For Nanagoldenbeach Hotel (hereinafter referred to as Hotel), the respect for and the protection of your personal data is a commitment. We understand and take seriously into consideration the fact that you are aware of and interested in your personal data.

This Personal Data Protection Statement describes the personal data the Hotel collects about you, how we use and protect your personal data, the options you have about the way we use this data.

We acknowledge that the protection of personal data is an ongoing responsibility and therefore we will update and amend this Statement from time to time. Please visit our web site www.nanagoldenbeach.gr   in order to make sure that you are aware of and satisfied with any changes.

1. Who we are

NANA PRINCESS is an attractive hotel as well as a bungalows complex situated  in a superb location in Crete, ideal for those who seek the ultimate pleasures of an all-inclusive resort and the tranquility of an unforgettable walk through the endless gardens where the word " Garden "finds its true meaning

2. Which personal data we collect about you

2.1 Data for the rendering of services: We collect personal data whenever we come in contact or interact with you. Also, in the course of our professional activity, we may collect the following personal data:

• Customer Details e.g. first and last name, father's name, ID number, contact phone

number, home address, billing data e.g. VAT No. credit/debit card number

• Personal Data (eg Date of Birth, Nationality, Place of Birth),
• Date of arrival/departure and room number,
• Preferences and interests eg, preferred floor, non-smoking room, bed type, cultural interests,
• Medical data related to your health, e.g. allergies, pathological disease data, etc.
• Data that may be considered sensitive such as your cultural interests, any health problems, smoking habits. For this reason, we retain such data only if we are required by applicable law or if you explicitly give us your consent in the context of rendering our services, e.g. on specific diet.
• Device data (e.g., unique device IDs, IP address, device settings to access our Services, etc.)
• Other data regarding the use of our services by you (eg interaction with content offered through a Service)
• Through the browser cookies you use when browsing our site, in order to respond, promote, and accurately route your request. In this case, we may collect data about the type of browser you use for the purpose of managing our system and to compile aggregate information about visitors to our Website, of pure statistical character that does not identify any physical  person .

Data about people under the age of 18 is limited to name, nationality and date of birth and is provided only by a person with parental supervision.

2.2 Fellow Travelers’ Data: When making a reservation for someone else through your reservation, we will ask for personal data and travel preferences for this person. You should obtain the other person's consent before providing us with his/her personal data and travel preferences, as access to view data or any changes to his or her data will only be available through your account.

2.3 Surveys: We may be asking for demographic data or other personal data for the customer surveys we conduct

2.4 During your stay at our premises: We collect additional personal data when registering/entering to our facilities, including data that may be required by the national law. We may also use closed circuit television and other security measures on our premises that can capture or record customer and visitor images as well as items related to your location while on our premises (via key cards and other technologies).

We may also use closed circuit television and other technologies that record sound or record video for the protection of our staff, of our customers and of the visitors to our facilities, to the extent permitted by law.

Additionally, we may collect personal data related to services rendered at our facilities, such as reception services, gyms, spa, various activities, childcare services and equipment rental.

2.5 Events:  If you are planning an event with us, we collect meeting and event requirements, date of the event, number of guests, details for the guest rooms and for the corporate events, details about your company (company name, annual budget and number of events per year).

We also collect data for customers who are members of your group or participate in the event.

If you visit us as a member of a group, we may have your  personal data that we collected from the group and, as a result of your stay with a group or your presence at an event, we may promote to you our services  according to your preferences, if the law so permits.

If you visit us at an event, we may share your personal data with the event organizers, if the law so permits.

If you are an event organizer, we may share information about your event with third-party service providers who can promote their services to you, provided the law so permits.

2.6 Social Media:  If you opt for participating in social networking activities or offers, we may collect some data from your social networking account, such as location, check-ins, activities, interests, photos, status updates, and the list of your friends.

You may also be allowed to take part in contests to provide photos, such as of your stay with us, which you can share with your social media contacts for polls, notifications, or other ads.

2.7 Employment Applications:   If you decide to apply electronically for employment to our Hotel, please read the Applicant's Private Data Policy.

2.8 Personal data  we collect from third parties. It is also possible to collect data about  you from third parties, including data from our partners in airlines and card payments and from other partners, including social networking according to your settings in these services, as well as from other third party sources who have the legal right to share your data with us.

We use and share this data (and we may attach these items to the other items we maintain about you in our records) for the purposes described in this Statement.

3. How we use (process) your personal data

3.1 Service Management: We use your personal data for room reservation and other associated services such as keeping required documents in accordance with the applicable legislation, requests related to accommodation, room access, use of mini bar, room telephone, etc.)

3.2 Event Scheduling: We may use your personal data to inform you about the scheduled events.

3.3 Promotional Activities: To the extent permitted, we may use your personal data to send you or offer you data letters, advertisements and suggested special offers, as well as other promotional messages according to your communication preferences. We use your data to provide messages during your stay, account alerts and booking confirmations, to conduct searches, lotteries, draws and other contests. We may provide these updates via the Internet, mail, online advertising, social media, telephone, text messaging (including SMS and MMS).

3.4 Improving the quality of service: We may use your personal data to improve the quality of the Hotel's services and to ensure that our products and services are of interest to you.

We also use your personal data to provide you with the expected level of hospitality in your rooms and in all facilities of ours.

This may include your ability to control your room equipment through our site.

3.5 Personalization of the Service: We may use your personal data to make your experiences with us more personal and more social aiming at offering you diversified services

4. What is the Legal Basis for the Processing

Depending on the purpose for which data is used, the legal basis for processing your data may be:

4.1 Your consent,

4.2 Our legitimate interest, and in particular:

• for legal reasons, when processing is required by the applicable law,
• to carry out a contract (to provide the services you have requested from us),
• to improve our services: with the view to upgrading the quality of our services and better understanding your needs and expectations, we are able to provide you with even better services,
• to prevent fraud: ensure that each payment is completed without any fraud or appropriation,
• for the security of our systems: to protect computer and communication systems and to ensure that they work properly and are continually getting improved.

5. Whom we share your personal data with

In order to provide the expected level of hospitality and the best service level, with your consent we may share your personal data with the  following business partners of ours :

• Travel agents, tourist agencies, GDS booking systems, Online booking systems - (such as booking.com, expedia.com and others) and other reservation systems

6. How we protect your data

When you give us your personal data, we take steps to ensure that they are securely kept. In order to protect your personal data, we take physical, technical and organizational protection measures. We update and control the security technology we use on a sustained basis. We allow access to your personal data only to those employees who need to know this data in order to provide benefits or services to you. In addition, we educate employees about the importance of confidentiality and of maintaining the privacy and security of your personal data. Among other things, we have implemented the following technical and organizational measures and procedures in order to protect your personal data from any loss, distortion, tampering or alteration:

• encryption
• detecting and managing security breaches ·
• use of servers located in rooms with restricted access and subject to regular checks ·
• use of information systems and programs for computers that are installed in a way that minimizes the use of personal data and/or user authentication data ·
• adoption of individual procedures for the retention of personal data and their secure deletion/destruction ·
• access to systems and databases on a need-to-know principle

We also ask from our partners and service providers with whom we share personal data to make reasonable efforts in order to maintain the confidentiality of your personal data. In the electronic transactions, we use reasonable technological measures to protect the personal data you send to us through our website. However, no security system or Internet data transmission system guarantees full security.

To protect your personal data, we recommend that you do not send us payment card numbers or other sensitive personal data by email.

We will never ask for confidential personal data or card details via a portable device or SMS or email. We will only ask for your card details by phone when you book or negotiate  a promotional package by phone. If you receive a request of this kind, do not reply. Please also inform us at [email protected]

7. What your rights are

7.1 Right of access : You have the right to be aware of and to verify the legitimacy of the processing. So, you have the right to access the data and get additional data about the way we process it.

7.2 Right of Correction: You have the right to review, correct, update or modify your personal data by contacting the Data Protection Officer (DPO), with the contact details listed below

7.3 Right of Deletion : You have the right to request a deletion of your personal data when we process it on your consent or in order to protect our legitimate interests.

In all other cases (such as,  where there is a contract, obligation to process personal data required by law, public interest), this right is subject to specific restrictions or does not exist as the case may be.

7.4 Right to limit processing: You have the right to request a limitation to the processing of your personal data in the following cases:

(a) when the accuracy of personal data is questioned and until it is verified,

(b) when you oppose the deletion of personal data and request instead of deleting it the limitation of its use,

(c) when personal data is not needed for processing purposes, yet  it is necessary for the establishment, exercise, support of legal claims, and

(d) when you object to the processing and until it is verified that there are legitimate reasons that concern us and  prevail over  the reasons for which  you are opposed to the processing.

7.5 Right to object to processing: At any time you have the right to object to the processing of your personal data for the cases where, as described above, it is necessary for the purposes of legitimate interests we seek as processors, as well as for the processing for direct marketing purposes and consumer profiling.

7.6 Right to Data Portability: You have the right to receive your personal data free of charge in a format that allows you to access it, use it, and process it with commonly-used processing methods. You also have the right to ask from us, if technically feasible, to transfer the data directly to another processor. Your right to do so exists for the data you have provided to us and the processing is carried out by automated means based on your consent or on the execution of pertinent contract.

7.7 Right to file complaint to the DPA . You have the right to file a complaint with the Personal Data Protection Authority (www.dpa.gr): Telephone Center: +30 210 6475600, Fax: +30 210 6475628, E-mail: [email protected]

8. Transmission of personal data outside the EU

The personal data we collect from you is not transmitted or processed outside of the European Union.

9. How long we keep your personal data

• We retain your personal data for as long as it is required to fulfill the purposes of this Statement, unless the applicable laws require or allow for a longer period of time.
• We retain personal data collected to satisfy customer reservations for seven years after the end of the stay. We retain other personal data for shorter intervals if this is possible and permitted by law.
• When processing is required as an obligation under provisions of the applicable legal framework, your personal data will be stored for as long as required by the relevant provisions
• When processing is done on the basis of a contract, your personal data will be stored for as long as necessary to execute the contract and for the establishment, exercise, and/or support of legal claims under the contract.
• For marketing purposes, your personal data is retained for up to five (5) years. In any case, you can revoke your consent. Withdrawal of consent does not affect the legality of consent-based processing performed in the period before its revocation. To revoke your consent, please contact the Hotel Data Protection Officer (DPO)
• We will destroy your personal data as soon as possible and in a way that will not allow the data to be restored or reconstructed.

If printed on paper, personal data will be destroyed in a secure manner, for example by using a document destroyer or by incinerating the printed documents or otherwise and, if stored in electronic form, the personal data will be destroyed by technical means in order to ensure that data cannot be restored or rebuilt at a later time.

10. How to contact us

If you have any questions about this Statement, about the way the Hotel processes your personal data,  in order to exercise your rights, please contact the Data Protection Officer at [email protected].

11. Publication Information - Changes and Updates

This Statement was last updated on 28/5/2018.

We reserve the right to modify and update this Statement at any time, for any reason, without notice to you, other than posting the updated Statement on our website. We may periodically send emails to remind you of the changes and updates of this Statement but you should check our website frequently to get updated on the current Personal Data Protection Statement.