At HotelCrux, we are committed to protecting your personal data and ensuring that it is processed in a fair, transparent, and secure manner.
This privacy policy explains how we collect and use your personal data when you visit our website. It also explains your rights under the General Data Protection Regulation (GDPR).
Data controller
The data controller for this website is HotelCrux and our contact details are:
- Address: Perikleous 24-26, Athens 10562, Greece
- Telephone: +30 212 105 7356
- Email: [email protected]
Our commitment to privacy
We are committed to protecting the privacy of our users and ensuring that personal data is collected, used, and shared in a transparent and secure manner. To achieve this, we have implemented the following practices:
Privacy by Design: We consider privacy at every stage of development, from the initial conception of a new product or service to the ongoing maintenance and improvement of existing ones. We believe that privacy is not just an afterthought, but should be an integral part of everything we do.
Privacy by Default: We have implemented appropriate technical and organizational measures to ensure that the processing of personal data is carried out in a manner that protects the privacy of individuals by default. This includes collecting and processing personal data only for specified, explicit, and legitimate purposes, and not keeping it for longer than necessary.
Compliance with NIST Privacy Framework: We have implemented the NIST Privacy Framework (PF) to ensure that our data collection and processing practices are consistent with best practices for privacy management. The NIST PF is a voluntary, risk-based framework that provides guidance for organizations to better understand, manage, and mitigate privacy risks. It is organized around three core functions: Identify, Govern, and Communicate.
Compliance with GDPR: In addition to our compliance with the NIST Privacy Framework, we have also taken steps to ensure compliance with the General Data Protection Regulation (GDPR). This includes implementing appropriate technical and organizational measures to protect personal data, developing robust policies and procedures for handling personal data, and implementing measures to prevent the transfer of personal data to countries outside the European Economic Area unless appropriate safeguards are in place. We have also developed processes for responding to data breaches and for reporting any such incidents to the appropriate authorities in a timely manner.
We are committed to being transparent about our handling of personal data and to respecting the rights of individuals under GDPR. We strive to provide clear and concise information about our data collection and processing practices, and we offer individuals the opportunity to exercise their rights as granted by data protection laws.
What personal data do we collect?
Information you provide to us
We may collect the following personal data from you when you visit our website:
- Your name, email address, and contact information if you choose to fill out a form or subscribe to our newsletter.
- Any other personal data that you voluntarily provide to us, such as when you post a comment on our website or contact us through our website.
Information we collect automatically
We may also collect the following information automatically when you visit our website:
- Your IP address and other technical information about your device, such as your browser type and operating system.
- Information about your usage of our website, such as the pages you visit and the links you click.
Information we collect from other sources
We may also collect personal data from other sources, such as social media platforms or public databases, if you have given your consent to share your data with us or if the data is publicly available.
Why do we collect your personal data?
We collect your personal data for the following purposes:
- To respond to your inquiries and provide you with information or services that you request.
- To send you marketing materials, such as newsletters, if you have opted-in to receive them.
- To improve the functionality and content of our website, and to better understand how users interact with our website.
- To comply with legal obligations and protect our rights, such as in the case of a legal dispute or investigation.
How do we share your personal data?
We may share your personal data with third parties, such as hosting and security providers, accountants, and other relevant parties. This sharing will only occur if you have provided your consent, or if it is required for our business operations or by law.
As an example, when you purchase products or services from us, we may share your personal data with our accountant in order to ensure proper billing and record-keeping.
How long do we retain your personal data?
We will retain your personal data for as long as necessary to fulfill the purposes for which it was collected, or as required by law.
Your rights
Under the GDPR, you have the following rights with respect to your personal data:
- The right to be informed about how your personal data is being used.
- The right to access your personal data.
- The right to request the rectification of any inaccuracies in your personal data.
- The right to request the erasure of your personal data in certain circumstances, such as if it is no longer necessary for the purposes for which it was collected.
- The right to object to the processing of your personal data in certain circumstances, such as if you believe it is being processed unlawfully.
- The right to request the restriction of processing of your personal data in certain circumstances, such as if you have contested the accuracy of the data.
If you would like to exercise any of these rights, or if you have any questions or concerns about how we handle your personal data, please contact us at [email protected]
Data protection authority
You also have the right to file a complaint with a supervisory authority if you have any concerns about how we process your personal data. In Greece, the data protection authority is the Hellenic Data Protection Authority. You can contact the HDPA at:
- Address: Kifisias Av. 1-3, 11523 Ampelokipi Athens
- Telephone: +30 210 6475 600
- Fax: +30 210 6475 628
- Email: [email protected]
Changes to this privacy policy
We may update this privacy policy from time to time. Any changes will be posted on this page, so please check back regularly to stay informed of the updates to our policy.