PRIVACY POLICY

This policy on personal data processing/protection (hereinafter “Policy”) informs about the collection, storage, processing and use of your personal data.
The company Sakavaras Konstantinos OE (hereinafter “Company” or “we” or “us”), having its registered office at Karterados Thiras, Tel.: 0030 2286022122 and 00306977785359, contact email: info@cave-land.com, acting as the Controller, collects, stores, uses and generally processes your personal data.


1. What are Personal Data?
“Personal data” means any information concerning individuals, including first and last names, mailing address, email address, contact telephone number, etc., which identifies or can identify you (hereinafter “Personal Data” or “Data”).


2. What is Personal Data Processing?
“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated tools, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.


3. Data we collect
We make sure to collect only Data absolutely necessary to serve the purpose for which they were provided and such Data are used solely and exclusively for the purposes for which they were collected. With the exception of any Data collected by way of Cookies (more information on the Cookies Policy), Data are limited to data explicitly provided by you for a specific purpose subject to your consent. Also, perhaps we collect Data when you visit our website subject to your consent, which you are deemed to have granted by filling in the appropriate fields. Identity data, such as first name, last name, father’s name, date of birth, e-mail. If you would like to book a room, you can do it through the online system that incorporated to our website and it is powered by hostelworld.com .

4. Data of Children

If you are the parent or guardian of a child under 16 (“Child” or “Children”), and have provided us with information belonging to a Child, then alongside the Child’s data provided, we may also process limited personal data about you, so we can record your consent to store, process and use this information about the Child to fulfil the service you have purchased or signed up to on their behalf. We may use your contact details to communicate with you about the Child’s use of these products or services. We will never knowingly send marketing communications to a Child under the age of 16.


5. How we use your Data
Your Data are processed either by authorized Company staff or by means of IT systems and electronic devices used by our Company and in certain cases, by third parties who are bound by a contract with our Company, undertaking the contractual responsibility to ensure the confidentiality and protection of your Data, and process them solely and exclusively for the purposes for which they were provided.
As a general rule, your Data are processed with a view to providing you with services, including:

Price quotations: The Company processes your Data to enable it to offer you a price for the services you ask.

Sending Newsletters: The Company gives you the option to choose to receive Company newsletters/promotions/advertisements at your email

Events: We will use the details you have shared to manage your registration and entry into our event. This may include contact via telephone, email, SMS and post with information relating to the event you have registered to attend.

Information services from our Website: The Company provides information services to its clients 

Contact: The Company uses Data to answer to requests/questions you make for instance through the contact form.

Participation in online market surveys/ answering questionnaires: The Company processes Data that you provide to participate in online surveys.

6. The legal basis for the processing of your Data by the Company
Your Data are processed subject to:  

a. the terms of our contract with you;

b. your consent, where required;

c. the Company’s obligations under the law (e.g. tax, labor, insurance, etc. legislation);

d. the Company’s legitimate interest. 

7. Recipients of your Data 
The company warranties that it will not transmit, disclose etc. your Data to third parties for any purpose or use, unless it is mandatory under applicable legislation or required by public/judicial agencies/authorities.
Access to your Data is granted only to the absolutely necessary Company staff, who are bound by confidentiality agreement, and third parties working with us, that process your Data acting as Joint Controllers or as Processors on our behalf and subject to our instructions.
Recipients of your Data include but are not limited to:
1)    Users of our brands and systems who co-operate with our Company.
2)    Tourist agencies working with us.

8. How we ensure the respect of Processors for your Data
Processors acting on our behalf have agreed and are contractually bound to the Company:
•    to respect confidentiality;
•    to refrain from sending your Data to third parties without the Company’s permission;
•    to take the necessary  security measures;
•    to comply with the legal framework on personal data protection, in particular Regulation (EU) 679/2016 (also known as GDPR).

9. When do we delete your Data?
We only keep your Data for as long as is required to fulfil the purpose for which you provided them, in compliance with applicable legislation.
Your declaration of consent to receiving our newsletter is kept for as long as the Company sends you newsletters, unless you opt out.
Data processed when you participate in contests and/or market surveys will be kept for as long as is required to conclude the contest or survey and are then deleted.
The policy we operate in respect of Data collected by way of Cookies is available (see more about the Cookies Policy).

10. Are your Data secure?
The company undertakes to safeguard your Data.
Acknowledging the importance of your Personal Data security, we have put in place all the suitable organizational and technical measures, constantly improving them to follow the latest technological evolutions, for the sole purpose of safeguarding and protecting your Data from all forms of accidental or unlawful processing. We have implemented commercially reasonable precautions to protect the information we collect from loss, misuse, and unauthorized access, disclosure, alteration, and destruction, in accordance with industry practice and applicable laws. Please be aware that despite our best efforts, no data security measures can guarantee 100% security. While we strive to protect information transmitted on or through our site, we cannot and do not guarantee the security of any information you transmit on or through the site and you do so at your own risk.

You should take steps to protect against unauthorized access to your password, phone, and computer by, among other things, signing off after using a shared computer, choosing a robust password that nobody else knows or can easily guess, and keeping your log-in and password private. We are not responsible for any lost, stolen, or compromised passwords or for any activity on your account via unauthorized password activity, except where otherwise required by applicable law.

11. Your rights
You have the right of access to your personal Data.
This means that you have the right to be informed by us if we process your Data. If we process your Data you can ask to find out the purpose of processing, the type of Data we keep, who we provide them to, for how long we store them

1. You have the right of rectification of inaccurate personal Data..

2. If you find any errors in your Data you can apply to us for their correction (e.g. name correction or change of address updating). 

3. You have the right of erasure/”right to be forgotten”.

4. You can ask us to erase your Data if they are no longer necessary for the above purposes of processing or if you wish to withdraw your consent in cases where it is the sole legal basis. 

5. You have the right to the portability of your Data.

6. You can ask us to provide you with Data you have provided in a readable format or to transmit them to another controller.

7. You have the right of restriction of processing.

8. You can ask us to restrict the processing of your Data for as long as your objections to their processing is under review.

9. You have the right to object and withdraw your consent to the processing of your Data. 

12. How you can exercise your rights
To exercise your rights, you can submit a request, filling out and sending the appropriate application form, to our Company’s mailing address (or email address (info@cave-land.com) indicating “Exercise of Right”, and we will make sure to review your request and respond as soon as possible.

13.Applicable law to the processing of your Data by us
The applicable law is Greek law as shaped by the General Data Protection Regulation and the applicable national and European legislative and regulatory framework on personal data protection. The Courts of Santorini’s have jurisdiction over disputes arising in connection with your Data Exceptionally.

14. Where you can complain if we violate applicable law on the protection of your Personal Data?
You have the right to lodge a complaint with the Personal Data Protection Authority (mailing address: 1-3 Kifissias Ave., Postal Code 115 23, Athens, Tel.: 210 6475600, email: contact@dpa.gr), if you believe the processing of your Personal Data to be in violation of the applicable national legal and regulatory framework on personal data protection.

15. How you can find out about amendments to this Policy?
We update this Policy whenever necessary. In case of major changes in the Policy or in the way we use your Personal Data, we will post an updated version of this Policy on our website and inform you by any appropriate means. 

This Personal Data Protection Policy was updated on November 15, 2018.