Privacy Policy

Overview.

This Privacy Policy describes the ways we collect, store, use and protect your personal data and informs you about your privacy rights in connection with your use of this Website, with hotel bookings, your stay at our hotel as well as personal data provided and/or collected by us through other channels. We also inform you about your rights under applicable data protection law with respect to the handling of your Personal Data by us. 

By using or accessing our hotel services in any manner, you acknowledge that you accept the practices and policies outlined in this Privacy Policy, and you hereby consent that we will collect, use, and share your information in the following ways.

Before providing us with Personal Data, we recommend that you review this Privacy Policy in its entirety. Remember that your use of our hotel services is at all times subject to our Terms and Conditions, which are incorporated in this Privacy Policy. We appreciate your trust in us when you disclose your Personal Data. 

What is Personal Data? 

For the purposes of this Privacy Policy, “Personal Data” means any information provided by you when interacting with us, for example through our Site or when calling us, or data is collected about you through your use of our Site and allowing you to be identified personally, either directly (e.g. your name) or indirectly, because the data references an identifier such as your name, an identification number, location data, an online identifier (e.g. telephone number) as an individual person. We may also collect personal data about you in other instances which relate to your stay at Cali Mykonos.

I. Information We Collect.

We, Cali Mykonos as data controller, collects and processes personal data for the purposes of bookings and guest’s management, billings and payments, marketing actions and satisfaction inquiries. The data is intended to the hotel and its service providers. We collect certain categories of information about you, particularly when you check-in at our hotel or visit our websites but also when you use or purchase our products and services, or when you provide us information to deliver you newsletters and other communications. In particular: 

Contact Information: Contact information is information or data that can be used to identify or contact a specific individual. For example, when you check-in at our hotel or access our websites, we ask you to provide certain contact information, such as your name, address, date of birth, phone number, e-mail address, your ID card or passport, your business VAT number, business address, contact numbers and business type. In addition, when you book a room, we collect personal data, which includes, date of check-in and check-out, number of rooms, number of people in the reservation (adults and children), room, bed type, and other preferences. If you do not wish to provide the information requested, you may not be able to proceed with the activity or receive the benefit for which the personal information is being requested.

Payment Information: If you book our hotel rooms and related services directly in the hotel or from our websites or our partner’s websites, you will need to provide us with payment information. This may include billing and other transaction information, credit card number including expiration date & or other financial information that we can use to ensure proper payment for the services you are purchasing.

We use this Personal Data to handle your reservation and to establish and fulfill our contract with you. This includes verifying your identity, taking guarantee and/or payment information, and sending stay-related and/or marketing communication.

Tracking Information: We may collect and/or track certain information that is derived from the use of our products and services such as usage patterns, travel patterns, web site page views and traffic patterns. We may use this tracking and location information for statistical purposes to improve our products and services and to help users manage their environment and infrastructure more efficiently.

Mobile Device Data: Device information, such as your mobile device ID, model, and manufacturer, and information about the location of your device, if you access the website from a mobile device.

Sensitive Data: If you provide sensitive personal data relating to your health or beliefs as part of your reservation, such as allergy information or information relating to dietary restrictions, we will record such personal data and handle it with your consent and only to provide you with the service.

Please note that we will not compel you to provide your personal data to us. You always have the right to choose whether or not to provide us with your personal data. However, if you choose not to provide certain information, we may not be able to provide certain services to you, for example, we may not be able to accept your reservation or you may not be able to use some of our services. We will make clear to you at the time of collection which information is necessary to obtain for providing the service.

Information From Minors.

We do not intend or wish to obtain personal data directly from website visitors who are younger than 18 years old, unless they have permission from their parents or guardians. If a minor provides us with personal data of a family member or other person without the consent of a parent or guardian, please inform us as soon as possible. We will take immediate action, including the erasure of the relevant personal data. 

II. Cookies.

When you use our website, we may (automatically) obtain the following information from you via cookies. Cookies are small bits of data that can be placed on your computer, tablet, smartphone or other electronic “device” with which you can use the internet via a web browser. When a website is visited, the website can place these cookies on your device via your web browser. 

On the Website, users have the option of agreeing to the use of cookies in principle and thus being able to use all functions of the website without restrictions, the option of not receiving cookies at any time or of personalizing cookies by agreeing to the use of certain cookies. Please be aware that if you do not accept or deactivate the use of cookies which are subject to consent, this may lead to a situation that these cookies cannot do what they are intended for. In particular, if you deactivate functionality cookies, the respective functions of the website cannot be used. Therefore, your consent is required if you want to use certain functions provided by cookies.

How We Use Cookies: Like many other website operators, Cali Mykonos works with third party service providers and partners (including marketing partners, customer service providers, and others) to use cookies, beacons, and similar technology for a number of purposes. For example, these technologies are used in:

• Analyzing site usage trends;
• Administering the site;
• Tracking users’ movements around the site;
• Gathering demographic information about our user base as a whole;
• Identifying users to remember users’ settings (e.g. language preference);
• For authentication and to help you sign up for our services.

We use cookies in a range of ways to improve your experience on our website, and to collect information on the pages viewed by our website visitors, which is combined with information such as IP address, browser type, access date and time, etc. This information is used for the purposes described above, as well as:

• To provide appropriate information and ensure security on the website;
• To operate and improve functionality of the website;
• To provide information on our services; and
• For the purpose of website maintenance and statistical analysis of usage.

Users can control the use of cookies at the individual browser level. Each browser is different, so check the “Help” menu of your browser to learn how to change your cookie preferences. You can also find out how to do this, and find more information on cookies at www.allaboutcookies.org. For information on how to manage cookies within commonly used browsers.  Please be aware that if cookies are disabled, not all features of the Website may operate as intended. 

The law states that we can store cookies on your device if they are strictly necessary for the operation of this site. For all other types of cookies we need your permission. This site uses different types of cookies. Some cookies are placed by third party services that appear on our pages.

Categories of Cookies. Our use of cookies falls into four categories:

1. Strictly necessary cookies:these are essential in order to enable you to move around the website and use its features. Without these cookies, the services you have asked for cannot be provided.
2. Performance cookies:also known as “analytical” cookies. These cookies allow us to recognize and count the number of visitors and to see how visitors move around the sites when they are using them. For example, they allow us to understand which pages are visited most often, and if they get error messages from web pages. All information collected by these cookies is aggregated and therefore anonymous.
3. Functionality cookies:these cookies are necessary for our website to operate and allow us to remember what choices you make and provide enhanced, more personal features. The information these cookies collect may be anonymized and they cannot track your browsing activity on other websites.
4. Advertising and marketing cookies:these cookies are used to send you advertising and marketing-related material tailored to you and your interests. They are also used to limit the number of times you see an advertisement as well as help measure the effectiveness of the advertising campaigns. They are usually placed by advertising networks with the website operator’s permission. They remember that you have visited a website and this information is shared with other organizations such as advertisers.

We may change our use of cookies over time, but our use of cookies will generally fall into the above categories. Please visit this page regularly so that you are aware of any changes.

III. Security Measures.

It is important to us to protect your privacy. We have implemented various measures to protect and secure your personal data, in order to prevent violations of the confidentiality, integrity and availability of your personal data. All our employees and other persons engaged by us are obliged to respect the confidentiality of personal data.

Moreover, we strive to maintain the appropriate standards of security and we have put in place robust technical and organizational measures for the protection of your Personal Data in accordance with the current state of the art technologies, especially to protect the data against loss, falsification, or access by unauthorized third persons. However, the transmission of information via the Internet is not completely secure. Therefore, while we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted on our website. Any transmission is solely at your own risk. 

IV. How We Use the Information We Collect.

We use the information we collect to provide and enhance our products and services, to operate our business (e.g. billing and other accounting purposes; contacting you regarding important information about your bookings), for editorial and feedback purposes, for marketing and promotional purposes (including providing your contact information to third parties with whom our hotel has a relationship), for statistical analysis, for product development, to contact you regarding our promotions, products and services. For example, we may use the information we collect for the following purposes:

• Information security and management software;
• Informing you of other promotions, products or services offered by us;
• Sending you relevant survey invitations;
• Responding directly to your questions, comments or requests;
• Analyzing site usage to improve and customize our websites and products and service offerings;
• Improving our marketing and promotional efforts.

If our use of your data is governed by the European Union’s General Data Protection Regulation (“GDPR”), you should know that we rely on the following legal grounds to process your personal information:

1. Performance of a contract – To the extent you have booked guest rooms or related services from us, we may need to collect and use your personal information to perform the services which you have required. For example, we may use your personal information to respond to requests you make via our websites or via email or telephone you directly.
2. Compliance with law – In certain circumstances we may be required to process your data to comply with legal obligations to which our hotel is subject. Consent – Some of the personal information we collect is provided by you voluntarily, for example when you sign up to join a mailing list or complete your registration form upon check-in, and is therefore collected and used with your permission. To withdraw your consent to such use, you can contact us at dataprotection@calimykonos.com
3. Legitimate interests – We may use your personal information for our legitimate interests, such as to improve our promotions, products and services and the content on our hotel websites. We may also use your contact information to keep you and others who have provided us with their contact information up-to-date on recent promotion and service developments. If you wish us to stop using your contact information in this manner, you can contact us at: dataprotection@calimykonos.com

V. How We Share Information.

Sometimes it is necessary to share your personal data with another party, for example, because this is necessary for providing our services to you. Occasionally we hire other companies to assist us in providing promotions or services, handling the processing and delivery of mailings, providing customer support, hosting websites, customer billing, processing transactions, or performing statistical analysis of our services. Those companies will be permitted to obtain only the information they need to perform the service. 

Moreover, we only share your personal data with third parties if this is necessary for the provision of a service or the involvement of the third party. Third parties will, for example, in principle only get access to the personal data that they require for their part of the service provision. The persons within the third party that have access to the personal data are under an obligation to treat the personal data confidentially. Where necessary this is also contractually agreed on. We may share your personal data with third parties such as, service providers and business partners to help us perform business operations and for business purposes, including research, payment processing and transaction fulfillment, database maintenance, technology services, deliveries, email deployment, advertising, analytics, measurement, data storage and hosting, disaster recovery, search engine optimization, marketing, and data processing.

The third party is obliged to comply with the applicable data protection laws. This includes the obligation to ensure appropriate technical and organizational security measures. We will ensure that these third parties only use your personal data for the purposes described above or for the purposes for which you have given your individual consent. We will ensure that these parties apply the same strict standards as we do.

We may disclose any information we collect from you if we believe such action is necessary to: (a) comply with any law, judicial proceeding, government request, court order, legal process, rule or regulation or any process served on us; (b) protect and defend the rights or property of Cali Mykonos (including the enforcement of our agreements and investigation of potential violations thereof); (c) protect your safety or the safety of others; (d) detect, prevent, or otherwise address fraud, security or technical issues; or (e) act in urgent circumstances or emergencies.

In addition to transferring your personal data to Greece, we may also transfer it to other countries or territories outside the EEA and UK in connection with the sharing of personal data with third parties as described above. 

VI. Transfer of Personal Data to a Third Country.

Where information is transferred outside the European Economic Area, we will ensure that appropriate safeguards are implemented. We will always take steps to ensure that any international transfer of information is carefully managed to protect your rights and interests, in particular we will only transfer your personal data to countries which are recognized as providing an adequate level of legal protection in accordance with Article 45 of the GDPR; or ensure that transfers outside the European Union are subject to appropriate legal safeguards.

VII. Data Retention.

We will retain personal data only for the period necessary to achieve the purpose for which it is used, and will take steps to erase personal data after the retention period has elapsed in a secure manner within a reasonable period of time. There could, however, be exceptions applicable to the general retention terms. If you exercise certain privacy rights, it is possible we will remove your data earlier than the general applicable retention period or – oppositely – retain it for a longer period of time. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

VIII. Information Other Websites Collect From You.

In our website, there might be links to other websites operated by third parties. However, since we do not have direct control over the policies or practices of participating third parties, we are not responsible for the privacy practices or content of those sites. We recommend and encourage that you always review the privacy policies of those third parties before you provide any personal information or complete any transaction with such parties. Social media features and widgets are either hosted by a third party or hosted directly on our web site; therefore your interactions with these features are governed by the privacy statement of those third parties.

IX. WHAT ARE YOUR PRIVACY RIGHTS?

Cali Mykonos would like to make sure you are fully aware of all of your data protection rights. With regard to personal data collected by us from customers and guests in the EEA or the UK, you have the following rights under the GDPR and equivalent UK legislation. You may exercise these rights by contacting us via the contact information below. If we receive a request to exercise one of these rights, we will respond to the request as soon as possible. To protect your privacy and security, we may require steps to verify your identity, such as your ID or passport information and confirmation of your identification, before granting access to your data. However, please note that there are exceptions to these rights under the GDPR and we may not always be able to comply with your request.

Your Privacy Rights. As data subject you have the right to:

1. Request confirmation as to whether or not personal data concerning you is being processed. If you wish to avail yourself of this right of confirmation, you may, at any time, contact us for confirmation at dataprotection@calimykonos.com.
2. Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you. Although this does not necessarily give you the right to receive a copy of the documents containing your personal data, you do have the right to receive a copy of your personnel file. Per your request, we will then also provide you with further specifics of our processing of your personal data.
3. Request rectification of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us. Please note that this does not provide you with the right to “correct” documents with which you do not agree, such as a complaints report. In such case, a written document detailing your own view on the matter, may be added to the file.
4. Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where: (i) the personal data is no longer necessary, (ii) you have withdrawn your consent, (iii) you have objected to the processing activities, (iv) the personal data is unlawfully processed, (v) the personal data needs to be erased on the basis of a legal requirement, or (vi) where the personal data has been collected in relation to the offer of information society services. Note, however, that we do not have to honor your request to the extent that the processing is necessary: (i) for exercising the right of freedom of expression and information, (ii) for compliance with a legal obligation which requires processing, (iii) for reasons of public interest in the area of public health, (iv) for archiving purposes, or (v) for the establishment, exercise or defense of legal claims.
5. Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
6. Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: 
   1. Contesting the accuracy of data. If you want us to establish the data’s accuracy.
   2. Unlawful processing. Where our use of the data is unlawful but you do not want us to erase it.
   3. Data no longer required. Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims.
   4. Pending an appeal. You have objected to our use of your data (right to object) but we need to verify whether we have overriding legitimate grounds to use it.
7. Request the transfer (right to data portability) of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies if it concerns processing that is carried out by us by automated means, and only if our processing ground for such processing is your consent or the performance of a contract to which you are a party.
8. Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
9. Not to be subject to automated decision-making. This means that you have the right not to be subject to a decision based solely on automated processing, which significantly impacts you (“which produces legal effects concerning you or similarly significantly affects you”). In this respect, please be informed that we do not make use of automated decision-making.
10. Lodge a complaint with a EEA or UK supervisory authority, in particular in the state of your habitual residence, place of work or where an alleged infringement took place. Please refer to this webpage for an overview of the supervisory authorities in the EEA and their contact details. We would appreciate the chance to deal with your concerns before you approach the regulator, so please contact us beforehand at dataprotection@calimykonos.com.

X. Changes.

This privacy policy may be revised from time to time to reflect changes in the services provided by us, amendments or changes to relevant laws and regulations, and to meet the needs of society with regard to personal data. In such cases, we will publish this privacy policy on our website without delay and will clearly indicate the date of the last revision of this privacy policy.

CONTACT US

We have established a point of contact within Cali Mykonos to deal with any inquiries or comments from you in relation to the personal data we collect and hold in our possession, and will respond to such enquiries and comments in good faith to the extent reasonable and necessary, after the necessary identification of the customer or his/her representative. Please note that it may take a few days to reply, depending on the case. 

If you have any questions about our Privacy Policy, the data we collect from you, or you would like to exercise one of your data protection rights, please do not hesitate to contact us.

Email us at:
dataprotection@calimykonos.com

Or write to us at:
United States Corporate Office– 
17 Van Nostrand Avenue
Englewood, NJ 07631 

Europe Corporate Office– 
Ermou 51, Athina 105  
63, Greece