Where blue meets white

Privacy Policy

Introduction – Data Controller

This Website is owned by Agnandi Cielo, Mykonos, hereinafter referred to as “Company” or just “we” or “us”.

Phone: +30 22890 28346

Email: info@agnandicielo.gr

We take the protection of your personal data very seriously. For this reason, we created this policy, in order to provide you with adequate information regarding the processing of your data by our Company.

In order to be able to provide you with our services, while also complying with our legal obligations, we process information concerning the Website visitors, which may lead, directly or indirectly, to their identification. According to the respective legal framework, some of this information is “personal data”, while you, the visitors or members, are characterized as “data subjects” and we, the Company, are the “controllers” of your data.

The purpose of this policy is to explain in plain and simple words:

  • Which personal data we process;
  • What are the purposes and the legal basis for our processing;
  • Who are the recipients of your data;
  • How long do we store your data;
  • What are your rights regarding your data and how can you exercise them.

Our basic principles for processing your data

We are committed to ensure that your personal data will be processed in a fair and transparent manner, according to the legal framework, particularly the General Data Protection Regulation (GDPR). In plain terms, this means that:

  • We process your data only for specified, explicit and legitimate purposes (purpose limitation)
  • We process only data which are adequate, relevant and limited to what is necessary in relation to the purposes set (data minimisation)
  • We make every effort in order to ensure that your data are accurate (accuracy)
  • We keep your data in a form which permits your identification for no longer than is necessary for the purposes set (storage limitation).
  • We make every effort in order to ensure the security of your data (integrity and confidentiality).

In order to ensure the protection of your data, the Company takes all appropriate technical and organisational measures, trains its staff and uses technologies which ensure the security of your data (for example SSL certificate, encryption, certified hosting providers). We monitor the security measures on a regular basis and, if deemed necessary, we align them with the new best practices.

What data can we process and under which conditions

Basically, we process your data through the Website only when you provide them in an active manner to us, e.g. by filling out a contact form.

Τhis does not apply to your data that are automatically collected while visiting the Website or/and through cookies or similar technologies (check our cookies policy).

Α. Information we obtain automatically

When you visit our Website, your IP address, alongside other information, such as the date and time of your visit, the browser type and the operating system you use, is recorded by our server.

Although we cannot identify you by this information, it is considered personal data under the GDPR. Τhe processing of this data is based on our legitimate interest, given that it is technically necessary for running the Website as well as for protecting the networks, the information and the services against unforeseeable circumstances, or illegal and malicious actions that compromise the availability, authenticity and confidentiality of stored or transmitted data (e.g. control of denial of service attacks), without entailing serious risks for your rights and liberties.

Β. Information you provide to us

We process the personal data provided by you in the following cases:

1. Contact the Company via contact form/email

When you contact us via contact form/email, we process your:

• Full name

• Email address

• Phone number

• Title

Important note: Your message should include only the necessary information related to your request and not your or a third person’s personal data.

Purpose and legal basis

We process this data in order to be able to contact you in response to your message. Sending an email or submitting a form does not make you our client, however it might show intention to enter into a contract.

We process your data based on your consent (article 6 (1) (a) GDPR), which you have the right to withdraw at any time and you can also request the erasure of your data. In case you withdraw your consent, the lawfulness of the processing already carried out will not be affected. Your withdrawal prevents us from communicating with you in the future.

Important Note: The obligation to submit accurate data falls upon the person who provides the data. Find out about your right to rectification of your inaccurate data by reading the policy section regarding your rights.

2. Newsletter

In order to be able to send you our newsletter we process your:

  • Email address

Purpose and legal basis

We process this data in order to be able to send you our news and updates.

We process your data based on your consent (article 6 (1) (a) GDPR), which you have the right to withdraw at any time and you can also request the erasure of your data. In case you withdraw your consent, the lawfulness of the processing already carried out will not be affected. Your withdrawal prevents us from communicating with you in the future.

Who has access to your data

Typically, access is permitted to authorized members of the Company staff, who process your data in a strictly confidential manner, and only to the extent and in the context of the purposes which you have already been informed about.

Furthermore, in order to be able to provide our services to you, we share some of your data with other companies. These companies (called processors under the GDPR) process your data only for the purposes mentioned above and only on behalf and for the Company, with the exception of any legal obligations. During the transfer of your data, the Company takes all appropriate technical and organisational measures in order to ensure the best possible level of security.

Respect for the rules regarding the security of the processing of your data is one of the most important criteria when choosing our partners. In addition, our partners are contractually bound to provide the necessary safeguards and to take all appropriate technical and organisational measures so as the processing to be lawful and to ensure the protection of your data and rights.

These companies provide us with a variety of services, such as web hosting services, marketing services and others. If you want to find out more information about the recipients of your data, feel free to contact us at info@agnandicielo.gr.

Where and for how long we store your data

Your data is stored in our servers, hosted in a data center located within the EU. The data is stored strictly for a period of time considered necessary for each processing purpose.

For example, if you contact us we store you data for a period of 6 months after your last message.

What rights you have as data subjects and how you exercise them

Under the current legal framework, you have a set of rights regarding the processing of your rights by the Company. In particular, you have the right:

  1. To submit a request to the Company to be informed whether we process data and, if so, what types of data (right of access).
  2. To request the rectification of the data (right to rectification).
  3. To request, under conditions, the erasure of the data (right to erasure).
  4. To request, under conditions, the restriction of the data processing (right to restriction of processing).
  5. To object, under conditions, to the processing of your data by us (right to object), mainly regarding the processing relating to marketing purposes (e.g. newsletter).
  6. To request the data that you have provided to us in a structured, commonly used and machine-readable format (right to data portability), as long as it is technically feasible.
  7. In case of a data breach, which is likely to result in a high risk to your rights and freedoms and as long as it does not fall under any of the exceptions provided in General Data Protection Regulation, the Company has the obligation to communicate the breach to you without undue delay.

Compliance with the legal framework regarding the processing of personal data and, in this context, the exercise of your rights, are our top priority. Therefore, we have the right to request additional information, which are considered necessary for your identification confirmation before exercising your rights.

In principle, the Company has the obligation to respond to your request promptly and within one month at the latest. If deemed necessary, taking into account the complexity of the request and the number of the requests, that period may be extended by two further months. In any case, we will inform you as soon as possible, and in any case within one month after the submission of your request, concerning the progress made and the reason for any possible delay in dealing with it.

In case your requests are manifestly unfounded or excessive, in particular because of their repetitive character,the Company may either charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the action requested, or refuse to act on the request.

In case you consider that we do not comply with the personal data protection laws, you have the right to lodge a complaint with the Hellenic Data Protection Authority (www.dpa.gr).

For any questions or issues concerning your rights, we should always feel free to contact us at contact@belvederehotel.com.

Hyperlinks

Within our Website you can find hyperlinks which allow you to access third party websites. These links have the sole purpose of facilitating your surfing the Web and they do not show, in any way, our endorsement or approval to the content of these websites.

Accessing these websites through hyperlinks in our Website takes place on your sole responsibility and we encourage you to read each website’s privacy policy carefully.

Minors

The Company directs its services exclusively to individuals over 18 years of age. When a request to the Company is submitted, the user/visitor is presumed to be over 18 years of age or, if they are under 18, they are presumed to have obtained the necessary consent from the person having parental responsibility, and it is also presumed that said person’s information will be provided if requested by the Company.

Since it is not technically feasible to effectively control the age of the visitors/users of the Site, we are committed to deleting all relevant information if a submission of personal data relating to minors is reported. This deletion is without prejudice to the need to keep the data in the event of provision of grounds for, or exercise or support of our legal claims or the fulfillment of a legal obligation.

Changes in policy and updates

This policy may be changed at any time and without prior notice. Guided by the principle of transparency, we are committed to notifying you of any major changes in our policy. In any case, however, you should periodically review our policy, since the use of our services implies acceptance of its terms by you.