PRIVACY POLICY
Information & Consent
This Privacy Policy describes how we collect, use, process and protect personal information about you when you use our booking system and webpage.
NaxosRockVillas operates its booking system through a data processor, in full conformity with the European Regulation on General Data Protection (“GDPR”) (EU) 2016/679.
The data requested in the forms accessible from our booking engine are, in general, mandatory (unless specified otherwise in the required field) to meet the stated purposes. Accordingly, if they are not provided or are not provided correctly, we will be unable to process your request.
Personal data we collect and process
This will include:
- personal information about you which we ask you for (e.g. your name, address, and email address) when you make a booking from our booking engine;
- financial details in order to process your reservation when we require pre-payment;
- details of transactions you carry out through our booking engine and details of the fulfilment of your orders.
- our data processor may only collect and process personal data collected and/or processed on behalf of us in accordance with our instructions. WebHotelier cannot process it in any other way or for any other purpose.
Purpose of processing personal data
Depending on your requests, the personal data collected will be processed in accordance with the following purposes:
- To manage the bookings made, including payment management (where applicable) and the management of your requests and preferences.
- To manage registration in loyalty or membership programs, as well as obtaining and redeeming points.
- To manage the your contact requests with us
- To manage the sending of personalized commercial communications from us, by electronic and/or conventional means, in cases you consent.
- To manage the provision of the contracted accommodation service, as well as additional services.
- To manage surveys and/or evaluations regarding the quality of the services provided by us and/or the perception of our image as a company.
Data Retention
We will retain your Personal Data only for the period necessary to fulfill the purposes outlined in this Privacy Policy unless a longer retention period is required or permitted by law or if you request their withdrawal from us, or oppose or revoke their consent.
The criteria used to determine our retention periods include:
- The length of time we have an ongoing relationship with you and provide the Services to you (for example, for as long as you have an account with us or keep using the Services or if you have a booking that has not yet been fulfilled)
- Whether there is a legal obligation to which we are subject (for example, certain laws require us to keep records of your transactions for a certain period of time before we can delete them)
- Whether retention is advisable considering our legal position (such as, for statutes of limitations, litigation or regulatory investigations)
Data Disclosure
We will only use and disclose Personal Data when it is a Legal requirements and as necessary and appropriate for their purpose:
- to comply with applicable law, including laws outside your country of residence;
- to comply with legal process;
- to respond to requests from public and government authorities, including authorities outside your country of residence and to meet national security or law enforcement requirements;
- to enforce our terms and conditions;
- to protect our operations
- to protect the rights, privacy, safety or property of our own, you or others; and
- to allow us to pursue available remedies or limit any possible damages that we may sustain.
Your Rights
You may contact us at any time to:
- To obtain confirmation about whether or not your personal data are being processed by us.
- To access your personal details.
- To rectify any inaccurate or incomplete data.
- To request the deletion of your personal data when, among other reasons, the data are no longer necessary for the purposes for which they were collected.
- To confirm revocation of consent.
- To obtain from us the limitation of data processing when any of the conditions provided in the data protection regulations are met.