Makedonia Palace Hotel Thessaloniki - Terms

PRIVACY POLICY

PERSONAL DATA PROTECTION POLICY (Annexes hereto: Cookies Policy, 2nd Level Notification on the processing of personal data through a video surveillance system, CV Policy)   This Policy was updated on 10/05/2021


Purpose of this policy

The protection of your personal data is very important to ‘MAKEDONIA PALACE S.A.’. This policy informs you about the personal data collection practices of ‘MAKEDONIA PALACE S.A.’ through its website, including the categories of data collected, retained and processed, the purpose of their collection, the categories of persons to whom your data are disclosed, as well as your rights. ‘MAKEDONIA PALACE S.A.’ makes every possible effort to protect your personal data, on the condition that the personal data you have provided are true and accurate. It also outlines certain security measures taken by the company in order to protect data confidentiality, and provides certain guarantees for things the company will not do.




Commitment of ‘MAKEDONIA PALACE S.A.’

We at ‘MAKEDONIA PALACE S.A.’ consider the protection of the privacy and data of our customers to be of the utmost importance and our are committed to providing them with personalised services that meet their requirements in a manner that safeguards their privacy. Your personal information (personal data) is used exclusively by ‘MAKEDONIA PALACE S.A.’  and its employees in order to respond to your requests and better serve you, in accordance with this policy. The persons who handle personal information are trained for using appropriate procedures. The representatives and service providers of ‘MAKEDONIA PALACE S.A.’ are required to keep your personal information private and not to use them for any purpose other than those serving the provision of specific services to us.

In addition, ‘MAKEDONIA PALACE S.A.’ may ask you in certain cases if we could share information with other reliable third parties. We will inform you when collecting such information if we expect this kind of information sharing with certain third parties. ‘MAKEDONIA PALACE S.A.’ will define the types of businesses at the relevant point of collection of the information, describe the type of information to be transmitted (such as your address or your e-mail address) and will transmit the data to the other parties only if you consent.




Legal and regulatory framework

The Société Anonyme under the name ‘MAKEDONIA PALACE SOCIÉTÉ ANONYME’, trading as ‘MAKEDONIA PALACE S.A.’, with registered offices in Thessaloniki (at 2, Megalou Alexandrou Street), Tel.: +302310897197, E-mail: info@makedoniapalace.gr), with the object of providing hotel services, collects and processes personal data in order to carry out its competences, process its electronic services and perform its legal obligations. For the purposes hereof, ‘MAKEDONIA PALACE S.A.’ shall be referred to as the “Controller” within the meaning of Article 4(7) of the General Data Protection Regulation.  The management and protection of the personal data of visitors/users of the website https://makedoniapalace.com owned by ‘MAKEDONIA PALACE S.A.’ are subject to these terms, as well as the relevant provisions of European Regulation 2016/679 on the Protection of Personal Data (GDPR) and Law 4624/2019. These terms are set out taking account of both the radical development of technology and particularly the Internet and the existing set of legal regulations regarding these issues. The website https://makedoniapalace.com shall not engage in any misuse without your prior approval, in conformity with the personal data protection principles laid down in the relevant laws and international conventions. The website https://makedoniapalace.com shall in no way disclose, make public or exchange the personal data and information you entrust to us. Furthermore, it shall not transmit users’ personal information and data, e-mail addresses and any other information, in general, regarding its users to any other organisation or associate not affiliated with the company.




What is “GDPR” - Applicable Legislation.

The GDPR (General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, hereinafter the “Regulation”) aims at the establishment of a single legislative framework for the processing of personal data in the EU member states and replaces the previous Legislation (Directive 95/46/ΕC). The protection of natural persons in relation to the processing of personal data is a fundamental right. Article 8(1) of the Charter of Fundamental Rights of the European Union (the ‘Charter’) and Article 16(1) of the Treaty on the Functioning of the European Union (TFEU) provide that everyone has the right to the protection of personal data concerning him or her. The Regulation shall be binding in its entirety and directly applicable in all Member States (i.e. no special adaptation of the national legislation is required, as per Article 83 of the Regulation).




What are personal data?

The term “personal data” refers to a natural person's information, such as their full name, postal address, e-mail address, telephone number, etc. that establish or may establish your identity, hereinafter referred to as “Personal Data or Data”.




What is the processing of personal data?

Any operation or set of operations performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.




Who is the Controller?

Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.




Who is the Processor?

A Processor is the natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.




Is it compulsory to provide your Data?

Providing your Data to ‘MAKEDONIA PALACE S.A.’ via this website may be necessary in order to achieve the goals set out in this Policy, or optional. If you refuse to provide the data marked as mandatory on the website (https://makedoniapalace.com), it will be impossible to achieve the main objective of collecting specific Data and, it could, for example, become impossible for ‘MAKEDONIA PALACE S.A.’ to provide the services available on the website (https://makedoniapalace.com). 




What type of data does ‘MAKEDONIA PALACE S.A.’ collect through this website?

Any  information within the meaning of personal data under the Personal Data Protection Regulation, the collection of which is not based on the law or the conclusion or performance of a contract, is collected by ‘MAKEDONIA PALACE S.A.’ through this website only in the event that you choose to expressly consent.




We collect the following personal data:

Identification Data:



Full name, nationality, identity card/passport number, date of birth, telephone number.




Contact Data:



Postal address, e-mail address, telephone number.




Transaction Data:



TIN, type, place, time of products or services provided.




Contractual relationship Data:



Contractual documents, information and consent forms, electronic statements of intention.




Transactional Behaviour Data:



Information concerning interests, preferences and participation in events, contests, surveys.




Health Data



Due to the COVID-19 pandemic, health data may be collected.




We do not collect or acquire any type of access to special categories of (“sensitive”) personal data (with the exception of the COVID-19 pandemic period due to strict instructions issued by the Ministry of Health) or data that concern criminal convictions and offences of our customers. Customers are obligated to abstain from providing such data that concern them or third data subjects (with the exception of the COVID-19 pandemic period due to strict instructions issued by the Ministry of Health). In the event that customers provide such data to ‘MAKEDONIA PALACE S.A.’, these data will be deleted as soon as we are made aware of them (with the exception of the COVID-19 pandemic period due to strict instructions issued by the Ministry of Health).  We at ‘MAKEDONIA PALACE S.A.’ shall bear no liability whatsoever towards customers or third parties for any provision and/or processing of sensitive data due to acts or omissions on the part of customers in breach of the above obligation. Visits to the website of ‘MAKEDONIA PALACE S.A.’ (https://makedoniapalace.com) does not absolutely require the provision of any type of personal data on your part. However, in several cases, it is necessary for you to provide specific personal data indicated in the corresponding data entry fields on the website of ‘MAKEDONIA PALACE S.A.’.

We at ‘MAKEDONIA PALACE S.A.’ may collect and store the following personal information about you from the following exhaustive list of sources:

- Contact data when you contact us to submit questions or requests or to ask information concerning the services provided by ‘MAKEDONIA PALACE S.A.’. 

- identification data, communication data, transactional data, contractual relationship data and transactional behaviour data when you book a room or a table at the restaurant, irrespective of the means used to complete the booking (electronically, via telephone, via the reception desk, etc.).

- identification data, communication data, transactional data, contractual relationship data and transactional behaviour data when you conclude transactions, within the context of using the Turkish bath services provided within our hotel, with the lessee of the space in question, the company ‘MAK HAMMAM PRIVATE COMPANY’. 

- identification data, communication data, transactional data, contractual relationship data and transactional behaviour data when you conclude an agreement with us for the provision of any services by ‘MAKEDONIA PALACE S.A.’.

- identification data, communication data, transactional data, contractual relationship data and transactional behaviour data when you electronically purchase products or services provided by ‘MAKEDONIA PALACE S.A.’.

- health data from questionnaires that must be filled out, due to the COVID-19 pandemic and following instructions issued by the Ministry of Health.

The data collected through this website, https://makedoniapalace.com, may also be combined with data provided in other cases, e.g. when you call its call centre or participate in contests and promotional actions. The personal data provided to ‘MAKEDONIA PALACE S.A.’ in these cases may be incorporated in existing databases and stored in order to simplify the systems used to manage your data.

‘MAKEDONIA PALACE S.A.’ does not store and does not collect payment details during electronic or online payments via debit, credit or prepaid card. More specifically, upon recording the number, security code, holder’s full name and expiry date of the credit or debit card and upon completing the payment, these data are automatically transmitted to the competent Bank. The Bank collects the data, carries out the payment and then confirms the completion of the transactions to ‘MAKEDONIA PALACE S.A.’.




Collection and purposes of use of personal data

‘MAKEDONIA PALACE S.A.’ collects personal data from you for the following purposes:

Transactions: ‘MAKEDONIA PALACE S.A.’ may use the personal data of visitors/users to process any transactions concluded with them, such as credit card payments etc.

Advertising/Marketing: ‘MAKEDONIA PALACE S.A.’ may use the personal contact data of visitors/users for information purposes and promotional actions concerning contests, gifts, discounts on products and services of ‘MAKEDONIA PALACE S.A.’ and associated companies and sponsors, following their express consent.

Improvements and adjustments to the website: ‘MAKEDONIA PALACE S.A.’ will use this information solely for the reasons for which they were collected and in order to provide you with information. It will also use this information in order to adapt the content of the website to your needs and to improve its compositions, changes and dynamism.

Provision of online services through user authentication processes: ‘MAKEDONIA PALACE S.A.’ will use this information in order complete your electronic application. More specifically:  For registration or authentication on its applications. 

Credit check: In certain cases, we at ‘MAKEDONIA PALACE S.A.’ may carry out certain credit checks with the competent bodies when you request a service or product. If this applies, then it will be listed in the terms and conditions of the activity between you and ‘MAKEDONIA PALACE S.A.’ or the company that will carry out the processing.

Legal use: We at ‘MAKEDONIA PALACE S.A.’ may collect, store, disclose and, generally speaking, process the personal data of visitors/users when this is required by the Personal Data Protection Regulation and/or the law or when necessary in order to protect the interests of both sides, as they derive from the transactional and contractual relationship between them or the business-consumer relationship. 

COVID-19: for reasons of public health prevention (tracing cases) and public interest, due to the COVID-19 pandemic.

DISCLAIMER: As regards the collection of personal data not conducted online through the websites owned by ‘MAKEDONIA PALACE S.A.’ and concerning the processing of the personal data of employees, candidate employees, associates, contractors, suppliers, private citizens, customers and, generally speaking, natural persons, separate detailed notification is provided in writing to the data subjects during the collection of the above data, in line with the relevant requirement set forth in Articles 13 and 14 of the GDPR.




Data Retention - Storage 

We at ‘MAKEDONIA PALACE S.A.’ store your personal data solely for the time required to provide a service you requested or approved, without prejudice to any legal provisions to the contrary, as is the case with issues governed by commercial and/or taxation legislation, the various applicable provisions, etc. In any event, the personal data you provide us and which are recorded in written agreements, contracts and electronic correspondence concerning the execution of a contract or the realisation of a commercial transaction are stored for a period of 20 years in a physical and electronic archive kept at the legal department, the sales/contracts department and the accounting department of ‘MAKEDONIA PALACE S.A.’ or any other third party that directly or indirectly provides the above services or assists the departments in question in the discharge of their duties or provides management services to us.

Any health data collected during the COVID-19 pandemic shall be deleted immediately after the pandemic ends and following instructions issued by the Ministry of Health.




Data erasure

Your data shall be erased on a case-by-case basis and always in accordance with the provisions laid down in the applicable legislation.




Personal data transmission

‘MAKEDONIA PALACE S.A.’ does not transmit personal data to third parties unless it is required for legitimate purposes in order to respond to your requests and/or provided that it is required or permitted by law. In any case, access to your personal data is only allowed to authorised persons, who are required to have access to allow the attainment of their collection, use and processing, as hereby notified. In certain cases, ‘MAKEDONIA PALACE S.A.’ may transmit your personal data to competent Public Authorities or natural or legal persons entrusted with processing, on the condition that we inform you in advance and obtain your prior consent, where it is required for the processing in question. Persons with access to the data shall respect their confidentiality.

Log files

We use IP (Internet Protocol) addresses to analyse trends in the use of Internet, manage the resources of our computers and our network, monitor any unauthorised illegal or malicious activity (attacks) and collect general demographic data (country of origin) for aggregate use. 




IP Addresses

The IP address of the computer used by the visitor/user/member to have access on the Internet and then on the Website/Application, is stored and can be used, if necessary, in case of infringement of the Terms of Use of the Website/Application by the visitor/user/member. IP addresses do not constitute personal data.

Data security

The internet, just like any other medium used to transmit information, cannot be considered 100% secure. Security on the Internet is a sensitive issue and mainly relies on reliable organisations and companies respecting the confidentiality and safety of its Users’ data.  ‘MAKEDONIA PALACE S.A.’ endeavours to apply strict security and control measures for the protection of your personal data, in order to ensure compliance with all applicable legal requirements. We at ‘MAKEDONIA PALACE S.A.’ employ security measures at a technical and organisational level aiming at the security of the data collected from you against any intentional or unintentional attempt of handling, loss, destruction and, generally speaking, access , to them by unauthorised individuals. Our security measures undergo continuous controls and updates in accordance with the latest technological developments. ‘MAKEDONIA PALACE S.A.’ uses state-of-the-art encryption and data protection tools (128-bit encryption, secure pages, network protection system-firewall, digital signatures, etc.). Access to your personal data is limited solely to employees authorised for this purpose, so that they may provide you with products and services by accessing these data. Physical, electronic and procedural safeguards, harmonised with personal data protection regulations, have been activated. We at ‘MAKEDONIA PALACE S.A.’ take every precaution possible to keep your personal data secure. However, due to the nature of the Internet, the company cannot guarantee the protection of communications or the data stored in its browsers from any unauthorised access by third parties.


Internet Access

If you contact ‘MAKEDONIA PALACE S.A.’ online, we may occasionally use e-mail or postal address or telephone number to contact you, provided that you have provided them to us voluntarily. Please note that online communications such as emails etc. are not secure unless they are encrypted. ‘MAKEDONIA PALACE S.A.’ shall bear no liability whatsoever for any unauthorised access or loss of your personal information that is beyond its control.




Privacy policy and children

This website has been designed for and is intended to be used by adults. If you are a minor and parental consent is required in your country (in Greece this limit is 15 - Law 4624/2019), you need to review the terms of this Privacy Policy together with your parent or guardian to make sure that you understand and accept these terms. If it is found that we have collected the information of a minor without the consent of their parent or guardian when such consent should have been obtained, we will delete the information in question as soon as possible.




Contact through the platform website

If a user contacts us through the contact form or in any other way, the provision of their personal data takes place voluntarily and exclusively at the user’s free will. We will process the personal data in question solely to the extent that it is necessary for the specific purpose.




Social Networking Sites

Our Website may offer the possibility to share items on Social Networks and other related tools that allow you to share your actions on the Website to other applications, websites or mass media, and vice versa. The use of such features allows the exchange of information with your friends or the public in general, depending on the settings you have set on your personal profile. Please consult the Privacy Policies of the social network services for more information on the processing of your data.




Special Categories of Data

Please do not send us your sensitive personal data by e-mail or disclose such data using the contact platform. The processing of personal data under this category by no means serves the purpose of processing, as defined in this Policy.




Monitoring of communication

All communications of ‘MAKEDONIA PALACE S.A.’ with you (including phone calls, e-mails, etc.) are neither monitored nor recorded.




Links

Our website may contain links to other websites. This personal data protection Statement applies solely with regard to the access of users to this website and other websites exclusively managed by ‘MAKEDONIA PALACE S.A.’. The administrator of this web portal shall in no way be held liable for the personal data protection terms of other websites under the responsibility of third parties (natural or legal persons).




Revisions to the Policy

‘MAKEDONIA PALACE S.A.’ reserves the right to modify or revise this Policy periodically, at its unfettered discretion. Where changes occur, ‘MAKEDONIA PALACE S.A.’ shall record the data of modification or revision herein and the updated Statement shall apply to you as of that date. We encourage you to periodically review this Statement in order to examine whether the way we process your personal data has changed. 




Applicable law and Jurisdiction

With regard to any dispute arising between users and ‘MAKEDONIA PALACE S.A.’, Greek law shall be the applicable law, and the courts of the Prefecture of Thessaloniki shall have jurisdiction ratione materiae over the dispute.




What are your rights?

Under the Personal Data Protection Regulation [EU General Data Protection Regulation (GDPR) 2016/679], as in force, you have the following rights:

a) the right to access;

b) the right to rectification;

c) the right to erasure, under certain conditions, such as when processing is no longer necessary for the purpose for which the data were initially collected and there is no imperative reason to continue processing (or storing) your information;

d) the right to restriction of processing;

e) the right to data transmission;

f) the right to object and the right not to be subject to a decision based solely on automated processing, including profiling;

g) the right to lodge a complaint with a supervisory authority.




In other words, you have the right to receive, upon request, free information on the personal data we have stored that concern you, to object, upon request, to the processing of data that concern you, valid thenceforth, and to withdraw your consent, and, in accordance with the applicable provisions, the right to rectification, restriction of processing, data transmission, erasure of the data in question and the right to lodge a complaint with a supervisory authority. In such cases, please contact the competent Personal Data Protection department of the Company listed below in writing via original letter or fax or e-mail.




Right to lodge a complaint

Should you believe that the processing of your data infringes Regulation (EU) 2016/679, you have the right to lodge a complaint with the supervisory authority.  The competent supervisory authority for Greece is the Hellenic Data Protection Authority, 1-3, Kifisias Street, GR-11523, Athens, https://www.dpa.gr/, tel.: 2106475600.




Contact

‘MAKEDONIA PALACE S.A.’ informs you that it has appointed a Data Protection Officer, whom you may contact at: dpo@makedoniapalace.gr. If you have questions or recommendations concerning this Policy, please contact the above address. Constant Internet developments in general necessitate the adaptation of our rules concerning the protection of online data from time to time. ‘MAKEDONIA PALACE S.A.’ reserves the right to make any recommended changes to these rules at any time. 




Cookies Policy

‘Cookies’ are data files sent by websites to your computer when you browse that website. These data files contain data that allow our website to remember important information that will make your use of the website more efficient and useful. Our website uses cookies for various purposes. We use cookie technology and IP address to obtain non-personal information concerning visitors to each website and in order to provide registered visitors with the best personalised online experience.

How do we use cookies? Visitors to the ‘MAKEDONIA PALACE S.A.’ website use different Internet browsers and computers. In order to further facilitate your visits using your technology of choice, we automatically record the browser and operating system used by each visitor, as well as the name of the Internet service provider of each visitor. We also record the total number of visitors to the website in an aggregated manner in order to update and improve our website. No personal information is exported through this process. These data show us whether more visitors prefer specific functions or sections of the website over others, which helps us keep our website up to date with new material that is interesting for the majority of our visitors. More specifically, we use the following types of cookies:

Cookies that are strictly necessary for the operation of the website and user identification: Strictly necessary or essential cookies are of essential importance for the proper operation of our Website, enabling you to browse the website and use its features, as well as access secure areas or use the shopping cart. These cookies do not identify users. Without these cookies, our Websites cannot function effectively.

Remarketing Cookies (Facebook Pixel, AdWorks): This presents advertisements to persons who have visited your website or used your mobile app. For example, when people leave your website without buying anything, remarketing helps you reconnect with them by displaying relevant advertisements on their various devices.

Carthook: Helps increase e-commerce revenue through automatic retrieval of abandoned carts. Based on the cart automation, an e-mail campaign is set up.

Active Campaigns: This provides integrated e-mail marketing, marketing automation, and CRM for small businesses. We can send you beautiful newsletters, set automations based on behaviour and benefit from sales automation.

Moosend: This is electronic marketing and commerce automation software. With it we can design beautiful campaigns or start personalised conversations and communications with visitors on greater scale.

How do we use cookies to personalise your experience on our website? Cookie technology helps us provide information that fits the interests of visitors and allows us to facilitate registration, participation in lotteries and contests, and access to other functions available on our website for visitors. Where allowed, we may correlate personal information with a cookie file in such cases.

What if you do not wish to accept cookies? If you do not wish to accept cookies, you can click on the special pop-up banner to select which settings you wish for your computer each time:  ACCEPT, MORE SETTINGS, REJECT (Check the Help menu of your browser to learn how you can change or correctly update your cookies settings).

What are webbeacons and how does the Company use them? Some of the webpages and newsletters of ‘MAKEDONIA PALACE S.A.’ may contain electronic images called webbeacons, also known as one-pixel GIF files, pure GIF files or pixel tags. Their use on websites allows the counting of visitors who have accessed the pages of ‘MAKEDONIA PALACE S.A.’. Their use in our product/service promotion e-mail messages and newsletters allows us to measure how many registered users have read the material we are sending. Webbeacons allow us to develop statistical information about the activities and functions that are most interesting to our visitors/users in order to provide more personalised material. They are not used to access personal information without your consent.

Disabling cookies may affect your ability to use certain products/services on the ‘MAKEDONIA PALACE S.A.’ website.

2nd Level Notification on the processing of personal data through a video surveillance system

Controller Details: The Société Anonyme under the name ‘MAKEDONIA PALACE SOCIÉTÉ ANONYME’, trading as ‘MAKEDONIA PALACE, with registered offices in Thessaloniki (at 2, Megalou Alexandrou Street), Tel.: +302310897197, E-mail: info@makedoniapalace.gr).

Purpose of processing and legal basis: We use a surveillance system for the purpose of protecting people and assets. The processing is necessary for the purpose of the legitimate interests that we pursue as Controller (Article 6(1)(f) GDPR).

Analysis of legitimate interests: Our legitimate interest consists in the need to protect our premises and the goods found in them from illegal acts, including, for example, theft. The same applies to the safety of the lives, physical integrity, health and assets of our staff and third , parties legitimately found in the area under surveillance. We collect only image data and we record only in places, which, in our view, are at risk of illegal action e.g. robbery or vandalism, such as: along the perimeter of the hotel building, along the perimeter of the hotel fencing, at the central entrance, at the side and rear entrances, at the reception desk and reception area, in front of the elevators on each floor, in the underground parking area and the underground equipment and staff facilities, without focusing on areas where the privacy of those captured by the camera, including their right to the protection of personal data, is excessively restricted.

Recipients: The material stored is accessible only by our competent/authorised personnel and external associates who have entered into contracts with us, who are bound by us under processing agreements of Article 28 of the GDPR, and who are charged with the guarding and security of the space. This material shall not be transmitted to third parties, save in the following cases: a) to the competent judicial, prosecution and police authorities when it includes information necessary to investigate a criminal act involving persons or goods relating to the controller; b) to the competent judicial, prosecution and police authorities when legitimately requesting data in the performance of their duties; and c) to the victim or the perpetrator of a criminal offence, in cases of data which may constitute evidence of the act.

Retention period: We retain the data referred to in this Notification under par. 20 (CCTV), for fifteen (15) days and, after this period has elapsed, the data are automatically deleted. If an incident comes to our attention during this period, we will isolate part of the video and retain it for one (1) further month, for the purpose of investigating the incident and institute legal proceedings to protect our legitimate interests; if the incident concerns a third party, we will retain the video for a further period of up to (3) months.

Rights of Data Subjects: Data Subjects have the following rights in relation to the processing concerned by this Notification under par. 20 (CCTV): • Right of access: You have the right to be informed whether we process your image and, if so, to receive a copy of it. • Right to restrict processing: You have the right to request that we restrict processing, such as, for example, not to delete data which you consider necessary to establish, exercise or defend legal claims. • Right to object: You have the right to object to processing. • Right to erasure: You have the right to request the erasure of your data. You can exercise your rights by sending an email to the address: dpo@makedoniapalace.gr or a letter to our postal address or by filing a request in person at our offices. In order for us to examine a request related to your image, you will need to advise us approximately when you were within reach of our cameras and provide us with an image of yours to enable us to locate your data and withhold the data which portray third parties. Alternatively, you may visit our premises in order for us to display the images in which you appear. Please note , that the exercise of your right to object or right to erasure does not entail the immediate deletion of your data or the modification of the processing. In any event we will respond in detail as soon as possible, within the time limits set forth in the GDPR.

Right to lodge a complaint: Should you believe that the processing of your data infringes Regulation (EU) 2016/679, you have the right to lodge a complaint with the supervisory authority.  The competent supervisory authority for Greece is the Hellenic Data Protection Authority, 1-3, Kifisias Street, GR-11523, Athens, https://www.dpa.gr, tel. No: 2106475600.




CV Policy

‘MAKEDONIA PALACE S.A.’ collects CV data and accompanying documents directly and solely from individuals interested in cooperation, as these are absolutely necessary in order to assess their suitability for the cooperation in question. It should be noted that through this (voluntary) submission/dispatch of personal data and information contained in the above CV and the accompanying documents, interested parties consent to the collection, storage, use, processing and transmission of these data for the purposes referred to herein. ‘MAKEDONIA PALACE S.A.’ takes all the necessary technical and other measures for the secure processing of the personal data of interested parties who submit CVs.

The personal data contained in CVs are accessed solely, where necessary and depending on the processing purpose, by the authorised staff of ‘MAKEDONIA PALACE S.A.’ and/or the staff of third-party associated (advertised) companies (“Processors” or “Controllers” for whom ‘MAKEDONIA PALACE S.A.’ is the “Processor”) with which ‘MAKEDONIA PALACE S.A.’ has concluded agreements , under the condition of compliance with the relevant confidentiality obligations included in the relevant agreements. These data are processed by ‘MAKEDONIA PALACE S.A.’. ‘MAKEDONIA PALACE S.A.’ shall not disclose, sell, exchange, assign or otherwise provide personal data from the CVs collected and processed to third parties, whether natural or legal persons, without the consent of the individuals they concern, except in the cases noted above for the needs of covering a vacant post and the selection process and due to the legitimation of Article 6(1b) of the General Regulation. These companies shall process data exclusively for the needs of their cooperation with ‘MAKEDONIA PALACE S.A.’.

As regards personal data transmitted by interested parties in the context of sending or submitting CVs, the purpose of processing is the intention of concluding a cooperation agreement following an application by the interested party (“Data Subject”), the control of their qualification prior to the conclusion of the agreement (Article 6(1b) of the General Regulation), the minimum processing of these data necessary to assess the CV and whether its contents cover the needs of the specific position of cooperation with ‘MAKEDONIA PALACE S.A.’ and/or the protection of the interests of ‘MAKEDONIA PALACE S.A.’. Furthermore, the need of communication between ‘MAKEDONIA PALACE S.A.’ and the ‘Subject’, use of data (e.g. photographs) on the company's social networking media for the promotion of its actions. This processing is carried out by the company solely for the purposes set out and does not extend to any other processing purposes.

If the consent of the parties interested in cooperation has been obtained, CV data shall be stored by ‘MAKEDONIA PALACE S.A.’ for purposes of future cooperation with ‘MAKEDONIA PALACE S.A.’, for a period of no more than 6 to 12 months after submission, following which they shall be destroyed/erased/anonymised in a secure manner. 

If no such consent is obtained, after the coverage of the employment position in question for which interested parties sent or submitted their CV, the CV data shall be destroyed/erased/anonymised in a secure manner within a period of 1 month from the coverage of the position, unless ‘MAKEDONIA PALACE S.A.’ is legally entitled or obligated to retain such data. The latter case occurs when interested parties do cooperate with ‘MAKEDONIA PALACE S.A.’, in which case the CV and its accompanying documents (photographs etc.) shall be retained for the duration of the project agreement or the cooperation. Furthermore, any additional data that are requested and are necessary for the needs of insurance-taxation legislation shall be processed solely for purposes directly related to cooperation with ranked individuals. Upon the expiry or termination of the cooperation period, such data shall be retained for the period required by law, following which they shall be destroyed/erased/anonymised in a secure manner.