Privacy Notice

Last Updated: May 24th, 2018

At Domes of Corfu S.A., we are committed to protecting and respecting your privacy. Please read this notice as it contains important information about how we use personal data that we collect from you or that you provide to us.

Information & Consent

This Privacy Notice describes how we collect, use, process, and disclose your information, including personal information about you (hereinafter, the “User”), in conjunction with your access to and use of our booking system.

By reading this Privacy Notice, the user is hereby informed on how we collect, process and protect personal data furnished through the booking engine.

The User must carefully read this Privacy Notice, which has been written clearly and simply, to facilitate its understanding, and to freely and voluntarily determine whether they wish to provide their personal data, or those of third parties, to Domes of Corfu S.A..

When this notice mentions “booking system,” “booking engine,” “system,” “website,” “platform,” “app,” “webapp,” “services,” “online services,” it refers to all pages and functions under https://domesmiramare.reserve-online.net/ unless specified otherwise.

By accessing the platform or providing information, you agree to our privacy practices as set out in this privacy statement. We may change this notice from time to time. You should check this notice frequently to ensure you are aware of the most recent version.

Identity

When this notice mentions “we,” “us,” or “our,”, “data controller,”, “controller,”, it refers to Domes of Corfu S.A..

Data Controller

Domes of Corfu S.A. operates this booking system through a data processor, as explained below. For the purposes of the General Data Protection Regulation (“GDPR”) (EU) 2016/679, we are the Data Controller. There is a strict contractual framework between the data controller and the data processor for the protection of your personal information. We are:

Domes Miramare a Luxury Collection Resort “Domes of Corfu S.A.”
Moraitika
490 84, Corfu
GR

Data Processor

WebHotelier operates this booking system on behalf of Domes of Corfu S.A. and is committed to protecting the privacy of the users of this system. WebHotelier is:

WebHotelier Technologies Limited
Mnasiadou 9 (Demokritos Building, Office 16)
1065 Nicosia
Cyprus

For the purposes of the GDPR, where WebHotelier processes your personal data on behalf of Domes of Corfu S.A., WebHotelier is the the Data Processor. When this notice mentions “data processor,” “processor,” “WebHotelier,” it refers to WebHotelier Technologies Limited.

WebHotelier is a certified PCI-DSS Level 2 Service Provider audited monthly by Trustwave.

The User may contact WebHotelier's Data Protection Officer:

Data Protection Officer
dpo@webhotelier.net

Obligatory nature of providing the data

The data requested in the forms accessible from the booking engine are, in general, mandatory (unless specified otherwise in the required field) to meet the stated purposes. Accordingly, if they are not provided or are not provided correctly, we will be unable to process the request.

Personal data we collect and process

This will include:

  • personal information about you which we ask you for (e.g. your name, address, and email address) when you make a booking from our booking engine;
  • financial details in order to process your booking when we require pre-payment;
  • details of transactions you carry out through our booking engine and details of the fulfilment of your orders.
  • our data processor may only collect and process personal data collected and/or processed on behalf of us in accordance with our instructions. WebHotelier cannot process it in any other way or for any other purpose.

We grant permission to our data processor:

  • to use your personal information for reserving rooms and/or other services for you at Domes of Corfu S.A.;
  • to pass on your financial details to Domes of Corfu S.A. and/or appropriate third party (for example, credit card company) for the purpose of confirming or paying for a booking;
  • to use your information for marketing purposes (where you explicitly agree to this); and
  • to pre-complete forms and other details on our website to make your next visit to our booking engine easier (e.g. when amending or cancelling a booking).

Social Login:

In the event of registration and/or access through a third-party account, we may collect and access certain information of the User’s profile from the corresponding social network, solely for internal administrative purposes and/or for the purposes indicated above.

Third-party data (e.g. book for a friend)

In the event that the User provides third-party data, they declare that they have the third party’s consent and undertake to provide the interested party -the data holder- with the information contained in this Privacy Notice, duly exonerating us and our data processor from any liability in this regard. However, we may carry out the necessary verifications to verify this fact, adopting the corresponding due diligence measures, in accordance with the data protection regulations.

Sensitive Data

Unless specifically requested, we ask that you not send us, and you not disclose, on or through the Services or otherwise to us, any Sensitive Personal Data (e.g., social security numbers, national identification number, data related to racial or ethnic origin, political opinions, religion, ideological or other beliefs, health, biometrics or genetic characteristics, criminal background, trade union membership, or administrative or criminal proceedings and sanctions).

Use of Services by Minors

The Services are not directed to individuals under the age of sixteen (16), and we request that they not provide Personal Data through the Services.

Purpose of processing personal data

Depending on the User’s requests, the personal data collected will be processed in accordance with the following purposes:

  • To manage the bookings made, including payment management (where applicable) and the management of the user’s requests and preferences.
  • To manage registration in loyalty or membership programs, as well as obtaining and redeeming points.
  • To manage the User’s contact requests with us through the channels provided to this end.
  • To manage the sending of personalised commercial communications from us, by electronic and/or conventional means, in cases in which the User expressly consents.
  • To manage the provision of the contracted accommodation service, as well as additional services.
  • To manage surveys and/or evaluations regarding the quality of the services provided by us and/or the perception of its image as a company.

Data Retention

We will retain your Personal Data for the period necessary to fulfill the purposes outlined in this Privacy Notice unless a longer retention period is required or permitted by law or if the User requests their withdrawal from us, opposes or revokes their consent.

The criteria used to determine our retention periods include:

  • The length of time we have an ongoing relationship with you and provide the Services to you (for example, for as long as you have an account with us or keep using the Services or if you have a booking that has not yet been fulfilled)
  • Whether there is a legal obligation to which we are subject (for example, certain laws require us to keep records of your transactions for a certain period of time before we can delete them)
  • Whether retention is advisable considering our legal position (such as, for statutes of limitations, litigation or regulatory investigations)

Legitimate interest for processing your data

The data processing required in fulfilment of the aforementioned purposes that require the User’s consent cannot be undertaken without said consent.

Likewise, in the event that the User withdraws their consent to any of the processing, this will not affect the legality of the processing carried out previously.

To revoke such consent, the User may contact us through the appropriate channels.

By the same token, in those cases in which it is necessary to process the User’s data for the fulfilment of a legal obligation or for the execution of the existing contractual relationship between us and the User, the processing would be legitimized as it is necessary for compliance with said purposes.

Data Disclosure

We will use and disclose Personal Data as we believe to be necessary or appropriate:

  • to comply with applicable law, including laws outside your country of residence;
  • to comply with legal process;
  • to respond to requests from public and government authorities, including authorities outside your country of residence and to meet national security or law enforcement requirements;
  • to enforce our terms and conditions;
  • to protect our operations;
  • to protect the rights, privacy, safety or property of our own, you or others; and
  • to allow us to pursue available remedies or limit the damages that we may sustain.

We may use and disclose Other Data for any purpose, except where we are not allowed to under applicable law. In some instances, we may combine Other Data with Personal Data (such as combining your name with your location). If we do, we will treat the combined data as Personal Data as long as it is combined.

International transfers of personal data

We may transfer your personal information to our data processor(s) or/and sub-processor(s) based outside of the EEA for the purposes described in this notice. If we do this, your personal information will continue to be subject to one or more appropriate safeguards set out in the law. These might be the use of model contracts in a form approved by regulators, or having our suppliers sign up to an independent privacy scheme approved by regulators (like the US ‘ Privacy Shield’ scheme).

Our data is stored in the cloud using Amazon Web Services in N. Virginia, USA and in Frankfurt, Germany. If you are accessing any of our systems from outside the USA, you acknowledge that your personal information may be transferred to the USA, a jurisdiction which may have different privacy and data security protections from those of your own jurisdiction, to be processed and stored.

User's Responsibility

The User:

Guarantees that they are of legal age or legally emancipated, where applicable, fully capable, and that the information furnished to us is true, accurate, complete and up-to-date. For these purposes, the User is responsible for the truthfulness of all the data communicated and will keep the information updated, so that said data reflects their actual situation.

Guarantees that he/she has informed third parties on whose behalf he/she has provided data, where applicable, of the aspects contained in this document. Also guarantees that he/she has obtained the third party’s authorisation to provide their data to us for the purposes indicated.

Will be responsible for false or inaccurate information provided through the Website and for damages, whether direct or indirect, that this may cause to us or third parties.

Exercise of Rights

The User may contact us at any time free of charge, to:

  • To obtain confirmation about whether or not personal data concerning the User are being processed by us.
  • To access their personal details.
  • To rectify any inaccurate or incomplete data.
  • To request the deletion of their personal data when, among other reasons, the data are no longer necessary for the purposes for which they were collected.
  • To confirm revocation of consent.
  • To obtain from us the limitation of data processing when any of the conditions provided in the data protection regulations are met.
  • To request the portability of your data.

Likewise, the user is informed that at any time he/she may file a complaint regarding the protection of their personal data before the competent Data Protection Authority.

Security Measures

We will process the User’s data at all times in an absolute confidential way and maintaining the mandatory duty to secrecy with regard to said data, in accordance with the provisions set out in applicable regulations, and to this end adopting the measures of a technical and organisational nature required to guarantee the security of their data and prevent them from being altered, lost, processed or accessed illegally, depending on the state of the technology, the nature of the stored data and the risks to which they are exposed.

Domes Miramare Corfu Privacy Policy Statement Preface. DOMES OF CORFU SA runs DOMES MIRAMARE CORFU Hotel at Moraitika, Corfu, Greece. Domes of Corfu SA is established in Greece, Tsifliki Region, Elounda, Agios Nikolaos, Lasithi, Crete (Registration Number 145891241000) is the Controller of your Personal Data and in compliance with the Regulation EU 2016/679 of the European Parliament and the Council of 27 April 2016 applicable from 25 May 2018 renewed its privacy rules in order to achieve the most secure and safe data processing way. Article 1. Definitions 1.1. «personal data» means any information relating to an identified or identifiable natural person (data subject) in particular by reference to an identifier such as name, gender, postal address, telephone number, email address, credit or debit card number other financial information in limited circumstances, language preference, date and place of birth, nationality, passport, visa or other government-issued identification data, important dates, such as birthdays, anniversaries and special occasion, membership or loyalty program data (including co-branded payment cards, travel partner program affiliations), employer details, travel itinerary, tour group or activity data, prior guest stays or interactions, goods and services purchased, special service and amenity requests, geolocation information, social media account ID, profile photo and other data publicly available, or data made available by linking your social media and loyalty accounts. «personal data» means also data about family members and companions, such as names and ages of children, biometric data, such as digital images, images and video and audio data via security cameras located in public areas, such as hallways and lobbies, in our properties. «personal data» means also guest preferences and personalized data («Personal Preferences»), such as your interests, activities, hobbies, food and beverage choices, services and amenities of which you advise us or which we learn about during your visit. 1.2. «other data» are data that generally do not reveal your specific identity or do not directly relate to you as an individual. To the extent Other Data reveal your specific identity or relate to you as an individual, we will treat Other Data as Personal Data. Other Data include browser and device data, app usage data, data collected through cookies, pixel tags and other technologies, demographic data and other data provided by you, aggregated data. 1.3. «processing» means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. 1.4. «restriction of processing» means the marking of stored personal data with the aim of limiting their processing in the future. 1.5. «profiling» means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements. 1.6. «pseudonymisation» means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person. 1.7. «binding corporate rules» means personal data protection policies on our group of enterprises engaged in the joint economic activity, including our employees. 1.8. «the purposes of the processing» is the service of hotel accommodation on our properties and other services strongly related to it such as on-property services and outlets, such as restaurants, concierge services, health clubs, child care services, and spas. Article 2. The collection of Personal Data. We collect Personal Data from: 2.1 Online Services. We collect Personal Data when you make a reservation, purchase goods and services from our Websites, communicate with us, or otherwise connect with us or post to social media pages, or sign up for a newsletter or participate in a survey, contest or promotional offer. 2.2. Property Visits and Offline Interactions. We collect Personal Data when you visit our properties or use on-property services and outlets, such as restaurants, concierge services, health clubs, child care services, and spas. We also collect Personal Data when you attend promotional events that we host or in which we participate, or when you provide your Personal Data to facilitate an event. 2.3. Customer Care Centers. We collect Personal Data when you make a reservation over the phone, communicate with us by email, fax or via online chat services or contact customer service. These communications may be recorded for purposes of quality assurance and training. 2.4. Marriott Group, Other Marriott Group Companies, Owners of Marriott Group, Travel Agencies, Lodging Companies and Franchisees. We collect Personal Data from the Marriott Group, other Marriott Group companies, Owners of Marriott Group branded properties, travel agencies and lodging companies. We also collect Personal Data from Franchisees of the above mentioned group, agencies and companies. 2.5. Authorized Licensees. We collect Personal Data from companies when we enter into a license or similar agreement to sell goods and services. 2.6. Strategic Business Partners. We collect Personal Data from companies with whom we partner to provide you with goods, services or offers based upon your experiences at our properties or that we believe will be of interest to you (“Strategic Business Partners”). Examples of Strategic Business Partners include on-property outlets, travel and tour partners, time share partners, rental car providers and travel booking platforms. 2.7. Your browser or device. We collect certain data through your browser or automatically through your device, such as your Media Access Control (MAC) address, computer type (Windows or Macintosh), screen resolution, operating system name and version, device manufacturer and model, language, internet browser type and version and the name and version of the Online Services (such as the Apps) you are using. We use this data to ensure that the Online Services function properly. 2.8. Your use of the Apps. We collect certain data when you download and use an App, such as App usage data, the date and time the App on your device accesses our servers and what data and files have been downloaded to the App based on your device number. 2.9. Cookies. We collect certain data from cookies, which are pieces of data stored directly on the computer or mobile device that you are using. Cookies allow us to collect data such as browser type, time spent on the Online Services, pages visited, referring URL, language preferences, and other aggregated traffic data. We use the data for security purposes, to facilitate navigation, to display data more effectively, to collect statistical data, to personalize your experience while using the Online Services and to recognize your computer to assist your use of the Online Services. We also gather statistical data about use of the Online Services to continually improve design and functionality, understand how they are used and assist us with resolving questions. Cookies further allow us to select which advertisements or offers are most likely to appeal to you and display them while you are using the Online Services or to send marketing emails. We also use cookies to track responses to online advertisements and marketing emails. If you do not want data collected with cookies, you can learn more about controlling cookies at: http://www.allaboutcookies.org/manage-cookies/index.html .You can choose whether to accept cookies by changing the settings on your browser. If, however, you do not accept cookies, you may experience some inconvenience in your use of the Online Services. You also will not receive advertising or other offers from us that are relevant to your interests and needs. At this time, we do not respond to browser «Do-Not-Track» signals. 2.10. Pixel Tags and other similar technologies. We collect data from pixel tags (also known as web beacons and clear GIFs), which are used with some Online Services to, among other things, track the actions of users of the Online Services (including email recipients), measure the success of our marketing campaigns and compile statistics about usage of the Online Services. 2.11. Analytics. We may collect data through Google Analytics and Adobe Analytics, which use cookies and technologies to collect and analyze data about use of the Services. These services collect data regarding the use of other websites, apps and online resources. You can learn about Google’s practices by going to www.google.com/policies/privacy/partners/ and opt out by downloading the Google Analytics opt out browser add-on, available at https://tools.google.com/dlpage/gaoptout . You can learn more about Adobe and opt out by visiting http://www.adobe.com/privacy/opt-out.html . 2.12. Adobe Flash technology (such as Flash Local Shared Objects (“Flash LSOs”)) and other similar technologies. We collect data through Flash LSOs and other technologies on some Websites to, among other things, collect and store data about your use of the Online Services. If you do not want Flash LSOs stored on your computer, you can adjust the settings of your Flash player to block Flash LSO storage using the tools contained in the Website Storage Settings Panel at http://www.macromedia.com/support/documentation/en/flashplayer/ help/settings_manager07.html. . You can also control Flash LSOs by going to the Global Storage Settings Panel at http://www.macromedia.com/support/documentation /en/ flashplayer/help/settings_manager03.html and following the instructions (which include instructions that explain, for example, how to delete existing Flash LSOs (referred to as “information” on the Macromedia site), how to prevent Flash LSOs from being placed on your computer without you being asked, and (for Flash Player 8 and later) how to block Flash LSOs that are not being delivered by the operator of the page you are on at the time). Please note that setting the Flash Player to restrict or limit acceptance of Flash LSOs may reduce or impede the functionality of some Flash applications, including those used with the Online Services. For more information, please refer to https://helpx.adobe.com/flash-player/kb/disable-local-sharedobjects-flash.html . 2.13. Your IP Address. We collect your IP address, a number that is automatically assigned to the computer that you are using by your Internet Service Provider (ISP). An IP address is identified and logged automatically in our server log files when a user accesses the Online Services, along with the time of the visit and the pages that were visited. We use IP addresses to calculate usage levels, diagnose server problems and administer the Online Services. We also may derive your approximate location from your IP address. 2.14. Aggregated Data. We may aggregate data that we collected and this aggregated data will not personally identify you or any other user. Article 3. The purpose of the processing. We use Personal Data and Other Data to provide you with Services, to develop new offerings and to protect Domes of Corfu’s legal rights, Domes Miramare Corfu’s property and our guests. In some instances, we will request that you provide Personal Data or Other Data to us directly. If you do not provide the data that we request, or prohibit us from collecting such data, we may not be able to provide the requested Services. We use Personal Data and Other Data for our legitimate business interests, including the following: 3.1. Provide the Services you request. We will use Personal Data and Other Data to manage our contractual relationship with you, because we have a legitimate interest to do so and/or to comply with a legal obligation. We use Personal Data and Other Data to provide Services you request, including:  To facilitate reservations, payment, send administrative information, confirmations or pre-arrival messages, to assist you with meetings and events and to provide you with other information about the area and the property at which you are scheduled to visit  To complete your reservation and stay, for example, to process your payment, ensure that your room is available and provide you with related customer service  To support our electronic receipt program. When you provide an email address in making a reservation, we use that email address to send you a copy of your bill. If you make a reservation for another person using your email address, that person's bill will be emailed to you, as well. You can opt out of receiving your bill via email and instead receive a paper copy by contacting the front desk 3.2. Personalize the Services according to your Personal Preferences. We will use Personal Data and Other Data to provide personalized Services according to your Personal Preferences either with your consent or because we have a legitimate interest to do so. We use Personal Data and Other Data to personalize the Services and improve your experiences, including when you contact our call center, visit one of our properties or use the Online Services, to customize your experience according to your Personal Preference and to present offers tailored to your Personal Preferences. 3.3. Communicate with you about goods and services according to your Personal Preferences. We will use Personal Data and Other Data to communicate with you with your consent, to manage our contractual relationship with you and/or because we have a legitimate interest to do so. We use Personal Data and Other Data to send you marketing communications and promotional offers, as well as periodic customer satisfaction, market research or quality assurance surveys. 3.4. Loyalty Programs. We use Personal Data and Other Data to offer and manage your participation in your global loyalty programs, as well as others that are specific to certain properties or tailored to your interests, send you offers, promotions and information about your account status and activities, assess your benefits, administer points earned through co-branded credit cards, manage your choices regarding how you wish to earn, track and use your points, we will use Personal Data and Other Data in this way with your consent, to manage our contractual relationship with you and/or because we have a legitimate interest to do so. 3.5. Sweepstakes, activities, events and promotions. We use Personal Data and Other Data to allow you to participate in sweepstakes, contests and other promotions and to administer these activities. Some of these activities have additional rules and may contain additional information about how we use and disclose your Personal Data. We suggest that you read any such rules carefully. We use Personal Data and Other Data in this way with your consent, to manage our contractual relationship with you and/or because we have a legitimate interest to do so. 3.6. Business Purposes. We use Personal Data and Other Data for data analysis, audits, security and fraud monitoring and prevention (including with the use of closed circuit television, card keys, and other security systems), developing new goods and services, enhancing, improving or modifying our Services, identifying usage trends, determining the effectiveness of our promotional campaigns and operating and expanding our business activities. We use Personal Data and Other Data in this way to manage our contractual relationship with you, comply with a legal obligation and/or because we have a legitimate interest to do so. 4. The processing and sharing of personal data. Our goal is to provide you with the highest level of hospitality and Services, and to do so, we share Personal Data and Other Data with the following: 4.1. Marriott Group, Other Marriott Group Companies, Owners and Franchisees. We disclose Personal Data and Other Data to the Marriott Group for the purposes described above, such as providing and personalizing the Services, communicating with you, facilitating the loyalty programs, and to accomplish our business purposes. The abovementioned partners is the party responsible for the management of the jointly-used Personal Data. We share your Personal Data and Other Data used for making a reservation to fulfill and complete it. For more you can access directly https://www.marriott.com/about/privacy.mi. 4.2. Strategic Business Partners. We disclose Personal Data and Other Data with select Strategic Business Partners who provide goods, services and offers that enhance your experience at our properties or that we believe will be of interest to you. By sharing data with these Strategic Business Partners, we are able to make personalized services and unique travel experiences available to you. For example, this sharing enables spa, restaurant, health club, concierge and other outlets at our properties to provide you with services. 4.3. Service Providers. We disclose Personal Data and Other Data to third-party service providers for the purposes described in this Privacy Statement. Examples of service providers include companies that provide website hosting, data analysis, payment processing, order fulfillment, information technology and related infrastructure provision, customer service, email delivery, marketing, auditing and other services. 4.4. We will use and disclose Personal Data as we believe to be necessary or appropriate: (a) to comply with applicable law, including laws outside your country of residence; (b) to comply with legal process; (c) to respond to requests from public and government authorities, including authorities outside your country of residence and to meet national security or law enforcement requirements; (d) to enforce our terms and conditions; (e) to protect our operations; (f) to protect the rights, privacy, safety or property of the Domes of Corfu S.A., you or others; and (g) to allow us to pursue available remedies or limit the damages that we may sustain. 5. Principles relating to our processing of personal data. Your Data are: (a) processed lawfully, fairly and in a transparent manner. (b) collected for the specified, explicit and legitimate purposes explained above and not further processed in a manner that is incompatible with those purposes. (c) adequate, relevant and limited to what is necessary in relation to the above purposes. (d) accurate and, where necessary, kept up to date. (e) processed in a manner that ensures appropriate security, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures. 6. Consent. 6.1. We process your data after your prior freely given, specific, informed and unambiguous statement or your clear affirmative action signifies agreement. 6.2. You have the right to withdraw your consent at any time. Withdrawal of consent shall be in written form and bears no detriment to the provision of our services. 7. Retention We will retain your Personal Data for the period necessary to fulfill the purposes outlined in this Privacy Statement unless a longer retention period is required or permitted by law. The criteria used to determine our retention periods include: • The length of time we have an ongoing relationship with you and provide the Services to you (for example, for as long as you have an account with us or keep using the Services) • Whether there is a legal obligation to which we are subject (for example, certain laws require us to keep records of your transactions for a certain period of time before we can delete them) • Whether retention is advisable considering our legal position (such as, for statutes of limitations, litigation or regulatory investigations) 8. Security We seek to use reasonable organizational, technical and administrative measures to protect Personal Data. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of your account has been compromised), please immediately notify us in accordance with the “Contacting Us” section, below. 9. Your Rights. As the Data Subject subjected to processing, you reserve and can exercise any time the following rights: • you can obtain access to your Personal Data that we process and to request a copy (Right of Information). • you can obtain not only the rectification of inaccurate Data but also the completion of incomplete Personal Data, always according to the purposes of the processing (Right to Rectification). • you have the right to obtain the erasure of your Personal Data, without prejudice to our obligations and legal rights regarding their retention on the basis of the specific implemented statutory and regulatory provisions (Right to Erasure). • you can obtain restriction of processing your Personal Rights, when it is not clear whether your Data is being used and for how long, when you contest their accuracy, when their processing is unlawful or the purpose of the processing has come to an end and under the provision that there is no legitimate reason for their retention, while your clear consent will be requested for any other processing except from filing (Right to Restriction). • you can object at any time to the processing of your Data, on grounds relating to your particular situation, in case your Personal Data are processed for the purposes of our legal interests, without prejudice that we can demonstrate compelling and legitimate grounds for the respective processing that override your interests, rights and freedoms or for the establishment, exercise and defence of legal claims (Right to Object). • you can receive your Personal Data which are retained with automated means electronically (in a commonly used and machine – relatable format) or you can demand their transmission to others (Right to Portability). 10. How you can exercise your rights – the right to lodge a complaint. In case you want to exercise your rights regarding Personal Data that you have previously provided to us, Right Exercise Forms are at your disposal both in written and electronic form at the Front Desk and on www.domesmiramare.com respectively. You can contact us at 0030 2661440500, submit the filled in forms at the Front Desk or by mail at privacy@ledrahotelsandvillas.com. In your request, please make clear what right is exercised and what Personal Data it regards. For your protection, we only fulfill requests for the Personal Data associated with the particular email address that you use to send us your request, and we may need to verify your identity before fulfilling your request. We will try to comply with your request as soon as reasonably practicable and consistent with the applicable law. Please note that we often need to retain certain data for recordkeeping purposes and/or to complete any transactions that you began prior to requesting a change or deletion (e.g., when you make a purchase or reservation, or enter a promotion, you may not be able to change or delete the Personal Data provided until after the completion of such purchase, reservation, or promotion). There may also be residual data that will remain within our databases and other records, which will not be removed. In addition, there may be certain data that we may not allow you to review for legal, security or other reasons. In case there is undue refusal or delay on our behalf to grant your requests, as established in your rights, or if you feel that your Personal Data are processed in contravention of the law, you have the ability to file a complaint with the Hellenic Data Protection Authority, which is established in Athens, Kifisia Str. 1-3, PC 115 23, tel 0030 210 6475600 and fax 0030 210 6475628, as the national competent authority concerning the implementation of the General Data Protection Regulation (GDPR). For further information, you can visit the official website of the above authority www.dpa.gr (an English version is available). 12. DPO. Conforming ar. 37 and 38 of the GDPR, on regard to your best interest, Domes of Corfu S.A. has designated PhD - GDPR Efimia Papaioannou, Attorney at the Law, Kountouriotou 6 – Fokaias, Thessaloniki, Greece, tel: 00302310243891 as Data Protection Officer who you may contact directly for your personal data protection matters at dpo@ledrahotelsandvillas.com. 13. Final Provisions. Domes of Corfu S.A. values you as our guest and recognizes that privacy is important to you. We revise and update this Privacy Statement when any changes become effective. Its former versions are at your disposal upon request. In any case, your use of the Services following these changes means that you accept the revised Privacy Statement. We remain at your disposal for any addition information using the above contact. April 2019 Version 2.0