Call us icon +302821052280
map icon
BOOK NOW

Privacy Policy

Privacy Policy in accordance with Regulation EU/2016/679 (“GDPR”) 

Recital 

At KYDON Hotel, hereinafter referred to as the “Hotel”, we are committed to protecting and respecting your privacy. Compliance with the Protection Policy (“policy”) on Personal Data (“PD”), together with any disclaimers, is the basis 

on which PD is collected on you. The Policy has been developed based on the Data Protection Impact Assessment (DPIA), which is required by the GDPR and Law 4624/2019. DPI is either provided to us directly by you with your free consent or is provided to us through third parties who have already obtained your free consent and are always processed in accordance with the GDPR. Please read the following carefully to understand the use of PD. 

Information and PD we collect about you 

We collect information and PD from you that you provide with your free consent either directly or through third-party services with which you interact and have already asked for your free consent. 

We may process data, including the following when providing hosting services and using our facilities by you, which could contain PD or be considered PD: 

  • Name, home and/or work address, email address, telephone numbers (landline or mobile), ID or passport number, nationality, date of birth. In the event that you are accompanying children (under 16 years of age), you will be asked to declare their details as an official guardian. Please note here that all of the above information is required by Greek law for the provision of hosting services in tourist accommodation establishments. 
  • Financial information about you, including details of your bank account details, your credit or debit card details or other payment details. 
  • Information about your profession, or your participation in professional or other organizations. 
  • Medical details, dietary habits and possible allergies. 
  • Concluding, any other details which you request us to process on your behalf or which are necessary in order for us to be able to offer you the best possible accommodation, fitness/SPA, entertainment and conference services. 

In addition, we inform you that: 

  • The hotel has a video surveillance system (CCTV) in areas defined by the relevant Greek legislation and the Greek Data Protection Authority. The video surveillance system operates for reasons of protection of health and safety of our employees and clients, as well as for reasons of protection of property. 
  • When you visit our hotel’s site, our navigation program provides us with information such as your current IP address, your navigation program type, your access time and the pages of our site which you visited, which are collected and used in order to compile statistical data. This information may be used in order to assist us in enhancing our site, our services and to design new services for you. 
  • We may use cookies and similar in order to enable the provision of data of our site and to offer you a personalized user experience in accordance with your needs and requirements. In this case, you may not accept the proposed cookies. 

Purpose of processing of PD 

We process personal data for the following purposes: 

  • To offer you the hospitality and leisure services at our accommodation, which you have requested through your reservation. 
  • To inform you about all our services and possible offers (e-mail marketing/sms marketing), provided that we have your consent. 
  • To inform you about changes to our policy. 

Legal Basis of Processing 

The legal bases of processing are, as the case may be: 

  • the legitimate interest we pursue (operation of our company). 
  • our compliance with obligations arising from the law. 
  • the execution (formation, operation, termination) of the contract between us. 
  • your consent. 

Security of Personal Data (PD) 

The hotel is committed to making every reasonable effort to protect your PD. For this reason, we use a variety of security technologies and procedures to protect PD from unauthorized access and use. However, please note that no physical or electronic security system is completely secure. We cannot guarantee the complete security of our databases, nor can we guarantee that the information you provide to us via the Internet will not be intercepted. We commit, however, to review and enhance our security policies and to implement additional technical and organizational measures, when such new technologies become available. The transmission of information via the Internet is not completely secure and may involve the transmission of data to countries outside the European Union. This occurs due to the use of cloud solutions for webhosting, email hosting or exclusive software solutions which have been delivered to us via the Cloud. However, in any case, we do not permit third parties to use our PD for their purposes. Although we will take all possible measures to protect your personal data, we cannot guarantee the security of your personal data which are transmitted to us. Consequently, you are responsible for the transfer of any PD. Once PD are obtained, we take the necessary security measures in order to avoid non-authorized access. 

Retention of PD 

The period of time which PD is retained at the hotel is specified by the provisions of Greek legislation on the protection of 

the state’s interests and the hotel’s retaining policy on the protection of the entity’s legal interests. Personal data that is necessary for the conclusion or execution of the contract between us, are kept throughout the duration of the contract and 5 years after its expiration. In the event of claims, these data are kept until an irrevocable decision is issued. 

Transfer of PD 

We ensure that your personal data is subject to lawful processing, which is limited within the Hotel, while their confidentiality is ensured and we are committed to not transferring your Personal Data to third parties other than those to whom you have already given your consent, without our intervention. However, they may be transferred to our partners, who act as processors on our behalf, to the extent that the aforementioned processing purposes are served and subject to compliance with confidentiality to protect them within the framework of our contractual commitments, serving our legitimate interests and with the right to control them. 

Your rights and how you can exercise them 

  • Know which personal data we hold and process, their origin, the purposes of their processing, as well as the time they are kept (right of access). 
  • Request the correction and/or completion of your personal data, so that it is complete and accurate (right to correction). You must provide any necessary document from which the need for correction or completion arises. 
  • Request the restriction of the processing of your data (right to restriction of processing). 
  • Refuse and/or object to any further processing of your personal data that we hold (right to object). 
  • Request that we transfer your personal data that we hold to any other controller of your choice (right to data portability). 
  • Submit a complaint to the Personal Data Protection Authority (www.dpa.gr), if you consider that your rights are violated in any way (right to complain to the Authority). 
  • Request the deletion of your personal data from the files that we hold (right to be forgotten). 
  • In relation to the exercise of your above rights, the following are noted: 
  • The company has in any case the right to refuse to satisfy your requests to limit the processing or delete your personal data or your opposition to the processing, if the processing or retention of the data is necessary for the establishment, exercise or support of its legal rights or the fulfillment of its obligations. 
  • The exercise of the right to portability does not entail the deletion of your data from our files, which is subject to the terms of the immediately preceding paragraph and the conditions of the Regulation. 
  • The exercise of the above rights is effective for the future and does not concern data processing already carried out. 

To exercise your above rights in accordance with European and Greek legislation and the restrictions set out therein, you may contact the Company "KYDON - HOTEL & TOURIST ENTERPRISES S.A.", headquartered in Chania, Sofoklis Venizelou Square & 2 Tzanakaki Street, Municipality of Chania, Prefecture of Chania, with VAT number 094380907, Tax Office of Chania and GEMI number 123268258000, or electronically at the e-mail: dpo@kydonhotel.com  

Services covered by this policy 

  • Accommodation 
  • Gym/Spa/Recreation 
  • Conferences/seminars/social events 
  • Restaurant, bar and other food-related services. 

Email messages 

If you do not wish to receive marketing and promotional emails from the hotel, you may click on the unsubscribe link in the email to unsubscribe and cancel email and marketing communications. You may also indicate on the relevant hotel registration form that you do not consent to receiving promotional emails, in which case you may opt out of the hotel’s email lists. Please note that even if you opt out of receiving marketing messages from us, we may still need to send you service-related communications, such as confirmations of any future reservations you may make. 

Wi-Fi Service 

For the Wi-Fi service within the hotel, please see the relevant policy (Wi-Fi disclaimer). 

Data Controller 

The Data Controller is Kydon S.A. (as a Legal Entity) with whom you can contact for GDPR issues at the e-mail address: info@kydonhotel.com  

Changes to the policy 

We reserve the right to change this policy by applying newer provisions of European and Greek legislation and at our discretion. If we make any changes, we will post the changes here so that you can have immediate access. 

scroll to top
Cookie SettingsCookie Settings
ΕΣΠΑ