Personal Data: data that can identify a person
Non-Personal Data: data that cannot identify a person
Data Subject: an individual to whom personal data relates.
Who controls the data that you supply ?
Aqualand Resort acts as a data controller in Greece for the purposes of any relevant data protection laws. The data you provide is processed fairly and lawfully and used only for the purposes set out in this policy.
Information we collect
Aqualand Resort will collect personal information data about you in accordance with our legitimate interests as a data controller. Personal information includes your name, contact details and any other data that can be used to identify you. Aqualand Resort does not store any sensitive personal data.
- To book your holiday
- For customer service enquiries
- For the purpose of communication
- To improve user experience on the Aqualand Resort website
- To carry out our obligations arising from any contracts that Aqualand Resort enters into with third parties in relation to providing your holiday
- Where you have consented to being contacted, send you promotions, offers and market information
- To facilitate Aqualand Resort’s invoicing processes
Where information is held
All personal data in paper format is stored in locked cabinets. This includes chronologically ordered sets of manual records containing personal data.
Aqualand Resort do not store customer credit card numbers or any other payment information other than invoices, statements and confirmation of payments. Credit card details taken by phone are shredded immediately.
Access to your information
Some personal data that you provide to us may be passed on to our suppliers and other third parties as specified above. Some of these are located outside of the European Economic Area. When we transfer your personal information outside this area, we will take steps to ensure that your privacy rights continue to be protected.
The GDPR introduces a right for Data Subjects to have personal data erased. This is known as ‘the right to be forgotten’. A request to delete personal data should be made by email. Please email your request to firstname.lastname@example.org .
When we receive a delete request we may require further identity verification or to clarify your request. In order to fulfil our legitimate interests as data controller, we may refuse your delete request based on the “as long as necessary” obligation described above.
Aqualand Resort will delete personal data after the “as long as necessary” period if we have not had any meaningful contact with the Data Subject or if we do not hold any records on you that are in our legitimate interests to keep. “Meaningful contact” means contact that adds to the information we already have about you.
If you wish to contact us about any of this or request that we delete you from our mailing list then please email email@example.com
- Firewalls including anti-spyware software
- Anti-virus software
- Anti-spam filters
- All data is backed up weekly
- All files/data are stored on password protected systems
- Only employees who need the information to perform a specific job (for example, travel consultants, our accounts clerk or a marketing assistant) are granted access to your information.
Aqualand Resort uses all reasonable efforts to safeguard your personal information. However, you should be aware that the use of email/the Internet is not entirely secure and for this reason Aqualand Resort cannot guarantee the security or integrity of any personal information which is transferred from you or to you via email/the internet.
Data breach and notification
In the unlikely event of such a data breach resulting in a high risk to the rights and freedoms of individuals, we will notify those individuals wherever feasible within 72 hours of discovering the breach.
Any queries or complaints relating to our data protection policy, should be directed to us via email: firstname.lastname@example.org . We will aim to respond to any requests within 5 working days of receipt.
Website visitors tracking
Any changes to this Privacy Statement will be updated on this website as and when it is required. If at any time we use personal data in a significantly different manner than from stated in this statement, we will notify you and you will be able to decide if we are able to use this information in the new manner.
If you do not agree with how we process your personal data as outlined in this policy, please do not submit any data to us.
Last Updated: May 2018
KERKIRAIKI FILOXENIA XENODOXIAKES
KAI TOURISTIKES EPIXIRISEIS AE
AGHIOS IOANNIS, 49083 CORFU, GREECE
TAX ID: 998389935