Santorini, GR 19 C

Privacy Policy

Data protection and privacy policy

We respect the privacy of all our customers and business partners, and treat personal information (personal data) provided by you to us as confidential. We know that you are concerned how information about you is collected, processed, used and stored, and we appreciate you trusting that we will do so with every due care and diligence.

The new General Data Protection Regulation (GDPR)  enter into force in the European Union, and we take the opportunity to improve the experience of the users of our website and the applications we use.

Nothing changes with your current settings. We rather improve the way we describe our practices and how we explain the options you need to update.

We have provided this Privacy Policy as an explanation of the information we collect, how we process and use it, and how the use of this information can benefit your experience on our website and services we provide.

What is the General Data Protection Regulation (GDPR)?

The General Data Protection Regulation (GDPR), establishes consistent rules for data protection across Europe. It applies to all companies, regardless of their location, which process personal data for natural persons residing in the European Union. The concept of processing has a broad definition and refers to everything related to personal data, including the way a company handles and manages data, such as how it collects, stores, uses and destroys that data.

Although many of the principles of this regulation are in fact an extension of the existing EU data protection rules, GDPR has wider scope and stricter standards, and provides for significant financial penalties. For example, it sets stricter conditions for obtaining consent to the use of certain types of data and extends the rights of individuals to access their data and the transfer of such data. Failure to comply with the GDPR can result in significant financial penalties, which may amount to up to 4% of the company’s annual general income for certain infringements.

The GDPR is the new European Privacy Statement (EE 2016/679), not allowing the use of data collected so far without the re-consent of the user.

Your personal data will never be made available to third parties for advertising or other purposes.

If you change your mind, you can request us, at any time, to delete your personal data (e-mail, name, etc.) from our database.

What information about you do we collect

In order for us to operate effectively and provide you with the best experiences with our services, we may request and collect information about you, whether as hotel guests, loyalty programme members, website visitors or you, contacting us for any other purposes, that includes personal information that can identify you as an individual.

Your personal information can come to us via various channels, including but not limited to:

  • when you browse and interact with our website and/or use any mobile apps that we may make available –  such as make a booking via our Online  Reservation system, make an inquiry, sign up for newsletter subscription or make brochure  requests
  • through your use of our products and services – such as when you stay as a guest or visits the hotels, restaurants or facilities managed by us
  •  when you submit enquiries to us or provide us with you feedback
  • when you participate in our promotional offers, competitions or surveys
  • as a member of our loyalty programmes or when your friend refer you to our programmes
  • from third parties – such as partners we work with or public databases – where you have provided your consent to the third party or to us to that information sharing taking place or where we have a legitimate interest to use the personal information in order to provide you with our products and services

The types of personal information that we collect and process may include, but not be limited to (and may vary by jurisdiction):

  • personal details, such as your name, gender, date of birth, nationality, passport and visa information, personal and work contact details (addresses, emails and telephone numbers)  
  • payment and credit card information, such as bank accounts, name of cardholder, credit card number, credit card billing address and expiry date
  • guest stay information and lifestyle information, such as hotels where you have stayed, arrival and departure dates, room preferences, leisure activities, names and ages of children, observation of your services preference, and other information necessary to fulfil special requests
  • information, feedback or content you provide regarding your interests and preferences
  • loyalty program member information, online account details, profile or password details
  • information from our security systems such as from our closed circuit television system, card key, internet login and firewalls
  • information relating to your use and interaction with our website

Some of the personal information which you provide to us are considered “sensitive personal information” under the privacy and data protection laws in specific jurisdiction – such as personal information from which we can determine or infer an individual’s racial or ethnic origin, health or biometric data. We only process sensitive personal information in such jurisdiction if and to the extent permitted or required by applicable law.

Except where required by local laws, we do not knowingly collect personal information from our websites from any children or minors. As a parent or legal guardian, please do not allow your children or minors to submit personal information without your permission.

We may also collect non-personally identifiable information about you, such as internet log information or visitor behavior patterns when you visit our websites on your use of our websites, communication preferences, travel habits, aggregated data relative to your stays, and responses to promotional offers and surveys. Please also refer to our Cookies policy.

How we process and use your information

We may collect, process and/or use the personal information which we collect in order to:

  • Deliver our products and services to you – such as completing your reservations, sending you reservation confirmations, supplying the purchased goods and services, registering you for program membership, fulfilling a request for information,  customising our services to your preferences, earning and redeeming rewards, keeping proper records of your transactions with us
  • communicate and provide marketing  and promotion to you – such as sending you information and updates on our products and services and other products and services that we think may be of interests to you, including the latest promotions,  competitions, joint- and cross promotions with our business partners, response to enquiries, to send you important information regarding our website, changes to our terms, conditions and policies
  • develop and improve our services to you – such as performing market research, analytics and/or profiling, developing new products and services, improve the effectiveness of our website, your hotel experience, our various types of communications, advertising campaigns, and promotional activities
  • work and cooperate with third party parties to deliver our products and services to you – such as travel agents, group travel organization, or anyone involved in the process of making your travel arrangements, credit card companies, airline operators and third party loyalty programs
  • maintain your safety and security as well as that of other guests and personnel – such as to make proper identification and verification in processing of the transaction, implement security surveillance and access controls when you visit or stay at Zenith Blue, and administer general record keeping
  • meet applicable legal and regulatory requirements
  • use it in other ways as required or permitted by law or with your consent 

We will only collect, process and/or use the personal information where we are satisfied that we have an appropriate legal basis to do so. This may be because (i) you have provided your consent, (ii) our use of information is necessary for providing the products and/or services you have requested, (iii) our use of your information is in our legitimate interest as a commercial organization, such as to operate and improve our services (including for profiling and targeted advertising) and in a way proportionate and respects your privacy rights, and/or (iv) necessary compliance with applicable laws, regulations, court orders or other legal process.

Keeping and safeguarding of personal information

To the extent permissible by applicable law, we generally only keep your information for as long as is reasonably required for:

  • the purposes for which that personal information was provided
  • ongoing business need, including record keeping, fraud prevention, or if we reasonably believe there is a prospect of litigation
  • as necessary to meet legal, regulatory, tax or accounting needs

We take reasonable steps to safely and securely delete, dispose of, anonymise and/or block personal information when we no longer need it.

Information security: Zenith Blue takes appropriate technical and organizational measures, in accordance with applicable legal provisions (in particular: Art. 32 GDPR), to protect your personal data against illicit or accidental destruction, alteration or loss misuse and unauthorized access, modification or disclosure. To this end, we have taken technical measures (such as firewalls) and organizational measures (such as a user ID/password system, means of physical protection etc.) to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services. In relation to the submission of credit card data when making a reservation, SSL (Secure Socket Layer) encryption technology is used to guarantee a secure transaction. Organizational measures ensure the security of the processing.

Information sharing: Insofar as reasonably necessary for us in delivering our products and services to you and for the purposes set out in this Privacy Policy, we may share your personal information with the below parties. The specific kind of information we share will depend on your activities with us and only to the extent as required or permitted by law, and/or with your consent.

  • Our group entities, hotels and residences managed and operated by us
  • Our business partners and third parties involved in the delivery of our products and services to you – including those involved in a sale of all or part of our business operations or assets and those for business, operational and general administration
  • Our marketing and advertisement partners
  • Third party services providers which process data (including personal information) for us, based on our instructions and in compliance with our Privacy Policy and any other appropriate confidentiality and security measures
  • Our agents, advisors, consultants, other third party suppliers and/or services providers to assist us to operate effectively and provide you with the best experiences with our services
  • Other third parties when we have your consent or are otherwise permitted by law to do so

Information processing by third parties: Like most  hotels, we may outsource the processing of certain functions and/or information to third parties, which may be located in countries other than the country where your information is collected or your country of residences. We may also engage market research firms to assist us in contacting our guests for the purpose of market research and quality assurance. When we do outsource the processing of your personal information to third parties or provide your personal information to third-party services providers, we oblige those third parties to protect your personal information with appropriate security measures.

Data storage period

Personal data will be stored for the period defined by legal rules or, in their absence, for the strict time needed for the fulfilment of the processing purpose, taking in consideration the legal basis for said processing, as well as all the remaining requisites and time periods determined by law, namely the lapse terms for legal actions based on the correlated rights.

Accordingly, in all cases where a mandatory storage period is determined by law, the right to erasure of personal data as stated in Article 17 of the GDPR can only be exercised by the data subject after the said period lapses.

Zenith Blue shall store the personal data for the strict period of time needed for the fulfilment of the data processing purpose, as well as its erasure (or anonymization, if and when applicable/needed) immediately after said period and/or upon the data subject’s request, always considering the above-cited exceptions and all legally defined terms.

You control your personal information

You may always choose what personal information (if any) you wish to provide to us. Please note, however, some of our products and services to you may be affected if you choose not to provide certain details, for example, we cannot reply to you without a name or contact details.

If you provide us with your contact details (e.g. postal address, email address, telephone number or fax number), we may contact you to let you know about the products, services, promotions and events offered that we think you may be interested in. You can always choose whether or not to receive any or all of these communications by contacting us as described in Section (How to contact us) below. In addition to you agreeing to this Privacy Policy, we may also ask you to give us a separate consent before we send you with these information or indicate how you would like to receive any communication (e.g. via email or regular mail). After you have indicated your preferences, you can always change them.

This is a short summary of your rights:

  • Your right to object. You have the right to object to our processing of your personal data based on our legitimate interests, meaning we may not process your personal data any longer unless we can demonstrate compelling legitimate grounds for the processing which override your interests. You can always contact us to receive more information about the balance test we have made.
  • Your right to access and to move your data. You have the right to request a transcript of your personal data processed by us and additional information on how the data have been collected, processed and shared. The first transcript may be requested free of charge. You also have the right to move your personal data from us to another data controller.
  • Your right to rectification. You have the right to correct inaccurate or incomplete personal data about you.
  • Your right to erasure. You have the right to request that we delete personal data about you, for example, if the information is no longer necessary in relation to the purpose for which it was collected, or if we no longer have a legal basis to process the data.
  • Your right to restriction. You have the right to request that our processing of your personal data should be limited until we have corrected inaccurate or incomplete data about you or until we have handled an objection from you.
  • Your right to withdraw your consent. You have the right, at any given time, to withdraw any consent you have given us. Please note though, that it will not affect any processing that has already taken place.

Please note that our legal rights or obligations, such as privacy and confidentiality legislation, may prevent us from disclosing or transferring all or a part of your information, or from immediately deleting your personal data.

If you wish to exercise any of your rights in relation to your personal information, please contact us as described in Section (How to contact us) below.

Other relevant information

Cookies: To enhance your experience on our website, some of our web pages may use “cookies”. Please refer to our Cookies Policy.

Newsletter:  (Be the first to know about our news and get explosive offers straight to your inbox !) We use Mailchimp as a newsletter service Mailchimp’s Privacy Policy. Each user may at any moment choose to delete their registration to these newsletter services by simply clicking on the appropriate link in any communication sent.

Links to other websites:  For your convenience and information, we provide links to external third party websites, including websites owned or controlled by independent franchisees, third party owners of hotel, resort, interval ownership, or residence properties that may use our brand name(s), or websites not controlled or authorized by us. The linking of external third party websites to this website does not indicate any association with or endorsement from us. We cannot always ensure, and are not responsible or liable for, any content of these external third party websites, including, but not limited to, any advertising claims or marketing practices. Please note this Privacy Policy is limited to our own information collection practices. We strongly recommend that you read the separate privacy and security policies and the information collection practices of any external third party website before providing any personal information while accessing those websites.

How to contact us

For any questions, concerns or requests regarding this Privacy Policy or our information collection practices, please contact us by email at info@zenithblue.gr or by post at Zenith Blue Imerovigli, 84700 Santorini Greece.