This Privacy Policy for “Storytellers by Mitsis” together with the Terms of Use for “Storytellers by Mitsis” and our group Privacy Policy (published in https://www.mitsis.com/en/privacy-policy) provide information and explain the way our group of companies, Mitsis Group of Companies (hereinafter “Mitsis Group of Companies” or “we” or “us”) process the personal data of the members of “Storytellers by Mitsis” (hereinafter “Customer/s”, “Guest/s”, “Members” or “you”) and sets out the basis on which any personal data we collect from you, or that you provide to us as part of your membership in “Storytellers by Mitsis”, will be processed by us and your rights as data subjects. Please read the following carefully, in order to understand our views and practices regarding your personal data and how we will treat them. By subscribing to “Storytellers by Mitsis” and providing your personal information to us, you will be asked to read and accept this Privacy Policy and agree that we may collect, use, disclose and process your Personal Data as described in this Privacy Policy. If you do not agree you are asked to refrain from subscribing with “Storytellers by Mitsis”.
Definitions included in this Privacy Policy shall have the meaning assigned to them in the EU Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016, which together with Greek Law and the regulatory framework applicable in Greece shall constitute the Data Protection Legislation.
Controllers as well as Processors are all the hotel companies of the Mitsis Group of Companies, which are:
1) XENODOXEIA ELLADOS - MITSIS COMPANY SA, Kiotari, 85109, Genadi, Rhodes, Greece;
2) Κ. MITSIS X.Τ.Ε. S.A., 12, Filotheis Street, Galatsi, 11147, Athens, Greece;
3) FALIRAKI Α.X.Ε., Faliraki, 85100, Rhodes, Dodecanese, Greece;
4) THOLARI S.A., 12, Filotheis Street, Galatsi, 11147, Athens, Greece;
5) DIAGORAS Α.X.Ε., Faliraki, 85100, Rhodes, Greece;
6) PANEVROPA Α.X.Ε., Panagia Anissaras, 70014, Anissaras Chersonisou, Heraklion, Crete, Greece;
7) XENODOCHIAKES & TOURISTIKES EPICHIRISEIS KORALI S.A., 28, G Papanikolaou Street, 85100, Rhodes, Dodecanese Greece;
8) GRAND HOTEL SUMMER PALACE S.A., 1, Akti Miaouli Street & Papanikolaou Street, 85100, Rhodes, Dodecanese, Greece
9) GALINI X.T.E.E. S.A., 5, G. Vasiliadi Street, 35008, Kamena Vourla Fthiotidas, Greece;
10) CRETAN HOTELS MITSIS COMPANY S.A., 12, Filotheis Street, Galatsi, 11147, Athens, Greece; and
11) K.MITSIS FILOXENIA S.A., 12, Filotheis Street, Galatsi, 11147, Athens, Greece, which, also, acts as the primary Processor for all Mitsis Group of Companies.
We are committed to preserving your privacy while we strive to offer you top quality services and experiences.
1. Legal Ground For The Processing Of Your Personal Data
1.1. By creating an account with “Storytellers by Mitsis” you acknowledge and agree that the Mitsis Group of Companies, as the Data Controller, will collect, process, and use your enrolment, participation and other related data as well as personal information to administer the “Storytellers by Mitsis”, analyse your travel and accommodation preferences within Hotels of the Mitsis Group of Companies, provide services and products, process reservations and other transactions following you request, provide customer service, better understand customer needs, enhance relationships, as well as for the other purposes detailed in our group Privacy Policy. As part of the “Storytellers by Mitsis” program, the Mitsis Group of Companies also inform members via email and occasionally, also via postal mail or telephone, about special and possibly, personalised individual offers, promotions, and surveys.
1.2. The processing of your Personal Data articulated in this Privacy Policy is carried out on the grounds of your consent. You may withdraw your consent at any time by contacting us at [email protected]. The withdrawal of your consent will not affect the lawfulness of processing based on consent before this withdrawal.
2. Types Of Personal Data Processed
2.1. When you sign up for “Storytellers by Mitsis” we will ask you to fill in the subscription form and provide us with certain personal data and information about yourself. We will also collect your Personal Data on various other occasions during your interaction with us and your stay at our hotels, including:
(a) Booking a room with us;
(b) making a reservation for special services through our concierge platform;
(c) Checking – in our hotels and paying;
(d) Using the facilities of our hotels during your stay;
(e) Lodging a request or complaint during your stay;
(f) Participation in customer surveys; and
(g) Subscribing to newsletters and other types of direct marketing communications.
2.2. In order to administer your subscription at “Storytellers by Mitsis” and to meet our obligations towards you, as a customer/guest of our hotels and our other products and services, we will collect the following information about you, including:
(a) Contact details (for example, first and last name, telephone number, email, nationality, gender, date of birth, address, language and other relative information);
(b) Information relating to your family, such as husband, wife, companion, children e.t.c. (for example, first name, date of birth and age);
(c) Information related to your reservation, stay or visit to a hotel;
(d) Participation in a “Storytellers by Mitsis” loyalty program;
(e) Information related to the purchase and receipt of products or services;
(f) Transaction and billing information, such as your payment card number and other card information;
(g) Guests as well as your preferences;
(h) Marketing and communication preferences;
(i) Groups with which you are associated for stays in our hotels;
(j) Third party services you may choose to receive through our concierge platform; and
(k) Other types of information that you choose to provide to us or that we may obtain about you.
2.3. The information collected in relation to children and minors is limited and can only be provided to us by their legal guardian and/or any person legally authorised to do so.
2.4. We may combine the information you provide us with information collected through automated methods, information we receive from other sources or any other lawfully collected information.
3. How We Use Your Personal Data
We use your Personal Data in a number of ways, including to provide and personalise services requested by yourself or that you expect from any hotel of the Mitsis Group of Companies, to offer you a top-level hospitality and experience in our facilities, in order to administer the “Storytellers by Mitsis” program and conduct direct marketing and sales promotions. In particular we shall use your Personal Data for the purposes of:
(a) Meeting our obligations to our customers and administering the “Storytellers by Mitsis”;
(b) Managing the reservation of rooms and accommodation requests;
(c) Managing your stay in our hotels;
(d) Improving our hotel services, especially processing your personal data in our customer marketing program, in order to carry out marketing operations and analysis, understand better your wishes, adapt our products and services to better meet your requirements, customise commercial offers and the promotional messages we send to you and inform you of special offers and any new services of the Mitsis Group of Companies;
(e) Managing our relationship with you as a customer before, during and after your stay in our hotels, especially: managing the “Storytellers by Mitsis” program; developing statistics and carrying out reporting; identifying and managing preferences of our customers; directly communicating with you for marketing purposes (newsletters, promotions and hotel offers), in order to conclude satisfaction surveys; to manage requests to unsubscribe from receiving communication from us; managing the data subject’s’ requests with regard to the processing of their personal data; analysing your Personal Data, in order to determine your interests and your customer profile and to allow us to send you personalised offers; and
(f) Conforming to local legislation (accounting, police, health & safety, food labelling, allergies and related issues or other obligations provided in applicable legislation).
4. Information Provided On Our Website
When you visit and interact with the Mitsis Group of Companies website (https://www.mitsis.com), we collect other information that may, directly or indirectly, identify you and your use of our website. Please refer to our group Privacy Policy (in https://www.mitsis.com/en/privacy-policy) and our Cookies Policy (in https://www.mitsis.com/en/cookie-policy) for additional and related information.
5. How We Share Your Personal Data
5.1 We do not sell your Personal Data. We share your Personal Data only as described in this Privacy Policy.
5.2. We will share your personal data and information within the companies, members of the Mitsis Group of Companies, which include all our hotels, our affiliates and our subsidiaries. All members of the Mitsis Group of Companies that receive information are not authorised to use or share the information, except as set out in this Privacy Policy. In this context, we provide access to authorised personnel from the Mitsis Group of Companies, including: Hotel staff; Reservation staff; IT departments; Marketing services and departments; Legal services if necessary as well as any other competent employee of the Mitsis Group of Companies, always on a “need to Know” basis, particularly for certain specific categories of personal data.
5.3. In addition, K.MITSIS FILOXENIA S.A., a member of the Mitsis Group of Companies, is also our primary Processor, providing direct sales, marketing and other administrative, support and consulting services to all members of the Mitsis Group of Companies. In this context, your personal data will be disclosed and processed by K.MITSIS FILOXENIA S.A. on behalf of any member of the Mitsis Group of Companies.
5.4. Furthermore, we rely on third parties to provide services and products to you and may share your personal information with them as appropriate and necessary for the provision of our services, such as food and beverages, transportation, IT, wifi and network services, bank details, credit card issuers, tour operators and other partners or vendors. We will, also, share your personal data with such third-party vendors who provide services to us, such as fulfilling orders, providing data processing and other information technology services, managing promotions, contests, prize draws and sweepstakes, carrying out research and analysis and personalising individual customer experiences. All such third parties are contractually obligated to protect your personal data and information according to the Data Protection Legislation and may not otherwise use or share your personal data and information, except as may be required by law or our contracts and data protection agreements. We do not allow those service providers to use this information or to share it for any purpose other than to provide services to us or on our behalf.
5.5. We may, for strategic or other business reasons, decide to sell or transfer all or part of our business. As part of that sale or transfer, we may pass information we have collected and stored, including customer information, to anyone involved in the sale or transfer.
5.6. There may be times where we may share information when it does not directly identify you. For example, we may share anonymous, aggregated statistics about your use of the “Storytellers by Mitsis”. We may, also, combine information about you with other customers and share or process in any other way this information in a way that does not link to a specific customer or identifies you.
5.7. We have the right to use or disclose Personal Data as necessary to comply with the applicable laws and regulations; to respond to requests from governmental, judicial and any other competent authority; to protect our business, to bring or defend legal claims, to protect the rights, interests, safety and security of our organisation, our employees, guests, visitors or members of the “ Storytellers by Mitsis”; or in connection with investigating fraud or other crime or violations of the applicable law; to respond to an emergency; to enforce the Terms of Use of “ Storytellers by Mitsis” (found in https://mitsis.com/en/storytellers-privacy-policy) and all other policies we have adopted and published in our website.
6. Marketing Communications
6.1. If you have agreed to receive marketing communications from us, you can opt-out at any time by following the opt-out instructions in the marketing communications we send you. You can also opt-out by contacting us at [email protected]. If you do opt out of receiving marketing communications from us, we may still send communications to you about your transactions, any accounts you have with us, and any contests, competitions, prize draws or sweepstakes you have entered or participated in. Opting out of one form of communication does not mean that you have opted out of all other forms of communication as well. For example, if you opt out of receiving marketing emails, you may still receive marketing text messages if you have requested so.
6.2. We do not share your Personal Data with third parties for their own direct marketing purposes, unless you give us your consent to do so. When we inform you accordingly and you provide your consent, we may share your Personal Data, according to your recommendations and instructions.
6.3. We keep your information for the length of time needed to carry out the purposes outlined in this Privacy Policy and in order to adhere to our policies and obligations for keeping records (unless a longer period is required by law).
6.4. You are in control of any personal information you provide to us as part of your subscription with “Storytellers by Mitsis”. If you would like to correct the personal information we retain, store and process about you, please contact us at [email protected].
7. Where We Store Your Personal Data
7.1. Your personal data and information collected from you shall not be transferred to, stored or processed outside the European Economic Area ('EEA').
7.2. In certain cases, your personal data may be shared with our service providers, vendors or partners, which may be based anywhere in the world, including countries that may not offer the same legal protection for personal data as your country of residence. The Mitsis Group of Companies comply with the EU Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 as well as the Greek Data Protection Legislation and has concluded respective Data Protection Agreements with such service providers, vendors or partners, in order to protect and safeguard your personal data and ensure, as technically and practically feasible, an adequate level of protection by such third parties for your personal data. In any case, the Mitsis Group of Companies will only share your Personal Data under a strict “need to know” basis and under appropriate contractual restrictions (such as the EU Standard Contract Clauses).
7.3. All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted.
7.4. Where we have given you (or where you have chosen) a password that enables you to access and log in to your account, you are responsible for keeping this password confidential. We ask you not to share your password with any third party.
8. Your Rights
8.1. Under the Data Protection Legislation you have the right to request access to the personal data we hold about you, i.e. to be informed upon your request whether your personal data are subject to processing and to receive further information on such processing, including information on eventual transfers of personal data outside the EU and the appropriate or suitable safeguards we have in place for such transfer. As long as the requirements under the applicable legislation are met, you may also request the correction of any inaccurate information we hold about you or the deletion of the same or restriction of the processing concerning your personal data. If such a request places us or our affiliates in breach of our obligations under applicable laws, regulations or codes of practice, then we may not be able to comply with your request but you may still be able to request that we block the use of your personal information for further processing. You may also have a right to data portability to another data controller under certain circumstances and as long as this would be technically and economically feasible. You may withdraw your consent at any time. The withdrawal of your consent will not affect the lawfulness of processing based on consent before its withdrawal. You may also launch a complaint with the competent Greek Data Protection Supervisory Authority if you feel that the processing contravenes the law.
8.2. If you would like to exercise your rights above or if you have any questions or concerns about our Privacy Policy, please contact us at [email protected].
9. Retaining Personal Data
9.1. We retain your Personal Data for the period necessary to fulfil the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by applicable law.
9.2. We will destroy your Personal Data as early as practicable and in a way that the information may not be restored or reconstructed. If printed on paper, your Personal Data will be destroyed in a secure manner, such as by cross-shredding or incinerating the paper documents or otherwise. If saved in electronic form, your personal information will be destroyed by technical means to ensure that such information may not be restored or reconstructed at a later time.
10. Information Security
10.1. The Mitsis Group of Companies have established a strict and very elaborate security system, adopt security procedures and measures and take appropriate technical and organisational measures, according to legal provisions and market standards, so as to protect your personal data, avoid, as technically feasible, any security or personal data breach or security incident and prevent the illicit or accidental destruction, alteration or loss, misuse, unauthorised access, modification or disclosure of any personal data stored and processed in our systems. In addition, we use strict procedures and security features to try to prevent unauthorised access and use, such as physical security, technical measures, firewalls, organisational measures, password systems, and any other reasonable protective measures. As such, our technical, administrative and physical procedures are designed to protect personal information from accidental, unlawful or unauthorised loss, access, disclosure, use, alteration, destruction or processing in general.
10.2. We also seek to require our affiliates and service providers with whom we share personal information to exercise reasonable efforts to maintain the confidentiality of personal information about you.
10.3. For online transactions, we use reasonable technological measures to protect the personal information that you transmit to us via our site. Unfortunately, however, no security system or system of transmitting data over the Internet can be guaranteed to be entirely secure. For your own privacy protection, please do not send payment card numbers or any other confidential personal information to us via email.
10.4. We will not contact you by mobile/text messaging or email to ask for your Personal Data or payment card details. We will only ask for payment card details by telephone when you are booking a reservation or promotional package. We will not contact you to ask for your “Storytellers by Mitsis” account log-in information and password. If you receive this type of request, you should not respond to it. We also ask that you immediately notify us at [email protected].
11. Communication With Us
11.1. The Mitsis Group of Companies have assigned a Data Protection Officer, who is responsible for overseeing their compliance with the Data Protection Legislation. If you have any concerns about the way in which your personal data is being used or processed by us or you are not satisfied, please contact our Data Protection Officer at: [email protected].
11.2. If you are not satisfied by our response you have the right to launch a formal complaint with the Greek Data Protection Authority.
12. Changes To Our Privacy Policy
This Privacy Policy is in effect as of the date indicated at the end of this document. We may change this Privacy Policy from time to time. If we do so, we will post the revised version here and change the “Last Updated Version” date (the date it applies from) at the end of this document. You should check this link regularly for the most up-to-date version of this Privacy Policy.
Privacy Policy for Storytellers by Mitsis - Last Updated Version 1st November 2023.
