Almyra Beach

Privacy Policy

Myra Hotel, owned and operated by F. DIMITROV- I. VISHEV EE, established in Kavala, Greece, Registration Number 132878930000 (hereinafter referred to as “Hotel”, “We”), collects and processes your personal data in accordance with the applicable EU and national legal framework on data protection, especially the European General Data Protection Regulation 2016/679 (GDPR) and the national L.4624/2019 as applicable (“Data Protection Legislation”).

By the present Privacy Policy, we wish to inform you on the personal data we collect and process, during your stay at our Resort as a guest as well as when you cooperate with us or you visit our digital environment. Our website contains links to third party websites which are not subject to this privacy policy. We are not responsible for their content, use of personal information, or security practices.

1     Definitions

  • “Personal data”: any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
  • “Special categories of personal data”: personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation;
  • “Processing”: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
  • Anonymization: the processing of personal data in such a way that data can no longer be attributed to a particular data subject;
  • Pseudonymization”: the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person;
  • Controller”: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
  • Processor”: a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
  • Consent”: of the data subject: any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
  • Personal data breach”: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed;
  • “Existing legislation”: The provisions of the existing Greek, EU or other legislation which is applicable to Myra Hotel with regard to data protection issues, such as: Regulation (EU) 2016/679 (GDPR), Greek Law 4624/2019, Greek Law 3471/2006, Directive 2002/58/EC, as well as any other Decisions, Opinions, Directives, Guidelines and Recommendations issued by the European Data Protection Board, the European Data Protection Supervisor, the Hellenic Data Protection Authority (HDPA) and any other competent supervisory authority, as in force from time.
  1. Personal data we collect/Purpose of processing/Legal Basis

At Myra Hotel we ensure that we collect, store and process only the necessary personal data in order to provide you high quality services.

More specifically, we collect:

Definitions

Your browser or device. We collect certain data through your browser or automatically through your device, such as your computer type (Windows or Macintosh), operating system name and version, internet browser type and version and the name and version of the Online Services (such as the Apps) you are using. We use this data to assess levels of usage.

Your IP Address We collect your IP address, a number that is automatically assigned to the computer that you are using by your Internet Service Provider (ISP).  An IP address is identified and logged automatically in our server log files when a user accesses the Online Services, along with the time of the visit and the pages that were visited. We use IP addresses to calculate usage levels, diagnose server problems and administer the Online Services. We also may derive your approximate location from your IP address.

Cookies and other similar technologies. Our website uses cookies and trackers in order to provide you with the best possible online experience. For further information, please read our Cookies Policy.

Analytics. We may collect data through Google Analytics and Adobe Analytics, which use cookies and technologies to collect and analyze data about use of the Services. These services collect data regarding the use of other websites, apps and online resources. You can learn about Google’s practices by going to www.google.com/policies/privacy/‌partners/0676c8a6 34ac 42af a550 f97ab20cac43 and opt out by downloading the Google Analytics opt out browser add-on, available at https://tools.google.com/dlpage/gaoptout 38fb66fe 7d81 4fb0 adc1 0e25ee59cd0d . You can learn more about Adobe and opt out by visiting http://www.adobe.com/privacy/opt-out.html 1d9f9ca1 68e2 4fd6 9eac f49f32acb768 .

2.1.2.     Booking at Myra Hotel/ booking inquiries

When you wish to make a booking reservation at Myra Hotel, we may ask you to provide certain personal information as required for your registration including your full name, email address, contact number, postal address, payment details, such as your bank account and payment card information (i.e. credit card type and number, credit card holder name, expiration date etc.). This information is required in order to process and complete your reservation (including the sending of a confirmation email of the booking to you). We may also collect and store to our systems our communication and relevant documentation you send to us prior to your visit, in order to organize your stay and provide you with the services agreed.

We collect the above information in order to arrange your booking reservation at Myra Hotel, as well as to process and perform the relevant payment for the purchased hospitality services. The legal basis of processing is the performance of the contract with you, as well as our legitimate interest to recover any issued claims in case of disputes.

2.1.3.     When your stay with us at Myra Hotel

During your stay at Myra Hotel we collect information including the data provided during the registration process (full name, date of birth, id/ passport number, visa data, nationality home address, e-mail address, phone number, companion full name, postal code etc.). Moreover, we record your itemized spending to properly assemble your folio, which sets out your room rate and other expenses billed to your room. We may also collect allergies or health data and/or special requirement preferences (i.e. mobility requirements, payment difficulties, special requests, service issues, amenities requests, interests, activities, hobbies) but only if you voluntarily provide them to us by signing the relevant forms and providing us your explicit prior consent. Moreover, we may collect information related to accidents that may take place while you visit our Resort. Finally, Myra Hotel may collect your data for providing you with offers and newsletters only with your explicit consent.

We collect the above information in order to:

a. complete the check-in process, serve your stay and offer you our agreed services. Our legal basis of processing is the performance of our contractual and/or legal obligations;

b. to offer you personalized services (regarding preferences, special conditions etc). Our legal basis is your prior explicit consent;

c. for communication, promotional, research and marketing purposes. Our legal basis is your prior explicit consent;

d.  to assess and investigate an accident/incident in accordance with our internal procedures, for the proper handling of any respective legal issues. Our legal basis is our legitimate interest as a service provider and our defense against any legal claims;

e. the protection of the health of our guests and staff. Our legal basis of processing is reasons of protection of public interest in the area of public health.

2.1.4.     F&B reservations

When you wish to make a reservation to Almyra restaurant, we collect your full name, room number, as well as any other special preferences/ allergies you may have and will provide them to the restaurant. We collect and process such information only for the duration of your stay and up to the end of the operating season that you have visited Myra Hotel.

We collect such information, to manage your reservation and provide you with F&B services. Our legal basis is your prior explicit consent, the fulfillment of our contract and our legitimate interest to provide you our high-quality services.

2.1.5.     CCTV systems

We collect and process CCTV images through our video-surveillance systems in order to ensure your safety and security, alongside our premises. You can access the CCTV privacy notice at our website.

Our legal basis of processing is the legitimate interest to protect the safety of our guests, employees and premises.

2.2.        Employees

2.2.1.     If you are a job applicant

In case you wish to apply for any of our vacancies which are published either to our website, or third- party platforms we may collect and process only the necessary personal information in order for us to assess your suitability for a job opening (e.g., full name, contact details, working experience and CV details). Our legal basis of processing is our legitimate interest to assess your suitability for our vacancies, as well as to comply with our pre-contractual obligations.

2.2.2.     If you are an employee

We may collect and process only the necessary information to manage our employment relationship, either at the pre-contractual stage (e.g., full name, Social Security Numbers, Bank account details, contact details, CV details, information on prior experience, education and training, family status etc.), or during the performance of the contract (e.g., evaluations, trainings, leaves etc.).

We collect such data in order to comply with our contractual obligations and fulfill our legal obligations as an employer. Our legal basis is the need to process your data in the context of our contractual obligation or during the pre-contractual stage, as well as to comply with our legal obligations.

2.3.        If you are a business partner or supplier/contractor

We may collect and process personal information from our vendors, only as necessary to fulfill our contractual and/ or legal obligations (e.g., full name, TIN number, Bank account details, full address and contact details). Our legal basis of processing is the performance of our contractual agreement and our compliance with our legal (tax) obligations.

3.            Who do we share your information with?

Myra Hotel keeps your personal data secure and safeguarded. Only authorized employees, associates and/or external partners will have access and process your personal data according to the purpose of their processing. We may share your personal data within our group companies and public services for the above described purposes. Furthermore, we may disclose your personal data to third parties (legal entities or individuals) which process your personal data under our written order and clarifications (as our Data Processors). We always guarantee that these third parties imply the same measures for the protection of your personal data and act only under our written orders with respect to your personal data.

More specifically, your personal data may be shared with:

  • Third party service providers (eg. Legal consultants, it & information security services, technical support, insurers and/or professional advisors insofar as reasonably necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, marketing agencies, our payment services provider, companies and organizations for the purposes of fraud protection and credit risk reduction),. We endeavor to ensure by relevant data processing agreements that any personal data processing is made in full compliance with the data protection legislation.
  • Companies within our group – companies, if such transfer is necessary for the pursuance of the abovementioned purposes.
  • Competent Public Services (Police, prosecuting authorities, tax authorities etc.) in the context of performing their duties, or upon relevant request.

In any case of data transfers, we ensure to limit the extent of information that is being disclosed, to the strictly necessary for the performance of the specific purpose of the transfer.

4.            International Data Transfers

We shall not transfer your personal data outside the European Economic Area (“EEA”) or another country. In case any such international data transfer takes place, we will ensure that an adequate level of protection is provided in compliance with Data Protection Legislation.

5.            Data Retention

Your personal data is retained for a predetermined and limited period depending on the purpose of processing, after the end of which, these personal data are being deleted from our files unless another retention period is required or permitted by applicable law.  

The criteria used to determine our retention periods include: 

  •  The length of time we have an ongoing relationship with you and provide the Services to you (for example, for as long as you have an account with us or keep using the Services)
  •  Whether there is a legal obligation to which we are subject (for example, certain laws require us to keep records of your transactions for a certain period of time before we can delete them)
  •  Whether retention is advisable considering our legal position (such as, for statutes of limitations, litigation or regulatory investigations)

6.            Data Security

We take appropriate technical and organizational security measures to keep your personal data safe and accurate as well as to protect them against any loss, misuse, or unauthorized access, alteration, disclosure or destruction. We also have implemented measures to maintain the ongoing confidentiality, integrity and availability of the systems and services that process personal data so that we be able to restore the availability and access to your data in a timely manner in the event of a physical or technical incident.

7.            Your Rights

Myra Hotel respects your rights as set forth by the applicable Data Protection Legislation. Especially, you enjoy the following rights related to the data we collect and process about you, and more specifically you may:

  1. request access to the personal information we process about you and request to receive a copy thereof;
  2. request that we correct inaccurate or incomplete personal information about you;
  3. request deletion of personal information about you, unless special legal provisions require their retention
  4. request restrictions, temporarily or permanently, on our processing of some or all personal information about you;
  5. request transfer of personal information to you or a third party where we process the data based on your consent or a contract with you, and where our processing is automated; object to our further processing of personal information about you; and
  6. request to withdraw your consent when processing is based on your consent, bearing in mind that such processing will not affect the lawfulness of the processing before the withdrawal.

In case you want to exercise your rights regarding Personal Data that you have previously provided to us, please sent an email to info@myrahotel.gr. In your request, please make clear what right is exercised and what Personal Data it regards. For your protection, we only fulfill requests for the Personal Data associated with the particular email address that you use to send us your request, and we may need to verify your identity before fulfilling your request. You do not have to pay a fee, and we will aim to respond to your request within thirty (30) days upon receipt and identification of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests we handle. We will honor the requests you make related to your rights as the law allows, which means in some cases there may be lawful reasons that may not enable us to satisfy the specific request you make related to your rights.

In case of exercising one or more of the above-mentioned rights of correction, deletion and restriction of your data, these requests shall also be forwarded to any third-party recipient with whom your personal data may have been shared in the context of the pursuance of the aforementioned processing purposes.

In any case, we inform you that you have the right to lodge a complaint with the Hellenic Data Protection Authority at their official website https://www.dpa.gr/el/polites/katagelia_stin_arxi. (an English version is available)

8.            Changes to this Privacy Policy

We may make changes to this Policy from time to time based on changes to applicable laws and regulations or other requirements applicable to us or changes to our business. Updated versions will be uploaded to our website and date stamped so that you are always aware of when our Privacy Policy was last updated. If we materially change the way in which we process your personal data, we will provide you with prior notice, or where legally required, request your consent prior to implementing such changes. We strongly encourage you to read our privacy policy and keep yourself informed of our practices.

This Privacy Policy was issued on April 2025