Privacy policy & GDPR compliance

  • jquery slider

Privacy policy & GDPR compliance

Privacy policy & GDPR compliance.
1. User privacy and data protection

Your personal data is collected and processed only when absolutely necessary.
We respect your privacy. We will never sell, rent or distribute your personal information without your consent.
All our company’s business and internal computer systems are compliant by design to GDPR.
2. Relevant legislation
. National and international legislation with regard to data protection and user privacy are:

EU General Data Protection Regulation 2018 (2016/679 GDPR)

Greek law for Data Protection 2019/4624

2.2 To provide our hotel services, we must collect some personal information according to Greek and EU law.

3. Personal information we collect and process

We collect and process personal data for the following reasons:

3.1 To provide hospitality services in our hotel. We collect either at check-in, during the reservation process, or during web check in. In these processes, we collect personal data may including, but are not limited to, items such as: your name, surname, home address, telephone, email address, ID or passport No, date of birth, any other special requests and any other personal data that is legally necessary to provide you with our services and make your stay unique. We also collect payment details, (credit card no) or any other details we need to collect for issuing the invoice for you. We collect arrival and departure dates as well.

3.2 We do not collect any “sensitive” personal data (genetic, biometric or health related) or data that may lead to that, unless you voluntarily provide them to make your stay better. For example, allergies or disabilities you may have to provide you the food and assistance you need.

3.3 We collect some personal data from our official pages in social media when you voluntarily use them.

3.4 Website visitation tracking.

Like most websites, this site uses Google Analytics (GA) to track user interaction. We use this data to determine the number of people using our site, to better understand how they find us and to see their journey through the site. Google does not provide us with any information which may identify/profile you.

3.5 Contact forms and email links

If you choose to contact us, using the contact form or an email link, all your personal data will be stored on the website in secure and compliant site. The process of those, will be only from our authorized employees and are not transferred in any third party data processors as defined in section 6.
In the event that you choose to contact us using the contact form or the email link from the SPA website, none of your personal data will be stored or transferred or processed by any third party. Instead wil be sent to us in email message via an encrypted SSL protocol.
If you are under 15 years old, you must obtain parental consent before we collect your personal data. Since it is technically impossible to check the age of people using this website, we suggest that parents inform us if it comes to their attention that the personal data of their children was processed without their consent.
4. How we use your personal data.
We collect your personal data to provide hospitality services according to Greek law.

4.2 To provide you with personalized services at our hotel making your stay unique.

4.3 To analyze and improve our services. In this context, you may receive a single email after your departure, in order to evaluate our services.

4.4 We may share some personal data with congress organizers or travel agencies only to verify hotel reservations.

4.5 When we use third party companies we share only the necessary personal data they need, in order to provide you services during your accommodation. For example: taxi services, car rental companies etc.

4.6 For communication with the authorities if required.

4.7 If you choose to accept our special offers, we will communicate with you via the available channels, for example email newsletter. You can unsubscribe from our offers at any time.

5. How we store, retain and secure your personal data

We store your personal data to our hotel information system (PMS) that is compatible with GDPR and is located at a secure area on the hotel’s premises. We maintain security measures of personal data by applying security policies in our premises’ network, backup policies, cryptography on wan connections and more, to ensure the personal data from any unauthorized access. We stay up to date on technical developments by rechecking and reforming our systems if necessary. Only authorized and trained personnel have access to your personal data. We retain your personal data as long as you are an active customer or as long as it is required by the applicable law.

We use HTTPS cryptography for the communication between our website and your browser

Our policy regarding retention of your personal data is:

Pseudonymisation for inactive customer accounts: after 10 years
Deletion of canceled bookings: after 10 years.

6. Our third party data processors

We use a number of third parties to process personal data on our behalf. These third parties have been carefully chosen and all of them comply with the relevant legislation set out in section 2.

7. Data Breaches

We will report any unlawful data breach within 72 hours from the moment we will notice the breach.

8. Data Controller

Nikopolis Hotel, Thessaloniki, Greece.

9.0 Data Protection Officer

To communicate with the Data Protection Officer, you can use the following email:

10.0 Updates - revisions to the privacy policy

This policy may change from time to time in line with legislation or industry developments. We will not explicitly inform our customers. Instead, we recommend that you check this page occasionally for any changes.

Revised: November 2023

Nikopolis offers.