Privacy Policy
Privacy Policy
In COLOSSOS S.A. we respect your privacy and protect your personal data. With this policy we aim to keep you informed of the personal data we collect and process during our operation. Your personal data are collected and maintained for the necessary time, for specified, explicit and legal purposes, processed legally and legitimately in a transparent manner, always in accordance with the applicable legal framework and in a manner that guarantees their integrity and confidentiality. These data shall at all times be appropriate, relevant, suitable and not exceeding those required in the light of the foregoing purposes and shall be accurate and, where necessary, updated.
Controller Details
Distinctive Title: COLOSSOS S.A.
Registered Office: RHODES, OP. ROAD RHODES KALLITHEA
TIN: 094049041
TAX OFFICE: RHODES
Concepts and Definitions
"Processing of Personal Data": any operation or set of operations which is performed on personal data or on sets of personal data, whether by automated means or not, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
"Controller" means the natural or legal person, public authority, service or other body that, alone or in conjunction with others, determines the purposes and manner of processing personal data.
"Processor" is a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the "Controller".
"Consent" of the data subject: any indication of will, free, specific, explicit and fully aware, with which the data subject indicates that he / she agrees, by statement or by clear affirmative action, to the processing of personal data related to it
"Violation of personal data": a breach of security that results in accidental or illegal destruction, loss, alteration, unauthorized disclosure or access to personal data transmitted, stored or otherwise processed
"Health data": personal data related to the physical or mental health of a natural person, including the provision of health care services, which discloses information about his or her state of health.
"Special categories of personal data / Sensitive personal data": personal data revealing racial or ethnic origin, political beliefs, religious or philosophical beliefs or participation in trade union data, as well as genetic data processing, biomedical data processing for the purpose of unambiguously identifying a person, health data or data relating to a person's sexual life or sexual orientation.
General Principles of Personal Data Processing
• Shall be collected for specified express and legal purposes
• Shall be appropriate, relevant and limited to those necessary for the purposes for which they are processed
• Shall be accurate and up-to-date
• Shall be processed in such a way as to guarantee the appropriate security of personal data, including their protection against unauthorized or illegal processing and accidental loss, destruction or damage, using appropriate technical or organizational measures.
• Shall be retained only for the time required for the processing of personal data. In some cases may be retained for a longer period, especially if the processing of these data is deemed necessary for
A) the observance of a legal obligation imposed by a provision of another law.
B) COLOSSOS S.A. fulfillment of public interest purpose.
C) archiving for the purposes of public interest, scientific or historical research
D) for statistical purposes
E) for the foundation, opposition, exercise or support of legal claims.
Legal Framework for the Protection of Personal Data
• Directive 95/46/EP of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR).
• Directive 2002/58/EP of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and the protection of private life in the sector of electronic communications.
• Directive 1/2011 of the Personal Data Protection Authority on the use of Video Surveillance Systems for the Protection of Persons and Goods.
• Directive 115/2001 of the Personal Data Protection Authority on the protection of personal data in the sector of labor relations.
• Law 3471/2006 on the protection of personal data and private life in the sector of electronic communications
• Regulations of the competent administrative bodies.
Processing Purposes
a) For the management of room reservations and any other hosting services
b) For the management of relationships with you before, during and after your stay at the hotel
c) For the Company's compliance with Greek and European Law
d) For marketing purposes
e) For the establishment, recognition, exercise or defense right and legal claims
f) To support business processes
g) To improve our hotel services
h) For the security of our information systems
Legal basis for processing personal data
a) your consent
b) the necessity to process your data in the context of our contractual obligation or at the pre-contractual stage
c) the necessity to process your data in compliance with our legal obligation
d) the necessity to process your data in the context of safeguarding our legal interests
e) the necessity to process the data to protect the vital interests of you or the person who is accompanied
f) the need for statistical data
Data processed by COLOSSOS S.A.
Purposes/ Legal basis for processing:
- Managing the working relationship between COLOSSOS S.A. and employee / external partner. The processing of this data is considered necessary for the performance of the employment contract.
- Fulfillment of the corporate obligations of COLOSSOS S.A. The processing of the data is necessary for the compliance of COLOSSOS S.A. with its legal obligations.
COLOSSOS S.A. collects and processes candidates' personal data for vacancies. The data are collected by the candidate by applying for it in various ways (sending via email, using recruitment platforms etc.). In case of non-recruitment, the candidate's CV is retained for one year to cover any future vacancies"
Purposes / Legal basis for processing
- The evaluation of the candidate's suitability to fill a specific job. The legal basis for processing is the legal interest of COLOSSOS S.A. and the consent of the prospective employee.
a) Full name, postal address, capacity, occupation, email.
b) Image data (photography / video recording). In the context of the implementation of COLOSSOS S.A. activities, it is possible to take pictures and / or video surveillance of the various events, conferences or workshops organized by COLOSSOS S.A. This data are likely to be posted on the site or social media managed by COLOSSOS S.A.
Purposes / Legal basis for processing
- The purpose is the successful organization. The processing of personal data is considered essential for the successful management and organization of their actions and purposes.
Purpose / Legal processing: - Performance of a contract of which the subject is a contracting part - Consent of the subject - Compliance with legal obligation of COLOSSOS S.A. Suppliers: full name, TIN, IBAN, contact phone number, address, email Purposes / Legal basis for processing : - Performing a contract of which the subject is a contracting part
Special Categories
Residents / Visitors / Conference Participants: COLOSSOS S.A. may process data belonging to specific categories of personal data ("sensitive data"), such as data on eating habits, allergies, religious preferences, illnesses, etc.
Purposes / Legal basis for processing:
- Fulfillment of obligations and exercise of specific rights of COLOSSOS S.A. or data subject in the sector of labor law and social security and social protection law.
- Protecting the data subject's vital interests
Persons who have stated their wish through explicit consent to receive news and updates from COLOSSOS SA.
Purposes / Legal basis for processing:
The consent of persons wishing to receive updates and offers from COLOSSOS S.A .
Data Transfer
• Affiliates. Your information may be shared with affiliates of COLOSSOS S.A.
• Business partners. We may also share your information with trusted business partners. These affiliates may use your information to provide you with the services you requested and with promotional material, ads and other material if you have given your consent.
• Service Providers and / or any third party who may perform the processing on our behalf. We may also disclose your information to companies that provide services on our behalf, such as IT subcontractors, companies that send bulk emails on our behalf, banks, credit card issuers, law firms, mail services companies, print service companies, etc
• Credit Approval: When you apply for a credit, your personal information is used and disclosed to appropriate third parties in accordance with applicable law in order to decide on granting and maintaining a credit limit for you. • Other third parties with your consent or order. In addition to the disclosures described in this Privacy Policy, we may share information about you with third parties if you consent or request it.
a) to judicial and prosecutorial authorities during the exercise of their duties, ex officio or at the request of a third party invoked in a legitimate interest and in accordance with legal procedures,
b) to other bodies of the Greek State, which by virtue of their constitutions have such a right and competence.
Data Retention Time
Personal Data Subject Rights
• The right of correction of the data.
• The right to delete data ("right to forget").
• The right to restrict the processing of data.
• Τhe right to the portability of his/her data.
• The right of objection to the data processing.
In case that your request is not satisfied, COLOSSOS S.A. will inform you within one month of receipt of the request, of the relevant reasons and the possibility to file a complaint with the Data Protection Authority, as well as the right to appeal to the competent judicial authorities.
If your claim is judged by COLOSSOS S.A. to be manifestly unfounded or excessive, it may charge a reasonable and proportionate fee, taking into account administrative costs for its satisfaction it or refusing to process your claim.