This policy determines the terms and conditions, with which the general company P. BOURTSOUKLIS & CO OE. processes your personal data and collects, manages, uses, stores, transmits and protects the data, for the period of their storage, as well as for the rights that you can exercise at any time regarding your personal data. This policy may be subject to modifications and updates whenever necessary, which will take effect from the date they are posted on the Website.

The general company P. BOURTSOUKLIS & CO OE (hereinafter: “NYMFASIA RESORT”), which is based in Vytina, Arcadia, PC 22010, as owner and administrator of the website www.nymfasiaresort.gr(hereinafter “Website”), informs the visitors / users (hereinafter “Users”), regarding the type and the total of the information that it collects and processes, as a Personal Data Processor, during the visit and browsing of the users in Website www.nymfasiaresort.gr.

When you browse the Website you acknowledge, unreservedly and unrestrictedly, that you have read, understand and accept the privacy and privacy policy.

1. PRIVACY POLICY

The Privacy Policy applies to all users, including those who use the services of NYMFASIA RESORT, without having registered in any of our services, and those who have registered.

NYMFASIA RESORT is responsible for the processing of personal data that we collect about you through the services of the Website and are processed in accordance with the terms of this Privacy Policy.

The services of NYMFASIA RESORT are addressed to the general public, as defined in theTerms of Use, but are not intended for children and do not collect personal data from children under 16 years.

The General Data Protection Policy aims to protect personal data against all internal, external, voluntary or unintentional threats. Particularly:

• NYMFASIA RESORT implements a General Data Protection Policy and declares its full commitment to the effective implementation and provision of sufficient resources, for the continuous improvement of the Data Protection Management System.
• The General Data Protection Policy aims to ensure:
  1. (1) The confidentiality of NYMFASIA RESORT data.
  2. (2) The protection of the data managed by NYMFASIA RESORT from any unauthorized access.
  3. (3) Maintaining the integrity of NYMFASIA RESORT and visitor / user data.
  4. (4) Data protection training for all NYMFASIA RESORT employees.
  5. (5) The availability of data and business processes.
  6. (6) Compliance with relevant legislative and regulatory requirements.

2. PROCESSING OF PERSONAL DATA

Your personal data is processed by both electronic and manual means and is protected by appropriate security measures, taking into account modern technology, implementation costs, nature, scope, context and purpose of processing, as well as probability and severity of the impact on the rights and freedoms of individuals. In particular, NYMFASIA RESORT implements appropriate administrative, technical, personnel and physical measures aimed at protecting the personal data in its possession from loss, theft or unauthorized use, disclosure or modification. In particular, NYMFASIA RESORT:

• Ensures sufficiently that its systems, by design and by definition, fulfill their obligations under the GCC.
• Informs about any incident related to the violation of your personal data.
• Complies with the legal framework for the protection of personal data and in particular the GCC, as the controller.
• Takes organizational and technical security measures of data processing, which protect their logical and physical security.
• Keeps the privacy of your personal information in the highest regard.

Any processing of personal data requires a specific and legal reason, in accordance with existing legislation. For this reason, we ensure that any use of your information is based on one of the following legal bases: (a) the consent of the user in cases of registration in the services of the Website, as well as the use of cookies, (b) the security of our legitimate interests, without them violating the rights of users, as is the case when claiming civil claims and (c) complying with the provisions of the Law, as in the case of reporting illegal user activity to the competent authorities.

3. COLLECTION OF PERSONAL DATA

NYMFASIA RESORT collects: (a) registration data, when you register or subscribe to a website service, (b) public data and publications that you share through the Website services, (c) data that you have authorized on social media to disclose to NYMFASIA RESORT (d) activity data when you access and interact with a NYMFASIA RESORT service.

Specifically, NYMFASIA RESORT collects the following types of data from and for you:

• Registration data, that is, the information you submit to sign up for a website service, for example to create an account, receive a newsletter, or reply to an email that you have sent to a website service. Registration information may include, for example, first name, last name, e-mail address, country and postal code. Also ID / Passport Number, room preferences, transfer details (flight number, etc.), reservation date, start and end date of the reservation and date and time you made a reservation.
• Public data and publications, consisting of comments or content that you post on the Services of the Website and your personal data accompanying such publications or content, which may include your nickname, username and comments. Information and posts that are public means that they are available to everyone and may appear in search results on external search engines.
• Data from social mediaIf you access or sign in to a NYMFASIA RESORT service through a social media service or link a NYMFASIA RESORT service to a social media service, the data we collect may also include your user ID and / or username related to this social media service, the information or content that you have allowed the social media service to share with us, as well as your profile picture, email address or friend lists, and personal information that you have made public in relation to that particular social media service. By accessing the services of the Website through social media services or by linking an Internet service to social media services, you authorize NYMFASIA RESORT to collect, store and use the relevant personal data and content in accordance with this Policy Privacy. Images and video and audio data via: (a) security cameras (images and audio data are stored for 15 days and then deleted) (b) hotel activities carried out during your visit, with your consent. If you submit personal information about other persons to us or to our service providers (eg if you are booking for another person), you declare that you have the authority to do so and allow us to use the data in accordance with this Privacy Policy.
• Activity data. When you access and interact with the services of NYMFASIA RESORT, we may collect specific information about these visits. For example, to allow you to connect to NYMFASIA RESORT services, our servers receive and record information about your computer, device, and browser, including your IP address, browser type, and more. software or hardware information. These technologies may be used to collect and store information about your use of NYMFASIA RESORT services, such as the pages you have visited and the rest of the content you have viewed, as well as the search queries you have submit.

We also collect information that you provide to us through your answers to our inquiries, your answers to our questionnaires, your comments and so on.

We do not collect:

1. Financial informationfrom payment service providers. In some cases, we may use an offline payment service to enable you to purchase a service or make payments. If you wish to make a payment through a Payment service, you will be directed to a Payment Service website of the website www.nymfasiaresort.gr. Any information you provide to a Payment Service will be subject to the Payment Policy’s privacy policy and not to this Privacy Policy. We have no control over and are not responsible for any use, by any Payment Service, of information collected through it.

1. Sensitive information. We do not collect or solicit from you by sending or disclosing sensitive personal information (such as information about racial or ethnic origin, political views, religion or other beliefs, health, criminal record or trade union affiliation. ) or through the Website Services or otherwise.

The Website Services may link to sites, including social networking sites, managed by non-affiliated companies, and may provide advertisements or offer content, functionality, games, newsletters, contests, or applications that are developed and linked from companies. NYMFASIA RESORT is not responsible for the privacy practices of unrelated companies and as soon as you leave the services of NYMFASIA RESORT or click on an advertisement you should check the other service’s Privacy Policy.

4. PURPOSE AND USE OF PERSONAL DATA

We use the personal data we collect for the following purposes: USE OF PERSONAL DATA

• To provide information about the Website and the Services you request.
• For the operation, improvement and maintenance of our business, products and services.
• To manage the room reservation as well as any other hosting service
• To manage relationships with you before, during and after your stay at the hotel
• For the Company’s compliance with Greek and European Law
• For marketing purposes
• For the establishment, recognition, exercise or defense of a right and legal claims
• To support business processes
• To improve our hotel services
• For the security of our information systems
• For the performance of a duty performed in the public interest and in particular in the field of public health.

Other purposes:We may also use your personal data in other ways and we will provide specific notices when we collect the data, while securing your consent where needed.

Use your personal data for our business. For example, when making a purchase, we use this information for accounting, auditing and other internal operations. We use personal data about how you use our products and services to improve your user experience, to assist you in identifying technical and service issues, and to manage our Website.

For the protection of rights, assets or security, ours or those of others.

We may also use your personal information about how you use our Website to prevent or detect fraud, abuse, misappropriation or breach of our Terms of Use, as well as to comply with court decisions, government requests or current legislation.

We use data on how we use our Website and Services to better understand consumer / customer behavior and preferences. For example, we may use information about how visitors to the NYMFASIA RESORT Website use search and find services to better understand the best ways to organize and present product offerings in our online store window.

All personal data collected and further processed by NYMFASIA RESORT is appropriate, adequate and limited to the needs and purposes for which it is collected. We further process your personal data in a manner that guarantees its accuracy, constant updating and security, including protection against unauthorized or unlawful processing, accidental loss, destruction or damage, taking all appropriate technical and organizational measures for this purpose. Especially with encryption, encryption, pseudonymization and anonymization of personal data, as well as control, supervision and recording of processing processes.

There is a case of transferring user data to our third parties / partners, who act on our behalf (as processors) and who have been confirmed to meet the requirements of personal data protection, applying a parallel protection policy with ours. NYMFASIA RESORT will in no case disclose or disclose the personal data of the users of the Website, except with their free and explicit consent to do so, or if it is required due to the obligation to comply with applicable laws and always to the specific Principle defined by the Law.

5. PERSONAL DATA

According to the GCC, the national legislation in force in compliance with it, as well as for the needs of the present, the basic concepts used are understood as follows:

“Personal data“: It is any information concerning an identified or identifiable natural person (” data subject “); the identifiable natural person is one whose identity can be verified, directly or indirectly, in particular by reference to an ID number, location data, online ID or one or more factors that characterize the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.

“Data subject»: The identifiable natural person whose identity can be ascertained, directly or indirectly, in particular by reference to an identity identifier such as name, identity number, position data, online identity identifier or one or more factors that characterize the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.

“Processing“: Any operation or series of operations performed with or without the use of automated means, on personal data or on personal data sets, such as the collection, registration, organization, structure, storage, adaptation or alteration, retrieval, retrieval of information, use, disclosure by transmission, dissemination or any other form of disposal, association or combination, restriction, deletion or destruction.

Users visiting the Website may, under certain conditions, be required to provide us with their personal information (eg contact details, including name, email, telephone number, postal and billing address, login and account details, including name user, password and unique user ID).

In no case are personal data of minors collected, except with the explicit consent of those exercising parental responsibility.

6. PRINCIPLES OF PROCESSING PERSONAL DATA

Personal data is subject to processing which is carried out in accordance with the principles of legality, objectivity and transparency, taking into account any additional restrictions imposed by the purpose of the processing. The basic principles of processing, as derived from the GCP, are:

Principle of Purpose

Purpose is a key element of the law and is a guide for evaluating other authorities. The data are processed for specified, explicit and legitimate purposes, and are not further processed in a manner incompatible with those purposes. They are also subject to processing for the purposes of archiving in the public interest, for the purposes of scientific, historical or statistical research.

Principle of Proportionality

The data must be appropriate, relevant and limited only to the extent necessary for the purposes of their processing. The principle of “data minimization” is a key factor in the legality of processing.

Principle of Accuracy – Update

The data must be accurate and up to date, if required. In addition, reasonable steps must be taken to immediately delete or correct the data. Subjects should be given the opportunity to correct their data.

Principle of Legality, Objectivity and Transparency

The data must be processed lawfully and fairly in a transparent manner in relation to the data subject. The processing is lawful only if and to the extent that the data subject has consented to the processing of his or her personal data for one or more specific purposes and the processing is necessary for the purposes of the legitimate interests pursued by NYMFASIA RESORT or a third party, unless such interests prevail over the interests or fundamental rights and freedoms of the data subject which require the protection of personal data, in particular if the data subject is a child. Transparency requires the information of the subject to be concise, easily accessible, clear and simply worded.

Principle of Limited Shelf Life

Data should only be kept for as long as is required for processing purposes. Exceptions are data kept for archiving purposes in the public interest, as well as for scientific, historical or statistical research purposes.

Principle of Adequate Security

Personal data must be processed in a way that adequately guarantees their proper security, protection against unauthorized or illegal processing, accidental loss, destruction or deterioration, using appropriate technical and organizational measures.

Principle of Accountability

NYMFASIA RESORT is responsible, therefore, must be able to demonstrate compliance with the principles governing the processing of personal data.

7. ACCESS AND TRANSMISSION OF PERSONAL DATA

Access to your personal data has only the necessary staff of the Processor who processes your data as Perform the Processing, on our behalf and in accordance with our orders. The processors are contractually obliged by us to maintain confidentiality, not to disclose data to third parties without the permission of the Processor, to take appropriate security measures and to comply with the legal framework for the protection of personal data and in particular the FGM.

Your data is not transmitted outside the European Economic Area (EEA). In the event that it is deemed necessary to transfer them to countries outside the EEA, we will ensure that your rights and freedoms regarding the processing of your personal data are properly and appropriately protected. To the extent our obligation, we will ensure that the transfer is made under contractual agreements, using standard contractual clauses approved by the European Commission or other appropriate safeguards, in accordance with applicable law.

8. SECURITY OF PERSONAL DATA

NYMFASIA RESORT takes appropriate and adequate technical and organizational measures to protect your personal data. Access to personal data is restricted to NYMFASIA RESORT staff and strict rules of professional secrecy, confidentiality and confidentiality apply. The processing of personal data is carried out by authorized persons, in a way that harmonizes with the rules and procedures required by the GCC, ensuring their protection from unauthorized access or use, falsification, loss / theft or destruction.

This Privacy Policy does not apply in the event that you link through this Website to another Website for processing by the other Website for which we are not responsible. For this reason we expressly urge you to refer to the Privacy Policy of each website you browse.

9. DURATION OF PERSONAL DATA

The personal data of the users are kept for as long as the legal purpose of the processing for which they were originally collected is valid, with the free consent of the users.

For the protection of data we maintain an appropriate level of security and we have implemented reasonable physical, electronic and administrative procedures to prevent accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access to personal data transmitted, stored or otherwise processed. Our information security policies and procedures are in line with international standards and are reviewed and updated whenever necessary to meet our needs, as well as any changes in technology and regulatory requirements.

We delete the data we collect from you if it is no longer necessary to achieve the purposes for which it was originally collected. The data collected exclusively for the purpose of the user’s communication with us are kept during the communication and are deleted within three (3) months from its termination. However, we may be required to store personal data for a longer period of time due to legal provisions.

We delete the data collected by cookies in accordance with the Cookies Policy.

10. USER RIGHTS

You have the opportunity, as provided in the GCC, to exercise the following rights:

Right of access

You have the right to be informed by us, if and how we process your personal data. If we process your personal data, you can ask to be informed about the purpose of the processing, the type of data we hold, who we share it with, how long we store it, if automated decisions are made, but also about your other rights, such as correction , deletion of data, restriction of their processing and submission of a complaint to the Personal Data Protection Authority.

Right to information

NYMFASIA RESORT takes all necessary steps, both during the collection phase and at any later stage of the processing of your personal data, so that you have full opportunity to exercise your legal rights, as described herein.

Right to delete data (“right to forget”)

You can ask us to delete your personal data if it is no longer necessary for the processing purposes for which it was originally collected or if you wish to revoke the consent you have previously provided.

Right to revoke consent: You have the right to revoke your consent at any time, without prejudice to the legal basis for the processing of your data by us, based on that consent prior to revocation.

Right to data portability

You can ask us to receive in readable form the personal data you have provided to us or ask us to pass it on to another processor.

Right of correction

If you find that there is an error in your personal information, you can apply to us to correct it (eg name correction).

Right to object and non-automated individual decision making

You may object to the processing of your personal data and we will immediately stop processing it, unless there are other legitimate reasons that prevail. You can also ask us to restrict the processing of your personal data if you question their accuracy or legality.

Users can exercise all the rights granted to them under the GCC and the wider legal framework by writing to the NYMFASIA RESORT website, either by e-mail to its registered office or by e-mail to contact@nymfasiaresort.com. Within a reasonable period of one (1) month from the receipt of your request, NYMFASIA RESORT will give you a reasoned response to the acceptance or rejection of your request or requests, if it is more than one.

In the event that you consider that your personal data is being misused or that your rights are being violated in any way, in defiance of our legal obligation to the contrary, or if you are not satisfied with the reason for the reply you will receive regarding acceptance or reject your request, you can lodge a complaint with the Personal Data Protection Authority (http://www.dpa.gr/).

11. PRIVACY POLICY UPDATES

NYMFASIA RESORT may modify or update this Privacy Policy for any reason (including, but not limited to, changes in applicable law and interpretations of decisions, opinions and mandates relating to such applicable law.)

Any changes to this Privacy Policy will be notified in advance by posting the revised Privacy Policy on the Website’s services. In the event of any material changes to this Privacy Policy that alter the nature of the processing or extend our rights to use the personal data we have already collected from you, we will notify you and give you a choice as to the future use or not of such data.

Finally, NYMFASIA RESORT assures users that any processing of their personal data is in the best interests of users, in accordance with the principles of legality, transparency, accuracy, availability and integrity in all its forms, and that it is in line with National Legislative Framework, as well as the European Regulation on Personal Data Protection (hereinafter “GCC”), implementing appropriate and adequate technical and organizational measures to protect your personal data and ensure your privacy.