Name and Address of the controller
Controller for the purposes of the General Data Protection Regulation (GDPR), or any other law related to data protection is:
Stavros & Maria Bourni S.A./ Golden Sun
Patmos Grikos 85500, Greece
Tel : +30 22470 32318
a) Personal data: any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
b) Data subject: any identified or identifiable natural person, whose personal data is processed by the controller responsible for the processing.
c) Processing: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
d) Restriction of processing: the marking of stored personal data with the aim of limiting their processing in the future.
e) Controller: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
f) Processor: a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
g) Consent: any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
h) Profiling: any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
You, as a data subject, have the following rights under the G.D.P.R.:
a) The right to be informed. Anyone who processes your personal data, must inform you what data is processed, for what purpose and to whom else the data might pass.
b) The right of access. You have the right to see what data is held of you by the data controller
c) The right to rectification. You can ask to correct or amend any false or incomplete personal data that is held of you.
d) The right to erasure or also known as "the right to be forgotten". Under certain circumstances you can ask the controller to erase personal data concerning you without delay and the controller has the obligation to erase it without any delay.
e) The right to restriction of processing. Under certain circumstances you have the right to ask the controller for a temporary halt of processing of personal data.
f) The right to data portability. You have the right to receive the personal data concerning you and to transmit those data to another controller.
g) The right to object. You have the right to object to further processing of your data which is inconsistent with the primary purpose for which it was collected, including profiling, automation, and direct marketing.
h) Rights in relation to automated decision making and profiling. You have the right not to be subject to a decision based solely on automated processing.
You may contact us in order to:
● confirm whether any of your personal information is held
● have access to any of your personal information and verify its accuracy
● correct and update your record with personal data, in case it is inaccurate
● Erase data or cease processing provided that there are no legitimate grounds for retaining it.
Data we collect from you
We are extremely sensitive regarding our website visitors’ interest in the protection of their personal data. If you are either one of our guests, customers or a visitor of our website, we make sure that we do not collect your personal information, unless you provide it to us on your own initiative by contacting us or by filling in the relevant online form of the website or any other booking engine with which we collaborate.
This information may include:
● Contact details, such as name, mailing address, email address and telephone number
● Your passport or ID number
● Billing information, including credit card and bank account information.
● Other relevant data such as age
Purpose and Use of Personal Data
Our processing of your personal data will be justified if one of the following conditions is satisfied:
● Whenever we obtain your consent
● Whenever the processing of your personal data is necessary for the performance of a contract between you and us
● Where the processing is necessary for us to comply with a legal obligation
● Where the processing is necessary for the purposes of our legitimate interests
Your information will not be used for any other than the purposes specified below:
● Process your bookings for our services
● Process your bookings on behalf of any other booking engine with which we collaborate
● Subscribe you to a newsletter,
● Request your opinion or feedback
● Send you holiday cards
Marketing: In compliance with applicable consent requirements, we may use your information to contact you for marketing purposes. We may contact you by email, phone or mail. You can always opt out by asking to be excluded from marketing activities at any time.
Statistical Purposes: If you do not want us to use your information for statistical purposes, you can simply choose not to give your permission on the web forms with which we collect your information.
Your information will not be exchanged, sold or transferred outside of our company, or given to any other company for any reason without your consent. However, we may disclose your personal information if we are required by law to do so, for law enforcement purposes or other issues of public importance.
Our website is not directed to children under the age of 18 years old. Nor do we knowingly collect information from them. In the event that we find out that we have collected personal information from a child without appropriate and verified parental consent, we will try our best to delete that information as soon as possible.
Time of Data Retention
We will retain your personal information for as long as this is justified by the purpose of processing and in any case for no longer than one (1) year after we have provided our services to you, unless a longer retention period is required or permitted by law. After that period, personal data we hold about you will be erased securely.
To protect your personal information, we take reasonable precautions and follow industry best practices.
Links to other websites
Our website may contain links to other websites that may be of interest to you. However, once you have clicked on these links and left our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting other websites which are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
Feel free to contact us for any issue relating to the processing of your personal data, or to submit a complaint or manage your information:
Email us at: email@example.com
Call us at: +30 22470 32318
Mail us at: Patmos Grikos 85500, Greece