The full details of the Data Controller for the operation of this website are:
Hellenic Hoteliers Federation
Address: Stadiou 24, 105 64, Athens, Greece
- personal data: any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
- special categories of personal data (or “sensitive personal data”): personal information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership as well as genetic data, biometric data which allows to uniquely identify a natural person, health data and/or data regarding sexual orientation.
- processing: any operation performed on personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
- anonymization: the processing of personal data in such a way that data can no longer be attributed to a particular data subject.
- pseudonymization: the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
- data controller: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the data controller or the specific criteria for its nomination may be provided for by Union or Member State law.
- data processor: a natural or legal person, public authority, agency or other body which processes personal data on behalf of the data controller.
- consent: of the data subject: any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
- personal data breach: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.
- applicable legislation: The provisions of the existing Greek, EU or other legislation which is applicable to the beneficiaries and regulate matters of data protection and privacy, such as Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation-GDPR) and any implementing laws, such as the Greek law 4624/2019, and Greek law 4623/2019.
3. Personal Data Collected – Purpose and legal basis of processing
The purpose of the data processing is the proper and secure operation and management of the website, as well as the improvement of the services provided. The legal basis for such processing is the legitimate interest of the Data Controller, as the administrator of the Website within the framework of the Project (Article 6 par.1(f) GDPR).
4. Disclaimer for third-party websites
The Website may provide links that redirect the user to third-party websites. The administrators of the Website does not control these third-party websites and is not responsible for the content posted on them or any further links appearing on them, nor bear responsibility for the privacy practices of third parties or the content of third-party websites.
5. Transfer of personal data
No personal data and information of users/visitors is transferred in any way and for any reason to third parties not related to the project.
6. Data retention
7. Data Subjects’ rights
The users of the Website, as data subjects, may exercise the rights granted to them by law with regard to the collection and processing of their personal data. In particular, each data subject is entitled:
(1) to be informed about the processing of his/her personal data (i.e. the right of access) and to request and receive further information about the processing,
(2) to request the correction of inaccurate personal data,
(3) to request the deletion of his/her personal information, unless this is not permitted by law,
(4) to request restriction of the processing,
(5) to request portability of his or her personal data and
(6) to object to further processing of his/her personal data.
In order to exercise your rights you may contact us by email: firstname.lastname@example.org
The Data Controller may refuse to fulfill, in whole or in part, a relevant request received from a data subject, only when this possibility is provided for by the applicable legislation.
In case you exercise any of the above rights, you will receive a detailed reply as soon as possible, and within the time limits set by the GDPR, i.e. one (1) month from the receipt of the request. This period may exceptionally be extended by two (2) more months if the request is complex or if there is a large number of requests pending.
Last update: September 2022