Privacy Policy

Privacy Policy

In COLOSSOS S.A. we respect your privacy and protect your personal data. With this policy we aim to keep you informed of the personal data we collect and process during our operation. Your personal data are collected and maintained for the necessary time, for specified, explicit and legal purposes, processed legally and legitimately in a transparent manner, always in accordance with the applicable legal framework and in a manner that guarantees their integrity and confidentiality. These data shall at all times be appropriate, relevant, suitable and not exceeding those required in the light of the foregoing purposes and shall be accurate and, where necessary, updated.

Controller Details

Trade Name: COLOSSOS S.A.
Distinctive Title: COLOSSOS S.A.
Registered Office: RHODES, OP. ROAD RHODES KALLITHEA
TIN: 094049041
TAX OFFICE: RHODES

Concepts and Definitions

"Personal Data": any information relating to an identified or identifiable natural person ("data subject"); identifiable natural person is one whose identity can be ascertained, directly or indirectly, in particular by reference to an identifier, such as name, ID number, location data, online identity, or one or more factors specific to the physical, physiological, genetic, psychological, economic, cultural or social identity of such natural person.

"Processing of Personal Data": any operation or set of operations which is performed on personal data or on sets of personal data, whether by automated means or not, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

"Controller" means the natural or legal person, public authority, service or other body that, alone or in conjunction with others, determines the purposes and manner of processing personal data.

"Processor" is a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the "Controller".

"Consent" of the data subject: any indication of will, free, specific, explicit and fully aware, with which the data subject indicates that he / she agrees, by statement or by clear affirmative action, to the processing of personal data related to it

"Violation of personal data": a breach of security that results in accidental or illegal destruction, loss, alteration, unauthorized disclosure or access to personal data transmitted, stored or otherwise processed

"Health data": personal data related to the physical or mental health of a natural person, including the provision of health care services, which discloses information about his or her state of health.

"Special categories of personal data / Sensitive personal data": personal data revealing racial or ethnic origin, political beliefs, religious or philosophical beliefs or participation in trade union data, as well as genetic data processing, biomedical data processing for the purpose of unambiguously identifying a person, health data or data relating to a person's sexual life or sexual orientation.

General Principles of Personal Data Processing

COLOSSOS S.A. ensures that the personal data processed
• Shall be submitted in process which is legal and legitimate with respect to the data subject
• Shall be collected for specified express and legal purposes
• Shall be appropriate, relevant and limited to those necessary for the purposes for which they are processed
• Shall be accurate and up-to-date
• Shall be processed in such a way as to guarantee the appropriate security of personal data, including their protection against unauthorized or illegal processing and accidental loss, destruction or damage, using appropriate technical or organizational measures.
• Shall be retained only for the time required for the processing of personal data. In some cases may be retained for a longer period, especially if the processing of these data is deemed necessary for
A) the observance of a legal obligation imposed by a provision of another law.
B) COLOSSOS S.A. fulfillment of public interest purpose.
C) archiving for the purposes of public interest, scientific or historical research
D) for statistical purposes
E) for the foundation, opposition, exercise or support of legal claims.

Legal Framework for the Protection of Personal Data

In addition to the European Parliament's General Data Protection Regulation (2016/679) on the protection of individuals with regard to the processing of personal data and the free movement of such data, applies any national law in force relating to the processing and protection of personal data. Indicatively the following applicable laws are mentioned:
• Law 2472/1997 on the protection of the individual from the processing of personal data.
• Directive 95/46/EP of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR).
• Directive 2002/58/EP of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and the protection of private life in the sector of electronic communications.
• Directive 1/2011 of the Personal Data Protection Authority on the use of Video Surveillance Systems for the Protection of Persons and Goods.
• Directive 115/2001 of the Personal Data Protection Authority on the protection of personal data in the sector of labor relations.
• Law 3471/2006 on the protection of personal data and private life in the sector of electronic communications
• Regulations of the competent administrative bodies.

Processing Purposes

According to the above legal framework, the personal information collected by COLOSSOS S.A. is used for the following processing purposes:
a) For the management of room reservations and any other hosting services
b) For the management of relationships with you before, during and after your stay at the hotel
c) For the Company's compliance with Greek and European Law
d) For marketing purposes
e) For the establishment, recognition, exercise or defense right and legal claims
f) To support business processes
g) To improve our hotel services
h) For the security of our information systems

Legal basis for processing personal data

COLOSSOS S.A. processes your personal data with transparency in accordance with the principles of legality, proportionality, confidentiality and integrity, limitation of purpose and accuracy, specific time of data retention and data minimization.
The legal basis for processing your personal data may be:
a) your consent
b) the necessity to process your data in the context of our contractual obligation or at the pre-contractual stage
c) the necessity to process your data in compliance with our legal obligation
d) the necessity to process your data in the context of safeguarding our legal interests
e) the necessity to process the data to protect the vital interests of you or the person who is accompanied
f) the need for statistical data

Data processed by COLOSSOS S.A.

According to the purposes above, COLOSSOS S.A. collects and processes personal data, including as follows:
Employees / External Partners: full name, father’s name, mother’s name, year of birth, place of birth, gender, citizenship, address, email address, contact phone numbers, ID card number, Tax Ιdentification Number (TIN), Social Security Registration Number (AMKA), individual bank account number (IBAN), details of marital status, education and training of employee / associate, previous service, curriculum vitae, salary, working hours, medical record / health certificate
Purposes/ Legal basis for processing:
- Managing the working relationship between COLOSSOS S.A. and employee / external partner. The processing of this data is considered necessary for the performance of the employment contract.
- Fulfillment of the corporate obligations of COLOSSOS S.A. The processing of the data is necessary for the compliance of COLOSSOS S.A. with its legal obligations.
Candidate Employees: name, surname, contact information, education, work experience, email, citizenship, marital status
COLOSSOS S.A. collects and processes candidates' personal data for vacancies. The data are collected by the candidate by applying for it in various ways (sending via email, using recruitment platforms etc.). In case of non-recruitment, the candidate's CV is retained for one year to cover any future vacancies"
Purposes / Legal basis for processing
- The evaluation of the candidate's suitability to fill a specific job. The legal basis for processing is the legal interest of COLOSSOS S.A. and the consent of the prospective employee.
Participants, speakers and invited to scientific conferences, actions and events
a) Full name, postal address, capacity, occupation, email.
b) Image data (photography / video recording). In the context of the implementation of COLOSSOS S.A. activities, it is possible to take pictures and / or video surveillance of the various events, conferences or workshops organized by COLOSSOS S.A. This data are likely to be posted on the site or social media managed by COLOSSOS S.A.
Purposes / Legal basis for processing 
- The purpose is the successful organization. The processing of personal data is considered essential for the successful management and organization of their actions and purposes.
Residents / Guests in the Hotel: full name, passport number, date of birth, credit card number, length of stay, price, email, address, phone number, billing information
Purpose / Legal processing: - Performance of a contract of which the subject is a contracting part - Consent of the subject - Compliance with legal obligation of COLOSSOS S.A. Suppliers: full name, TIN, IBAN, contact phone number, address, email Purposes / Legal basis for processing : - Performing a contract of which the subject is a contracting part

Special Categories

Employees: COLOSSOS S.A. may collect and process data belonging to specific categories of personal data ('sensitive data'), such as data relating to the health of its employees, in order to meet its insurance obligations. Similarly, in exceptional cases, when required by applicable law, COLOSSOS S.A. may collect and process data relating to criminal convictions or offenses, such as copies of a criminal record, always respecting the principle of proportionality.
Residents / Visitors / Conference Participants: COLOSSOS S.A. may process data belonging to specific categories of personal data ("sensitive data"), such as data on eating habits, allergies, religious preferences, illnesses, etc.
Purposes / Legal basis for processing:
- Fulfillment of obligations and exercise of specific rights of COLOSSOS S.A. or data subject in the sector of labor law and social security and social protection law.
- Protecting the data subject's vital interests
Contact Information
Persons who have stated their wish through explicit consent to receive news and updates from COLOSSOS SA.
Purposes / Legal basis for processing:
The consent of persons wishing to receive updates and offers from COLOSSOS S.A .

Data Transfer

The entire workforce employed by COLOSSOS S.A. and processes your personal data is contractually bound by clauses on the confidentiality and privacy of such data. In COLOSSOS S.A. is part of our philosophy and our basic principle that we will not disclose your information to third parties for their own independent business or marketing purposes without your consent.
However, we may share your information with the following agencies:
• Affiliates. Your information may be shared with affiliates of COLOSSOS S.A.
• Business partners. We may also share your information with trusted business partners. These affiliates may use your information to provide you with the services you requested and with promotional material, ads and other material if you have given your consent.
Service Providers and / or any third party who may perform the processing on our behalf. We may also disclose your information to companies that provide services on our behalf, such as IT subcontractors, companies that send bulk emails on our behalf, banks, credit card issuers, law firms, mail services companies, print service companies, etc
Credit Approval: When you apply for a credit, your personal information is used and disclosed to appropriate third parties in accordance with applicable law in order to decide on granting and maintaining a credit limit for you. • Other third parties with your consent or order. In addition to the disclosures described in this Privacy Policy, we may share information about you with third parties if you consent or request it.
Exceptionally access to your personal data is permitted:
a) to judicial and prosecutorial authorities during the exercise of their duties, ex officio or at the request of a third party invoked in a legitimate interest and in accordance with legal procedures,
b) to other bodies of the Greek State, which by virtue of their constitutions have such a right and competence.

Data Retention Time

We take reasonable measures to ensure that your personal information is retained only for as long as it is needed and for the purpose for which it was collected or for as long as required by contract or applicable law.
The CVs collected by the relevant Human Resources department shall be retained for two years and subsequently destroyed.
Tax information shall be maintained in accordance with tax law.

Personal Data Subject Rights

COLOSSOS S.A. ensures that data subjects can at any time exercise the rights granted them by law regarding the collection and processing of personal data. These rights are the following:
• The right of access to the data.
• The right of correction of the data.
• The right to delete data ("right to forget").
• The right to restrict the processing of data.
• Τhe right to the portability of his/her data.
• The right of objection to the data processing.
Any request of the person / entity is submitted to COLOSSOS S.A., at the following e-mail: privacy@colossos-sa.gr.
COLOSSOS S.A. will respond to your request free of charge, without delay and in any case within one month of receipt of the request, except in exceptional cases, so that the above deadline may be extended by further two months, if necessary, taking into account the complexity the request and / or the number of requests. COLOSSOS S.A. will inform you of any extension within one month of receipt of the request, as well as the reasons for the delay.
In case that your request is not satisfied, COLOSSOS S.A. will inform you within one month of receipt of the request, of the relevant reasons and the possibility to file a complaint with the Data Protection Authority, as well as the right to appeal to the competent judicial authorities.
If your claim is judged by COLOSSOS S.A. to be manifestly unfounded or excessive, it may charge a reasonable and proportionate fee, taking into account administrative costs for its satisfaction it or refusing to process your claim.

Data Protection Officer Information

Papakonstantinou Konstantinos
Data Protector Officer (DPO)
Colossos SA | Hotel & Tourist Enterprises
T: +30 22410 85502
M: +30 6945 465151
@: papakonstantinou@colossos-sa.gr

Complaint to the Competent Authority.

If you believe that personal data protection is in any way violated, you can contact the Personal Data Protection Authority (www.dpa.gr, 1-3 Kifissias Avenue, PO Box 115 23, Athens, +30 210 6475600, +30 210 6475628, contact@dpa.gr)

Changes to this Policy

COLOSSOS S.A. may unilaterally revise this Policy at any time for reasons of compliance with regulatory changes or for operational purposes. We encourage you to review this Policy at regular intervals to inform you on how COLOSSOS S.A. manages and processes your personal data. This Policy was posted on 29/11/2019.

Book Now

Book Now

Close
+
+
+
Why Book Direct

Book Direct Benefits

Booking directly with us means you’re guaranteed to get our absolute best rates and will take advantage of any special offer we’re running. For these and other benefits, including possible room upgrades, we look forward to hearing directly from you.