Privacy Policy
Our company WAVE SA. is the owner of the THIRTY NINE HOTEL, located in Salonica, Greece, at 39 Egnatias Str. Thessaloniki, tel: +30 2312313939, email: info@thirtynine.gr. Acting as Data Controller WAVE respects privacy and protects the personal data of data subjects (customers, employees, visitors, etc.) according to the European General Data Protection Regulation (GDPR 2016/679), and its Greek implementing legislation (Law 4624/2019) following the instructions of the Hellenic Personal Data Protection Authority (HDPA). What personal data we collect about you We collect only the minimum personal data about you and keep them for the minimum legal period |
necessary for the execution of the contract (reservation/room rental agreement, labor/supplier contract, technical support, reservation, promotional activity etc.) that we collect directly from you or via a booking platform/ travel agency or by filling in a paper or electronic reservation form as indicatively: b) your payment information (cash, credit, debit cards or other means). Purposes of collection and processing We legally collect (according to article 6 of the GDPR), and process your personal data, according to the principles of legality, objectivity, transparency, proportionality and accountability. We also take all appropriate technical and organizational measures to protect your data (pseudonymization, anonymization, encryption, etc.). Each type of data processing by our company is legal. As the case may be it is based either a) on your express consent (for website cookies, publicity and marketing), b) on our existing contract (for hospitality, work, promotion etc), c) on our legitimate interest (for the installation of cameras for the safety of persons, prevention of theft and other illegal actions, protection of persons and goods), d) for our compliance with legal obligations (tax, social insurance, audit, etc.), in order to serve you and to constantly improve our services, with actions such as: a) the provision of telephone |
answers to your questions, recommendations, complaints and observations b the advertising promotion of our services to our customers c) the defense of rights in courts and authorities and compliance with legal obligations, regulatory orders, court decisions etc. Personal data transfers to third parties For the above purposes, respecting the principles of proportionality and data minimization, we may exceptionally transmit, disclose, grant access to your personal data, to legally authorized third parties, in Greece and, exceptionally, within the European Economic Area (EEA), such as: a) to ministries, public services, social security, judicial and police authorities, etc., as long as this is required by law b) to our partners, such as travel agencies, booking websites, hotel software companies, camera installation companies, transport companies, data storage services (cloud providers, data centers), etc. c) to banks and financial institutions to settle our financial transactions. We assure you that our third-party partners are bound by us with Data Processing Agreements guaranteeing confidentiality and data protection in accordance with the GDPR. In addition, we do not use fully automated decision-making processes or process data of minors, other than those required for the execution of the room rental contract. |
Your rights as a data subject In accordance with the GDPR, you have the following rights: d) to erasure of your data, if they are no longer necessary for the execution of the contract, either they were processed illegally, or the deletion is required by law and they are not required to be kept for legal purposes (such as pending legal claims, labor, insurance, tax obligations, etc.) |
f) to data portability, Information security All your personal information stored in our database is protected by adequate technical and organizational measures as per the Infosec ISO 27001 standards. We will report to the competent Privacy Authority any unlawful violation of our database or any third-party data processing database to all relevant stakeholders as well as authorities within 72 hours of the violation. Policy Changes We reserve the right to modify this Privacy and Privacy Policy and our related practices at any time in light of any legislative or technological changes. In any case, we will inform you appropriately by publishing on our website any revised personal data protection statement. Last Change: 10.10.2024. |