At HotelCrux, we are committed to protecting your personal data and ensuring that it is processed in a fair, transparent, and secure manner.
The data controller for this website is HotelCrux and our contact details are:
- Address: Perikleous 24-26, Athens 10562, Greece
- Telephone: +30 212 105 7356
- Email: [email protected]
Our commitment to privacy
We are committed to protecting the privacy of our users and ensuring that personal data is collected, used, and shared in a transparent and secure manner. To achieve this, we have implemented the following practices:
Privacy by Design: We consider privacy at every stage of development, from the initial conception of a new product or service to the ongoing maintenance and improvement of existing ones. We believe that privacy is not just an afterthought, but should be an integral part of everything we do.
Privacy by Default: We have implemented appropriate technical and organizational measures to ensure that the processing of personal data is carried out in a manner that protects the privacy of individuals by default. This includes collecting and processing personal data only for specified, explicit, and legitimate purposes, and not keeping it for longer than necessary.
Compliance with NIST Privacy Framework: We have implemented the NIST Privacy Framework (PF) to ensure that our data collection and processing practices are consistent with best practices for privacy management. The NIST PF is a voluntary, risk-based framework that provides guidance for organizations to better understand, manage, and mitigate privacy risks. It is organized around three core functions: Identify, Govern, and Communicate.
Compliance with GDPR: In addition to our compliance with the NIST Privacy Framework, we have also taken steps to ensure compliance with the General Data Protection Regulation (GDPR). This includes implementing appropriate technical and organizational measures to protect personal data, developing robust policies and procedures for handling personal data, and implementing measures to prevent the transfer of personal data to countries outside the European Economic Area unless appropriate safeguards are in place. We have also developed processes for responding to data breaches and for reporting any such incidents to the appropriate authorities in a timely manner.
We are committed to being transparent about our handling of personal data and to respecting the rights of individuals under GDPR. We strive to provide clear and concise information about our data collection and processing practices, and we offer individuals the opportunity to exercise their rights as granted by data protection laws.
What personal data do we collect?
Information you provide to us
We may collect the following personal data from you when you visit our website:
- Your name, email address, and contact information if you choose to fill out a form or subscribe to our newsletter.
- Any other personal data that you voluntarily provide to us, such as when you contact us through our website.
Information we collect automatically
We may also collect the following information automatically when you visit our website:
- Your IP address and other technical information about your device, such as your browser type and operating system.
- Information about your usage of our website, such as the pages you visit and the links you click.
Information we collect from other sources
We may also collect personal data from other sources, such as social media platforms or public databases, if you have given your consent to share your data with us or if you interact with us through another website, social site, email etc.
Why do we collect your personal data?
We collect your personal data for the following purposes:
- To respond to your inquiries and provide you with information or services that you request.
- To send you marketing materials, such as newsletters, if you have opted-in to receive them.
- To improve the functionality and content of our website, and to better understand how users interact with our website.
- To comply with legal obligations and protect our rights, such as in the case of a legal dispute or investigation.
Our Legal Basis for Processing your data?
When you contact us or subscribe to our newsletter, we rely on your consent to process your personal data. With your consent, we collect and use the information you provide to respond to your inquiries and if you subscribe to our newsletter to send you relevant updates and marketing communications.
Additionally, we also process certain data, such as IP addresses and device information, based on our legitimate interests. This data is collected to ensure the security and functionality of our website, without compromising your personal data. We take measures to safeguard this information and maintain the integrity of our online platform.
How do we share your personal data?
We may share your personal data with third parties, such as hosting and security providers, accountants, and other relevant parties. This sharing will only occur if you have provided your consent, or if it is required for our business operations or by law.
As an example, when you purchase products or services from us, we may share your personal data with our accountant in order to ensure proper billing and record-keeping.
How long do we retain your personal data?
The retention period for visitor or user data collected on our website varies depending on the specific type of data. We will retain your personal data for the duration necessary to fulfill the purposes for which it was collected, or as required by applicable laws and regulations.
Data Retention for Prospective Clients: When new clients contact us via phone, email, or the available form on our website to request an offer, we retain the data collected for a period of 30 days after their request is fulfilled. After this timeframe, we securely delete the data from our systems to ensure data privacy and minimize the storage of unnecessary information.
Data Retention for Active Clients: For current clients, their data is kept for as long as they remain our clients. This enables us to provide ongoing services, support, and maintenance. We ensure the confidentiality and security of their data in accordance with applicable data protection laws and industry standards.
Data Retention of Former Clients: For clients transitioning to another service provider, their data is retained for a period of 6 months after the termination of our business relationship. This allows us to fulfill obligations and provide support during the transition period. Afterward, their data is securely deleted to respect privacy and minimize the retention of unnecessary information.
Data Retention for Prospective Candidates: If you have applied for a position with us or expressed interest in potential employment opportunities, we will retain your personal data for a reasonable period of time during the selection process. Once the selection process is completed, and if you are not selected for the position, we will promptly delete your data to respect your privacy and ensure that it is not kept unnecessarily.
Emails or other electronic communications may be archived for the purpose of maintaining a record of communication and for internal administrative purposes. These communications are retained in accordance with applicable laws and company policies, ensuring that they are securely stored and accessible when needed.
Financial invoice data is kept in certain cases for up to 20 years, in compliance with legal requirements and our legal obligations. This retention period ensures that we meet tax and accounting regulations and enables us to address any financial inquiries or audits that may arise. We take appropriate measures to protect the security and confidentiality of financial data throughout its retention period.
Under the GDPR, you have the following rights with respect to your personal data:
- The right to be informed about how your personal data is being used.
- The right to access your personal data.
- The right to request the rectification of any inaccuracies in your personal data.
- The right to request the erasure of your personal data in certain circumstances, such as if it is no longer necessary for the purposes for which it was collected.
- The right to object to the processing of your personal data in certain circumstances, such as if you believe it is being processed unlawfully.
- The right to request the restriction of processing of your personal data in certain circumstances, such as if you have contested the accuracy of the data.
If you would like to exercise any of these rights, or if you have any questions or concerns about how we handle your personal data, please contact us at [email protected]
Data protection authority
You also have the right to file a complaint with a supervisory authority if you have any concerns about how we process your personal data. In Greece, the data protection authority is the Hellenic Data Protection Authority. You can contact the HDPA at:
- Address: Kifisias Av. 1-3, 11523 Ampelokipi Athens
- Telephone: +30 210 6475 600
- Fax: +30 210 6475 628
- Email: [email protected]