Privacy Policy

The Greek company «MAESTRO LUXURY SUITES Private Capital Company », is committed to protecting the privacy of the individuals that visit our website www.sophiasuites-santorini.com . The security of their personal information and data is our priority. We will be clear and transparent about the information we are collecting and what we will do with that information.
This Policy sets out the following:
• What personal data we collect and process about you in connection with your relationship with us as a visitor of our website;
• Where we obtain the data from;
• What we do with that data;
• How we store the data;
• Who we transfer/disclose that data to;
• Your data protection rights;
• Our compliance with the data protection rules.
All personal data is collected and processed in accordance with Greek and EU data protection laws.

Types of personal data we collect

Personal data means any information relating to you which allows us to identify you, such as your name, contact details, and information about your access to our website.
We may collect personal data from you when you contact us, through the form provided in our website, use our website, or when you sign up for our newsletter.

Specifically, we may collect the following categories of information:

1. E-mail address, when you sign up in our newsletter.
2. Name, e-mail address and information that you include in your CV when you decide to send one to us.
3. Information about your use of our website.
4. The communications you exchange with us or direct to us via letters, emails, calls, and social media.
5. Location, including real-time geographic location of your computer or device through GPS, Bluetooth, and your IP Address, along with crowd-sourced Wi-Fi hotspot and cell tower locations, if you use location-based features and turn on the Location Services settings on your device and computer.

Purposes of using your personal data- period of storage

Your data may be used for the following purposes:

1. Marketing: periodically we will contact you with information regarding our services via e-mail. You will have the choice to opt in or opt outof receiving such communications by indicating your choice when you fill in a contact form. You will also be given the opportunity on every e-mail that we send you to indicate that you no longer wish to receive our direct marketing material.
2. Career: If you send us your CV, we will evaluate if you could be the person we wish to work with and we will keep your name and contact information in order to communicate with you, if that is necessary. The personal data you submit on this form will be stored safely on our servers in the EU for three years and will be deleted thereafter. At any point, you can request we delete your personal data or ask information about it by sending us an email to gdqrenquiries@socialab.gr.

We will only process your personal data where we have a legal basis to do so. The legal basis will depend on the reasons we have collected and need to use your personal data for.

In most cases we will need to process your personal data so we can hire you in our company or communicate with you for marketing purposes.

We may also process your personal data for one or more of the following:

• To comply with a legal obligation (e.g. tax and accounting purposes);
• You have consented to us using your personal data (e.g. for marketing related uses, or submission of a C.V.);

Additionally please note that only children aged 16 or over can provide their own consent. For children under this age, consent of the children’s’ parents or legal guardians is required.

We will not retain your data for longer than is necessary to fulfill the purpose it is being processed for. To determine the appropriate retention period, we consider the amount, nature and sensitivity of the personal data, the purposes for which we process it and whether we can achieve those purposes through other means.

We must also consider periods for which we might need to retain personal data in order to meet our legal obligations (e.g. in relation to tax and audit reasons) or to deal with complaints, queries and to protect our legal rights in the event of a claim being made.

When we no longer need your personal data, we will securely delete or destroy it. We will also consider if and how we can minimize over time the personal data that we use, and if we can anonymise your personal data so that it can no longer be associated with you or identify you. In this case we may use that information without further notice to you.

Securing your personal data

We follow strict security procedures in the storage and disclosure of your personal data, and to protect it against accidental loss, destruction or damage.
To achieve that, we take end-to-end SSL encrypted communications, server and application firewall, application execution isolation and many more measures.

Sharing your personal data

Your personal data may be shared with the following third parties for the purposes described in this Privacy Policy:
1. Trusted service providers we are using to run our business such as cloud service and e-mail marketing service providers assisting our marketing team;
2. Legal and other professional advisors, law courts, if required in case of a potential dispute, or any state or judicial authority in case of an ongoing investigation;
3. Social media:You may be able to access third party social media services through our website or before visiting our website. When you are registered with your social media account, we will obtain the personal information you choose to share with us through these social media services pursuant to their privacy settings in order to improve and personalize your use of our website. We may also use social media plugins on our website. As a result your information will be shared with your social media provider and possibly presented on your social media profile to be shared with others in your network. Please refer to the privacy policy of these third-party social media providers to find out more about these practices.

Your data protection rights

As provided by the existing legal framework, you have the right to:

Request information about whether we hold personal information about you, and, if so, what that information is and why we are holding/using it.
Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
Request rectification of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no sufficient or legal reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes. You can object to our processing of your data for direct marketing purposes by unsubscribing from our mailing list.
Object to automated decision-making including profiling, that is not to be subject of any automated decision-making by us using your personal information or profiling of you.
Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
Request transfer of your personal information in an electronic and structured form to you or to another party (commonly known as a right to “data portability”). This enables you to take your data from us in an electronically useable format and to be able to transfer your data to another party in an electronically useable format.
Withdraw consent.  Where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.

If you want to exercise any of these rights are have any further questions about this policy or how we handle your personal information, or for requests for data access, erasure, etc. please get in touch with us by writing to info@sophiasuites-santorini.com .
Requests to unsubscribe from our mailing list can be made by clicking on the “unsubscribe” link in any of our marketing emails addressed to you.
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

You also may have the right to make a complaint if you feel your personal information has been mishandled. We encourage you to come to us in the first instance but, to the extent that this right applies to you, you are entitled to complain directly to the relevant supervisory authority (Hellenic Data Protection Authority, http://www.dpa.gr/)

Our Privacy Policy may change from time to time and any changes to the statement will be communicated to you by way of an e-mail or a notice on our website.