Privacy Policy

1. OUR APPROACH

1.1 This Privacy Policy (the “Policy”) sets out how we S TOYRS ΜΟΝΟΠΡΟΣΩΠΗ IKE (“SHOLDING” or “our” or “we”) headquartered at Georgiou Seferi 78-80, Rhodes, Greece, process the personal data of our customers and website visitors (“Users”).” If you have any questions about this Policy, please contact us at info@sholding.gr.

1.2 By using the Services, you agree to the terms and conditions of this Privacy Statement.

2. Collection of Personal Data

2.1 “Personal Data” are data that identify you as an individual or relate to an identifiable individual. We collect Personal Data in accordance with law. We will collect personal data when you obtain a quote for one of our products of services, or in the course of providing you with one of our products of services. We will also collect personal data when you register with us or provide your information through our website. The types of information we collect may include:

2.1.1 Information you provide us in your insurance application, including names, addresses, date of birth or other information provided by you in your application for insurance;

2.1.2 Information you provide us to help us carry out our obligations under any insurance contract in place between us and you;

2.1.3 Information you provide us relating to an insurance claim you make; and

2.1.4 Information you provide us through one of our mobile apps or customer portals.

2.2 We will use your personal data, and may share your personal data with other third parties acting on our behalf, for one or more of the following purposes:

2.2.1 To analyse your insurance needs;

2.2.2 To give you an estimate or provide you with a quote for one of our policies;

2.2.3 To administer or carry out our obligations under any insurance contract in place between us and you;

2.2.4 To assess and adjust any insurance claim you make;

2.2.5 To assess and respond to a complaint you might make relating to our products or services; and

2.2.6 To ensure the security of your account and our business, preventing or detecting fraud or abuses of our website, for example, by requesting verification information in order to reset your account password.

2.3 In certain circumstances, we may need to collect sensitive personal data about you, which may include information about:

2.3.1 Your physical or mental health condition, or the physical or mental health condition of members of your family, or the physical or mental health condition of one of your employees; and

2.3.2 Any criminal offence or alleged criminal offence committed by you, or members of your family, or one of your employees.

2.4 We will only use such sensitive personal data to:

2.4.1 To administer or carry out our obligations under any insurance contract in place between us and you;

2.4.2 To assess and adjust any insurance claim you make; and

2.4.3 To assess and respond to a complaint you might make relating to our products or services.

2.5 We may also collect non-personal data (i.e. information that has been sufficiently anonymised and aggregated such that you cannot be identified directly or indirectly from it). Further information about our use of non-personal data is included in paragraph 9 (below).

3. INFORMATION FOR MARKETING PURPOSES

3.1 Where you have consented to us using your personal data for marketing purposes, we may use your information as follows:

3.1.1 To provide you with information, products or services that you request from us or which we feel may interest you; and

3.1.2 For market research purposes, where we may contact you to ask for your feedback.

3.2 If at any time after you have consented to us using your information for marketing purposes you wish us to stop using your information for these purposes, please email us at info@sholding.gr.

4. GROUNDS FOR PROCESSING

4.1 To process your data lawfully we need to rely on one or more valid legal grounds. Our primary legal ground is that we need the data to fulfil our contract with you or to take certain steps prior to entering our contract with you. However, there may be circumstances where we also rely on other valid legal grounds, such as:

4.1.1 your consent to particular processing activities. For example, where you have consented to us using your information for marketing purposes;

4.1.2 our legitimate interests as a business (except where your interests or fundamental rights override these). For example, it is within our legitimate interests to use your data to prevent or detect fraud or abuses of our website; or

4.1.3 our compliance with a legal obligation to which Anassa Boutique Hotel is subject. For example, we have a regulatory duty to investigate and respond to complaints made against us and may need to process your data as part of such investigation.

5. DISCLOSURE OF YOUR INFORMATION

5.1 There are circumstances where we may wish to disclose or are compelled to disclose your personal data to third parties. This will only take place in accordance with the applicable law and for the purposes listed above. These scenarios include disclosure:

5.1.1 to our subsidiaries, branches or associated offices;

5.1.2 to our outsourced service providers or suppliers to facilitate the provision of our services or products to our Users, for example, the disclosure to our data centre provider for the safe keeping of your personal data, webhosting provider through which your personal data may be collected, identity verification partners in order to verify your identity against public databases;

5.1.3 to third party service providers and consultants in order to protect the security or integrity of our business, including our databases and systems and for business continuity reasons;

5.1.4 to our carriers and/or our reinsurers, to facilitate the provision of our services or products to you;

5.1.5 to another legal entity, on a temporary or permanent basis, for the purposes of a joint venture, collaboration, financing, sale, merger, reorganisation, change of legal form, dissolution or similar event. In the case of a merger or sale, your personal data will be permanently transferred to a successor company;

5.1.6 to legal advisors who may need to manage or litigate an insurance claim;

5.1.7 to public authorities where we are required by law to do so; and

5.1.8 to any other third party where you have provided your consent.

6. INTERNATIONAL TRANSFER OF PERSONAL DATA

6.1 We may transfer your personal data to a third party in countries outside of Greece for further processing in accordance with the purposes set out in this policy. In particular, your personal data may be transferred to our outsourced service providers located abroad. In these circumstances we will, as required by applicable law, ensure that your privacy rights are adequately protected by appropriate technical, organisation, contractual or other lawful means.

Please contact the data protection officer for a copy of the safeguards which we have put in place to protect your personal data and privacy rights in these circumstances.

7. RETENTION OF PERSONAL DATA

7.1 If you are, or have previously been, a customer of ours then we may continue to hold and process your information for the purpose of continuing to carry out our obligations in connection with the insurance contract between us and you. We will continue to hold and process your information for the duration of the insurance contract and for a reasonable period of time afterwards as required by law.

7.2 We may keep an anonymised form of your personal data, which will no longer refer to you, for statistical purposes without time limits, to the extent that we have a legitimate and lawful interest in doing so.

8. DATA SUBJECT RIGHTS

8.1 Data protection law provides individuals with numerous rights, including the right to: access, rectify, erase, restrict, transport, and object to the processing of, their personal data. Individuals also have the right to lodge a complaint with the relevant data protection authority if they believe that their personal data is not being processed in accordance with applicable data protection law.

8.1.1 Right to make subject access request (SAR). Where we are processing your personal data as a data controller you may, where permitted by applicable law, request copies of your personal data. If you would like to make a SAR, i.e. a request for copies of the personal data we hold about you, you may do so by writing to the data protection officer whose contact details are above. The request should make clear that a SAR is being made. You may also be required to submit a proof of your identity and a fee.

8.1.2 Right to rectification. You may request that we rectify any inaccurate and/or complete any incomplete personal data.

8.1.3 Right to withdraw consent. You may, as permitted by applicable law, withdraw your consent to the processing of your personal data at any time. Such withdrawal will not affect the lawfulness of processing based on your previous consent. Please note that if you withdraw your consent, you may not be able to benefit certain service features for which the processing of your personal data is essential.

8.1.4 Right to object to processing. You may, as permitted by applicable law, request that we stop processing your personal data.

8.1.5 Right to erasure. You may request that we erase your personal data and we will comply, unless there is a lawful reason for not doing so. For example, there may be an overriding legitimate ground for keeping your personal data, such as a legal obligation that we have to comply with, or if retention is necessary for us to comply with our legal obligations.

8.1.6 Your right to lodge a complaint with the supervisory authority. We suggest that you contact us about any questions or if you have a complaint in relation to how we process your personal data. However, you do have the right to contact the relevant supervisory authority directly.

8.1.7 If you would like to review, correct, update, suppress, restrict or delete Personal Data that you have previously provided to us, or if you would like to receive an electronic copy of your Personal Data for purposes of transmitting it to another company (to the extent this right to data portability is provided to you by law), you can contact us at info@sholding.gr or by mail: “S TOYRS ΜΟΝΟΠΡΟΣΩΠΗ IKE” at Georgiou Seferi 78-80, Rhodes, Greece.

In your request, please make clear what Personal Data you would like to have changed, whether you would like to have your Personal Data suppressed from our database, or other limitations you would like to put on our use of your Personal Data. For your protection, we only fulfil requests for the Personal Data associated with the particular email address that you use to send us your request, and we may need to verify your identity before fulfilling your request. We will try to comply with your request as soon as reasonably practicable.
Please note that we often need to retain certain data for recordkeeping purposes and/or to complete any transactions that you began prior to requesting a change or deletion (e.g., when you make a purchase or reservation, or enter a promotion, you may not be able to change or delete the Personal Data provided until after the completion of such purchase, reservation, or promotion). There may also be residual data that will remain within our databases and other records, which will not be removed. In addition, there may be certain data that we may not allow you to review for legal, security or other reasons.

9. NON-PERSONAL DATA

9.1 We collect and use the following types of non-personal information:

9.1.1 Internet Protocol (IP) addresses. When you visit our site, we log your IP address (the unique address which identifies your computer on the internet). We use IP addresses to collect broad geographic information on our site visitor, and to optimise our website. We do not link IP addresses to personally identifiable information.

9.1.2 Cookies. Cookies are small text files that are placed on your computer by the websites you visit. They are widely used in order to make websites works, or work more efficiently, as well as to provide information to the owners of the site. You may delete and block all cookies from this website, but if you choose to do so parts of this site may not work.

9.1.3 Session Cookies. Sections of this website use ‘session cookies’ which help us to improve our website, assist with the navigation through certain parts of the website and deliver a better and more personalised service. Session cookie specifically enable us to keep track of your movement from page to page within the website so you don’t get asked for the same information each time you navigate to a new page. They also allow us to recognise you so that any page changes.

9.1.4 Google analytics. These cookies are used to collect information about how visitors use our website. We use the information to compile reports and to help us improve our website. The cookies collect information in an anonymous form, including the number of visitors, where visitors have come to our website from and which pages they visit. For more information on Google’s Privacy Policy click here.

9.1.5 Online surveys. From time to time we may invite our website visitor or our customers to participate in an online survey about our online services or our products and related services. Your participation is optional, and any information we collect is only used to improve the products and services we offer to our website users or customers.

10. LINKED WEBSITES

Please note that any websites that may be linked to our websites are subject to their own privacy policy.

11. SECURITY

We seek to use reasonable organizational, technical and administrative measures to protect Personal Data. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of your account has been compromised), please immediately notify us in accordance with the “Contacting Us” section, below.

12. RETENTION

We will retain your Personal Data for the period necessary to fulfil the purposes outlined in this Privacy Statement unless a longer retention period is required or permitted by law. The criteria used to determine our retention periods include: The length of time we have an ongoing relationship with you and provide the Services to you (for example, for as long as you have an account with us or keep using the Services) Whether there is a legal obligation to which we are subject (for example, certain laws require us to keep records of your transactions for a certain period of time before we can delete them) Whether retention is advisable considering our legal position (such as, for statutes of limitations, litigation or regulatory investigations)

13. SENSITIVE DATA

Unless specifically requested, we ask that you not send us, and you not disclose, on or through the Services or otherwise to us, any Sensitive Personal Data (e.g., social security numbers, national identification number, data related to racial or ethnic origin, political opinions, religion, ideological or other beliefs, health, biometrics or genetic characteristics, criminal background, trade union membership, or administrative or criminal proceedings and sanctions).

14. UPDATES TO THIS PRIVACY STATEMENT

This Policy may be changed from time to time, consistent with the requirements of the Privacy Shield. You can determine when this Policy was last revised by referring to the “LAST UPDATED” legend at the top of this page. Any changes to our Policy will become effective upon our posting of the revised Policy on the Site.