Privacy Notice

Last Updated: May 24th, 2018

At APEX S.A, we are committed to protecting and respecting your privacy. Please read this notice as it contains important information about how we use personal data that we collect from you or that you provide to us.

Information & Consent

This Privacy Notice describes how we collect, use, process, and disclose your information, including personal information about you (hereinafter, the “User”), in conjunction with your access to and use of our booking system.

By reading this Privacy Notice, the user is hereby informed on how we collect, process and protect personal data furnished through the booking engine.

The User must carefully read this Privacy Notice, which has been written clearly and simply, to facilitate its understanding, and to freely and voluntarily determine whether they wish to provide their personal data, or those of third parties, to APEX S.A.

When this notice mentions “booking system,” “booking engine,” “system,” “website,” “platform,” “app,” “webapp,” “services,” “online services,” it refers to all pages and functions under https://pelionhomes.reserve-online.net/ unless specified otherwise.

By accessing the platform or providing information, you agree to our privacy practices as set out in this privacy statement. We may change this notice from time to time. You should check this notice frequently to ensure you are aware of the most recent version.

Identity

When this notice mentions “we,” “us,” or “our,”, “data controller,”, “controller,”, it refers to APEX S.A.

Data Controller

APEX S.A operates this booking system through a data processor, as explained below. For the purposes of the General Data Protection Regulation (“GDPR”) (EU) 2016/679, we are the Data Controller. There is a strict contractual framework between the data controller and the data processor for the protection of your personal information. We are:

Pelion Homes “APEX S.A”
Epar.Od. Agrias-Mileon 40, Ag. Georgios Nilias
373 00, Pelion
GR

Data Processor

WebHotelier operates this booking system on behalf of APEX S.A and is committed to protecting the privacy of the users of this system. WebHotelier is:

WebHotelier Technologies Limited
Mnasiadou 9 (Demokritos Building, Office 16)
1065 Nicosia
Cyprus

For the purposes of the GDPR, where WebHotelier processes your personal data on behalf of APEX S.A, WebHotelier is the the Data Processor. When this notice mentions “data processor,” “processor,” “WebHotelier,” it refers to WebHotelier Technologies Limited.

WebHotelier is a certified PCI-DSS Level 2 Service Provider audited monthly by Trustwave.

The User may contact WebHotelier's Data Protection Officer:

Data Protection Officer
dpo@webhotelier.net

Obligatory nature of providing the data

The data requested in the forms accessible from the booking engine are, in general, mandatory (unless specified otherwise in the required field) to meet the stated purposes. Accordingly, if they are not provided or are not provided correctly, we will be unable to process the request.

Personal data we collect and process

This will include:

  • personal information about you which we ask you for (e.g. your name, address, and email address) when you make a booking from our booking engine;
  • financial details in order to process your booking when we require pre-payment;
  • details of transactions you carry out through our booking engine and details of the fulfilment of your orders.
  • our data processor may only collect and process personal data collected and/or processed on behalf of us in accordance with our instructions. WebHotelier cannot process it in any other way or for any other purpose.

We grant permission to our data processor:

  • to use your personal information for reserving rooms and/or other services for you at APEX S.A;
  • to pass on your financial details to APEX S.A and/or appropriate third party (for example, credit card company) for the purpose of confirming or paying for a booking;
  • to use your information for marketing purposes (where you explicitly agree to this); and
  • to pre-complete forms and other details on our website to make your next visit to our booking engine easier (e.g. when amending or cancelling a booking).

Social Login:

In the event of registration and/or access through a third-party account, we may collect and access certain information of the User’s profile from the corresponding social network, solely for internal administrative purposes and/or for the purposes indicated above.

Third-party data (e.g. book for a friend)

In the event that the User provides third-party data, they declare that they have the third party’s consent and undertake to provide the interested party -the data holder- with the information contained in this Privacy Notice, duly exonerating us and our data processor from any liability in this regard. However, we may carry out the necessary verifications to verify this fact, adopting the corresponding due diligence measures, in accordance with the data protection regulations.

Sensitive Data

Unless specifically requested, we ask that you not send us, and you not disclose, on or through the Services or otherwise to us, any Sensitive Personal Data (e.g., social security numbers, national identification number, data related to racial or ethnic origin, political opinions, religion, ideological or other beliefs, health, biometrics or genetic characteristics, criminal background, trade union membership, or administrative or criminal proceedings and sanctions).

Use of Services by Minors

The Services are not directed to individuals under the age of sixteen (16), and we request that they not provide Personal Data through the Services.

Purpose of processing personal data

Depending on the User’s requests, the personal data collected will be processed in accordance with the following purposes:

  • To manage the bookings made, including payment management (where applicable) and the management of the user’s requests and preferences.
  • To manage registration in loyalty or membership programs, as well as obtaining and redeeming points.
  • To manage the User’s contact requests with us through the channels provided to this end.
  • To manage the sending of personalised commercial communications from us, by electronic and/or conventional means, in cases in which the User expressly consents.
  • To manage the provision of the contracted accommodation service, as well as additional services.
  • To manage surveys and/or evaluations regarding the quality of the services provided by us and/or the perception of its image as a company.

Data Retention

We will retain your Personal Data for the period necessary to fulfill the purposes outlined in this Privacy Notice unless a longer retention period is required or permitted by law or if the User requests their withdrawal from us, opposes or revokes their consent.

The criteria used to determine our retention periods include:

  • The length of time we have an ongoing relationship with you and provide the Services to you (for example, for as long as you have an account with us or keep using the Services or if you have a booking that has not yet been fulfilled)
  • Whether there is a legal obligation to which we are subject (for example, certain laws require us to keep records of your transactions for a certain period of time before we can delete them)
  • Whether retention is advisable considering our legal position (such as, for statutes of limitations, litigation or regulatory investigations)

Legitimate interest for processing your data

The data processing required in fulfilment of the aforementioned purposes that require the User’s consent cannot be undertaken without said consent.

Likewise, in the event that the User withdraws their consent to any of the processing, this will not affect the legality of the processing carried out previously.

To revoke such consent, the User may contact us through the appropriate channels.

By the same token, in those cases in which it is necessary to process the User’s data for the fulfilment of a legal obligation or for the execution of the existing contractual relationship between us and the User, the processing would be legitimized as it is necessary for compliance with said purposes.

Data Disclosure

We will use and disclose Personal Data as we believe to be necessary or appropriate:

  • to comply with applicable law, including laws outside your country of residence;
  • to comply with legal process;
  • to respond to requests from public and government authorities, including authorities outside your country of residence and to meet national security or law enforcement requirements;
  • to enforce our terms and conditions;
  • to protect our operations;
  • to protect the rights, privacy, safety or property of our own, you or others; and
  • to allow us to pursue available remedies or limit the damages that we may sustain.

We may use and disclose Other Data for any purpose, except where we are not allowed to under applicable law. In some instances, we may combine Other Data with Personal Data (such as combining your name with your location). If we do, we will treat the combined data as Personal Data as long as it is combined.

International transfers of personal data

We may transfer your personal information to our data processor(s) or/and sub-processor(s) based outside of the EEA for the purposes described in this notice. If we do this, your personal information will continue to be subject to one or more appropriate safeguards set out in the law. These might be the use of model contracts in a form approved by regulators, or having our suppliers sign up to an independent privacy scheme approved by regulators (like the US ‘ Privacy Shield’ scheme).

Our data is stored in the cloud using Amazon Web Services in N. Virginia, USA and in Frankfurt, Germany. If you are accessing any of our systems from outside the USA, you acknowledge that your personal information may be transferred to the USA, a jurisdiction which may have different privacy and data security protections from those of your own jurisdiction, to be processed and stored.

User's Responsibility

The User:

Guarantees that they are of legal age or legally emancipated, where applicable, fully capable, and that the information furnished to us is true, accurate, complete and up-to-date. For these purposes, the User is responsible for the truthfulness of all the data communicated and will keep the information updated, so that said data reflects their actual situation.

Guarantees that he/she has informed third parties on whose behalf he/she has provided data, where applicable, of the aspects contained in this document. Also guarantees that he/she has obtained the third party’s authorisation to provide their data to us for the purposes indicated.

Will be responsible for false or inaccurate information provided through the Website and for damages, whether direct or indirect, that this may cause to us or third parties.

Exercise of Rights

The User may contact us at any time free of charge, to:

  • To obtain confirmation about whether or not personal data concerning the User are being processed by us.
  • To access their personal details.
  • To rectify any inaccurate or incomplete data.
  • To request the deletion of their personal data when, among other reasons, the data are no longer necessary for the purposes for which they were collected.
  • To confirm revocation of consent.
  • To obtain from us the limitation of data processing when any of the conditions provided in the data protection regulations are met.
  • To request the portability of your data.

Likewise, the user is informed that at any time he/she may file a complaint regarding the protection of their personal data before the competent Data Protection Authority.

Security Measures

We will process the User’s data at all times in an absolute confidential way and maintaining the mandatory duty to secrecy with regard to said data, in accordance with the provisions set out in applicable regulations, and to this end adopting the measures of a technical and organisational nature required to guarantee the security of their data and prevent them from being altered, lost, processed or accessed illegally, depending on the state of the technology, the nature of the stored data and the risks to which they are exposed.

Privacy Policy

Scope

At APEX S.A (hereinafter referred to as “Pelion Homes” or “we”, “us”), we know how important it is to protect the privacy of our customers; we try to be as clear as possible about the way in which we collect, use, share, transfer, and store your information. This Privacy Policy summarises the practices we follow regarding your data.

 

This Privacy Policy applies to all properties operated by Pelion Homes. This Privacy Policy also applies to this website, all websites, online applications, and online and offline promotional actions by Pelion Homes as well as any Service or function provided by us that refers to this Privacy Policy or provides a link hereto (collectively referred to as our “Services”).

 

Please note that the Privacy Policy applies to your use of our Services, regardless of whether you use a computer, mobile phone, tablet, TV, or other device to access our Services. Additionally, this Privacy Policy applies to Services that are provided without the use of electronic means.

 

It is important that you carefully read this Privacy Policy because with every use of our Services you agree to the practices described herein. If you do not agree with the practices described in this Privacy Policy, please do not use our Services.

 

For what purposes we collect data:

 

We collect and use personal data to manage your relation with Pelion Homes and to offer our Services to you. Certain personal data is collected to provide you with personalised and improved services.

We collect personal data with the following purposes:

a) To manage reservations and other hospitality services

Create and store legal documents in accordance with applicable law

Collect data to meet requests relating to your stay (e.g. room preferences)

b) To manage operational aspects of your hotel stay

Monitor the use of services (e.g. room telephone, mini bar, room service, etc.)

Manage lists with customers’ personal data for operational purposes, e.g. daily customer arrival and departure lists and a list of special category customers (e.g. VIP guests, etc.)

c) To improve our hotel services to you

Tailor products and Services to better meet your requirements

Process your personal data using marketing programmes for marketing and promotional purposes

Provide you with useful information for offers or other promotional messages

Inform you about special offers and new Services

Provide customised content and suggestions based on previous activities with our Services

d) To manage our relations with you before, during, and after your stay

Manage customer databases

Evaluate and analyse the market, our customers, our products, and Services

Create statistical data and reports

Gain knowledge and manage the preferences of new and recurring customers

Send newsletters, promotion products and offers, or to contact you by telephone

Manage requests for deletion from update lists

Create and manage questionnaires and statistics

Organise lotteries, contests and offers to the extent allowed by law

e) To improve our general services

Conduct market research/analysis of questionnaires and customer comments

Manage customers’ claims and complaints

f) To improve system security

Record data to ensure security and to avoid fraud

g) To comply with the Greek and European law

 

What personal data we collect

Information provided directly by you

For example:

When ordering a paid product or service from us, we may ask certain details to process your order, such as your name, villa details, and billing data.

When participating in an online or offline contest or promotional action, we may ask you for your name, contact details, email address, age and gender, personal and occupational interests, other personal characteristics, and your opinion of our products and/or services.

We are obliged to request the following details about you and/or your family members:

Contact details (e.g. surname, given name, father’s name, passport number, ID-card details, telephone, home address, email)

Personal data (e.g. date of birth, nationality, place of birth)

Information on your children (e.g. given name, date of birth, passport number)

Billing details (e.g. credit card number, VAT number)

Date of arrival and departure, flight number, and room number

Preferences and interests (e.g. non-smoking room, preferred floor, type of bed, sports, cultural interests)

Questions and comments submitted during or after your stay in one of our Villas.

 

The data we collect on persons under the age of 16 are restricted to given name, surname, nationality, and date of birth. This data can only be provided by an adult or guardian. We thank you for your efforts to ensure that children do not send us personal data without your consent, especially through the internet. Should any information of this type be sent to us, you can communicate with the Data Privacy Officer (see section “Questions and contact”) to schedule the deletion of such information.

Moreover, information such as your passport number, recreational activities, hobbies, health issues, or whether you are a smoker or not can be described as sensitive. We retain such information only if we are obliged to do so by applicable law or if you have explicitly given us your consent (e.g. to provide you with an appropriate Service, such as a special diet).

Information on your use of our Services

Apart from the information you provide directly, we may collect information on your use of our Services through the software of your device or by other means. For example, we may collect:

Device information, such as hardware model, International Mobile Equipment Identity (IMEI), and other unique device identity data, MAC address, IP address, operating system issue, and setting of the appliance you use to access our Services.

Connection information, such as the time and duration of use of the Service, search commands entered in the Services, and information that may be stored in cookies we have placed on your device.

Location information, such as GPS signal of your appliance or information on WiFi access points that may be transmitted to us when you use our Services (e.g. WiFi).

Information from third parties

We may receive information about you from available public and commercial sources (to the extent permitted by law), which we may combine with other information that we receive directly from you or in relation to you. We may also receive information about you from third party social networking services when you choose to connect to such services.

Other information we collect

We may collect other information about you, your device, or your use of services in manners described at the point of collection or otherwise with your consent.

You may choose not to provide certain types of information, but this may influence the possibility to use certain Services.

 

When we collect personal data

We collect personal data in various cases, such as:

a) Hotel activities

Villa reservation

Check-in and payment

Reservation of seat and/or use of hotel services, such as catering and recreational services

Various requests, complaints, and/or disputes

b) Participation in marketing programmes or events

Participation in online and offline surveys (for example, customer satisfaction survey)

Participation in contests and games

Subscription to mailing lists in order to receive offers and other promotions by email

c) Transmission of information from third parties

Online booking engine operated by WebHotelier Technologies Limited

Tourist agencies, tourist offices, GDS reservation systems, online reservation systems (e.g. booking.com, expedia.com, Airbnb etc.), and other reservation systems

d) Actions through electronic devices

Connection to our WiFi network of our villas

Completion of online forms (e.g. reservation forms, pre-check-in forms, satisfaction survey forms, etc.)

 

Third party access terms to your personal data

Pelion Homes do not disclose your information with third parties for their unrelated business or marketing purposes without your consent.

However, we may disclose your information to the following entities:

Business associates. We may also share your information with trusted business partners. These entities may use your information to provide you with services you have requested, make provisions relating to your interests, and offer you promotions, advertisements, and other material. You authorize us to disclose any such information in those circumstances.

Service providers and/or any third parties that may process information on our behalf. We may also share your information with companies that provide services on our account or behalf, such as IT contractors, bulk mailers, banks, credit card institutions, law firms, mail service companies, printing services companies, etc.

Other third parties, if so required by law or in order to protect our Services. Situations may arise in which we share your information with other third parties:

To comply with the law or mandatory legal procedure (such as search warrants or other court orders)

To confirm or implement our compliance with the policies governing our Services

To protect the rights, ownership or security of Pelion Homes or any of our business partners, or customers

Other third parties in relation to corporate transactions. We may share your information with third parties within the context of a merger or transfer, or in the event of bankruptcy.

Other third parties with your consent or at your command. In addition to the disclosures described in this Privacy Policy, we may share information about you with third parties if you give your consent or if you request us to do so.

To provide you the best possible service, we allow access to your personal data or to certain categories to competent, authorised members of our personnel. This includes:

Hotel staff

Legal Services, if and when required

Medical Services, if and when required

 

Protection of personal data during international transfer

For the purposes set out in paragraph “For what purposes we collect data” hereabove, we may transfer your personal data to internal or external recipients who may be located in countries that offer different levels of protection for personal data.

Please note that data protection and other laws in the countries where your information may be transferred may not be as protective as in your country. To protect your privacy, the transfer will take place according to the legislation on the processing of personal data.

Pelion Homes applies suitable measures to safely transfer personal data to an external recipient in a country that offers a different level of privacy than the country where the personal data is collected.

 

What we do to keep your information safe

We have taken organisational and technical measures to protect the information that we collect in relation to our Services, especially regarding sensitive personal data. Our IT department implements international standards and practices to ensure the safety of networks and the encryption of data, where applicable.

However, please bear in mind that despite the reasonable measures that we take to protect your information, no website, internet transmission, computer system or wireless connection is ever completely safe.

 

Data storage

We take reasonable measures to ensure that your personal information will be stored no longer than needed for the purpose which it has been collected and no longer than required by the contract or the applicable legislation.

 

Cookies, beacons and similar technologies

We and certain third parties who provide content, advertisements, or other features for our Services may use cookies, beacons, and other technologies in certain parts of our Services.

By accessing and using our Services, you agree to the storage of cookies, other local storage technologies, beacons, and other information on your devices. You also allow us and the aforementioned third parties to access these cookies, local storage technologies, beacons, and information.

 

For analytical information see our cookies policy.

 

Access and correction of your data – the right to erasure (‘right to be forgotten’)

According to the legislation in certain jurisdictions, you may be entitled to request details on the information that we collect and to correct any inaccuracies that may be contained in such information. All other lawful user rights remain unaffected. If permitted by law, we may charge you a small fee for the provision of this possibility. We may refuse to handle requests that are repeated to an unreasonable degree, require disproportional technical effort, jeopardise the privacy protection of others, are extremely unpractical, or involve access that is not otherwise required by domestic law. If you wish to submit a request for access to your data, please contact the Data Privacy Officer (see section “Questions and contact”).

Υου have the right to obtain the erasure of your personal data from the controller.

 

Updates

This Privacy Policy may be amended from time to time; to ensure that you are aware of any changes, please check this Policy on a regular basis, especially before submitting a reservation request with one of our villas. By accessing or using our Services after we have posted an updated version of the Privacy Policy, you agree with the new practices contained in the update. The most recent version of the Privacy Policy will always be available on our website. You can check the “Latest Update” date at the bottom to find out when the Privacy Policy was last changed.

A printed version of this Privacy Policy can be found at the reception of our hotels, or you can request a copy by contacting the Data Privacy Officer (see section “Questions and contact”).

 

Questions and contact

If you have any questions regarding this policy or the protection of your personal information at Pelion Homes, please contact us at the following address:

Pelion Homes
Agios Georgios Nilias
38 500 Pelion
Greece
Telephone: +30 210 9216 779
Email: info@pelionhomes.com

For further information and/or queries regarding personal data protection and your rights under the relevant law (GDPR), you can contact the Hellenic Data Protection Authority (HDPA) at:

Kifissias 1-3
115 23 Athens
Greece
Call Centre: +30-210 6475600
Fax: +30-210 6475628
E-mail: contact@dpa.gr

 

Latest update: 04/02/2019