CUSTOMER PERSONAL DATA
PROTECTION CHARTER
Valid from: 21/5/2018

OUR COMMITMENT
Hotel Menelaion holds as its highest priority the protection of your personal data. We make
every effort to carefully store and process the information you share with us.
Because we appreciate your trust, we have created this Privacy Policy to inform you about how
we collect, use, and share your information. The collection, use, and disclosure of your
information is based on your consent and the provisions of applicable law.
Our company protect your personal data through technical data security measures, internal
management procedures, and physical data protection measures. We continually strive to
improve our systems and procedures so that they stand out above all others.
Thank for your continued interest and support.

PRIVACY POLICY
1. Consent
"Personal data" means any information that is collected or recorded in a way that may
allow direct (e.g. surname) or indirect (e.g. phone number) identification of a natural
person.

We recommend that you read this text, which describes the privacy policy, before
providing us with personal data.

This "Customer Personal Data Protection Charter" is a part of the terms and
conditions that govern our hotel services. By accepting these terms and conditions,
you explicitly accept the provisions of this Charter.
2. Scope

We know how important it is to protect the privacy of our customers; we try to be as
clear as possible about the way in which we collect, use, share, transfer, and store
your information. This Privacy Policy summarises the practices we follow regarding
your data.

This Privacy Policy applies to all hotels operated by our company. This Privacy Policy
also applies to this website, all websites, online applications, and online and offline
promotional actions by our company as well as any Service or function provided by us
that refers to this Privacy Policy or provides a link hereto (collectively referred to as
our "Services").

Please note that the Privacy Policy applies to your use of our Services, regardless of
whether you use a computer, mobile phone, tablet, TV, or any other device to access
our Services. Additionally, this privacy policy applies to Services that are provided
without the use of electronic means.

It is important that you carefully read this Privacy Policy because with every use of
our Services you agree to the practices described herein. If you do not agree with the
practices described in this Privacy Policy, you should not use our Services.
3. For what purposes do we collect
data?
We collect and use personal data to manage your relation with our company and to
offer our Services to you. Certain personal data is collected to provide you with
personalised and improved services.
We collect personal data with the following purposes:
a) To manage reservations and other hospitality services
• Create and store legal documents in accordance with applicable law.
• Collect data to meet requests relating to your stay (e.g. room preferences).
b) To manage of your hotel stay
• Manage the access to your room.
• Monitor the use of services (room telephone, mini bar, online room service, Wi-Fi
access, etc.).
• Manage lists with customers’ personal data for operational purposes, e.g. daily
customer arrival and departure lists and a list of special category customers (e.g. VIP,
privilege members, Counter Club members, etc.).
c) To improve our hotel services
• Tailor products and Services to better meet your requirements.
• Process your personal data using marketing programmes for marketing and
promotional purposes.
• Provide you with useful information for offers or other promotional messages.
• Inform you about special offers and new Services.

• Provide customised content and recommendations based on your previous
activities.
d) To manage our relations with you before, during, and after your stay
• Manage loyalty programmes.
• Manage customer databases.
• Evaluate and analyse the market, our customers, our products, and Services.
• Create statistical data and reports.
• Gain knowledge and manage the preferences of new and recurring customers.
• Send newsletters, promotion products and offers, or to contact you by telephone.
• Manage requests for deletion from update lists.
• Create and manage questionnaires and statistics.
• Organise lotteries, contests and offers.
e) To improve our services
• Conduct market research/analysis of questionnaires and customer comments.
• Manage customers’ claims and complaints.
• Offer loyalty programme privileges
f) To improve system security
• Record data to ensure security and to prevent fraud.
g) To comply with Greek and European law
h) To ensure safe use of services provided by our spas and fitness facilities
i) To conduct market research/analysis of questionnaires and customer comments.
j) To conduct focused marketing campaigns, direct marketing and sales promotion
activities.
4. What personal data do we collect?
Information provided directly by you
For example:
• Several of our Services allow users to create accounts or user profiles. Along with
these Services, we may ask you to provide personal details to set up your account or
profile. For example, during the creation of a Guestportal or Privilege account, you
can submit details such as your name and email address.
• When ordering a paid product or service from us, we may ask for certain additional
details to process your order, such as your name, room details, and billing data.
• When participating in an online or offline contest or promotional action, we may ask
you for your name, contact details, email address, age and gender, personal and
occupational interests, other personal characteristics, and your opinion of our
products and/or services.
• Some of our Services allow you to communicate with other people. This
communication will be stored on our systems.

We are obliged to request the following details about you and/or your family
members:
• Contact details (e.g. surname, given name, father’s name, passport number, ID-
card details, telephone, home address, email)
• Personal data (e.g. date of birth, nationality, place of birth)
• Billing details (e.g. credit card number, VAT number)
• Loyalty programme member number (member number for loyalty
programmes of our company or other parties, such as airline operators)
• Date of arrival and departure, flight number, and room number
• Preferences and interests (e.g. non-smoking room, preferred floor, type of bed,
sports, cultural interests)
• Data about your health, such as medicine reports and certifications, medical test
results, data on pathological diseases, etc.
• Questions and comments submitted during or after your stay in one of our Hotels.
The data we collect on persons under the age of 16 are restricted to given name,
surname, nationality, and date of birth. This data can only be provided by an adult or
guardian. We thank you for your efforts to ensure that children do not send us
personal data without your consent, especially through the internet. Should any
information of this type be sent to us, you can communicate with the Data Privacy
department (see section “Questions and contact”) to arrange for the deletion of such
information.
Moreover, information such as your passport number, recreational activities, hobbies,
health issues, or whether you are a smoker or not can be described as sensitive. We
retain such information only if we are obliged to do so by applicable law or if you have
explicitly given us your consent (e.g. to provide you with an appropriate Service, such
as a special diet).
Information on your use of our Services
Apart from the information you provide directly, we may collect information on your
use of our Services through the software of your device or by other means. For
example, we may collect:
• Device information, such as hardware model, International Mobile Equipment
Identity (IMEI), and other unique device identity data, MAC address, IP address,
operating system issue, and setting of the appliance you use to access our Services.
• Connection information, such as the time and duration of use of the Service,
search commands entered in the Services, as well as information that may be stored
in cookies we have placed on your device.
• Location information, such as GPS signal of your appliance or information on
WiFi access points that may be transmitted to us when you use our Services (e.g.
WiFi, Guestportal, mobile apps).
• Audiovisual information, such as voice recordings (which may be stored on our
servers) when you use voice commands to use a Service or audiovisual information
collected through closed circuit television (CCTV) for security reasons.
• Other information that relates to your use of our Services, such as the
applications that you use, the websites that you visit, and the way in which you
interact with content offered through a Service.

Information from third parties
We may receive information about you from available public and commercial sources.
This, we may combine with other information that we receive directly from you or in
relation to you. We may also receive information about you from third party social
networking services when you choose to connect to such services.
Other information we collect
We may collect other information about you, your device, or your use of services in
manners described at the point of collection or otherwise with your consent.
You may choose not to provide certain types of information, but this may
limit your access to certain Services.
5. When do we collect personal data?
We collect personal data in various cases, such as:
a) Hotel activities
• Room reservation
• Check-in and payment
• Reservation of seat and/or use of hotel services, such as catering, spa, and
recreational services
• Various requests, complaints, and/or disputes
b) Participation in marketing programmes or events
• Registration in loyalty programmes (e.g. Privilege)
• Participation in online and offline surveys (for example, customer satisfaction
survey)
• Participation in contests and games
• Subscription to mailing lists in order to receive offers and other promotions by
email
c) Transmission of information from third parties
• Tourist agencies, tourist offices, GDS reservation systems, online reservation
systems (e.g. booking.com, expedia.com, etc.), and other reservation systems
d) Actions through electronic devices
• Login on our websites
• Connection to our WiFi network of our hotels
• Completion of online forms (e.g. reservation forms, precheck-in forms,
satisfaction survey forms, etc.)

6. Third party access terms to your
personal data

Our company do not disclose your information to third parties for their own business
or marketing purposes without prior your consent.
However, we may disclose your information to the following entities:
• Affiliates. Your information may be shared between affiliates of our company
• Business associates. We may also share your information with trusted business
partners. These entities may use your information to provide you with services you
have requested, make provisions relating to your interests, and offer you promotions,
advertisements, and other material.
• Service providers and/or any third parties that may process information
on our behalf. We may also share your information with companies that provide
services on our account or behalf, such as IT contractors, bulk mailers, banks, credit
card institutions, law firms, mail service companies, printing services companies, etc.
Credit approval: Upon submission of a credit approval claim, personal data are
utilized and disclosed to designated third parties according to applicable legislation in
order to decide on the credit approval and its subsequent level.
• Other third parties, if so required by law or in order to protect our
Services. Situations may arise in which we share your information with other third
parties:
o To comply with the law or mandatory legal procedure (such as search warrants or
other court orders)
o To confirm or implement our compliance with the policies governing our Services
o To protect the rights, ownership or security of our company or any of our affiliates,
business partners, or customers
• Other third parties in relation to corporate transactions. We may share
your information with third parties within the context of a merger or transfer, or in
the event of bankruptcy.
• Other third parties with your consent or at your command. In addition to
the disclosures described in this Privacy Policy, we may share information about you
with third parties if you give your consent or if you request us to do so.
To provide you the best possible service, we allow access to your personal data or to
certain categories to competent, authorised members of our personnel. This includes:
• Hotel staff
• Reservations departments
• IT department
• Marketing/Guest Relations department
• Legal Services department, if and when required
• Medical Services, if and when required
7. Protection of personal data during
international transfers
For the purposes set out in Article 3 of this Charter, we may transfer your personal
data to internal or external recipients who may be located in countries that offer
different levels of protection for personal data.

Please note that data protection and other laws in the countries to which your
information may be transferred may not be as protective as those in your country. To
protect your privacy, the transfer will take place according to the legislation governing
the processing of personal data.
Our company takes all reasonable measures to safeguard the transfer of personal data
to an external recipient in a country that offers a different level of privacy than the
country where the personal data is collected.
8. What we do to keep your
information safe?
We have taken organisational and technical measures to protect the information that
we collect in relation to our Services, especially sensitive personal data. Our IT
department implements international standards and practices to ensure the safety of
networks and the encryption of data.
However, please bear in mind that despite the reasonable measures that we take to
protect your information, no website, internet transmission, computer system or
wireless connection is ever completely safe.
9. Data storage
We take reasonable measures to ensure that your personal information will be stored
no longer than needed for the purpose which it has been collected and no longer than
required by the contract or the applicable legislation.
10. Cookies, beacons and similar
technologies
We and certain third parties who provide content, advertisements, or other features
for our Services may use cookies, beacons, and other technologies in certain parts of
our Services.
Cookies
Cookies are small files that store information on your computer, mobile phone, or
other device. They allow the entity who places these files on your device to identify
you across different websites, services, devices, and/or browsing times. Cookies serve
a range of useful purposes. For example:
• Cookies can remember your login credentials so you do not have to enter them again
each time you connect to a service.
• Cookies help us and third parties to understand the most popular parts of our
Services; they help us see which pages and features are visited by the users and how

much time is spent on each. By studying this kind of information, we can customise
our Services and provide you with a better experience.
• Cookies help us and third parties to understand which advertisements you have
viewed so you do not receive the same advertisement each time you access the
Service.
• Cookies help us and third parties provide you with relevant content and
advertisements by collecting information about your use of our Services and other
websites and applications.
When you use a website to access our Services, you can make settings in your browser
to accept all cookies, reject all cookies or notify you when cookies are sent. Each
browser is different. Refer to the “Help” menu of your browser to find out how you
can change your cookie preferences. The operating system of your device may offer
more control settings for cookies.
However, please note that certain Services may have been designed to work with
cookies and that deactivating cookies may affect your ability to use those Services or
part of those Services.
Other local storage
We and certain third parties may use other kinds of local storage technologies, such as
Local Shared Objects (commonly called “Flash cookies”) and local HTML5 storage
(HTML5 Web Storage) in conjunction with our Services. These technologies are
similar to the cookies mentioned above as they employ storage on your device and can
be used to store information concerning your activities and preferences. However,
these technologies may use different parts of your device than typical cookies, and
therefore may not be controlled with the standard tools and browser settings.
Beacons
We and certain third parties may also use technologies called “beacons” (or “pixels”)
that send information from your device to a server. Beacons can be embedded in
internet content, videos, and emails to allow a server to read certain types of
information from your device. Beacons can also be embedded to determine when you
have viewed specific content or a specific email message, the time and date on which
the beacon was viewed, and the IP direction of your device. We and certain third
parties use beacons for a variety of purposes, such as to analyse the use of our
Services and (in combination with cookies) to offer you more relevant content and
advertisements.
By accessing and using our Services, you agree to the storage of cookies, other local
storage technologies, beacons, and other information on your devices. You also allow
us and the aforementioned third parties to access these cookies, local storage
technologies, beacons, and information.
11. Access and correction of your data
– right to erasure (‘right to be
forgotten’)

In addition to existing lawful user rights, according to the legislation in certain
jurisdictions, you may also be entitled to request details on the information that we
collect and to correct any inaccuracies that may be contained in such information. If
permitted by law, we may charge you a small fee for the provision of this possibility.
We may refuse to handle requests that are repeated to an unreasonable degree,
require disproportional technical effort, jeopardise the privacy protection of others,
are extremely impractical, or involve access that is not otherwise required by
domestic law. If you wish to submit a request for access to your data, please contact
the Data Privacy department (see section “13 .Questions and contact”).
Υου have the right to obtain the erasure of your personal data from the controller.
12. Updates
This policy may be amended from time to time. To ensure that you are aware of any
changes, please check this policy on a regular basis, especially before submitting a
reservation request with one of our hotels. By accessing or using our Services after we
have posted an updated version of the Privacy Policy, you agree with the new
practices contained in the update. The most recent version of the privacy policy will
always be available here: grecotel.com/data-protection. You can check the “valid
from” date at the top to find out when the Privacy Policy was last changed.
A printed version of this Privacy Policy can be found at the reception desk at all our
hotels. You may also request a copy by contacting the Data Privacy department (see
section “Questions and contact”).
13. Questions and contact
If you have any questions regarding this policy or the protection of data at Grecotel
SA and our affiliates, please contact the Data Private Department at the following
address:
Hotel Menelaion
91 K. Palaiologou Ave., 23100 Sparti, Lakonia, Greece
Telephone: +30 27310 22161-8
Fax: +30 27310 26332
Email: info@menelaion.gr