WHO WE ARE
Our website address is https://sunsethillsuites.com and it constitutes the electronic presence of our company under the name of “MINA STUDIOS OE”. The headquarters of the company are located at Mykonos Island, Greece.
PROTECTION & PROCESSING OF GENERAL PERSONAL DATA
Personal Data (PD) is any information relating to an identified or identifiable natural person. An identifiable natural person is one whose identity can be ascertained, directly or indirectly, by reference to an identification identifier, such as a name, identity number, location data, online identity card, or one or more factors matching the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person. This also applies to more personal information such as habits, preferences, biometric data, etc. Every company that manages personal data relating to living natural persons within the EU, is required, from 25th of May 2018, to fully comply with EU Data Protection Regulation 679/2016 on the protection of personal data. The Regulation is directly applicable in all EU Member States. The collection of PD is a form of processing, such as storing, organizing, structuring, altering, retrieving, searching for information, using, disclosing, deleting, or destroying. An enterprise through its Privacy Policy, informs natural persons about the processing of their PD, by helping them make conscious decisions about their relation with the business.
PRIVACY POLICY
The enterprise has to collect PD (i.e. personal information) for the effective execution of everyday business functions and services and on some occasions for compliance with the legislation and/or the regulations that it applies. The Privacy Policy declares our compliance with the Regulation on the Protection of Personal Data and also our respect for the protection of the privacy and security of personal data. Furthermore, it aims to: • Inform the natural persons about the PD we collect and process, for what purpose, in what way, and for how long. • Ensure that natural persons are aware of their rights and of our duty for accountability and security. • Provides an easy and clear way of securing your consent, as one of the six legal bases for processing PD, and at the same time enables you to withdraw this consent whenever you want. The Privacy Policy generally applies to any natural person who has or intends to have any kind of cooperation with us.
WHAT KIND OF PD WE ARE PROCESSING
When you call us, visit our website, ask questions or book one of our rooms/services, we may ask you for information (PD) such as name, address, email, telephone number, IBAN, age, and date of birth. Furthermore, it is likely that you choose to voluntarily disclose to us additional PD (as in the case of sending a CV) or send us additional information (such as your update on specialized and personal products).
We collect information, directly or indirectly, in the following ways:
• Information you give us when you contact us or visit our website.
• Information we receive from your usage of our products and services or our collaborators services.
• We use various kinds of technologies for the collection and storage of the information, including the use of cookies (see below).
• It is likely to use information from advertising networks, our customers or third parties, in order to let you know about special services that may interest you. For further information on how to access, manage or delete information, see sections below.
HOW WE USE PD?
We use the information we collect, according to the consent you provide us with (section 8), in order to:
• Process your reservation
• Provide you with personalized and updated services
• Contact you to inform you about new services or products that may interest you
• Process your payment or prevent or detect potential fraud
• Answer your questions
• Implement the framework of this Privacy Policy.
When you contact us, we keep a record of our communication messages so as to resolve any issues you may have.
We do not allow any unauthorized entities, especially without your consent, to access your information. Your consent is a prerequisite for all the above (see sections below).
WHO DO WE SHARE YOUR PD WITH
We do not disclosure or share PD with companies, organizations or natural persons outside our business unless one of the following situations occurs:
• With your own consent: we share your personal information with companies, organizations, and natural persons when we have your explicit consent.
• For external processing: We provide personal information to our external partners and businesses or people we trust in order to process it on our behalf based on our guidelines and in accordance with our Privacy Policy and any other confidentiality and security measures.
• For legal purposes: We share personal information with public services when it is reasonably necessary and in order to comply with laws, regulations, legal procedures, or governmental demands
• For scientific research: We provide non-identifiable data for scientific research or statistical studies.
YOUR RIGHTS AND OUR OBLIGATIONS
YOUR RIGHTS
Our clients, the users of our services, and our website visitors, have rights under the Regulation for the Protection of Personal Data (which should not be in contrary to the legislation).
The rights of natural persons are the followings:
• The right of access to their PD
• The right to correct their PD
• The right to delete their PD
• The right to restrict the process of their PD
• The right to be informed about correcting or deleting or limiting the processing of their own PD
• The right to the portability of their PD
• The right to object to the processing of their PD
• The right to object to automated decision making including profile instructions.
OUR OBLIGATIONS
Our obligations include:
• The principle of accountability with respect to the 6 principles of processing the PD (legitimacy, objectivity, transparency, purpose limitation, minimization of PD, the accuracy of PD, limitation of the storage period, security, integrity, and confidentiality).
• Every process of the PD is legitimate only if one of the following 6 conditions applies:
– The subject of the data has consented to the processing of the data.
– The process of the PD is necessary for undertaking a contract, where the subject is a party.
– Processing is necessary for compliance with the legal obligation of the controller.
– Processing is necessary to safeguard the vital interest of the natural person.
– Processing is necessary for the fulfillment of a duty to the public interest or during the exercise of public authority entrusted to the controller.
– Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party unless the interest or fundamental rights and freedoms of the natural person prevail. In addition, we implement the appropriate technical and organizational measures to protect our company and our customers against unauthorized access or alteration, tampering or destruction of the PD we have in our possession. Specifically:
– We encrypt many of our services.
– We control data collection, storage, and processing practices, including security measures, to protect against access to systems.
– Access to personal information is limited and controlled, and these natural persons are subject to strict contractual obligations of confidentiality.
– In case outside partners (for maintenance or support purposes) have potential access to PD, certain appendices of the existing cooperation contracts cover the requirements of the Regulation. Throughout the entire processing cycle of PD (from collection to destruction of the PD), we take the appropriate technical and organizational measures to ensure the confidentiality, integrity, and availability of PD. Similar measures are required by third parties handling or processing PD.
ACCESS TO YOUR OWN PD AND INFORMATION
Within the scope of the Rights granted to you by the Regulation, you can view and request a correction or limitation of processing or deleting the PD. In such cases, you are requested to fill in a subject access request (SAR). We are obliged to respond to you within one month of the receipt of the SAR. The exercise of the rights of a natural person can always be done under the existing legislation (eg you cannot ask for a deletion of your PD when the labor law requires it to be retained for 10 years). Every time you use our services, our goal is to provide you with access to your own PD. If this data is incorrect, we put efforts to provide you ways for quick update or deletion of this data –unless we have to maintain this information due to relevant legislation or for legitimate purposes. You can exercise your rights by sending an email to ‘’Contact Us’’ asking for a Subject Access Request (SAR) form, and submitting the properly filled SAR form through the “Contact Us”. We are obliged to respond to you within one month of the receipt of your SAR.
COOKIES INFORMATION
We use cookies (Session or transient / Permanent, persistent or stored / Flash cookies) in order to improve the speed and the quality of the service, every time you visit our website. The cookie is information, in file format, which stores on your computer and improves the performance of the website regarding your service. The user is informed about the use of cookies. The ongoing use of the site indicates its consent to its use. If, despite the above, the user does not want to use them, then he can deactivate them, Deactivating them, reduces the performance of certain features on the site.
HOW DO WE USE COOKIES ?
As most of the online services, our website uses cookies first-party and third-party cookies for a number of purposes. The first-party cookies are mostly necessary for the website to function the right way, and they do not collect any of your personally identifiable data.
The third-party cookies used on our websites are used mainly for understanding how the website performs, how you interact with our website, keeping our services secure, providing advertisements that are relevant to you, and all in all providing you with a better and improved user experience and help speed up your future interactions with our website.
WHAT TYPES OF COOKIES DO WE USE ?
The cookies used on our website are grouped into the following categories.
NECESSARY
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
ANALYTICS
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
ADVERTISEMENT
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
HOW CAN I CONTROL THE COOKIE PREFERENCES ?
You can manage your cookies preferences by clicking on the “Settings” button and enabling or disabling the cookie categories on the popup according to your preferences.
Should you decide to change your preferences later through your browsing session, you can click on the “Privacy & Cookie Policy” tab on your screen. This will display the consent notice again enabling you to change your preferences or withdraw your consent entirely.
In addition to this, different browsers provide different methods to block and delete cookies used by websites. You can change the settings of your browser to block/delete the cookies. To find out more on how to manage and delete cookies, visit wikipedia.org, www.allaboutcookies.org.