what we collect and how we handled them

Our privacy policy

Company Μ. THALASSINOS A.E., with Trade Name OASIS BEACH HOTEL is committed to protect your personal data which are disclosed to the company by any source such as emails, fax, business cards, company’s site, databases etc. according Law 2472/1997, in force and as amended and also in compliance with the European General Data Protection Regulation (GDPR - EU 2016/679).

Personal Data

Identification and contact information such as:

Name, surname, phone number, email, VAT, TAX office, address details (country, town state, postal code), date of birth, passport number, voucher number, reference number, nationality.

Health and biometrical data

Allergies, nutritional habits, dermatological diseases, height, etc

Use of Personal Data

• Accounting reasons (for example contracts, cooperation agreements, invoices, etc)
• Financial information (information on services cost, account balances, etc)
• Promotional reasons, newsletters, customer satisfaction surveys, etc.
• Room reservation and provision of hotel services.
• Reservation via websites and internet
• Reservation via travel agencies and tour operators
• Internal use by our company

OASIS BEACH HOTEL ensures that all legal and appropriate measures are being taken for the protection and confidentiality of personal data collected, in order (among other reasons) to prevent any non-authorized access to those data, as well as of the equipment used for their processing and archiving.
For the purposes of this policy, the term ¨data subject¨ includes all the individuals or single member- companies, whose personal data we possess (data subject is the individual related to the term “personal data”).
Our company guarantees that your personal data will not be used for other purposes, except for the ones that are mentioned in this policy, without prior notice and without your approval, when such is required. We do not share personal data with third parties who are not related to us, unless it is required by our legal professional purposes and needs, in order to fulfil your demands or/and unless it is imposed by law.

TIME PERIOD OF RETENTION AND USE OF PERSONAL DATA
We are committed to keeping your personal data in a safe place with controlled access for as long as it is required. You may submit a deletion request within a shorter time, which we will satisfy upon checking on the legal basis of the processing and our legal obligations, as well as on the provisions of our binding contract.

DISCLOSURE OF PERSONAL DATA
We may disclose your personal information to third parties who are processing data on behalf of our Company, including, but not limited to, providers of data processing systems support.
Transfer to processors will take place only upon meeting the legal requirements provided for in articles 24 and 28 of the Regulation.
In case of data transfer to non-European countries, the Company shall inform the data subject in advance and ensure that adequate precautions are taken, so that all the appropriate (by means of expertise, reliability and recourses) technical and organizational measures are implemented, in such a way that the processing is legal and that the rights of the subjects are being protected.

SAFETY AND PROTECTION OF DATA
Our company applies all the necessary policies and processes of technical and organizational safety in order to protect your personal data from being lost, amended, damaged, misused or accessed by a non-authorized person.
Our Company executives who have access to the data are obliged to respect the confidentiality of these data.

RIGHTS ON PERSONAL DATA
You have the possibility to apply for:
• Access to your data
• Review of the personal data that we possess
• Rectification of false/inaccurate information and completion of incomplete information
• Erasure of your personal data
• Portability of your data
• Restriction to the processing of your data
• Opposition to your data processing as long as the conditions of 21 Article of GDPR are met.
We handle your requests with the utmost care to ensure that your rights are protected. We may ask for your identity card to make sure we do not share your personal information with someone else.
You should be aware that in certain cases (for example, due to legal obligations), we may not be able to respond to your request immediately. However, we will notify you of the progress of your request within one month, at the latest.
You should be aware that during our contractual relationship, personal data required by law or by our contract, are legally processed and cannot be disputed. Consequently, the rights of objection, limitation and deletion should concern data processing for other purposes and not for the legal or contractual ones.
Furthermore, in some cases (due to, for example, legal obligations), we may not be able to satisfy your request immediately. However you will receive a response to your request within one month after submission at the latest.
You always reserve the right to submit a complaint by contacting the Data Protection Officer of the company Μ. THALASSINOS A.E. either by sending a letter at company’s office CHERSONISOU or by email at dpo@oasisbeach.gr , mentioning your full personal details and the reason for which you are contacting Μ. THALASSINOS A.E


WITHDRAWAL OF CONSENT
You may, at any time, withdraw the consent you have granted our company for the processing and disclosure of your Personal Data.
However, you must understand that this withdrawal will not affect the legitimacy of the processing, based on your consent for the period before your withdrawal.
Furthermore, your right to withdraw your consent is subject to the above-mentioned exceptions due to statutory or contract restrictions.
In case you want to withdraw your consent, please send a signed declaration at the Data Protection Officer of the company Μ. THALASSINOS A.E., either by letter to the company’s office ANISSARAS CHERSONISOU or by email at dpo@oasisbeach.gr , mentioning your full personal details and the reason for which you are contacting Μ. THALASSINOS A.E