Privacy Policy

Privacy Policy

Who we are?
PHAOS SANTORINI SUITES, located in Santorini, Imerovigli, VAT 801390292, operates in the field of hotel business and tourism.

Contact Us:
PHAOS SANTORINI SUITES
Postal Address
Imerovigli, Santorini
PC: 84700
Phone: +30 2286 021 112
Email: info@phaos-santorini.com

1. Information about the collection of your personal data
In compliance with the General Data Protection Regulation (GDPR) and relevant national and European legislation, we process your personal data to fulfill our contractual obligations, improve user experience, and ensure compliance with legal requirements.
Your data is used solely for the conclusion and execution of our contract, shared with affiliated companies for communication purposes, and stored securely. We do not sell or trade your data, and we do not make automated decisions or conduct profiling.

2. Collection and use of personal data
When you submit a query or request through our website’s contact form, we collect your name, telephone number, and email address. This information is utilized to respond to your inquiry and provide details about our services. Access to this data is granted to our authorized personnel and the advertising andcommunications company we collaborate with, both committed to ensuring the security of your data throughmodern processing and technical measures.
We retain your data for up to one year after resolving your query or request, unless ongoing communication is required due to the nature of your request or for service-related purposes. Additionally, the Company reserves the right to retain historical correspondence as long as necessary for exercising its rights. When you make a booking on our website, we collect your name, surname, email address, credit card details (number, name, expiry date, and security code), and optionally, your phone number, country, postal address, city/region, county/state, postal code, company/organization, and purpose of travel. This data is retained for one year for contract preparation and execution.

Data recipients
Your data is processed by the booking system management company. We retain necessary data following the execution of our contract, strictly complying with tax laws and other applicable provisions.

Newsletter subscription
For newsletter subscriptions, where you receive our news and offers, we collect your email address. You can opt-out of these messages at any time.
Your data is processed by our newsletter dispatch platform provider, with whom we collaborate to ensure data security according to modern processing and technical standards.

Obligation to provide correct personal information
The personal data you provide is essential for us to fulfill our obligations to you, including contacting you about your requests, fulfilling bookings, invoicing, responding to inquiries, and sending newsletters. You must provide accurate, truthful, and up-to-date information. Any subsequent changes must be promptly communicated in writing. Failure to provide correct or updated information leading to non-compliance with our contractual or legal obligations absolves the Company of responsibility.
Each user is solely responsible for the accuracy, truthfulness, and updating of their provided data. Our Company does not verify user-supplied data and thus cannot be held responsible for inaccuracies.

3. Engaging with social networks
Our website offers users the option to connect and interact with various social networks or websites based
on their own initiative. Please note that in such cases, the Company holds no responsibility for the processing of personal data conducted by these networks. To exercise your rights as per the law, users must directly contact these networks. We manage our Facebook and Instagram accounts internally, without any third-party involvement. The data we collect from you, whether anonymized or not, serves the purpose of updating you about our services and communicating with you in response to the messages you send us.

Your legal basis for data processing: Consent
By liking or following our pages, you provide your consent. You can easily withdraw this consent in the same manner (by unliking or unfollowing). If you participate in a contest via Facebook or Instagram and emerge as the winner, your details will be announced through our Business account. Our staff member will then reach out to you to collect the necessary information for arranging the redemption of your prize.

4. Rights of the data subject
Right to Access (Article 15 GDPR)
You have the right to request copies of your personal data at any time, with a few exceptions. Specifically, you have the right to receive:
(a) Confirmation regarding the processing of your data, and (b) A copy of this data (refer to Articles 12, 15 GDPR).
You can exercise this right free of charge in writing by emailing us at gdpr@archipelagos.gr. A reasonable fee may be applicable if your request is unfounded, excessive, or if a large number of copies are requested.

Right to rectification (Article 16 GDPR)
You can request the correction of inaccurate data or completion of incomplete data. Please email us atinfo@phaos-santorini.com to exercise this right in writing.Right to Access (Article 15 GDPR)Right to erasure (‘Right to be forgotten’) (Article 17 GDPR)
You can request the deletion of your personal data under specific circumstances outlined in Article 17 of the Regulation.

Right to restrict processing (Article 18 GDPR)
.You can ask for processing limitations under certain conditions:  transparent;(a) When the accuracy of personal data is contested by the data subject, allowing time for verification; (b) When processing is unlawful, but the data subject opposes data deletion and requests restriction instead; (c) When the controller no longer needs personal data for processing, but the data subject requires it to establish, exercise, or defend legal claims; (d) When the data subject has objected to processing under Article 21(1), pending the verification of whether the controller’s legitimate grounds override the data subject’s objections.
When processing is restricted, personal data, other than storage, shall only be processed with the data subject’s consent, for legal claims, or significant public interest reasons.

Obligation to notify about corrections, deletions, or restrictions (Article 19 GDPR)
PHOAS SANTORINI SUITES will notify any recipient of your personal data about corrections, deletions, or processing restrictions, unless it proves impracticable or disproportionate. We will also inform you of these recipients upon request.

Right to data portability (Article 20 GDPR)
You have the right to receive your personal data in a structured, commonly used, and machine-readable format, as well as the right to transmit this data to another controller without objection if the processing is based on consent or a contract and carried out by automated means.

Right to Object (Article 21 GDPR)
You can object to the processing of your personal data based on Article 6(1)(e) or (f), including profiling based on these provisions, for reasons related to your particular situation.

Right to withdraw consent (Article 7 Requirements for Consent)
You can withdraw your consent at any time without affecting the legality of the processing based on consent before its withdrawal.

5. Exercise of rights
If you wish to request your personal data or exercise any of the rights mentioned above, in accordance with the terms and conditions outlined by the GDPR, please feel free to reach out to us via email at info@phaos-santorini.com.

6. Contact details of the data protection officer
For questions about data processing, contact our Data Protection Officer at info@phaos-santorini.com.

7. Compliance time
We respond to your requests within one month. If complex, this period may extend by two months. We  promptly notify you of any data breaches that may affect your rights and freedoms.

8. Personal data breaches
In the event of any breach compromising your personal data, our company is committed to promptly informing you. Your rights and freedoms are of utmost importance, and we take swift action to safeguard them.

9. Right to lodge a complaint with HDPA
Should there be any violation of the regulations stated in Regulation 2016/679, you hold the right to file a complaint with the appropriate supervisory http://www.dpa.gr/.

10. Privacy policy updates
This Privacy Policy is regularly reviewed and updated as required. We encourage you to visit our sitefrequently to stay informed about any changes. If there arises a need to process your personal data for apurpose different from the original collection, we will reach out to you, furnish the necessary details, andseek your consent if applicable. Your understanding and cooperation are greatly appreciated.