1. INTRODUCTION – IDENTIFICATION.
Holder: ENORME MK HOTELS P.C. (hereinafter, “EH”).
TAX ID No.: EL 800 802 115
Registered office: 81 Chandakos & Sofokli Venizelou str, 71202 Heraklion Crete, Greece
Data Protection Officer (DPO): The User may contact the DPO through the following email address: firstname.lastname@example.org, or by writing to the address of EH marked for the attention of the “Data Protection Officer”.
2. INFORMATION AND CONSENT
3. OBLIGATORY NATURE OF PROVIDING THE DATA.
The data requested in the forms accessible from the EH Website are, in general, mandatory (unless specified otherwise in the required field) to meet the stated purposes. Accordingly, if they are not provided or are not provided correctly, we will be unable to process the request.
4. PURPOSES & DURATION OF PROCESS THE USER’S PERSONAL DATA
Depending on the User’s requests, the personal data collected will be processed by EH in accordance with the following purposes:
To manage the bookings made, including payment management (where applicable) and the management of the user’s requests and preferences.
To manage the subscription to the newsletter and subsequent sending of this.
To manage the User’s contact requests with EH through the channels provided to this end.
To manage the sending of personalized commercial communications of Enorme Group, by electronic and/or conventional means, in cases in which the User expressly consents.
To manage the provision of the contracted accommodation service, as well as additional services.
To manage surveys and/or evaluations regarding the quality of the services provided by EH and/or the perception of its image as a company.
The User’s data will be kept for the period required to fulfil each purpose or until the User requests their withdrawal from EH, opposes or revokes their consent.
5. USER DATA PROCESS
EH may process the following categories of data, depending on the request made by the User:
Identification data: name, surname(s)
Contact details: Postal address, mobile telephone number, email address.
Data corresponding to the loyalty program.
User ID codes or passwords
Personal data: date of birth, gender, nationality.
Details of preferences.
Card data, required for payment of the booking or to guarantee the same as well as to pay for the stay or the services associated with it.
In the event of registration and/or access through a third-party account, EH may collect and access certain information of the User’s profile from the corresponding social network, solely for internal administrative purposes and/or for the purposes indicated above.
6. LEGITIMATION FOR THE PROCESSING OF YOUR DATA
The data processing required in fulfilment of the aforementioned purposes that require the User’s consent cannot be undertaken without said consent.
Likewise, in the event that the User withdraws their consent to any of the processing, this will not affect the legality of the processing carried out previously.
To revoke such consent, the User may contact EH through the following channels: By means of a letter addressed to ENORME MK HOTELS, P.C., 81 Chandakos str, 71202 Heraklion Crete, Greece or by means of an email sent to email@example.com, in both cases with the Reference “Data Protection”.
By the same token, in those cases in which it is necessary to process the User’s data for the fulfilment of a legal obligation or for the execution of the existing contractual relationship between EH and the User, the processing would be legitimized as it is necessary for compliance with said purposes. Elsewhere, the processing undertaken in the performance of surveys and/or evaluations regarding the quality of the services provided by EH and/or the perception of its image as a company will be carried out on the basis of the legitimate interest of the data controller.
7. RECIPIENTS OF THE USER’S DATA
The User’s data may be disclosed to:
Operators of hotels managed by EH or under a franchise agreement, solely for internal administrative purposes and/or for the purposes indicated above.
Suppliers of EH or of the hotel operators necessary for the adequate fulfilment of the legal obligations and/or the purposes previously indicated.
Public Administrations, in the cases provided for under Law.
The recipients indicated in this section may be located within or outside the European Economic Area, in the latter case international data transfers must be duly legitimated.
8. USER’S RESPONSIBILITY
Guarantees that they are of legal age or legally emancipated, where applicable, fully capable, and that the information furnished to EH is true, accurate, complete and up-to-date. For these purposes, the User is responsible for the truthfulness of all the data communicated and will keep the information updated, so that said data reflects their actual situation.
Guarantees that he/she has informed third parties on whose behalf he/she has provided data, where applicable, of the aspects contained in this document. Also guarantees that he/she has obtained the third party’s authorization to provide their data to EH for the purposes indicated.
Will be responsible for false or inaccurate information provided through the Website and for damages, whether direct or indirect, that this may cause to EH or third parties.
9. COMMERCIAL AND PROMOTIONAL COMMUNICATIONS.
One of the purposes for which EH processes the User’s data will be for the sending of commercial communications, through electronic and/or conventional means, with information concerning products, services, promotions, offers, events or relevant news for Users. Whenever any communication of this type is made, it will be sent solely and exclusively to those Users who have authorized its reception and/or who have not previously expressed their refusal to receive them.
To carry out the foregoing task, EH may analyze the data obtained in order to create user profiles that allow a more detailed definition of the products that may be of interest.
In the event that the User wishes to stop receiving commercial or promotional communications from EH, he/she may request cancellation of the service by sending an email to the following email address: firstname.lastname@example.org, as well as indicating their wish not to receive them through the withdrawal option provided in each of the commercial communications sent.
10. GEOLOCATION DATA
Some of the Enorme Hotels website functionalities allow geolocation of the device (Tablet, Smartphone, etc.) on which it is installed.
The User may disable this option directly on the device itself; however, disabling this option may prevent the use of some of the website features.
11. USE OF RIGHTS
The User may send a letter to ENORME MK HOTELS, P.C., 81 Chandakos str, 71202 Heraklion Crete, Greece, or through an email to the address email@example.com, in both cases with the Reference “Data Protection”, and attaching a photocopy of the current ID document or passport, at any time free of charge, to:
Revocation of consent granted.
To obtain confirmation about whether or not personal data concerning the User is being processed at EH.
To access their personal details.
To rectify any inaccurate or incomplete data.
To request the deletion of their personal data when, among other reasons, the data are no longer necessary for the purposes for which they were collected.
To obtain from EH the limitation of data processing when any of the conditions provided in the data protection regulations are met.
To get human intervention, to express your point of view and to challenge the automated decisions adopted by EH.
To request the portability of your data.
Likewise, the user is informed that at any time he/she may file a complaint regarding the protection of their personal data before the competent Control Authority.
12. SECURITY MEASURES
EH will process the User’s data at all times in an absolute confidential way and maintaining the mandatory duty to secrecy with regard to said data, in accordance with the provisions set out in applicable regulations, and to this end adopting the measures of a technical and organisational nature required to guarantee the security of their data and prevent them from being altered, lost, processed or accessed illegally, depending on the state of the technology, the nature of the stored data and the risks to which they are exposed.
Last update: 12 September 2018