Welcome to ELECTRA HOTELS & RESORTS GROUP
Our Group is comprised of the following companies that operate the Hotels listed next to each company name:
– The societe anonyme under the corporate name “HOTEL ENTERPRISES ELEKTRA SA”, which operates the hotels ELECTRA at 5 Ermou str in Athens and ELECTRA PALACE at Aristotelous Square in Thessaloniki.
Contact details of the data controller: HOTEL ENTERPRISES ELECTRA SA, Head office: 5 Ermou str, Athens, Tax Registration Number: 094075519, Tax Office: FAE ATHINON, Tel.: 2310294000
– The societe anonyme under the corporate name “HOTEL AND TOURISM COMPANY ELECTRA SA”, which operates the hotel ELECTRA PALACE at 18 Navarchou Nikodimou str in Athens.
Contact details of the data controller: HOTEL AND TOURISM COMPANY ELECTRA SA Head office: 18 Navarchou Nikodimou str, Athens, Tax Registration Number: 094030956, Tax Office: FAE ATHINON, Tel.: 2103370000
– The societe anonyme under the corporate name “HOTELS ELECTRA SA”, which operates the hotel ELECTRA PALACE in Rhodes.
Contact details of the data controller: HOTELS ELECTRA SA, Head Office: 5 Ermou str, Athens, Tax Registration Number: 094439368, Tax Office: FAE ATHINON, Tel.: 2103378000
– The societe anonyme under the corporate name “HOTEL ENTERPRISES AGIA DINAMIS SA”, which operates the hotel ELECTRA METROPOLIS at 15 Mitropoleos str in Athens.
Contact details of the data controller: HOTEL ENTERPRISES AGIA DINAMIS SA, distinctive title: ELECTRA METROPOLIS SA, Head Office: 15 Mitropoleos str, Athens, Tax Registration Number: 800648709, Tax Office: FAE ATHINON, Tel.: 21410062000
– The societe anonyme under the corporate name “ELECTRA MANAGEMENT SA”
Contact details of the data controller: ELECTRA MANAGEMENT SA., Head Office: 8 Xenofontos & Felellinon str, Athens, Tax Registration Number: 800648709, Tax Office: FAE ATHINON,
– The societe anonyme under the corporate name “ELECTRA KEFALONIA SA”, which operates the hotel ELECTRA KEFALONIA HOTEL & SPA in Kefalonia.
Contact details of the data controller: ELECTRA KEFALONIA SA, Head Office: 2 Bouziki str., Athens, Tax Registration Number: 800966816, Tax Office: FAE ATHINON, Tel.: 2103370006
Α. Objects and purpose of this policy
Our Group, ELECTRA HOTELS & RESORTS GROUP respects your privacy and protects your personal data. Each of the above companies is commercially independent.For any issue that may be addressed herein, you may contact the data protection officer listed below. With this policy we aim to keep you informed of the personal data we collect and process during our operation. Your personal data is collected and maintained for the necessary time, for the specified, explicit and legitimate purposes described below, processed in a lawful, fair and transparent manner, always in accordance with the applicable legal framework and in a manner that guarantees completeness and confidentiality. This data shall be suitable, relevant, appropriate, and not exceed the data required in the light of the foregoing purposes and shall be accurate and, if necessary, updated.
Β. Concepts and Definitions
“Personal data”: any information relating to an identified or identifiable natural person (“data subject”). Identifiable is the natural person whose identity can be directly or indirectly identified, in particular by reference to an identifier such as name, identification number, location data, an online identifier or one of several special characteristics, which expresses the physical, physiological, genetic, mental, commercial, cultural or social identity of this natural person.
“Processing of Personal Data”: any act or series of acts performed with or without the use of automated means on personal data or on personal data sets, such as the collection, registration, organization, structure, storage, adjustment or alteration, retrieval, search for information, use, disclosure by transmission, dissemination or any other form of distribution, link or combination, restriction, deletion or destruction.
“Data Controller” is the natural or legal person, public authority, agency or other body that, alone or in along with others, determines the purposes and manner of processing personal data.
“Performer of the processing” means the natural or legal person, public authority, service or other entity that processes personal data on behalf of the data controller.
“Consent” of the data subject: any indication of a free, specific, explicit and fully aware will, with which the data subject indicates that he or she agrees, with a statement or a clear affirmative action, to the processing of personal data relating to him / her
“Personal data breach“: the breach of security that results in accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access to personal data transmitted, stored or otherwise processed
“Health Data”: personal data related to the physical or mental health of a natural person, including the provision of health care services, and which discloses information about his or her state of health.
“Special categories of personal data/Sensitive personal data” personal data revealing racial or ethnic origin, political beliefs, religious or philosophical beliefs or participation in trade unions, as well as the processing of genetic data, biometric data for the unambiguous identification of face, health data or data concerning the sexual life of a natural person or the sexual orientation.
C. General Principles for the Processing of Personal Data
The ELECTRA HOTELS & RESORTS GROUP ensures that the personal data it processes are
- Subject to processing that is lawful and legitimate with respect to the data subject
- Collected for specified express and legal purposes
- Appropriate, relevant and limited to those necessary for the purposes for which they are processed
- Accurate and updated
- Processed in such a way as to guarantee the appropriate security of personal data, including their protection against unauthorized or unlawful processing and accidental loss, destruction or damage, by means of appropriate technical or organizational measures.
- Retained only for the time required for the processing of personal data. In some cases they may be retained for a longer period, especially if the processing of such data is deemed necessary for:
– the compliance with a legal obligation imposed by a provision of another law.
– the compliance of the ELECTRA HOTELS & RESORTS GROUP with the duty to fulfill a public interest objective.
– archiving for purposes of public interest, scientific or historical research
– for purposes relating to the protection of public health
– for statistical purposes
– for the foundation, opposition, exercise or support of legal claims.
D. Legal Framework for the Protection of Personal Data
In addition to the Regulation (EU) 2016/679 of the European Parliament and of the Council (2016/679) on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, any national law with respect to the processing and protection of personal data,
as well as the Directives issued by the Data Protection Authority, shall apply. Indicatively, the following laws are mentioned:
- Law 4624/2019 (Measures for the Implementation of the European Parliament’s General Data Protection Regulation [2016/679])
- Law 2472/1997 on the protection of individuals from the processing of personal data.
- Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data.
- Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector.
- Directive 1/2011 of the Data Protection Authority on the Use of Video Surveillance Systems for the Protection of Persons and Goods.
- Directive 115/2001 of the Data Protection Authority on the Protection of Personal Data in the Field of Labor Relations.
- Law 3471/2006 on the protection of personal data and privacy in the field of electronic communications
- Regulations of the relevant administrative bodies.
- Health Protocols, Acts of Legislative Content, Joint Ministerial Decisions.
Ε. Purposes of Processing
In accordance with the above legal framework, personal data collected by the ELECTRA HOTELS & RESORTS GROUP are used for the following processing purposes:
a) To manage the booking of rooms as well as any other hosting service
b) To manage the relationship with you before, during and after your stay at the hotel
c) For the Company’s compliance with Greek and European Law
d) For marketing purposes
e) For the establishment, recognition, exercise or defense of a right and legal claims
f) To support business processes
g) To improve our hotel services
h) For the security of our information systems
i) For membership acquisition programs such as the Electra Rewards program.
j) For the performance of a task performed in the public interest and in the field of public health
F. Legal basis for the Processing of Personal Data
The ELECTRA HOTELS & RESORTS GROUP processes your personal data transparently, in accordance with the principles of legality, proportionality, confidentiality and integrity, limitation of purpose and accuracy, specific time of data retention and data minimization.
The legal basis for processing your personal data may be:
a) your consent
b) the need to process your data in the context of our contractual obligation or at the pre-contractual stage
c) the need to process your data in accordance with our legal obligation
d) the need to process your data in the context of safeguarding our legitimate interests
e) the need to process data to protect the vital interests of you or the person you accompany
f) the need to export statistics
g) the need for processing to fulfil a duty in the public interest, in particular in the field of public health.
G. Data that the ELECTRA HOTELS & RESORTS GROUP processes
For the above purposes, the ELECTRA HOTELS & RESORTS GROUP collects and processes personal data, including indicatively the following:
G.1 Employees / External Partners: full name, father’s name, mother’s name, year of birth, place of birth, gender, nationality, address, email address, contact phone numbers, identification card number (ID), tax registration number (VAT), AMKA, bank account number (IBAN), marital status, education and training status of the employee/ partner, work experience, curriculum vitae, salary, working hours, medical record / health certificate
Purposes / Legal basis for data processing:
–Managing the working relationship between the ELECTRA HOTELS & RESORTS GROUP and the employee/external partner. The processing of this data is considered necessary for the performance of the employment contract.
– Fulfilling the employer’s obligations of the ELECTRA HOTELS & RESORTS GROUP. The processing of data is necessary for the compliance of the ELECTRA HOTELS & RESORTS GROUP with its legal obligations.
G.2. Prospective Employees: name, surname, contact information, education, work experience, email, nationality, marital status
The ELECTRA HOTELS & RESORTS GROUP collects and processes candidates’ personal data for vacancies. This data is collected by the candidate upon submission of the relevant application. In case of non-recruitment, the CV of the candidate is retained for 2 years to cover any future job opportunities.
Purposes / Legal basis for processing
-Assessment of the candidate’s suitability for a particular job vacancy. The legal basis for processing is the legal interest of the ELECTRA HOTELS & RESORTS GROUP and the consent of the prospective employee.
G.3. Participants, speakers and invited to scientific conferences, actions and events
a) Full name, postal address, status, profession, email.
b) Image data (photo / video recording). As part of the implementation of the actions of the ELECTRA HOTELS & RESORTS GROUP, it is possible to take pictures and / or videotape the various events, conferences or workshops organized by the ELECTRA HOTELS & RESORTS GROUP. This data may be posted on the site or social media managed by the ELECTRA HOTELS & RESORTS GROUP.
Purposes / Legal basis for data processing:
– The purpose is the successful organization. The processing of personal data is considered essential for the successful management and organization of their actions and purposes.
G.4. Hotel Residents / Visitors: full name, passport number, date of birth, credit card number, length of stay, price, email, address, telephone, pricing information
Purposes / Legal basis for data processing:
– Performance of a contract to which the subject is a party
– Consent of the subject
– Compliance with the legal obligation of the ELECTRA HOTELS & RESORTS GROUP.
G.5. Suppliers: Full Name, VAT, IBAN, Telephone, Address, Email
Purposes / Legal basis for data processing:
– Performance of a contract to which the subject is a contractual party
G.6. Special categories of personal data
G.6.1 Employees: The ELECTRA HOTELS & RESORTS GROUP may collect and process data belonging to specific categories of personal data (“sensitive data”), such as data relating to the health of its employees, in order to meet its insurance obligations. Electra HOTELS & RESORTS GROUP may also process health data in the context of the obligation to comply with the National Legislation and the application of the Health Protocols, as they apply each time. Similarly, in exceptional cases, when required by applicable law, the ELECTRA HOTELS & RESORTS GROUP may collect and process data relating to criminal convictions or offenses, such as copies of criminal records, always respecting the principle of proportionality.
Residents / Visitors / Conference Participants: The ELECTRA HOTELS & RESORTS GROUP may process data belonging to specific categories of personal data (“sensitive data”), such as data on eating habits, allergies, religious beliefs, illnesses etc.. Electra HOTELS & RESORTS GROUP may also process health data in the context of the obligation to comply with the National Legislation and the application of the Health Protocols, as they apply each time.
Purposes / Legal basis for data processing in the above cases under Ε.6:
– Fulfillment of the obligations and exercise of specific rights of the ELECTRA HOTELS & RESORTS GROUP or the data subject in the field of labor law and social security and social protection law.
– Protecting the data subject’s vital interests
– The fulfilment of a duty in the public interest, in the field of public health.
G.6.2 Communication Data
Persons who have expressed their wish through valid consent to receive news and updates from the ELECTRA HOTELS & RESORTS GROUP.
Purposes / Legal basis for data processing:
Consent of persons wishing to receive updates and offers from the ELECTRA HOTELS & RESORTS GROUP
Η. Transmission of Data
The entire workforce of the ELECTRA HOTELS & RESORTS GROUP that processes your personal data is contractually bound by the terms of confidentiality and privacy of your data. At ELECTRA HOTELS & RESORTS GROUP, it is part of our philosophy and our basic principle that we shall not disclose your information to third parties for their own independent business or marketing purposes without your consent.
However, we may share your information with the following:
- Affiliate companies.Your information may be shared with affiliates companies of the ELECTRA HOTELS & RESORTS GROUP.
- Business partners. We may also share your information with trusted business partners. These partners may use your information to provide the services you requested and to provide you with promotional material, advertisments, and other material, in the event you have given your consent.
- Service providers and / or any third party who may undertake the processing on our behalf. We may also disclose your information to companies that provide services on our behalf, such as IT subcontractors, companies that send bulk emails on our behalf, banks, credit card issuers, law firms, mail service companies, print service companies, etc.
- Credit Approval: When you apply for a credit, your personal information is used and disclosed to appropriate third parties in accordance with the applicable law, in order to decide on granting and maintaining a credit limit for you.
- Public Bodies (e.g., National Public Health Organization), where expressly provided for by national legislation.
Exceptionally, the following are allowed to have access to your personal data:
a) the judicial and prosecutorial authorities in the exercise of their functions of their own motion or at the request of a third party claiming a legitimate interest and in accordance with lawful procedures;
b) other bodies of the Greek State, which by virtue of their statutes have such a right and competence.
H. Data Retention Time
We take reasonable steps to ensure that your personal information is retained only for as long as it is necessary and for the purpose for which it was collected or for as long as it is required under contract or applicable law.
The CVs collected by the relevant HR department are kept for two years and then destroyed.
Tax information is maintained in accordance with tax law.
Ι. Rights of the Subjects of Personal Data
The ELECTRA HOTELS & RESORTS GROUP ensures that data subjects are able at any time to exercise their rights under the law regarding the collection and processing of personal data. These rights are as follows:
● The right to access the data.
● The right to correct the data.
● The right to delete data (“right to forget”).
●The right to limit the processing of data.
●The right to data portability.
●The right to object to the processing of data.
Any request by the individual/ subject is submitted to the ELECTRA HOTELS & RESORTS GROUP at: firstname.lastname@example.org
The ELECTRA HOTELS & RESORTS GROUP will respond to your request free of charge, without delay and in any event within one month upon receipt of the request, except in exceptional cases, so that the above deadline may be extended by a further two months if necessary, taking into account the complexity of the request and/or the number of requests. The ELECTRA HOTELS & RESORTS GROUP will inform you of any extension within one month upon receipt of the request, as well as of the reasons for the delay.
In the event that the satisfaction of your request is impossible, the ELECTRA HOTELS & RESORTS GROUP will inform you within one month upon receipt of the request, of the relevant reasons and of the possibility to file a complaint with the Data Protection Authority, as well as about your right to appeal to the competent judicial authorities.
If your claim is deemed by the ELECTRA HOTELS & RESORTS GROUP to be manifestly unfounded or excessive, it may give rise to the charge of a reasonable and proportionate fee, taking into account administrative costs to satisfy it or refusing to process your claim.
ΙΑ. DPO information
For any request regarding the processing of your personal data, please refer to the Data Protection Officer (DPO) of the ELECTRA HOTELS & RESORTS GROUP:
Full name: Giannis Bilianis
Τelephone: (+30) 2106462101
Address: 8 Xenofontos & Filellinon Street, Athens, PC: 10557
ΙΒ. Right to report to the Competent Authority.
In case you feel that your privacy is in any way affected, you may contact the Hellenic Data Protection Authority (www.dpa.gr, 1-3 Kifissias Avenue, 115 23, Athens, +30 210 6475600, +30 210 6475628, email@example.com).
ΙC. Changes to this Policy
The ELECTRA HOTELS & RESORTS GROUP may unilaterally revise this Policy at any time for reasons of compliance with regulatory changes or for operational purposes.
We encourage you to review this Policy regularly to find out how the ELECTRA HOTELS & RESORTS GROUP manages and processes your personal data.
This Policy was posted on 29.04.2021