If you have any queries about how we use your personal information, please contact our Data Protection Officer at firstname.lastname@example.org.
Information we collect
"Personal data" is any information that can be used to identify you or that Makedonia Palace can link to you. Makedonia Palace collects (may automatically) certain information when you use, access, or interact with us via our websites.
Information you provide to us
When you directly register to use our services we may ask you to provide certain personal information including your full name, email address, contact number, registration and payment details, such as your bank account and payment card information. Makedonia Palace collects your personal data when you provide it to us, for instance by visiting our website, sending us an email or filling in a form. When you subscribe to our newsletter to receive exclusive offers and the latest news on our services.
Information Makedonia Palace collects from other sources
We may receive information about you from other sources, including third parties that help us: update, expand, and analyze our records; identify new customers; or prevent or detect fraud. Makedonia Palace may also receive information about you from social media platforms including but not limited to when you interact with us on those platforms or access our social media content.
Information we may collect automatically
Information of children
Our websites and services are generally not directed to children under 16. Makedonia Palace does not knowingly collect personal data from anyone under 16 without parental consent. We will delete any Personal Information collected that we later determine to be from an individual younger than the age of thirteen (13). If you are a parent of a child younger than age thirteen (13) and you have a concern about information that may have been provided by your child to us, please contact us at email@example.com
Legal Bases for Using Your Personal Data
There are different legal bases that Makedonia Palace relies on to use your personal data, namely:
- Performance of a contract – The use of your personal data may be necessary to perform the contract that you have with us. For example, as a user of our website or services Makedonia Palace will use your personal data to respond to your requests and provide you with such services.
- Legitimate interests - Makedonia Palace may use your personal data for our legitimate interests to improve our services and the content on our websites.
What do we use your personal data for?
We may use your information for the following purposes:
- in the normal course of our business, to allow us to manage your reservation on the basis that processing is necessary in order to perform our contract with you to provide our services;
- to allow us to understand your personal preferences, personalise our services to you as our guest ;
- to store your data to pre-populate fields to make it easier for you to provide information when you return to our sites;
- to communicate with you and send you information about products and services which we think may be of interest to you. You will be able to opt-out of such communications at any time by sending us an email at : firstname.lastname@example.org;
- to validate your information (and, in some cases, match it against information that has been collected by a third party such as travel sites and online intermediaries) to check that the data we hold about our customers/users is accurate, consistent and up to date on the basis that processing is necessary in order to perform our contract with you to provide our services;
- in pursuit of our legitimate interests, to record CCTV footage to ensure the safety and security of our premises, staff and customers;
- to comply with any legal obligations to which we are subject;
- We shall periodically check that the personal data we store for you is accurate. If you would like to update the personal data we hold about you, please contact us on email@example.com with your request.
- The provision of certain personal information is mandatory if you are to use our services. If you fail to provide such data we shall be unable to provide our services.
Who do we share your information with?
- As part of using our services, you consent to us sharing your personal information with the following parties:
- our agents, other service providers and third party partners, who process and store data on our behalf;
- professional advisors;
- law enforcement agencies;
- if you select via the [opt-in process], trusted third parties whose products, services and other offers we believe may be of interest to you.
- We may also share your personal information with third parties:
- in the event that we, our business, or substantially all of its assets are acquired by a third party (in which case personal information about customers will be one of the transferred assets);
- if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply any contract with you; or to protect our rights, property, or safety of our employees, customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
- We may transfer your personal data outside of the European Economic Area (EEA). We shall ensure that any such transfers are lawful and that your information is kept secure in accordance with the GDPR.
How long do we store your personal data for?
We retain your information only as long as is necessary and only for the purpose for which we obtained them, unless otherwise required by law. We restrict access to your information to only those persons who need to use it for the relevant purpose. Our retention periods are based on business needs and your information that is no longer needed is either irreversibly anonymised or destroyed securely. Where we don’t need to keep all of your information in full, we will obfuscate or aggregate it, for example, web activity logs and survey responses. This is to ensure that we do not retain your information for any longer than is necessary.
It is sometimes necessary for us to keep your personal information for longer periods of time, for example:
- If there is a statutory requirement to retain it;
- If we require the information for legal reasons or there is a legitimate business need for us to retain it;
- To ensure we do not contact you if you have asked us not to.
Use for marketing: We retain your personal information for as long as is necessary, but only for the relevant purpose that we collected it for.
Use to perform a contract: In relation to your information used to perform any contractual obligation with you we may retain that data whilst the contract remains in force plus 10 years to deal with any queries or claims thereafter.
Where claims are contemplated: In relation to any information where we reasonably believe it will be necessary to defend or prosecute or make a claim against you, us or a third party, we may retain that data for as long as that claim could be pursued.
What are your rights?
Access to your personal data: You may request access to a copy of your personal data.
Right to withdraw: Where you have given your consent for us to use your personal data, you may withdraw your consent at any time. Please contact us if you would like to withdraw your consent and we will delete your data in line with your right to erasure described below.
Rectification: You may ask us to rectify inaccurate information held about you. If you would like to update the data we hold about you, please contact us using the details below and provide the updated information.
Erasure: You may ask us to delete your personal data. If you would like us to delete the personal data we hold about you, please contact us using the details below, specifying why you would like us to delete your personal data.
Portability: You may ask us to provide you with the personal information that we hold about you in a structured, commonly used, machine readable form, or ask for us to send such personal data to another data controller.
Make a complaint: You may make a complaint about our data processing activities to a supervisory authority, for Greece this is the Data Protection Authority at www.dpa.gr
Security and Data Storage
We have appropriate technical and administrative security measures in place to help ensure that our users’ information is protected against unauthorised or accidental access, use, alteration, or loss. We use encryption technology, to protect your personal information when you order services from us.
Please note that the internet is not a secure medium and we cannot guarantee the security of any data you disclose online. You accept the inherent security risks of providing information and dealing online over the Internet and will not hold us liable for any data breach.
- If we materially change the way in which we process your personal data, we will provide you with prior notice, or where legally required, request your consent prior to implementing such changes.