Pricavy Policy

Last updated: 29/03/2022

Introduction – Data Controller

Welcome to our website, BELVEDEREHOTEL.COM

This Website is owned by Belvedere Hotel, Mykonos, hereinafter referred to as “Company” or just “we” or “us”.

Phone: +30 22890 25122

Email: [email protected]

We take the protection of your personal data very seriously. For this reason, we created this policy, in order to provide you with adequate information regarding the processing of your data by our Company.

In order to be able to provide you with our services, while also complying with our legal obligations, we process information concerning the Website visitors, which may lead, directly or indirectly, to their identification. According to the respective legal framework, some of this information is “personal data”, while you, the visitors or members, are characterized as “data subjects” and we, the Company, are the “controllers” of your data.

The purpose of this policy is to explain in plain and simple words:

  • Which personal data we process;
  • What are the purposes and the legal basis for our processing;
  • Who are the recipients of your data;
  • How long do we store your data;
  • What are your rights regarding your data and how can you exercise them.

Our basic principles for processing your data

We are committed to ensure that your personal data will be processed in a fair and transparent manner, according to the legal framework, particularly the General Data Protection Regulation (GDPR). In plain terms, this means that:

  • We process your data only for specified, explicit and legitimate purposes (purpose limitation)
  • We process only data which are adequate, relevant and limited to what is necessary in relation to the purposes set (data minimisation)
  • We make every effort in order to ensure that your data are accurate (accuracy)
  • We keep your data in a form which permits your identification for no longer than is necessary for the purposes set (storage limitation).
  • We make every effort in order to ensure the security of your data (integrity and confidentiality).

In order to ensure the protection of your data, the Company takes all appropriate technical and organisational measures, trains its staff and uses technologies which ensure the security of your data (for example SSL certificate, encryption, certified hosting providers). We monitor the security measures on a regular basis and, if deemed necessary, we align them with the new best practises.

What data can we process and under which conditions

Basically, we process your data through the Website only when you provide them in an active manner to us, e.g. by filling out a contact form.

Τhis does not apply to your data that are automatically collected while visiting the Website or/and through cookies or similar technologies (check our cookies policy).

Α. Information we obtain automatically

When you visit our Website, your IP address, alongside other information, such as the date and time of your visit, the browser type and the operating system you use, is recorded by our server.

Although we cannot identify you by this information, it is considered personal data under the GDPR. Τhe processing of this data is based on our legitimate interest, given that it is technically necessary for running the Website as well as for protecting the networks, the information and the services against unforeseeable circumstances, or illegal and malicious actions that compromise the availability, authenticity and confidentiality of stored or transmitted data (e.g. control of denial of service attacks), without entailing serious risks for your rights and liberties.

Β. Information you provide to us

We process the personal data provided by you in the following cases:

1. Contact the Company via contact form/email

When you contact us via contact form/email, we process your:

• Full name
• Email address
• Phone number
• Title

Important note: Your message should include only the necessary information related to your request and not your or a third person’s personal data.

Purpose and legal basis

We process this data in order to be able to contact you in response to your message. Sending an email or submitting a form does not make you our client, however it might show intention to enter into a contract.

We process your data based on your consent (article 6 (1) (a) GDPR), which you have the right to withdraw at any time and you can also request the erasure of your data. In case you withdraw your consent, the lawfulness of the processing already carried out will not be affected. Your withdrawal prevents us from communicating with you in the future.

Important Note: The obligation to submit accurate data falls upon the person who provides the data. Find out about your right to rectification of your inaccurate data by reading the policy section regarding your rights.

2. Newsletter

In order to be able to send you our newsletter we process your:

  • Email address

Purpose and legal basis

We process this data in order to be able to send you our news and updates.

We process your data based on your consent (article 6 (1) (a) GDPR), which you have the right to withdraw at any time and you can also request the erasure of your data. In case you withdraw your consent, the lawfulness of the processing already carried out will not be affected. Your withdrawal prevents us from communicating with you in the future.

Who has access to your data

Typically, access is permitted to authorized members of the Company staff, who process your data in a strictly confidential manner, and only to the extent and in the context of the purposes which you have already been informed about.

Furthermore, in order to be able to provide our services to you, we share some of your data with other companies. These companies (called processors under the GDPR) process your data only for the purposes mentioned above and only on behalf and for the Company, with the exception of any legal obligations. During the transfer of your data, the Company takes all appropriate technical and organisational measures in order to ensure the best possible level of security.

Respect for the rules regarding the security of the processing of your data is one of the most important criteria when choosing our partners. In addition, our partners are contractually bound to provide the necessary safeguards and to take all appropriate technical and organisational measures so as the processing to be lawful and to ensure the protection of your data and rights.

These companies provide us with a variety of services, such as web hosting services, marketing services and others. If you want to find out more information about the recipients of your data, feel free to contact us at [email protected].

Where and for how long we store your data

Your data is stored in our servers, hosted in a data center located within the EU. The data is stored strictly for a period of time considered necessary for each processing purpose.

For example, if you contact us we store you data for a period of 6 months after your last message.

What rights you have as data subjects and how you exercise them

Under the current legal framework, you have a set of rights regarding the processing of your rights by the Company. In particular, you have the right:

  1. To submit a request to the Company to be informed whether we process data and, if so, what types of data (right of access).
  2. To request the rectification of the data (right to rectification).
  3. To request, under conditions, the erasure of the data (right to erasure).
  4. To request, under conditions, the restriction of the data processing (right to restriction of processing).
  5. To object, under conditions, to the processing of your data by us (right to object), mainly regarding the processing relating to marketing purposes (e.g. newsletter).
  6. To request the data that you have provided to us in a structured, commonly used and machine-readable format (right to data portability), as long as it is technically feasible.
  7. In case of a data breach, which is likely to result in a high risk to your rights and freedoms and as long as it does not fall under any of the exceptions provided in General Data Protection Regulation, the Company has the obligation to communicate the breach to you without undue delay.

Compliance with the legal framework regarding the processing of personal data and, in this context, the exercise of your rights, are our top priority. Therefore, we have the right to request additional information, which are considered necessary for your identification confirmation before exercising your rights.

In principle, the Company has the obligation to respond to your request promptly and within one month at the latest. If deemed necessary, taking into account the complexity of the request and the number of the requests, that period may be extended by two further months. In any case, we will inform you as soon as possible, and in any case within one month after the submission of your request, concerning the progress made and the reason for any possible delay in dealing with it.

In case your requests are manifestly unfounded or excessive, in particular because of their repetitive character,the Company may either charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the action requested, or refuse to act on the request.

In case you consider that we do not comply with the personal data protection laws, you have the right to lodge a complaint with the Hellenic Data Protection Authority (www.dpa.gr).

For any questions or issues concerning your rights, we should always feel free to contact us at [email protected].

Hyperlinks

Within our Website you can find hyperlinks which allow you to access third party websites. These links have the sole purpose of facilitating your surfing the Web and they do not show, in any way, our endorsement or approval to the content of these websites.

Accessing these websites through hyperlinks in our Website takes place on your sole responsibility and we encourage you to read each website’s privacy policy carefully.

Minors

The Company directs its services exclusively to individuals over 18 years of age. When a request to the Company is submitted, the user/visitor is presumed to be over 18 years of age or, if they are under 18, they are presumed to have obtained the necessary consent from the person having parental responsibility, and it is also presumed that said person’s information will be provided if requested by the Company.

Since it is not technically feasible to effectively control the age of the visitors/users of the Site, we are committed to deleting all relevant information if a submission of personal data relating to minors is reported. This deletion is without prejudice to the need to keep the data in the event of provision of grounds for, or exercise or support of our legal claims or the fulfillment of a legal obligation.

Changes in policy and updates

This policy may be changed at any time and without prior notice. Guided by the principle of transparency, we are committed to notifying you of any major changes in our policy. In any case, however, you should periodically review our policy, since the use of our services implies acceptance of its terms by you.

Cookies Policy

Like most websites, BELVEDEREHOTEL.COM uses cookies and similar technologies.

We use these technologies in order to make sure that your access is easy and effective, that we can provide certain functionalities to you, as well as gather some information about your navigation that are essential to the proper functioning of our Site.

Cookies are small text files stored on the hard drive of your computer or other electronic device .

Cookies are unique to each web browser (web browsers including, e.g. Google Chrome, Mozilla Firefox, Internet Explorer etc) and contain information relating to the websites you visit and the devices you use.

Our website has been developed with WordPress CMS, which uses cookies for effective functionality.

Cookies and the technologies which the Site uses can be divided into the following categories:

A. Essential cookies

These cookies are related to the saving of information or accessing to already stored information on your device, with the sole purpose of facilitating communication via an electronic communications network, and to an extent that is absolutely necessary to provide a social information service, that you have expressly requested.

As far as these cookies are concerned, you are not offered the option of rejecting them, since it would not otherwise be possible for the Site to offer its services.

Name Source Duration Purpose
viewed_cookie_policy belvederehotel.com 11 months This cookie is used in order to show you the message about cookies acceptance and verify whether or not you accept our cookies and cookies’ policy.
cookielawinfo-checkbox-analytics belvederehotel.com 11 months This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category “Analytics”.
cookielawinfo-checkbox-others belvederehotel.com 11 months This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category “Other.

 

B. Functionality cookies

These cookies are not essential, but they do serve to improve your experience of using the Site, by providing a series of useful functions, such as remembering your preferences (e.g. language, username), show videos or sharing content in social media.

Name Source Duration Purpose
LOGIN_INFO .youtube.com 24 months after session expires This cookie is used to play YouTube videos embedded on the Site.
VISITOR_INFO1_LIVE .youtube.com 6 months after session expires This cookie is used to allow Youtube to collect information about the use of videos.
OGP .google.com 2 months This cookie is used by Google in order to track the use and improve the functionality of Google Maps.
__cfduid belvederehotel.com 29 days Used by the content network, Cloudflare, to identify trusted web traffic.

 

Cookies for social plug-in content sharing cookies

Our Site does not use third party services in order to share content on social media from members who are already logged in these media. However, social media platforms use their own cookies, which are set up when you share content (e.g. one of our articles) on social media (e.g. Twitter), and usually record some basic information related to the user and transfer them to the server of this platform.

Cookies are usually activated only when you click on the corresponding social network symbol, thus providing your consent for the transfer of your data to the respective provider. The legal basis for using plugins is your consent and the legitimate interest of the provider.

These cookies transmit data such as your IP address to the servers of the respective provider, where they are stored. It is very likely that this data will be used by social media to create profiles about your online behavior. As you can easily understand, we have no control nor influence over the extent of the data collected or the ways in which it is processed, as these are defined by each medium.

We strongly encourage you to look for more detailed information on how these media process your data, cookie policies and data protection, as well as other sources of information provided by them, such this https://www.facebook.com/help/206635839404055

More information on third party functionality cookies

Google Web Fonts

Our Site uses Google Web Fonts services for its fonts. Google Fonts is designed to limit the collection, storage and processing of your data to the absolutely necessary for optimal font delivery.
According to its policy, Google takes the appropriate technical measures in order to ensure that your data is protected. Google does not require the visitor to be identified in order to use its fonts, and no information contained in cookies is sent to the Google Fonts service.

Requests to the Google Font Service API take place via domain names associated with that service, such as fonts.googleapis.com or fonts.gstatic.com, so that your font requests are separate and do not contain credentials send to google.com from other Google services you have been identified, such as Gmail. More information about Google Fonts and protecting your data while using it can be found here.
https://developers.google.com/fonts/faq

Google Maps

Our Site uses Google Maps (API) to provide geolocation information. When you use the Google Maps service, Google collects, processes and processes visitor data about the use of maps.

However, if you are visiting a map via Google Maps while you are logged in to a Google Account, your browsing habits can be personalized. To avoid this, you’ll first need to sign out of your Google Account.
More information about Google Maps and protecting your data while using it can be found here.
https://cloud.google.com/maps-platform/terms/

Youtube

We embed videos from YouTube on our Site, using Google’s enhanced data protection feature. This means that Google will only store your data if you click play on the video. The data that Google receives when viewing a video contains:
– IP address
– The specific address of our page from which you gained access
– Information about your browser
– Date and time of access
– Cookies that already exist and through which your browser can be clearly identified.

We would like to point out that Google may receive additional data through cookies that have already been stored. We have no influence on the way and extent to which this data is used by Google, which is solely responsible for this processing. Learn more https://support.google.com/youtube/answer/171780?hl=en-GB

Vimeo

We embed videos from Vimeo on our Site, using Vimeo’ s enhanced data protection feature.

Name Source Duration Purpose
vuid Vimeo 2 years Collects data on the user’s visits to the web site, such as which pages have been read.

 

C. Performance cookies

These cookies collect information about the way you use the Site, such as, for example, the pages you visit most often, the page from which your visit originated and other information. These cookies collect aggregate, anonymous statistical data which cannot be used to identify visitors individually. They are used for the sole purpose of analysing traffic and improving the Site performance.

Name Source Duration Purpose
_ga Google 2 years This cookie is used to differentiate users.
_gid Google 24 hours This cookie is used to differentiate users.
_gat Google 1 minute This cookie is used to control requests to the server. In case Google Analytics is installed via Google Tag Manager, this cookie will be renamed to _dc_gtm_.

For more information see: Google privacy policy

https://policies.google.com/?hl=el&gl=el

_dc_gtm_UA-# Google 1 day Used by Google Tag Manager to control the loading of a Google Analytics script tag .
collect Google Session Used to send data to Google Analytics about the visitor’s device and behavior. Tracks the visitor across devices and marketing channels.
_clck Microsoft Clarity 1 year Used to store a unique user ID.
_clsk Microsoft Clarity 1 day Used to store and combine pageviews by a user into a single session recording.
_uetsid 1 day Bing Ads sets this cookie to engage with a user that has previously visited the website.
_uetvid 1 year 24 days Bing Ads sets this cookie to engage with a user that has previously visited the website.

 

Information about Google Analytics service (with anonymization)

The Site uses the Google Analytics service for the purpose of recording the number of visitors to the site. Google Analytics, which relies on the use of cookies, is the most popular service for the collection and analysis of data regarding the behaviour of visitors to websites on the internet.

The purpose of using the Google Analytics service is for the processing of anonymous information with the purpose of improving the Site, such as for example, determining which page we need to improve and in what way, in order to make it more user-friendly, and also to carry out cost/ benefit analysis for the purposes of promotion and advertising. We store this information indefinitelly.

In the context of the Google Analytics service, the Site utilises the “Anonymise IP” option which is offered by Google as part of the Analytics service. With this specific application, access to your IP address is restricted to Google and it is anonymised while you are accessing our Site.

The cookies used to save certain information such as the time at which you accessed the site, the type of browser you are using, the location from which you accessed the site as well as the frequency of your visits to the site. With each visit to the site, the anonymised data are transmitted to Google’s server. More information on Google’s personal data processing policy can be found here and you can also find out about the use of cookies in the context of the Google Analytics service here.

You have the option to completely block collection of your data by Google Analytics, by installing an add-on to your preferred browser (plug-in): https://tools.google.com/dlpage/gaoptout

D. Cookies and similar targeting / advertising technologies

Facebook Custom Audience Pixel

This Site uses Facebook pixel, a Facebook Inc. service. (1601 S. California Ave, Palo Alto, CA 94304, USA). It’s basically a small piece of Javascript code that we’ve integrated into the Site.

This piece of code provides various functions for sending specific data to Facebook about a visitor’s actions. We use this service to record information about how visitors use your website.

This pixel records and provides Facebook with information about the user’s browser settings, a fragmented (hashed) version of the Facebook ID and the URL you are visiting.

In this way, every Facebook user gets a distinct Facebook ID regardless of the device used, through which it is possible to target our visitors again for advertising purposes through Facebook ads.

This information is kept for a maximum period of 180 days. After this period the information is deleted until the visitor visits our website again. The Site does not have the ability to identify users, as we do not receive such data from Facebook, only anonymous statistical information.

We are not able to know what information is provided about users through cookies and other technologies used by Facebook itself. Find out more about Facebook’s data protection policies at https://www.facebook.com/privacy/explanation, your preferences over https://www.facebook.com/ads/preferences/?entry_product = ad_settings_screen and how Facebook pixel technology works https://developers.facebook.com/docs/facebook-pixel/pixel-with-ads/website-custom-audiences

Name Source Duration Purpose
_fbp Facebook 3 months This cookie is set by Facebook to display advertisements when either on Facebook or on a digital platform powered by Facebook advertising, after visiting the website.

DoubleClick

We use DoubleClick, a service provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, “Google”). DoubleClick uses cookies to display ads tailored to users’ preferences. Cookies are used to recognize which ads have already been displayed in your browser and if you have accessed a site through an ad. According to Google, during this process, cookies do not record personal information and cannot be linked to such.

If you wish, you can generally prevent the storage of cookies that are necessary for this process through the settings of your browser. You can also select the types of Google ads that appear to you and turn off ads that appear based on your interests through the ad settings.

Alternatively, you can disable the use of cookies by third parties through the relevant service of Network Advertising Initiative. In this case, however, we and Google will continue to receive statistical information on the number of users who have visited the Website and when. If you do not want to be included in these statistics, you can use a suitable plug-in in your browser (for example the Ghostery plugin).

Name Source Duration Purpose
__gcl_au belvederehotel.com 3 months Used by Google AdSense for experimenting with advertisement efficiency across websites using their services.
ads/ga-audiences Google Session Used by Google AdWords to re-engage visitors that are likely to con vert to customers based on the visitor’s online behaviour across websites.
MUID Bing 1 year Used widely by Microsoft as a unique user ID. The cookie enables user tracking by synchronising the ID across many Microsoft domains.

 

E. Log Files

Because of the nature and way in which the internet works, when you visit our website, our server immediately records your IP address in special log files, which constitute personal data, even if we are not able to identify you based on that information alone.

In addition, our logs also help us to record the type of browser, the operating system you are using, and other information about your online visit, such as the URL address from which you reached our page, and the date and time of your visit.

These data are stored only for the amount of time necessary to protect network security, information and services from accidental events or illegal or malicious acts that compromise the availability, authenticity, integrity and confidentiality of stored or transmitted personal data (e.g. checking for ‘Denial of Service (DoS)’ attacks).

F. How can you control cookies in your browser?

You are able to set your web browser setting in order to accept or refuse certain or all cookies. Each browser differs in the way it manages cookie settings, so in order to manage and deactivate cookies, follow the instructions for each browser:

Internet Explorer
Mozilla Firefox
Google Chrome
Safari
Opera