - General Data Protection Regulation) at email@example.com and we will do so in accordance with the applicable law.
We rely on you to ensure that your personal data is complete, accurate, and current. Be sure to inform us as soon as possible regarding any changes to or inaccuracies in your personal data by contacting firstname.lastname@example.org . We will handle your request in accordance with the applicable law.
Questions or Complaints
If you have questions or concerns about our processing of your personal data, or if you want to exercise any of the rights you have under this notice, you are welcome to contact us at email@example.com . You may also contact your local data protection authority with questions and complaints.