Privacy Policy

Domes White Coast Milos, a Resort owned by VTourism S.A., operated by Domes of Attica S.A. (established in Greece, Elounda, Agios Nikolaos, Lasithi, Crete, Registration Number 147016941000, VAT 801016163), (hereinafter referred to as “Resort”, “We”), collects and processes your personal data in accordance with the applicable EU and national legal framework on data protection, especially the European General Data Protection Regulation 2016/679 (GDPR) and the national L.4624/2019 as applicable (“Data Protection Legislation”).

By the present Privacy Policy we wish to inform you on the personal data we collect and process, during your stay at our Resort as a guest as well as when you cooperate with us or you visit our digital environments. Domes Website contains links to third party websites which are not subject to this privacy policy. Domes is not responsible for their content, use of personal information, or security practices.

 

1. Definitions

• “Personal data”: any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
• “Special categories of personal data”: personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation;
• “Processing”: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
• “Anonymization”: the processing of personal data in such a way that data can no longer be attributed to a particular data subject;
• “Pseudonymization”: the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person;
• “Controller”: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
• “Processor”: a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
• “Consent”: of the data subject: any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
• “Personal data breach”: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed;
• “Existing legislation”: The provisions of the existing Greek, EU or other legislation which is applicable to Domes White Coast Milos with regard to data protection issues, such as: Regulation (EU) 2016/679 (GDPR), Greek Law 4624/2019, Greek Law 3471/2006, Directive 2002/58/EC, as well as any other Decisions, Opinions, Directives, Guidelines and Recommendations issued by the European Data Protection Board, the European Data Protection Supervisor, the Hellenic Data Protection Authority (HDPA) and any other competent supervisory authority, as in force from time.

1. Personal data we collect/Purpose of processing/Legal Basis

At Domes White Coast Milos we ensure that we collect, store and process only the necessary personal data in order to provide you high quality services.

More specifically, we collect:

1. Guest Data
2. On line data collected via Domes Website

Your browser or device. We collect certain data through your browser or automatically through your device, such as your computer type (Windows or Macintosh), operating system name and version, internet browser type and version and the name and version of the Online Services (such as the Apps) you are using. We use this data to assess levels of usage.

Your IP Address We collect your IP address, a number that is automatically assigned to the computer that you are using by your Internet Service Provider (ISP).  An IP address is identified and logged automatically in our server log files when a user accesses the Online Services, along with the time of the visit and the pages that were visited. We use IP addresses to calculate usage levels, diagnose server problems and administer the Online Services. We also may derive your approximate location from your IP address.

Cookies and other similar technologies. Our website uses cookies and trackers in order to provide you with the best possible online experience. For further information, please read our Cookies Policy.

Analytics. We may collect data through Google Analytics and Adobe Analytics, which use cookies and technologies to collect and analyze data about use of the Services. These services collect data regarding the use of other websites, apps and online resources. You can learn about Google’s practices by going to www.google.com/policies/privacy/‌partners/ and opt out by downloading the Google Analytics opt out browser add-on, available at https://tools.google.com/dlpage/gaoptout  . You can learn more about Adobe and opt out by visiting http://www.adobe.com/privacy/opt-out.html  .

2. Booking at Domes White Coast Milos/ booking inquiries

When you wish to make a booking reservation at Domes White Coast Milos, we may ask you to provide certain personal information as required for your registration including your full name, email address, contact number, postal address, payment details, such as your bank account and payment card information (i.e. credit card type and number, credit card holder name, expiration date etc.). This information is required in order to process and complete your reservation (including the sending of a confirmation email of the booking to you). We may also collect and store to our systems our communication and relevant documentation you send to us prior to your visit, in order to organize your stay and provide you the services agreed.

We collect the above information in order to arrange your booking reservation at Domes White Coast Milos, as well as to process and perform the relevant payment for the purchased hospitality services. The legal basis of processing is the performance of the contract with you, as well as our legitimate interest to recover any issued claims in case of disputes.

We wish to inform you that we shall not be responsible for any of your personal data provided at the online booking platform provided by WebHotelier since it constitutes a third party hotel booking engine which is beyond our responsibility and not a subject to this privacy policy.

3. When your stay with us at Domes White Coast Milos

During your stay at Domes White Coast Milos we collect information including the data provided during the registration process (full name, date of birth, id/ passport number, visa data, nationality home address, e-mail address, phone number, companion full name, postal code etc.). Moreover, we record your itemized spending to properly assemble your folio, which sets out your room rate and other expenses billed to your room. We may also collect allergies or health data and/or special requirement preferences (i.e. mobility requirements, payment difficulties, special requests, service issues, amenities requests, interests, activities, hobbies) but only if you voluntarily provide them to us by signing the relevant forms and providing us your explicit prior consent. Moreover, we may collect information related to accidents that may take place while you visit our Resort. Finally, Domes White Coast Milos may collect personal data of its guests in line with the applicable from time to time health protocols, as issued by the competent public authorities (e.g. vaccination or disease certificates etc).

We collect the above information in order to:

1. complete the check-in process, serve your stay and offer you our agreed services. Our legal basis of processing is the performance of our contractual and/or legal obligations;
2. to offer you personalized services (regarding preferences, special conditions etc). Our legal basis is your prior explicit consent;
3. for communication, promotional, research and marketing purposes. Our legal basis is your prior explicit consent;
4. to assess and investigate an accident/incident in accordance with our internal procedures, for the proper handling of any respective legal issues. Our legal basis is our legitimate interest as a service provider and our defense against any legal claims;
5. the protection of the health of our guests and staff. Our legal basis of processing is reasons of protection of public interest in the area of public health.

3. F&B reservations

When you wish to make a reservation to our restaurant, we collect your full name, room number, as well as any other special preferences/ allergies you may have. We collect and process such information only for the duration of your stay and up to the end of the operating season that you have visited Domes White Coast Milos.

We collect such information in order to manage your reservation and provide you with F&B services. Our legal basis is the fulfillment of our contract and our legitimate interest to provide you our high-quality services.

4. CCTV systems

We collect and process CCTV images through our video-surveillance systems in order to ensure your safety and security, alongside our premises. You can access the CCTV privacy notice at the QR on the relevant CCTV signs.

Our legal basis of processing is the legitimate interest to protect the safety of our guests, employees and premises.

1. Employees
2. If you are a job applicant

In case you wish to apply for any of our vacancies which are published either to our website, or third- party platforms we may collect and process only the necessary personal information in order for us to assess your suitability for a job opening (e.g., full name, contact details, working experience and CV details). Our legal basis of processing is our legitimate interest to assess your suitability for our vacancies, as well as to comply with our pre-contractual obligations.

2. If you are an employee

We may collect and process only the necessary information to manage our employment relationship, either at the pre-contractual stage (e.g., full name, Social Security Numbers, Bank account details, contact details, CV details, information on prior experience, education and training, family status etc.), or during the performance of the contract (e.g., evaluations, trainings, leaves etc.). We always ensure to provide our employees with a relevant privacy notice as an annex to the employment agreement.

We collect such data in order to comply with our contractual obligations and fulfill our legal obligations as an employer. Our legal basis is the need to process your data in the context of our contractual obligation or during the pre-contractual stage, as well as to comply with our legal obligations.

iii. If you are a business partner or supplier/contractor

We may collect and process personal information from our vendors, only as necessary to fulfill our contractual and/ or legal obligations (e.g., full name, TIN number, Bank account details, full address and contact details). Our legal basis of processing is the performance of our contractual agreement and our compliance with our legal (tax) obligations.

1. Who do we share your information with?

Domes White Coast Milos keeps your personal data secure and safeguarded. Only authorized employees, associates and/or external partners will have access and process your personal data according to the purpose of their processing. We may share your personal data within our group – companies and public services for the above described purposes. Furthermore, we may disclose your personal data to third parties (legal entities or individuals) which process your personal data under our written order and clarifications (as our Data Processors). We always guarantee that these third parties imply the same measures for the protection of your personal data and act only under our written orders with respect to your personal data.

More specifically, your personal data may be shared with:

• Third party service providers (eg. Legal consultants, it & information security services, technical support, insurers and/or professional advisors insofar as reasonably necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, marketing agencies, our payment services provider, companies and organizations for the purposes of fraud protection and credit risk reduction),. We endeavor to ensure by relevant data processing agreements that any personal data processing is made in full compliance with the data protection legislation.
• Companies within our group – companies, if such transfer is necessary for the pursuance of the abovementioned purposes.
• Competent Public Services (Police, prosecuting authorities, tax authorities etc.) in the context of performing their duties, or upon relevant request.

In any case of data transfers, we ensure to limit the extent of information that is being disclosed, to the strictly necessary for the performance of the specific purpose of the transfer.

1. International Data Transfers

We shall not transfer your personal data outside the European Economic Area (“EEA”) or another country. In case any such international data transfer takes place, we will ensure that an adequate level of protection is provided in compliance with Data Protection Legislation.

1. Data Retention

Your personal data are retained for a predetermined and limited period depending on the purpose of processing, after the end of which, these personal data are being deleted from our files unless another retention period is required or permitted by applicable law.

The criteria used to determine our retention periods include:

• The length of time we have an ongoing relationship with you and provide the Services to you (for example, for as long as you have an account with us or keep using the Services)
• Whether there is a legal obligation to which we are subject (for example, certain laws require us to keep records of your transactions for a certain period of time before we can delete them)
• Whether retention is advisable considering our legal position (such as, for statutes of limitations, litigation or regulatory investigations)

vii. Data Security

We take appropriate technical and organizational security measures to keep your personal data safe and accurate as well as to protect them against any loss, misuse, or unauthorized access, alteration, disclosure or destruction. We also have implemented measures to maintain the ongoing confidentiality, integrity and availability of the systems and services that process personal data so that we be able to restore the availability and access to your data in a timely manner in the event of a physical or technical incident.

 

viii. Data Protection Officer

We have appointed a Data Protection Officer to oversee compliance with this privacy policy. If you have any questions about this Privacy Policy or how we handle your personal information, please contact our Data Protection Officer at [email protected]. If you contact us with a privacy complaint it will be assessed with the aim of resolving the issue in a timely and effective manner.

1. Your Rights

Domes White Coast Milos respects your rights as set forth by the applicable Data Protection Legislation. Especially, you enjoy the following rights related to the data we collect and process about you, and more specifically you may:

1. request access to the personal information we process about you and request to receive a copy thereof;
2. request that we correct inaccurate or incomplete personal information about you;
3. request deletion of personal information about you, unless special legal provisions require their retention
4. request restrictions, temporarily or permanently, on our processing of some or all personal information about you;
5. request transfer of personal information to you or a third party where we process the data based on your consent or a contract with you, and where our processing is automated; object to our further processing of personal information about you; and
6. request to withdraw your consent when processing is based on your consent, bearing in mind that such processing will not affect the lawfulness of the processing before the withdrawal.

In case you want to exercise your rights regarding Personal Data that you have previously provided to us, Right Exercise Forms are at your disposal in written form at the Front Desk. Please fill in the appropriate one and send it to [email protected], or deliver it to the Front Desk. In your request, please make clear what right is exercised and what Personal Data it regards. For your protection, we only fulfill requests for the Personal Data associated with the particular email address that you use to send us your request, and we may need to verify your identity before fulfilling your request. You do not have to pay a fee, and we will aim to respond to your request within thirty (30) days upon receipt and identification of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests we handle. We will honor the requests you make related to your rights as the law allows, which means in some cases there may be lawful reasons that may not enable us to satisfy the specific request you make related to your rights.

In case of exercising one or more of the above-mentioned rights of correction, deletion and restriction of your data, these requests shall also be forwarded to any third-party recipient with whom your personal data may have been shared in the context of the pursuance of the aforementioned processing purposes.

You may request access to, correction or deletion of your Personal Data, or object to the processing of it. For queries or the exercise of your rights, you may contact at [email protected] for VTOURISM S.A. and at [email protected] for Domes of Attica S.A.

In case you consider that we have not handled your request properly, you can always refer to the competent Hellenic Data Protection Authority at www.dpa.gr/index.php/en/individuals/complaint-to-the-hellenic-dpa.

1. Changes to this Privacy Policy

We may make changes to this Policy from time to time based on changes to applicable laws and regulations or other requirements applicable to us or changes to our business. Updated versions will be uploaded to our website and date stamped so that you are always aware of when our Privacy Policy was last updated. If we materially change the way in which we process your personal data, we will provide you with prior notice, or where legally required, request your consent prior to implementing such changes. We strongly encourage you to read our privacy policy and keep yourself informed of our practices.