For the purposes of General Data Protection Regulation (“GDPR”) (EU) 2016/679, our company – “EVOIKOS S.A.” (registered at Al. Panagouli St. 64, Nea Ionia, Attica), with Tax Registration No. 998644914 – operating the Holistic Wellbeing Destination Spa, in Mystras, is the Data Controller.
Data collected and processed
- Personal information (e.g. your name, email address, residence) that you provide us, so as to communicate with you and send you newsletters, offers, announcements and other advertising materials by means of direct messages (form of newsletter subscription).
- Personal information (e.g. your name, email address, telephone number, residence) that you provide us, so as to communicate with you and reply to your individual messages or requests (contact form).
- Personal information (e.g. your name, email address, telephone number, residence) that you provide us, so as to participate in an event or contest held by us.
- Personal information (e.g. your name, email address, telephone number CV, text, job position) that you provide us, so as to apply for a job (career form).
Special Categories of Personal Data
We do not collect data as described in article 9 of the General Data Protection Regulation (“GDPR”) (EU) 2016/679. The User may, on his initiative, provide us with such personal data in the field of unspecified text. However, we ask that you do not send us, unless specifically asked, any sensitive Personal Data (e.g. data related to racial or ethnic origin, political opinions, religion, ideological or other beliefs, health, biometrics or genetic characteristics, criminal background, trade union membership, or administrative or criminal proceedings and sanctions).
Use of Services by Minors
Individuals under the age of sixteen (16) cannot provide us with personal data or consent to the processing of personal data. Therefore, only their legal guardian can provide consent on their behalf for the processing of personal data.
Purpose of processing personal data
Depending on the User’s requests, the personal data collected will be processed in accordance with the following purposes:
- To send you our newsletter, offers, announcements and other direct advertising and informative material concerning the activities and services of the Holistic Wellbeing Destination Spa.
- To reply to your request or message.
- To allow your participation in a contest or event held by us.
- To examine your job application.
Generally, the criteria used to determine our data retention periods include:
The length of time we have had an ongoing relationship with you and provided services to you.
- Whether there is a legal obligation to which we are subject (for example, legal obligation to keep accounting records of transactions for a certain period of time before we can delete them)
- Whether retention is advisable considering our legal position (such as, for statutes of limitations, litigation or regulatory investigations).
- Withdrawal of consent.
Legitimate interest for processing your data
We will only process your personal data, if at least one of the following conditions applies:
- You have given your consent to the processing of your personal data for one or more specific purpose (e.g. for marketing purposes and subscribing to receive newsletters)
- Processing is necessary for the performance of a contract with you, or in order to take steps at your request prior to entering into a contract (e.g. to make a reservation and provide the products and services you request)
- Processing is necessary for compliance with a legal obligation (e.g. sharing your personal data with regulatory authorities)
- Processing is necessary in order to protect your vital interests or those of another natural person (e.g. in an emergency, an incident, illness or accident)
- Processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data (e.g. when it is necessary to protect our property or establish, exercise or defend legal claims)
- The data processing required in the fulfillment of the aforementioned purposes that require the User’s consent cannot be undertaken without said consent. Likewise, in the event that the User withdraws their consent to any of the processing, this will not affect the legality of the processing carried out previously. To revoke such consent, the User may contact us through the appropriate channels, by sending us a letter to the following address: firstname.lastname@example.org. As far as the newsletter subscription is concerned, you may revoke your consent by clicking on the unsubscribe link or following the opt-out instructions included in the messages sent to you by us.
We will use and disclose personal data only if necessary or appropriate according to applicable law. For example:
- To comply with applicable law, including laws outside your country of residence
- To comply with legal process
- To respond to requests from public and government authorities, including authorities outside your country of residence and to meet national security or law enforcement requirements
- To allow us to pursue available remedies or limit the damages that we may sustain
Transfer of personal data
We only share your personal data when this is necessary so as to conduct our business or to fulfill an obligation imposed by law. We may share your information with: i) Our third-party partners, service providers, tour operators, suppliers, bankers and retail partners exclusively to the extent that is necessary for the purposes of operating and providing you with the products and services that you have requested; ii) Professional advisors and auditors for the purpose of meeting our audit and tax responsibilities; iii) Any third party in order to meet our legal and regulatory obligations, including statutory or regulatory reporting or the detection or prevention of unlawful acts, tax, regulatory or other public authorities.
When we share personal data with other organizations and third-parties, we ensure that they keep them safe. Third parties are authorized to retain these data for the purposes listed above and are not allowed to use your personal data for other purposes. Such sharing or transfer of personal data will be protected by appropriate measures (e.g. appropriate contractual clauses, data processing contracts, intra-group disclosures of personal data, etc.). If the recipient operates outside the EEA, appropriate protections will be put in place to make sure your personal data remains adequately protected including appropriate contract clauses, such as standard contract clauses approved by the European Commission. We may transfer your personal information to our data processor(s) and/or sub-processor(s) based in the EEA, for the purposes described in this policy. If we do this, your personal information will continue to be subject to appropriate safeguards set out in the law. All our data processors act on our behalf on the basis of legal agreement and provide for the safety of your personal data.
The User guarantees that they are of legal age and fully capable, and that the information furnished to us is true, accurate, complete and up-to-date. For these purposes, the User is responsible for the truthfulness of all the data communicated and is expected to keep the information updated, so that the given data reflects their actual situation. The User will be responsible for false or inaccurate information provided through the website and for damages, whether direct or indirect, that this may cause to us or third parties.
Exercise of User’s Rights
The User may contact us at any time, so as to exercise his rights. The User can send us a letter to email@example.com, so as:
- To obtain confirmation about whether or not personal data concerning the User are being processed by us
- To access their personal details
- To rectify any inaccurate or incomplete data
- To request the deletion of their personal data when, among other reasons, the data are no longer necessary for the purposes for which they were collected
- To state or confirm revocation of consent
- To obtain from us the limitation of data processing, when any of the conditions provided in the data protection regulations are met
- To request the portability of data
The User will be appropriately informed by us about his request 30 days after receipt of the request made. Likewise, the User is informed that, at any time, he may file a complaint, regarding the protection of their personal data, before the competent Hellenic Data Protection Authority (www.dpa.gr).
We will process the User’s data at all times in an absolute confidential way, maintaining the mandatory duty to secrecy with regard to the data, in accordance with the provisions set out in applicable regulations. We adopt the measures of a technical and organizational nature required to guarantee the security of data and prevent them from being altered, lost, processed or accessed illegally, depending on the state of the technology, the nature of the stored data and the risks to which they are exposed.
A cookie is a small piece of information sent by a web server to a web browser, which enables the server to collect information from the browser. Cookies collect information about your use of our websites, including things like your connection speed, details of your operating system, the time and duration of your visit and your IP address. We use this information to identify you when you visit the website and to improve your browsing experience. We use either of these two types of cookie for the following purposes: i) To enhance the performance of the website: These cookies collect information about how you use the website, for instance which pages you go to most often, and those pages where you experience an error message. These cookies don’t collect information about you – all the information collected is anonymous and is only used to improve how the website works. ii) To improve the functionality of the website: These cookies are used to provide services or to remember settings that you saved to improve your visit to the website. For example, when you fill in a form with your name or other details, these cookies remember that, so you don’t have to type it in each time you come back. You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies (such as restricting third party cookies for instance). However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of the site and the functionality of the site may be impaired.
Third party links
Our website contains links to websites owned and operated by third parties. If you use these links, you leave our website. These links are provided only for your information and convenience. We have no control over the contents of any linked website and we are not responsible for these websites or their content or availability. We make no warranties or representations, express or implied about such linked websites, the third parties they are owned and operated by, the information contained on them or the suitability or quality of any of their products or services. If you decide to access any third party websites and make use of the information contained on them, or enter into any contract with these parties, you do so entirely at your own risk. We accept no liability for any damage or loss, however caused, in connection with the use of or reliance on any information, material, products or services contained on or accessed through any such linked website.
By requesting our services, you agree to our privacy practices as set out in this privacy statement. We may change this policy from time to time. You should check this policy frequently to ensure you are aware of the most recent version.