Scope of this Privacy Policy
91 Athens Riviera (hereinafter referred as “91 Athens Riviera“,”We”, “Us”) Leof. Alkionidon 4, Voula, Athens, tel. 210 9119600, a Members Club created under Voula Investment Single Member S.A. (117, Kifisias Ave. & 59-61 Ag. Konstantinou, Marousi, Athens),in its role as Data Controller, collects and processes your personal data, only if absolutely necessary, for specified and legitimate purposes, in accordance with the General Data Protection Regulation (EU) 2016/679, the Greek Law 4624/2019 and the Greek Law 3471/2006 as applicable. This Privacy Policy aims to transparently inform you regarding the types of personal data we collect and how we use them, the purposes we process your personal data and the relevant legal basis of processing, and the rights related to your personal data. You may always find out more information regarding the processing of your personal data or exercise your rights by sending an email, at frontdesk@91athensriviera.gr
Definitions
For the purposes of this Policy, the following terms have the following meanings:
• “Personal Data”: any information relating to an identified or identifiable natural person ("data subject"); an identifiable natural person is one whose identity can be verified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.
• “Special categories of personal data”: personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade-union membership, as well as the processing of genetic data, biometric data for the purpose of positive identification of a person, data concerning health or data concerning the sex life of a natural person or sexual orientation.
• “Processing”: any operation or set of operations which is performed, whether or not by automated means, on personal data or on sets of personal data, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
• “Anonymisation”: the processing of personal data in such a way that the data can no longer be attributed to a specific data subject.
• “Pseudonymisation”: the processing of personal data in such a way that the data can no longer be attributed to a specific data subject without the use of supplementary information, provided that such supplementary information is kept separately and is subject to technical and organisational measures to ensure that it cannot be attributed to an identified or identifiable natural person.
• “Data Controller”: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, or the specific criteria for their appointment may be provided for by Union or Member State law.
• “Data Processor”: the natural or legal person, public authority, agency or other body that processes personal data on behalf of the Data Controller.
• “Data Subject”: the natural person whose personal data are processed.
• “Consent of the data subject”: any freely given, freely given, specific, explicit and informed indication of his or her wishes by which the data subject signifies his or her agreement, by a statement or by an explicit affirmative action, to the processing of personal data relating to him or her.
• “Data Breach”: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access of personal data transmitted, stored or otherwise processed.
• “Applicable Legislation”: the relevant national and EU legislation regarding the protection of personal data and in particular the General Data Protection Regulation (EU) 2016/679 (hereinafter referred to as "GDPR"), the Greek Law 4624/2019, the Greek Law 3671/2006, the case law of the Court of Justice of the European Union (hereinafter "CJEU") as well as the Decisions, Directives and Opinions of the European Data Protection Board (hereinafter "EDPS") and the Hellenic Data Protection Authority (hereinafter "HDPA”).
What Personal Data we collect and how we use them
Membership Data
If you are interested in becoming a member, we collect your name, surname, address, age and occupation and we process this information when you make use of the relevant privileges.
Purpose of processing and legal basis
We collect your Membership data:
• To complete your registration and handling of our Membership Club. Our legal basis is the fulfillment of our contract.
• To provide you with special offers and rewards and improve your stay. Our legal basis is the fulfillment of our contract and our legitimate interest.
Data we collect automatically
When you use our website, we also collect information automatically, which may constitute personal data. This includes information such as language settings, IP address, location, device settings, device settings, device operating system, activity data, time of use, redirect URL, status report, user information (information about browser version), operating system, browsing result (single visitor or registered customer), browsing history, type of data viewed. We may also collect data through cookies. For information on the use of cookies, click here.
Recipients
91 Athens Riviera may transfer the abovementioned personal data to third parties, to whom it has entrusted the processing of personal data and to collaborating institutions/companies. In particular, the data are transmitted to:
• Companies in our Group, to the extent that this transfer is necessary for the pursuance of our purposes.
• Public authorities (the police, prosecuting authorities, tax authorities etc.) upon relevant request.
In any case, the third parties to which data subjects' data may be transferred are contractually bound to 91 Athens Riviera by a confidentiality clause and are subject to all the obligations deriving from the Applicable Legislation for the protection of personal data.
At the same time, the personal data of the data subjects may be transferred to public authorities, independent authorities, etc. for the purposes of compliance with legal obligations of 91 Athens Riviera.
Transfer of Personal Data outside the EEA.
In principle, we do not transfer your personal data to third countries and/ or International Organisations. In the event of a transfer of your personal data to a country outside the European Economic Area (EEA) or an International Organisation, the Company previously ensures that one of the legal bases of Article 6 of the Regulation is respected and that the following are cumulatively true:
• the Commission has issued an adequacy decision for the third country to which the transfer is to be made (Article 45 GDPR); or
• appropriate safeguards in accordance with the GDPR are in place for the transfer of such data (Article 46 GDPR); or
• For occasional processing, one of the exceptions provided for in Article 49 of the GDPR exists
Otherwise, the transfer to a third country is prohibited and the Company will not transfer your personal data to that country, unless one of the specific exceptions provided for in the GDPR applies.
Rights of Data Subjects
We respect and protect your rights, as set forth by GDPR. In particular, you have the right:
• To be informed of the processing of your personal data and to request to obtain further information on the processing applied;
• To request the rectification of your personal data in case of inaccurate information;
• To request the deletion of your personal data if they are not necessary for the purposes for which they were collected and if their retention is not based on any legitimate interest of the Company;
• To request the limitation of the processing of your personal data;
• To request the portability of your personal data either to yourself or to third parties.
• To revoke at any time the consent given for the processing of your personal data;
• To object to further processing of your data.
In the event you exercise any of the above mentioned rights, the Company will respond promptly within thirty (30) days from the submission of your request, informing you in writing on the progress of its satisfaction.
For any complaint regarding this Privacy Policy or other privacy issues, if we do not satisfy your request, you may contact the Hellenic Data Protection Authority via the following link: www.dpa.gr
Dat Retention Period
Your personal data is retained for a predetermined and limited period depending on the purpose of processing, after the end of which, these personal data are deleted from our files. Where the processing is imposed as an obligation by provisions of the applicable legislation or a specific retention period is foreseen, your personal data will be stored for as long as the relevant provisions require.
Security of Personal Data
Taking into account the latest technological developments, the implementation costs and the nature, scope, context and purposes of the processing, as well as the risks of varying intensity and extent to the rights and freedoms of the data subjects arising from the processing of their personal data, 91 Athens Riviera has taken all the necessary technical and organisational measures to protect the abovementioned personal data and rights. Although no method of transmission over the Internet or method of electronic storage is completely secure, the Company ensures that it has taken all necessary digital data security measures (e.g. antivirus) in compliance with its obligations under the Applicable Legislation.
Data Breach
In the event of a data breach incident, 91 Athens Riviera shall apply the Data Breach Management Policy. If you become aware or suspect that a data breach may or has taken place, please inform the Company without delay at privacy@91athensriviera.gr
Third – Party Website’s Disclaimer
We may provide hyperlinks to third – party websites as a convenience to our users. 91 Athens Riviera does not control third – party websites and is not responsible for the content of any third – party websites or any hyperlink in those websites. We are not responsible for the privacy practices or content of third – party websites.
In particular, on this Website there are social media widgets (e.g. Facebook, Instagram). When the user logs in to these social networks, a special digital fingerprint is created, for which both the Company and the social network itself act as joint controllers.
The purpose of the processing of such data is to improve the functionality of the website and the services provided and to analyse its traffic. The lawful basis for processing is the legitimate interest of the Company and in particular the interoperability with applications used by the Company.
91 Athens Riviera does not control and is not liable for any subsequent processing carried out on them by the Joint Controllers.
For more information on the data processing policy and the configuration options of these networks, you can visit the following websites:
• https://www.instagram.com/
• https://www.linkedin.com/
Updates to the Privacy Policy
This Privacy Policy may be amended/ revised in the future, in the context of the regulatory compliance of 91 Athens Riviera as well as the optimization and upgrading of the website's services. Updated versions will be uploaded to our website and date stamped so that you are always aware of when our Privacy Policy was last updated.
Revised: September 2023