Controllers as well as Processors are all the hotel companies of Mitsis Group of Companies, which are:
1) XENODOXEIA ELLADOS - MITSIS COMPANY SA, Kiotari, 85109, Genadi, Rhodes, Greece;
2) Κ. MITSIS X.Τ.Ε. S.A., 12, Filotheis Street, Galatsi, 11147, Athens, Greece;
3) FALIRAKI Α.X.Ε., Faliraki, 85100, Rhodes, Dodecanese, Greece;
4) THOLARI S.A., 12, Filotheis Street, Galatsi, 11147, Athens, Greece;
5) DIAGORAS Α.X.Ε., Faliraki, 85100, Rhodes, Greece;
6) PANEVROPA Α.X.Ε., Panagia Anissaras, 70014, Anissaras Chersonisou, Heraklion, Crete, Greece;
7) XENODOCHIAKES & TOURISTIKES EPICHIRISEIS KORALI S.A., 28, G Papanikolaou Street, 85100, Rhodes, Dodecanese Greece;
8) GRAND HOTEL SUMMER PALACE S.A., 1, Akti Miaouli Street & Papanikolaou Street, 85100, Rhodes, Dodecanese, Greece;
9) GALINI X.T.E.E. S.A., 5, G. Vasiliadi Street, 35008, Kamena Vourla Fthiotidas, Greece;
10) CRETAN HOTELS MITSIS COMPANY S.A., 12, Filotheis Street, Galatsi, 11147, Athens, Greece; and
11) K.MITSIS FILOXENIA S.A., 12, Filotheis Street, Galatsi, 11147, Athens, Greece, which, also, acts as the primary Processor for Mitsis Group of Companies.
We are committed in preserving the privacy of all visitors to https://www.mitsis.com (our “Website”) and in protecting any personal information that you may provide to us.
1. INFORMATION & PERSONAL DATA WE COLLECT
1.1. We may collect personal information about you when you use our website or our accommodation services and in any other way you may otherwise interact with us. The information we collect falls into the following categories: (a) information you provide us either during the process of booking accommodation services and checking in our hotels or through our website or other promotion and marketing methods; (b) information we collect through automated methods; and (c) information we collect from other sources.
1.2. We may combine the information you provide us with information collected through automated methods or with information we receive from other sources.
1.3. We collect information you provide us. You may provide the following information to us:
1.3.1. Personal data and details you provide us in the Registration Form during your check in at one of our hotels or any other type of personal data, which you provide to us, when you choose to communicate with us or use our services, such as personal details, your name, postal and email addresses, phone number, date of birth and other contact information, identity card or passport number, check in and check out information, payment methods and any other relevant information;
1.3.2. Personal details, such as your name, postal and email addresses, phone number, date of birth and other contact information, when you register with our Website and/or our Mobile Application, log-in to Wi-Fi, enter one of our competitions or contact us by phone or through our online services;
1.3.3. Transaction, information, including information about the services you book, prices, method of payment and payment details;
1.3.4. Account information, such as your username or password (or anything else that identifies you) used to access our online services or to buy or use our products and services;
1.3.5. Email and other contact details following your consent;
1.3.6. Profile information and preferences, after your prior consent, including products and services you like, the time you prefer to visit us, room preferences, bathroom preferences, food and beverages preferences, newspapers and other magazine preferances or any other preferences accruing from your conduct, comments, choices and recommendations during your past stays in any hotel of Mitsis Group of Companies as well as purchase histories and records, activities information, membership in loyalty or recognition programs and any other source of information legally collected by third parties or according to your approval and during your stay in any of our hotels; and
1.3.7. Other personal information you choose to give us when you interact with us.
1.4. We collect information through automated methods. In this context, we may use automated technology to collect information from your computer system or mobile device when you visit our restaurants, use our online services or in-restaurant technology. Automated technology may include cookies, local shared objects, and web beacons. There is more information below about cookies and other technologies.
1.5. We may collect information about your:
(a) internet protocol (IP) address;
(b) computer or mobile-device operating system and browser type;
(c) type of mobile device and its settings;
(d) unique device identifier (UDID) or mobile equipment identifier (MEID) for your mobile device;
(e) device and component serial numbers;
(f) advertising identifiers (for example, IDFAs and IFAs) or similar identifiers;
(g) referring website (a site that has led you to ours) or application;
(h) online activity on other websites, applications, or social media;
(i) communications to us or regarding us on social media; and
(j) activity related to how you use our online services, such as the pages you visit on our sites or in our mobile apps.
1.6. Our Website may collect information about the exact location of your mobile device or computer using geolocation and technology such as GPS, Wi-Fi, Bluetooth or cell tower proximity. For most mobile devices and computer systems, you are able to withdraw your permission for us to collect this information by using the device or web-browser settings. If you have any questions about how to prevent us from collecting exact information about your location, we recommend you contact your mobile-device service provider, the device manufacturer or your web-browser provider. Our Website may not work properly without information about your location. If you would like us to delete information we have collected, which could identify your location, please contact us at the address, phone number or email address below.
1.7. We may collect information about you from other companies and organizations as well as partners or suppliers of services, such as information transmitted from third parties, like tour operators, travel agents, either online or operating in any other form, reservation systems, platforms, suppliers of services and any other way. We may also collect information that is publicly available. For example, we may collect information about you when you interact with us through social media.
3. PURPOSE & USE OF THE INFORMATION & PERSONAL DATA
3.1. We use information collected, stored and processed about you in the following ways:
3.1.1. In order to provide our services to our Guests and for administration & business purposes.
In order to manage your reservation and accommodation request, Mitsis Group of Companies will collect, use, share, transfer, process and store the personal data you provide to us. This processing is necessary for the performance of our obligations towards our Customers, to provide you with information or services and in order to communicate with you, either following your request or otherwise required to do so. In addition, we will use your personal data, in order to provide our services to you and receive payment for such services, for internal Customer administration as well as business purposes, in order to provide you with the information or services you have requested and to improve our services, products or procedures or adapt them, as possibly practicable, to your needs.
3.1.2. For Marketing Communications.
With your consent, we may collect, use, share, transfer, process and store your personal data in order to communicate with you with regard to newsletters, promotions and featured specials, as well as other marketing material, messages and dedicated offers. You can withdraw your consent at any time by following the opt-out instructions in the marketing communications we send you. You can also withdraw your consent by contacting us at the contact details of our DPO ([email protected]). If you do opt out of receiving marketing communications from us, we may still send communications to you about your transactions.
3.1.3. In order to operate our Website.
We will process your personal information in order to ensure that content from our website is presented in the most effective manner for you and for your computer as well as for marketing and promotion of our services and products or services of third parties. Additionally, we may process your personal information, so as to allow you to participate in interactive features of our Website, when you choose to do so or to notify you about changes to our Website.
3.1.4. Legislation Compliance and the protection of our interests.
We may use your information, in order to comply with our legal obligations, according to applicable legislation or to disclose your personal data as necessary to comply with the applicable laws and regulations, such as our obligation to collect personal data of our Guests according to Police Directives, to process and store accounting documents and files, to respond to requests from governmental, judicial or any other competent authority, to protect our business, to bring or defend legal claims, to protect the rights, interests, safety and security of our organization, our employees, guests, visitors or any third party, in connection with investigating fraud or other crime or violations of applicable laws, as well as to respond to an emergency.
3.1.5. Handling consumer complaints.
We will use your personal data in order to reply to any customer complaint as well as to defend any hotel or the Mitsis Group of Companies and present our case in any Court or administrative authority in relation to any such customer complaint.
3.1.6. Preferences & Profile.
With your consent, the Mitsis Group of Companies will collect, use, share, transfer, process and store your personal data, in order to provide you with unique experiences, improved and personalized services, when you visit our hotels in the future, according to your preferences and your profile, to customize our commercial offers and promotional messages, inform you on special offers and new services created to satisfy your personal needs, promote brands, gain a better understanding of your requirements and wishes and adapt our products and services to better meet your needs and requirements. You can withdraw your consent at any time by contacting us at the contact details of our DPO ([email protected]).
3.1.7. Bad Behaviour of Guests.
For our group management and for administration purposes we may collect and process personal information of Customers or Guests that behaved inappropriatelly during their stay in our hotels or showed anti-social behaviour or non-compiance wtih safety regulations, were impeached for theft, damage of property or any other type or vandalism and any payment incidents. Such processing is necessary for the legitimate interests of our business and all members of our group, for the protection of our future Guests and our employees as well as in order to prevent fraud and the abuse of our property or staff.
3.1.8. Securing Payments.
We may adopt systems that would assess the risk of fraud. In this context, we may use risk prevention service providers or systems for analysis and depending on their results and investigations we may need to take security measures, such as recommending different booking channels or requiring alternative payment methods. Non compliance could lead to suspending the execution of a booking or cancelling an order. In case of fraudulent use of any means of payment or methods of payment, leading to payment default or fraud and despite any other actions in law that may be available, the Mitsis Group of Companies may retain such incident data in file, so as to block future fraud or avoidance of payments and carry out additional checks. Such processing is essential and necessary, in order to protect our legitimate interests, operate our business properly, prevent fraud and file appropriate legal actions.
3.1.9. Extreme circumstances & public health.
3.1.10. For the operation of our Concierge platform.
3.2. We may, also, use your data or permit selected third parties to use your data, so as to provide you with information about goods and services, which may be of interest to you and we or they may contact you about these. We do not disclose information about identifiable individuals to our advertisers, but we may provide them with aggregated information about our users. We may make use of the personal data we have collected from you to enable us to comply with our advertisers’ wishes by displaying their advertisement to targeted audience.
3.3. In order to meet your special requirements, such as dietary requirements, we may have to collect sensitive information, such as information concerning race, ethnicity, political opinions, religious and philosophical beliefs, union membership, or details of health, medical information or sexual orientation. In this case, we will only process this data, if you provide your express prior consent.
4. WHERE WE STORE YOUR PERSONAL DATA
4.1. As a principle, data collected from you shall not be transferred to and stored at a destination outside the European Economic Area (“EEA”).
4.2. In certain cases, your personal data may be shared with our service providers, vendors or partners, which may be based anywhere in the world, including countries that may not offer the same legal protection for personal data as your country of residence. The Mitsis Group of Companies comply with the EU Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 as well as the Greek Data Protection Legislation and has concluded respective Data Protection Agreements with such service providers, vendors or partners, in order to protect and safeguard your personal data and ensure, as technically and practically feasible, adequate level of protection by such third parties for your personal data. In any case, the Mitsis Group of Companies will only share your Personal Data under a strict ”need to know” basis and under appropriate contractual restrictions (such as EU Standard Contract Clauses).
4.3. All information provided to us is stored on our secure servers. Any payment transactions will be encrypted.
4.4. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website, you are responsible for keeping this password confidential. We ask you not to share your password with any third party.
5. INFORMATION SECURITY
The Mitsis Group of Companies have established a strict and very elaborate security system, adopt security procedures and measures and take appropriate technical and organizational measures, in accordance to legal provisions and market standards, so as to protect your personal data, avoid, as technically feasible, any security or personal data breach or security incident and prevent the illicit or accidental destruction, alteration or loss, misuse, unauthorized access, modification or disclosure of any personal data stored and processed in our systems. However, the transmission of information through the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorized access and use, indicatively physical security, technical measures, firewalls, organizational measures, password systems and any other reasonably protective measure.
6. RETENTION OF PERSONAL INFORMATION
7. DISCLOSURE OF YOUR INFORMATION
7.3. In addition, K.MITSIS FILOXENIA S.A., a member of the Mitsis Group of Companies, is, also, our primary Processor, providing direct sales, marketing and other administrative, support and consulting services to all members of the Mitsis Group of Companies. In this context, your personal data will be disclosed and processed by K.MITSIS FILOXENIA S.A. on behalf of any member, company and hotel of the Mitsis Group of Companies.
7.4. Furthermore, we rely on third parties to provide services and products to you and may share your personal information with them as appropriate and necessary for the provision of our services, such as indicatively food and beverages, transportation, IT, wifi and network services, bank details, credit card issuers, tour operators and other partners or vendors. We will, also, share your personal data with such third party vendors who provide services to us, such as fulfilling orders, providing data processing and other information technology services, managing promotions, contests, prize draws and sweepstakes, carrying out research and analysis and personalizing individual customer experiences. All such third parties are contractually obligated to protect your personal data and information in accordance to the Data Protection Legislation and may not otherwise use or share your personal data and information, except as may be required by law or our contracts and data protection agreements. We do not allow those service providers to use this information or to share it for any purpose other than to provide services to us or on our behalf.
7.5. We may, for strategic or other business reasons, decide to sell or transfer all or part of our business. As part of that sale or transfer, we may disclose information we have collected and stored, including customer information, to anyone involved in that sale or transfer.
7.6. There may be times where we may share information when it does not directly identify you. For example, we may share anonymous, aggregated statistics about your use of our Website. We may, also, combine information about you with other customers and share or process in any other way this information in a way that does not identify you.
7.7. We have the right to use or share information as necessary to comply with any law, regulation or legal request, to protect our Website, to bring or defend legal claims, to protect the rights, interests, safety and security of our organization, our Customers and Guests and our employees or users of the Website or in connection with investigating fraud or other crime, or violations of our policies.
7.8. In certain cases that you order services from third parties, such as through our concierge internet platform, we may provide to such third parties your information or personal data, needed for them, so as to make a reservation, conclude an agreement with you, assess their fees and charges and in general provide to you the services promised by them. Those third parties are obliged to inform you of such disclosure of your personal data and information to them and receive your consent, before we provide them with the relevant information and data.
8. YOUR RIGHTS
8.1. Under the Data Protection Legislation you have the right to request access to the personal data we hold about you, such as to be informed, upon your request, whether your personal data are subject to processing and to receive further information on such processing, including information on eventual transfers of personal data outside the EU and the appropriate or suitable safeguards we have in place for such transfer. As long as the requirements under the Data Protection Legislation are met, you may also request the correction of any inaccurate information we hold about you or the deletion of the same or restriction of the processing concerning your personal data. If such a request places us or our affiliates in breach of our obligations under any applicable laws, regulations or codes of practice, then we may not be able to comply with your request but you may still be able to request that we block the use of your personal information for further processing. You may also have a right to data portability to another data controller under certain circumstances and as long as this would be technically and economically feasible. You may withdraw your consent at any time. The withdrawal of your consent will not affect the lawfulness of processing based on consent before its withdrawal. You may also launch a complaint with the competent Data Protection Supervisory Authority (www.dpa.gr), if you feel that the processing contravenes the law.
9. LINKS TO OTHER WEBSITES AND SOCIAL MEDIA
9.1. Our Website may, from time to time, contain links to and from the websites of our partner networks, and advertisers or any third party. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies or any processing taking place by such third parties. Please check these policies, before you submit any personal data to these websites.
9.2. We may, also, have providers of other applications, tools, widgets and plug-ins on our online services, such as Facebook “Like” buttons, which may also use automated methods to collect information about how you use these features. These organizations may use your information in line with their own policies, which we recommend that you read carefully.
11. HOW TO CONTACT US
In order to protect confidentiality and your personal data we may request that you provide us with identification credentials, before responding to your request. Particularly, if we have reasonable doubts about your true identity, we may ask to provide us with a copy of your police identification or passport or information relating to your stay in our hotels, such as registration number, booking confirmation, check in and check out dates or other useful information. If such information is not provided, we may refuse to provide an answer to your request.
12. LAW & JURISDICTION
Last Updated Version: 01/11/2023