Your consent to this Privacy Policy confirms that you agree to the collection and use of Personal Information as described in this Policy. You have the right to withdraw your consent at any time by contacting us using the following email address it@nammoshotels.com. In the event that you withdraw your consent, please note that that this will not affect any processing that was based on consent before its withdrawal.
Nammos Hotels (“Nammos”), at all times, recognizes and respects your right to privacy, and is committed to protecting your Personal Information. Therefore, we have developed this Privacy Policy as a framework for the treatment of all of your Personal Information (the “Privacy Policy”). Personal Information is any information relating to an identified or identifiable living person.
This privacy policy applies to processing activities in relation to individuals in the European Economic Area (“EEA”) which fall under the scope of the EU General Data Protection Regulation (“EU GDPR”), and national laws of the hotel as may be applicable.
This Privacy Policy describes the ways in which we collect, store, use and protect your Personal Information and informs you about your privacy rights and applies to the Personal Information that you provide us directly, or which we may obtain from other sources.
Nammos will, at all times, ensure that it complies with the applicable data protection laws and this framework when processing your Personal Information
Nammos is the Data Controller of your Personal Information. This means that Nammos will decide how and why your Personal Information is processed. When you are using our facilities and services, the Data Controller will be the entity which manages the relevant facility or service.
The Data Processor is either Nammos or its agents that processes the data, including its collection, storage, classification, alteration, erasure, etc.
3.1 Contact details: Includes, but is not limited to last name, first name, telephone number, email, prefix, notes, language preferences, address including street, zip code and city. Please note that upon request any such information collected and retained by our third party central data management platform can be removed immediately.
3.2 Identification data: Includes but is not limited to name, title, company and individual physical description.
3.3 Personal information: Includes but is not limited to date of birth, age, gender, nationality, passport, marital status, signature, country of residence, photograph, family, voice recording, religion, languages spoken, place of birth, emergency contact details, insurance details and driver’s license number, address, dietary requirements, stay preference, language preference, stay data and history.
3.4 Information relating to your children: Name, age, date of birth. Please note that information collected in relation to persons under 16 years of age is limited to their name, nationality and date of birth, which can only be supplied to us by an adult.
3.5 Credit card number: To complete a transaction and for reservation requirements.
3.6 Personal preferences and interests: Such as whether you require a smoking or non-smoking room, your preferred floor, preferred type of bedding, preferred type of newspapers/magazines, preferred sports, cultural interests, preferred food and beverages preferences, etc.
3.7 Reservation information: Your arrival and departure dates.
3.8 Information relating to your children/guests/dependants:Including, but not limited to first name, date of birth, age.
3.9 Technical and location data: Includes but is not limited to cookies, user activity logs, IP address, social media profile and website visitor interaction data, including any other data generated as a result of visiting our website or making use of our application.
3.10 Health and wellbeing data: Includes but is not limited to health, allergies, dietary requirements, medical information forms and notes and disability records.
3.11 Travel/stay information: Includes but is not limited to travel history, loyalty scheme information, preferences, stay information, feedback / analysis (e.g., surveys), product purchase information, reservation history, VIP status, visa information and tenancy contract and occupancy information.
3.12 Finance data: Includes but is not limited to card details (to enable the transaction and reservation purposes) and bank details.
3.13 Your questions/comments: Your questions/comments, during or following a stay in any of our establishments.
Below is a table which sets out the purpose for collecting your personal information and the legal basis for which it is required.
Purpose for information | Legal reason for requiring the information |
|---|---|
Fulfilling client obligations | Complying with a contract and fulfilling legal obligations. For legitimate interest to run the business and provide customers with requested products and services. Retention Period :For the duration of your stay. |
Managing reservations, creating and storing legal documentation | Complying with a contract and fulfilling legal obligations. For legitimate interest to run the business and provide customers with requested products and services. Retention Period :For the duration of your stay. |
During your stay at the hotel:
| Performance of contractual obligations. For legitimate interest to run the business and provide customers with requested products and services. Retention Period :For the duration of your stay. |
To provide customer service, before, during and after your stay:
| Performance of contractual obligations. Management of memberships in any loyalty/rewards program. For legitimate interest to improve services. To obtain customers consent for direct marketing purposes. 3 years from the last date on which you have interacted with us in any way, if you are not a member of our rewards program. 6 years from the last date on which you have interacted with us in any way, if you are a member of our loyalty program. |
Improving service: check-in, improving the quality of service and customer experience
| Fulfilling contractual obligations and managing membership in any loyalty/rewards programs. For our legitimate interests in promoting our services, performing direct marketing activities and improving our services. Retention Period : 3 years from the last date on which you have interacted with us in any way, if you are not a member of our rewards program. 6 years from the last date on which you have interacted with us in any way, if you are a member of our loyalty program. |
Providing customer details to third parties to process, analyse and combine data at the time of booking or at the time of your stay, to profile customers and send personalized offers. | For our legitimate interests to market, promote and improve our services. Retention Period : 3 years from the last date on which you have interacted with us in any way, if you are not a member of our rewards program. 6 years from the last date on which you have interacted with us in any way, if you are a member of our loyalty program. |
Service improving by:
| Fulfilling our contractual obligations and managing membership/rewards programs. For our legitimate interests to promote, market and improve our services. Retention Period : 3 years from the last date on which you have interacted with us in any way, if you are not a member of our rewards program. 6 years from the last date on which you have interacted with us in any way, if you are a member of our loyalty program. |
Securing the use of our website, applications and services by:
| Retention Period : 13 months from the date of collection of the information. |
Keeping records of customers misbehavior during their stay at the hotel (aggressive and anti-social behaviour, non-compliance with safety regulations, theft, damage and vandalism or payment incidents). | For legitimate interests in running the business and to prevent fraud and the abuse of our property and staff. Retention Period : 2 years from the date of occurrence or recordal of the incident, whichever date is the latest. |
Securing payments by determining the associated level of fraud risk and requesting a different booking channel or for the use of an alternative payment method. | For our legitimate interests in running our business and to prevent fraud. Retention Period : 6 months in our database and 2 years in a separate database which is retained for purpose of enhancing our system. |
Securing properties and persons and preventing non-payments which may result in refusing acustomer'sreservation. | For our legitimate interests in running our business and to preventing non-payment. Retention Period : 2 years from the date of registration. |
In case of serious events affecting the hotel, such as natural disasters, terrorist attacks, etc. the hotel may use services to search for persons. | Protecting the interests of clients. Retention Period : During the event. |
Complying with laws, including:
| To comply with legal obligations. Retention Period : As required by the time period specified in terms of the applicable laws. |
When do we collect your Personal Information? | |
|---|---|
During hotel-related activities |
|
Marketing |
|
Transmission of information from third parties |
|
Internet |
|
|
At all times, Nammos will only retain your personal information for as long as the above purpose requires, by taking into consideration the period of time during which we have an ongoing relationship with you, and whether a legal obligation exists to store your personal information.
Once we are no longer required to retain your personal information, we will discard your personal information. If your personal information is in a paper/printed format, it will be destroyed in a secure manner, such as by cross-shredding the paper documents or otherwise and, if saved in electronic form, destroyed by electronic means to ensure the information may not be restored or reconstructed at a later time.
You have rights regarding your Personal Information. However, whether or not these rights apply to you, depends on the country in which you are located.
5.1 Your right to withdraw your consent, at any time
You will, at all times, be able to withdraw the consent you provided to obtain your Personal Information by contacting us using the following email address it@nammoshotels.com. However, it is necessary to point out that when you withdraw your consent in the manner indicated above, this will not affect the processing of Personal Information that was based on your prior consent.
5.2 Your right to ask us to correct any of your Personal Information
You will, at all times, be able to request us to correct your Personal Information by sending an email to us on the following email address it@nammoshotels.com.
In addition to the above, individuals in the European Economic Area (“EEA”) and the United Kingdom (“UK”) which fall under the scope of the EU General Data Protection Regulation (“EU GDPR”) or UK General Data Protection Regulation (“UK GDPR”), have eight fundamental rights as follows:
Eight Fundamental Rights | |
|---|---|
1.to be informed | it is mandatory for all organizations to be candid in how they are using Personal Information. |
2.to have access | to know exactly what information is held and how it is processed. |
3.to rectify information | to have personal Information rectified if it is inaccurate or incomplete. |
4.to erasure of information | to have Personal Information deleted or removed for any reason whatsoever. |
5.to restrict processing | to limit, block or suppress processing of Personal Information. |
6.data portability | to retain and use Personal Information for your own purpose. |
7.to exercise an objection | object to Personal Information being used in certain circumstances |
8.to automated decision making and profiling | to be protected from the risk that a potentially damaging decision is made without human intervention. |
Personal Information is limited to the information which identifies or can identify you personally. Therefore, Nammos makes use of technical, administrative, and physical safeguards which are designed to prevent unauthorized access, maintain data accuracy, and to ensure that your Personal Information is used for the purpose for which it is required.
Nammos’s Privacy Policy relates to all of the Personal Information which we collect from you on either our website, mobile applications, cloud-based services or communication platforms. Nammos will handle all of your information and will therefore determine how and why your Personal Information is processed. While using any of our facilities and services, the entity which manages the facility and services will handle all of your personal information. Any information relating to persons under the age of 16 years old can only be provided with the consent of an adult. In certain circumstances, it may be necessary for us to obtain sensitive information from you relating to your dietary requirements, race, political opinions, religion, philosophical belief, health or sexual orientation and to first obtain your express prior consent before we are able to provide you with a specific service, or in order to meet personal dietary requirements.
Our website contains links to third-party websites such as reservation agents, or travel sales associates and when you click on those links, you will be subject to that website’s privacy policy and therefore we do not take any responsibility for the privacy practices of such other websites. As such, we disclaim any liability for their actions, including actions relating to the use and disclosure of your Personal Information.
When you access our website, we may collect your information through cookies on our website.
The type of information we collect from you through cookies includes IP addresses, your visits to our webpage, the webpages which you viewed via our website, search engine referrals, browsing activities over time and across other websites following your visit our website, as well as your response to marketed information.
The information which we collect through cookies may be used to determine new users of our website, recognize returning users, advertise on other websites and applications not affiliated with us and profile our our viewers, and clients to improve our products or services.
We make use of closed-circuit television cameras (“CCTV”) to monitor and ensure the safety and security of all of our guests and our staff. Therefore, there are numerous CCTV cameras in various locations in and around the premises. CCT cameras can be found in the lobby of the hotel, in all entrances to our building and in public areas such as our restaurants and loungers. It is in our legitimate interest to process any Personal Information captured. Your Personal Information will not be kept longer than necessary to meet the purposes detailed above. CCTV signage is in place where required by local laws or regulations.
9.1 Medical Service Providers
In order to provide you with any the required medical care, we may obtain your personal information from medical service providers when accidents and incidents occur.
9.2 Airport Service Providers
In order to manage your booking, we may obtain your personal information from airport service providers.
9.3 Travel and Restaurant Booking Websites
It may be necessary to obtain your Personal Information from travel and restaurant booking websites to manage your bookings, and streamline the check-in and out process.
9.4 Financial Service Providers
It may be necessary to obtain your personal information from financial service providers for membership information purposes and to manage and fulfil bookings.
9.5 Social Media Platforms
It may be necessary to obtain your Personal Information from social media platforms for marketing purposes, in order to improve the services provided and to conduct surveys.
Nammos forms part of ADMO Hospitality and its subsidiaries. It is necessary to inform you that we will also share your Personal Information with other entities within ADMO Hospitality’s group of companies.
In certain circumstances, we disclose your personal information to third parties, vendors and service providers or affiliated employees, contractors and entities, internal and external recipients:
Third Party | Reason for necessary disclosure |
|---|---|
Membership Associations | Marketing, Research |
IT, digital, technology and telecoms | Bookings, Reservations, Providing Services, Analytics, Marketing, Central Data Management Platform |
Finance Service Providers | Comply with legal requirements, Accidents |
Legal and Professional | Comply with legal requirements, Accidents, Competitions, Security |
Government Bodies | Legal Requirements, Bookings, Reservations, Providing Services, Medical Care, Accidents, IT |
Health Providers | Comply with legal requirements, Medical Care |
Membership Associations | Marketing, IT, Security |
Transport Companies | Bookings, Reservations, Providing Services |
Education and Childcare Providers | Bookings, Reservations |
It may be necessary to transfer your personal information from Europe to other countries that do not ensure an equivalent level of data protection. Should this be required, Nammos will inform you of the transfer and compelling legitimate interests pursued. Please be assured, that Nammos will not transfer your personal information to third parties unless receiving party agrees to treat your Personal Information in a manner consistent with applicable laws and requirements.
Nammos takes appropriate technical and operational security measures, in accordance with applicable legal provisions to protect your Personal Information against illicit or accidental destruction, alteration or loss misuse and unauthorized access, modification or disclosure and Nammos has employed technical measures (such as firewalls) and organizational measures (such as a user ID/password system, means of physical protection etc.) to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services. It is only authorised persons who are provided access to Personal Information and such individuals have agreed to maintain the confidentiality of this Personal Information.
We may make necessary updates to this Privacy Policy, from time to time. We confirm that Nammos reserves the right to add, amend or delete this policy at any time, without the need to notify you, except in circumstances where we are required to notify you in terms of the law. Therefore, we suggest that in order to stay up to date, you consult our policy regularly, especially when you are making a reservation.
By using our website, you agree that these Terms and Conditions shall be governed by and construed in accordance with the EU GDPR and national laws of the hotel as applicable in Greece. You agree, acknowledge, and submit to the national courts of Greece or the EU having non-exclusive jurisdiction over all and any dispute or difference between us arising out of or in connection with this Agreement.
For any questions or concerns about how we treat your personal information, please contact us by emailing us at it@nammoshotels.com.