This Statement is made by GATSBY Athens to inform you about policies and practices with respect to the collection, use, retention, and access of personal data.
_What we collect_.
When you register to make a reservation or use our services and upon your check-in, we may ask you to provide certain personal data.
Personal Data is information that may identify you as an individual or relate to you as an identifiable individual:
- Name / Postal address / Telephone number / Email address
- Credit & debit card number or other payment data
- Date and place of birth / Important dates: birthdays, anniversaries and special occasions
- Nationality, passport, visa or other government-issued identification data
- Social media account ID, profile photo and other data publicly available, or data made available by linking your social media and loyalty accounts
If you choose to share the specific data with us, we will also know your preferences regarding the type of room, the type of bed and other related information. Further, special discounts linked to details, such as age, are provided in the context of specific promotional actions. In such cases, so that we may check that you eligible for the discount, we will record your date of birth at the time of the booking, always on the condition that you will consent thereto. For the same reason, on arrival you may be asked to produce an official identity document, ID card, passport, etc. that mentions your date of birth.
_What we do with the information we gather_.
In accordance with the existing legal framework, personal data collected by GATSBY Athens are used for the following processing purposes:
- To manage the booking of rooms as well as any other hosting service
- To manage the relationship with you before, during and after your stay at the hotel.
- For marketing purposes
- To support business processes
- To improve our hotel services
- To improve system security
Specifically, according to the provisions of the General Data Protection Regulation for the Data Protection of natural persons (EU 679/2016), as a subject of personal data processing you preserve the following rights:
- The right to be informed, announced and briefed about exercising your rights (Art. 12, 13, 14 GDPR), meaning your right to be informed on how your personal data are used (as it is thoroughly done in the present Briefing).
- The right to access the personal data that concern you and if Gatsby processes them, as a Data Controller (Art. 15 GDPR). Gatsby will provide a copy of the personal data after a relevant request is made from you.
- The right to rectify inaccurate data as well as to add data when they are incomplete (article 16 GDPR).
- The right to erase your personal data (“The right to be forgotten”), subject to the obligations and legal rights of Gatsby over their preservation according to the current legislative and regulatory provisions (Art. 17 GDPR).
- The right to restrict the processing of your personal data if, either their accuracy is doubted, or the processing is illegal, or they lack the purpose of processing but their erasure is not applicable (Art. 18 GDPR).
- The right to transfer your personal data to another Data Controller (data portability), if the processing is based on you consent and is conducted with automated means or to execute the contract between us (Art. 20 GDPR).
- The right to object for reasons that concern your special condition in case your data are being processed for purposes of Gatsby’s legitimate interest (Art. 21 GDPR) and especially to object to the automated decision-making (Art. 22 GDPR).
- The right to withdraw the already given consent (article 7 GDPR) at any time, for processing conducted based on the consent. The legitimacy of the processing of your data is not influenced by the withdrawal of your consent up to the point you requested the withdrawal.
You may direct all questions or requests regarding the protection of your personal data kept by Gatsby to the following e-mail address: firstname.lastname@example.org
In any case, if you believe that your privacy is violated in any way, you have the right to lodge a complaint with the Hellenic Data Protection Authority, using the following contact details: Website: www.dpa.gr, Postal address: 1-3 Kifisias Ave., 115 23 Athens, Switchboard: +30 210 6475600, Fax: +30 210 6475628, E-mail: email@example.com.