THE CRETE GOLF CLUB (hereinafter referred to as "the Company") is committed to protecting your privacy and handling your personal data in a proportionate and transparent manner, regardless of the capacity in which you communicate or collaborate with us—indicatively but not limited to—whether you are a visitor, former or current client, employee, supplier, or affiliated third party. Your personal data includes any information that can lead, either directly or in combination with others, to your unique identification or recognition as a natural person.
This Privacy Policy explains how the Company, as the Data Controller, collects and processes your personal data and informs you of your rights in accordance with national law (Law 4624/2019) and the General Data Protection Regulation (EU) 2016/679 (known as GDPR).
WHO WE ARE
THE CRETE GOLF CLUB is a hospitality facilities management organization based in Greece.
Address:
The Crete Golf Club
P.O. Box 106,
70014 Hersonissos, Crete – Greece
Phone: +30 28970 26000
Website: http://www.cretegolfclub.com/
Email: info@cretegolfclub.com
PERSONAL DATA WE COLLECT
When you register directly to make a booking or use our services, as well as during check-in at our hotel, we may ask you to provide certain personal information, such as full name, ID or passport, physical and email address, credit card number, phone number, payment details, etc.
When you visit our websites, we may also collect information about the pages you visit, as well as information about your use of our website, such as viewed pages, referring websites, changes to information you have provided us, and your transactions. This includes the use of cookies, where you have consented.
CHILDREN'S PERSONAL DATA
Our website is not intended for children under the age of 15, and we do not knowingly collect information from children to promote our services. We may process minors’ data—such as date of birth, age, and gender—as part of providing hospitality services to families, only with the explicit consent of their parents.
LEGAL BASIS FOR PROCESSING YOUR PERSONAL DATA
We process your personal data in accordance with the EU GDPR on the basis of at least one of the following lawful grounds:
1.It is necessary for the performance of a contract:
- To fulfill our obligations arising from contracts signed with you
- To respond to information and service requests made under a contractual relationship
- To process your booking and perform your check-in
- To process your payment
- To facilitate your participation in tours, etc.
2.It is necessary for compliance with legal obligations:
- We have legal obligations under applicable laws and regulatory provisions, such as tax and labor laws.
3.It is necessary for the pursuit of our legitimate interests (or those of a third party):
- Legitimate interest exists when we have a business or commercial reason to use your information. Even so, it must not unfairly conflict with what is right and best for you. Examples include:
• Providing effective service and support
• Responding to your requests
• Improving website and service security and usability
• Conducting customer satisfaction surveys
• Conducting business transactions with you
• Informing you of new services and offers
• Installing surveillance systems (CCTV), e.g., at the entrance and perimeter of our facilities to prevent criminal acts or vandalism, etc.
4.You have given us your consent:
- Where you have explicitly given your consent for processing, such processing is lawful on the basis of that consent. You have the right to withdraw your consent at any time. However, withdrawal does not affect the legality of the processing carried out prior to its withdrawal.
HOW WE SHARE YOUR DATA
In fulfilling our contractual, legal, and regulatory obligations, your personal data may be shared with various departments within the Company. Additionally, various service providers and external vendors (suppliers) may receive your personal data to help fulfill our obligations. These providers and vendors contractually agree with the Company to maintain confidentiality and protect data in accordance with local data protection law and the GDPR.
Such providers and suppliers may include:
- External legal advisors
- IT system support companies
- Financial and business consultants
- Cloud service providers
- External auditors and accountants
- Marketing firms
- Contractors for specific projects
- Police and judicial authorities
- Third parties through whom you contacted us
- Card payment processors
- Travel agencies
DATA TRANSFERS OUTSIDE THE EUROPEAN ECONOMIC AREA (EEA)
Your personal data may be transferred to third countries to fulfill a legal or contractual obligation or where you have given your consent. Data controllers or processors in third countries are required to comply with European data protection standards and provide appropriate safeguards for the transfer of your data under Article 46 of the GDPR.
DATA RETENTION
We will process and store your personal data for the duration of our business relationship and for as long as necessary to fulfill our contractual and legal obligations.
We will delete your data:
- From CCTV surveillance systems within 15 days of recording
- When it is no longer necessary for the purposes it was collected and processed
- Upon your request or objection to processing, provided there are no legal grounds requiring retention
- When it is no longer needed for compliance with legal obligations
- If collection and processing was based on your consent, after withdrawal of your consent
AUTOMATED DECISION-MAKING AND PROFILING
In general, we do not use automated decision-making in our business operations. However, we may automatically process certain data for the limited purpose of evaluating specific aspects (limited profiling), in order to enter into or perform a contract with you.
MARKETING ACTIVITIES AND PROFILING
We may process your personal data to inform you about products, services, and offers that may interest you.
The personal data we process for this purpose includes information you have provided and data we collect or infer from your activity in relation to our services, such as cooperation history. We analyze this data to form a view of what we believe you may need or be interested in. In some cases, limited profiling is used—automated processing of your data to evaluate personal characteristics, enabling us to deliver targeted service-related information.
We may use your personal data to promote our services only if we have your explicit consent or, in certain cases, where we believe we have a legitimate interest to do so.
You have the right to object at any time to the processing of your personal data for marketing purposes, including profiling, by contacting the Company in person or in writing.
YOUR RIGHTS
You have the following rights concerning your personal data:
1.Access your personal data:
This allows you to receive a copy of the personal data we hold about you and verify that we are processing it lawfully.
2.Request correction:
This allows you to correct incomplete or inaccurate data we hold about you.
3.Request erasure (“right to be forgotten”):
This allows you to request the deletion of your personal data where there is no legal reason for us to continue processing it.
4.Object to processing:
You may object where we rely on a legitimate interest and something about your situation makes you want to object.
5.Object to direct marketing and related profiling:
If you object, we will stop processing your personal data for direct marketing purposes.
6.Request restriction of processing:
You may request us to restrict how we process your personal data in specific cases.
7.Request data portability:
You may receive your data in a structured, commonly used, and machine-readable format and transfer it to another organization or request that we transfer it directly.
8.Withdraw consent at any time:
Withdrawal does not affect the lawfulness of prior processing based on your consent.
To exercise any of these rights, contact the Company at: info@cretegolfclub.com
RIGHT TO LODGE A COMPLAINT WITH A SUPERVISORY AUTHORITY
Before lodging a complaint, you must first contact us and exercise your GDPR rights. If we do not satisfy your request or our response is inadequate, you have the right to file a complaint with the Hellenic Data Protection Authority (HDPA) at www.dpa.gr.
COOKIES
Our website uses small files known as cookies to enhance user experience and functionality.
To learn more about how we use cookies, please see our Cookie Policy below.
CONTACT
If you have any questions about this Privacy Policy or how the Company processes your personal data, or if you wish to submit a comment or complaint, please contact us via email at: DPO@newel.com
VALIDITY OF PRIVACY POLICY
This Privacy Policy was published by THE CRETE GOLF CLUB on 24/12/2023 and is subject to periodic improvement and revision.