Introduction
1.1 Who we are
www.villanelmar.com
1.2. Protection & Processing of Personal Data
Personal Data (IFRS) is any information relating to an identified or identifiable natural person. An identifiable natural person is one whose identity can be ascertained, directly or indirectly, in particular by reference to an identity identifier, such as name, identity number, location data, online identity, or one or more physical identifiers. , physiological, genetic, psychological, economic, cultural or social identity of that natural person.
But also more personal information such as habits, preferences, biometric data, etc.
Every company that handles personal data relating to living natural persons, within the EU, is obliged from 25 May 2018 to fully comply with EU Regulation 679/2016, for the protection of personal data (IFRS). The validity of the Regulation is immediate in all EU Member States.
IFRS collection is a form of processing, such as storage, organization, structure, storage, modification, retrieval, information retrieval, use, disclosure, deletion, or destruction.
The company, through the Privacy Policy, informs individuals about the processing of IFRS, thus helping individuals to make informed decisions about their relationship with the business.
1.3 Privacy Policy
The company must collect IFRS (ie personal information) for the efficient execution of day-to-day business operations and services and, in some cases, for its compliance with the requirements of the legislation and / or regulations it applies.
The Privacy Policy indicates our compliance with the Privacy Policy and our respect for the protection of privacy and security of personal data.
In addition, it aims to:
- Inform individuals (you) about the IFRS that we collect and process, for what purpose, in what way and for how long.
- Ensure that individuals are aware of their rights and our obligation to be accountable and safe.
- Provides an easy and clear means of securing your consent, as a legal basis for the processing of IFRS, and, at the same time, enables you to withdraw this consent whenever you wish.
This Privacy Policy was posted on the company’s website on 03.08.2018 and replaces an earlier post / issue. The Privacy Policy applies, in general, to any individual who has or intends to have any kind of cooperation with us.
What IFRS we process
When you call us, visit our website, cooperate with us, ask questions or request our cooperation, we can ask you for information (ie IFRS such as: name, address, email, phone, etc.) depending on the type of relationship between us.
You may also choose to voluntarily provide us with additional IFRS (as in the case of sending a CV) or additional information (such as tax or business details, as part of your briefing or co-operation investigation).
We collect information, directly or indirectly, in the following ways:
- Information that you send or give us, when contacting us or visiting our website, by electronic or other means.
- Information we receive from your use of our services or the services of our partners.
- We use various technologies to collect and store information and these may include the use of technologies such as cookies (see also §7).
- We may use information from advertising networks, our customers or third parties, to inform you about specific services that may be of interest to you.
For more information on how to access, manage, modify, or delete information, see sections 5 & 6 below.
How we use IFRS
We use the information we collect (as described above), and in accordance with the consent you have given us, to:
- we process your order and complete the shipment of the product,
- we can provide you with personalized and up-to-date services and / or products,
- contact you to inform you about new services or products that may be of interest to you,
- process your payment or prevent or detect possible fraud,
- answer possible questions you have asked us,
- implement the framework of this Privacy Policy.
When you contact us we maintain a file of the communication messages, so that we can resolve any issues you may have.
We do not allow unauthorized entities to access your information without your consent.
For all the above the necessary condition is your consent (see sections 5 & 8 below).
Who do we share your IFRS with?
We do not disclose or share IFRS with companies, organizations and individuals outside our company, unless one of the following applies:
- With your consent: We share your personal information with companies, organizations and individuals when we have your explicit consent (see sections 5 & 8 below).
- For external processing: We provide personal information to our external partners and to companies or individuals we trust to process it for our own use, based on our instructions and in accordance with our Privacy Policy and any other confidentiality and security measures, such as the Rules EU 679/2016.
- For lawful purposes: We share personal information with competent public services when this is reasonably necessary and in order to comply with laws, regulations, legal procedures or government requests.
- In the context of scientific research: We provide data in non-identifiable form (anonymous) in the context of scientific or statistical studies.
Your rights & our obligations
5.1 Your rights
Our customers, users of our services and visitors to our website have, within the framework of the Regulation for the Protection of Personal Data, rights (which should not be in conflict with the relevant legislation). These rights of natural persons (you) are:
- Right of access to their IFRS
- Right to correct their IFRS
- Right to delete their IFRS
- Right to restrict the processing of IFRS
- The right to be informed about the correction or deletion or restriction of processing of their IFRS
- Right to portability of IFRS
- Right to object to the processing of IFRS
- Right to object to automated individual decision making including profiling.
5.2 Our obligations
Our obligations include:
The principle of accountability, regarding the 6 principles that govern the processing of IFRS (legality, objectivity and transparency, limitation of purpose, minimization of IFRS, accuracy of IFRS, limitation of storage period, security, integrity, and confidentiality).
Any IFRS processing is legal only if one of the following 6 conditions applies:
- the data subject has consented to the IFRS processing
- the preparation of IFRS is necessary for the performance of a contract, where the subject is a party
- processing is necessary to comply with the legal obligation of the controller
- processing is necessary to safeguard the vital interest of the natural person
- processing is necessary for the performance of a duty in the public interest or in the exercise of public authority delegated to the controller
- the processing is necessary for the purposes of the legitimate interests pursued by the controller or a third party, unless the interest or the fundamental rights and freedoms of the natural person prevail.
In addition, we implement the appropriate technical and organizational measures to protect the company and our partners from unauthorized access or alteration, violation or destruction of the IFR we have in our possession.
Specifically:
We encrypt many of our services.
- We control data collection, storage and processing practices, including physical security measures, to protect against unauthorized access to systems and processes.
- Access to personal information is restricted and controlled, and these individuals are subject to strict contractual confidentiality obligations.
- In case external partners (for reasons of maintenance or support) have, potentially, access to IFRS, relevant appendices to the existing cooperation agreements cover the requirements of the Regulation.
Throughout the IFRS processing cycle (from collection to IFRS destruction) we take appropriate technical and organizational measures to ensure the confidentiality, integrity and availability of IFRSs. We require similar measures from third parties that handle or process IFRS.
Our services, products and website are not intended for children under the age of 16. We do not, to our knowledge, process IFRS for children under 16 years of age.
Access to your own IFRS and your information
Within the framework of the rights provided to you by the Regulation, you can request information about your own IFRS or request a correction or restriction of processing or deletion of IFRS (see your rights in detail in section 5.1).
You can exercise your rights by sending an e-mail to the address listed in the “Ways of Communication” section (section 9) requesting the Subject Access Request (SAR) form, completing it and sending it to us. We are obliged to respond to you within one month of receiving your request.
The exercise of the rights of the natural person can always be done within the framework of the existing legislation (such as the tax or the labor legislation).
Every time you use our services, our goal is to provide you with access to your own IFRS. If this information is incorrect, we strive to provide you with ways to quickly update or delete it – unless we retain this information because it is required by law or for legal purposes.
Cookie information
We use cookies (Session or transient / Permanent, persistent or stored / Flash cookies) in order to improve the speed and quality of service, whenever you visit our website.
A cookie is information, in the form of a file, that is stored on your computer and improves the performance of the website in relation to your service.
The user is informed about the use of cookies. The continued use of the website indicates his consent to their use. If, despite the above, the user does not want to use them, then he can disable them. Disabling them reduces the performance of certain features of the website.
DO YOU WANT MORE INFORMATION?
Universal Analytics (Google): These cookies are used to collect information about how visitors use our site. We use the information to write reports and improve the website. Cookies (_ga, _gat, _gid) collect information in anonymous form, including the number of visitors to the website, what the previous website was, and the pages visited (Read Google’s overview of privacy and safeguarding data).
Your consent and its removal
Our company in the context of:
- The Privacy Policy
- Its compliance with the Regulation on Personal Data Protection (EU 679/2016) and the relevant national legislation
- Respect for the protection of privacy and security of personal data
may request your written consent (opt-in) for the collection and processing of your personal data, in accordance with what is stated in this Privacy Policy.
Your consent is given for distinct purposes and can be revoked (by purpose and in total) at any time by contacting the information mentioned in the next paragraph (Ways of Communication).
The company will collect and process IFRS only where it can legally do so, such as (a) requirement of relevant legislation, (b) processing necessary for the performance of a contract of which the natural person is a party (c) processing necessary to comply with legal obligation of the controller; d) processing necessary to safeguard the vital interests of the natural person; (e) processing necessary for the purposes of the legitimate interests pursued by the controller or a third party, unless those interests or rights and freedoms.
You may be asked to provide additional consent if IFRSs are to be used for purposes not listed in this Privacy Policy.
Ways of communication
Villa Nelmar Anavyssos Greece
Contact Person: Oleg Volodko
Sunny Smile Travel Services
Leof. Poseidonos 81 & Dousmani 3
P.O. 16675
Athens, Greece
TEL: 210 89 46 880
Email: info@sunnysmile.gr
www.villanelmar.com