Data Protection Officer
We have appointed a manager to oversee compliance with this privacy notice. If you have any questions about this privacy notice or how we handle your personal information, please contact our Data Protection Officer at firstname.lastname@example.org OR our customer services team at email@example.com. We welcome questions, comments, and concerns about our cookies policy and privacy practices. If you contact us with a privacy complaint it will be assessed with the aim of resolving the issue in a timely and effective manner.
You have six basic rights under privacy and data protection laws related to the data we process about you. You do not have to pay a fee, and we will aim to respond to your request within 30 days. We will honor the requests you make related to your rights as the law allows, which means in some cases there may be legal or other official reasons that we may not be able to address the specific request you make related to your rights.
request access to the personal information we process about you;
request that we correct inaccurate or incomplete personal information about you;
request deletion of personal information about you;
request restrictions, temporarily or permanently, on our processing of some or all personal information about you;
request transfer of personal information to you or a third party where we process the data based on your consent or a contract with you, and where our processing is automated; and opt-out or object to our use of personal information about you where our use is based on your consent or our legitimate interests.
Make a complaint: You may make a complaint about our data processing activities to a supervisory authority, for Greece this is the Hellenic Data Protection Authority firstname.lastname@example.org
Information we collect
“Personal data” is any information that can be used to identify you or that THG can link to you. TGH collect (may automatically) certain information when you use, access, or interact with us via our websites.
- If you are a, business partner or supplier, please click here.
- If you are a job applicant, please click here.
- If you visit the websites and online properties we provide.
- If you are a customer, or express interest in our services.
When you directly register to use our services we may ask you to provide certain personal information including your full name, email address, contact number, registration and payment details, such as your bank account and payment card information (i.e. credit card type and number, credit card holder name, expiration date and CCV code) . This information is required to process and complete your reservation (including the sending of a confirmation email of the booking to you). THG collects your personal data when you provide it to us, for instance by visiting our website, sending us an email or entering into a contract; when you sign up for an event; When you subscribe to our newsletter to receive exclusive offers and the latest news on our services.
- When you create a profile or sign in to access an existing profile on our website or App;
- When you make a reservation through our website directly; and
- During your stay at THG including information provided during check-in.
During your stay, we record your itemized spending to properly assemble your folio, which sets out your room rate and other expenses billed to your room. We also record this information to comply with financial reporting requirements, including those imposed by auditors and government regulators. We may also collect certain information as required by local laws (e.g. passport number). Information particular to your stay may also be stored (i.e. health issues, payment difficulties, special requests, service issues). This stay specific information is stored in our CRM system and is combined with information from previous visits that you have made to one of our hotels. Certain information regarding your service preferences is also stored centrally by us and may be made available to other THG’s properties through the guest history database. You may advise the hotel if you do not want personal preferences shared. In addition, we may retain the content of any document (including letters, comment cards, electronic documents such as e-mails and other similar forms of communication) that you send us before, during or following your stay. This information may be shared with employees of the hotel.
- THG may also receive information about you from social media platforms including but not limited to when you interact with us on those platforms or access our social media content.
Information of children
Our websites and services are generally not directed to children under 15. Tor Hotel Group does not knowingly collect personal data from anyone under 15 without parental consent. We will delete any Personal Information collected that we later determine to be from an individual younger than the age of thirteen (13). If you are a parent of a child younger than age thirteen (13) and you have a concern about information that may have been provided by your child to us, please contact us at email@example.com
What do we use your personal data for?
- To Provide Superior Customer Service to our Guests
Personal Information is collected to assist us in making your reservation and providing the services you request at any of our properties, to ensure we meet your needs while you are staying with us and/or to allow us to contact you in relation to matters that arise from your stay with us. By keeping certain stay related Personal Information on file, such as information regarding guest history and itemized spending, guests of THG have the ability to confirm prior transactions and reconcile statements or invoices. In the normal course of our business, to allow us to manage your reservation on the basis that processing is necessary in order to perform our contract with you to provide our services
- To Keep Our Guests Informed
We may use the Personal Information you provide to send you newsletters regarding our properties and to advise you of promotions or to inform you of offers or other information that may be of interest to you. You will be able to opt-out of such communications at any time by sending us an email at firstname.lastname@example.org.
We wish to contact Guests to conduct surveys or focus groups to receive your views of our properties and service delivery. Occasionally we will combine information from a number of Guests to better understand trends and Guest expectations;
- to allow us to understand your personal preferences, personalize our services to you as our guest;
- to store your data to pre-populate fields to make it easier for you to provide information when you return to our sites;
- to validate your information (and, in some cases, match it against information that has been collected by a third party such as travel sites and online intermediaries) to check that the data we hold about our customers/users is accurate, consistent and up to date on the basis that processing is necessary in order to perform our contract with you to provide our services;
- in pursuit of our legitimate interests, to record CCTV footage to ensure the safety and security of our premises, staff and customers; our legitimate interest consists in the necessity to protect our property and the goods located in it from illegal acts, such as theft. The same applies to the safety of life, physical integrity, health as well as the property of our staff, clients and other third parties legally located in the monitored area. We only collect image data and limit the surveillance to areas where we have assessed an increased likelihood of illegal activity, without focusing on areas where the privacy of the persons being monitored may be severely restricted, considering their right to respect for personal data;
- to comply with any legal obligations to which we are subject; and
- We shall periodically check that the personal data we store for you is accurate. If you would like to update the personal data we hold about you, please contact us on email@example.com with your request.
- The provision of certain personal information is mandatory if you are to use our services. If you fail to provide such data we shall be unable to provide our services.
Who do we share your information with?
- We may disclose your personal data to any member of our group of companies insofar as reasonably necessary for the purposes, and on the legal bases, set out in this policy. Information about our Binding Corporate Rules can be found here.
- We may disclose your personal data to our insurers and/or professional advisers insofar as reasonably necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, obtaining professional advice, or the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of court procedure.
- Financial transactions relating to our website and services are handled by our payment services provider. We will share transaction data with our payment services provider only to the extent necessary for the purposes of processing your payments, refunding such payments and dealing with complaints and queries relating to such payments and refunds.
Third parties that process data on our behalf (such as marketing agencies, infrastructure providers, management systems, it & information security professionals, law firms etc.) in order to pursue our legitimate interests and perform a contract.
- if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to protect your vital interests or the vital interests of another natural person (employees, customers, or others). We may also disclose your personal data where such disclosure is necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.
CCTV storaged material is accessible only by our competent / authorized personnel and associates who are in charge of the security of the space. This material shall not be transmitted to third parties, except in the following cases: (a) to the competent judicial, prosecutorial and police authorities when it contains information necessary for the investigation of a criminal offense involving persons or property of the controller; (b) to the competent judicial, prosecutorial and police authorities when requesting data, lawfully, in the performance of their duties, and (c) to the victim or perpetrator of a crime, in the case of data which may constitute evidence of the act.
Disclosure of Data Transfer & Third-Parties
THG may pass on your personal data to third parties after first obtaining your consent for purposes that you explicitly approve.
THG may pass on your personal data to third parties without first obtaining your consent for purposes allowed under required collection and processing under GDPR, including but not limited to where such data is required to provide website or user security, authentication, fraud-protection, or anti-spam protecting;
Third-Party Service Providers
International Data Transfers
We may transfer, access, or store personal information about you outside of the European Economic Area (“EEA”), Switzerland, or another country that requires legal protections for international data transfer. When we do, we will ensure that an adequate level of protection is provided for the information by using one or more of the following approaches:
We may transfer personal information to organizations that participate in Privacy Shield or its successor data transfer mechanisms for transfers from the EEA or Switzerland to the U.S.
We may transfer personal information to countries that have privacy laws that have been recognized by the country from which the data are transferred as providing adequate protection for the data. Where personal data is transferred outside of the EEA to a data importer in a country that is not subject to an adequacy decision by the European Commission, data is adequately protected by appropriate safeguards, such as industry- standard GDPR – compliant contractual clauses with third parties.
We may rely on other transfer mechanisms approved by European or Greek authorities.
Legal Bases for Using Your Personal Data
There are different legal bases that THG relies on to use your personal data, namely:
- Performance of a contract – The use of your personal data may be necessary to perform the contract that you have with us. For example, as a user of our websites or services THG will use your personal data to respond to your requests and provide you with such services.
- Legitimate interests – THG may use your personal data for our legitimate interests to improve our services and the content on our websites; to protect our property and lives, health and physical integrity of our staff, clients and other third parties; to obtain professional advice and exercise legal claims.
- Legal compliance and/or vital interest as mandated by a valid and binding request from an applicable government entity with proper jurisdiction.
For reasons of public interest in the area of public health, such as protecting against serious cross-border threats to health.
Keeping and Securing Your Data
We will keep personal information about you for as long as we provide services to you, as long as you work for or with us, or as long as we are addressing a concern, question, complaint, or request you have made to us, as applicable to our interactions with you. If we have a contract or other agreement with you, we will follow the retention obligations of that agreement.
We may keep data longer if we have a legal obligation to keep it or to maintain necessary records for legal, financial, compliance, or other reporting obligations, and to enforce our rights and agreements. We also may keep data about you for statistical analysis or research purposes.
Deletions of data, pursuant to properly issued, valid, and verified GDPR-related requests from a person or entity with rights to make such a request, will occur within a reasonable timeframe; data in backup archives that is unlinked may take longer to delete than active data.
We store CCTV data for seven (7) days, after which they are automatically deleted. In the event that during this period an incident occurs, we isolate part of the video and store it for another (1) month, in order to investigate the incident and initiate legal proceedings to pursue our legitimate interests, while if the incident concerns third parties we will store the video for up to three (3) more months.
We restrict access to your information to only those persons who need to use it for the relevant purpose. Our retention periods are based on business needs and your information that is no longer needed is either irreversibly anonymized or destroyed securely. Where we don’t need to keep all of your information in full, we will obfuscate or aggregate it, for example, web activity logs and survey responses. This is to ensure that we do not retain your information for any longer than is necessary.
We take appropriate security measures to protect personal information against loss, misuse, and unauthorized access, alteration, disclosure or destruction. We also have implemented measures to maintain the ongoing confidentiality, integrity and availability of the systems and services that process personal information, and will restore the availability and access to data in a timely manner in the event of a physical or technical incident.
For reservations made through booking.com, your credit card information is transmitted to us through a secure server protocol, which encrypts all your personal and credit card details. The encryption method used is the industry standard "Secure Socket Layer" (SSL) technology.
For reservations made through THG online booking engine (powered by WebHotelier HLDG Ltd), the collection and transmission methods used are the Secure Socket Layer" (SSL) and the PCI Data Security Standard (PCI DSS).
THG collects information, which may include personal data, from your browser when you use our Sites. We use browser session cookies, which are temporary cookies that are erased from your device’s memory when you close your Internet browser or turn your computer off, and persistent cookies, which are stored on your device until they expire, unless you delete them before that time.
We use a variety of methods, such as cookies and pixel tags to collect this information, which may include your (i) IP-address; (ii) unique cookie identifier, cookie information and information on whether your device has software to access certain features; (iii) unique device identifier and device type; (iv) domain, browser type and language, (v) operating system and system settings; (vi) country and time zone; (vii) previously visited websites; (viii) information about your interaction with our Sites such as click behavior, purchases and indicated preferences; and (ix) access times and referring URLs.
Managing your cookie settings
If you do not want to accept cookies, you can block them by adjusting the settings on your internet browser. Please note that because this is a setting on your browser, this adjustment may also block cookies for any website you visit. You can visit www.aboutcookies.org, which provides detailed information on managing cookies in popular browsers.
Videos and other features on our site use Flash cookies to collect and store your preferences, such as volume. Flash cookies are different from browser cookies because of the amount of, type of, and way that data is stored. Cookie management tools provided by your browser will not remove Flash cookies. Some cookies may be placed by third party service providers who perform some of these functions for us. Based on what function cookies have and the purpose for which cookies are used, there are four categories of cookie: strictly necessary cookies, performance cookies, functional cookies and marketing cookies.
Cookies on this website that do not require approval.
Strictly necessary cookies cannot be disabled using the features of this website.
Cookies on this website that require approval.
Gather information about how a website is used – for example, which pages a visitor opens most often, and whether the user receives error messages from some pages. These cookies do not save information that would allow the user to be identified. The collected information is aggregated, and therefore anonymous. These cookies are used exclusively to improve the performance of the website and with it the user experience.
Enable a website to save information which has already been entered (such as user names, languages choices, and your location), so that it can offer you improved and more personalized functions. Functional cookies are also used to enable features you request such as playing videos. These cookies collect anonymous information and cannot track your movements on other websites.
Are used to deliver adverts and other communications more relevant to you and your interests. They are also used to limit the number of times you see an advertisement and to help measure the effectiveness of advertising campaigns. They remember whether you have visited a website or not, and this information can be shared with other organizations such as advertisers (this includes advertising technologies on websites such as Facebook, LinkedIn and Twitter). Cookies for improving group targeting and advertising will often be linked to site functionality provided by other organizations.
Third party cookies on our Sites
Third parties may also collect data directly from your web browser and the processing of this data is subject to their own privacy policies. Our standard advertising terms and conditions do not permit our advertisers to drop their own cookies for profiling or retargeting without your consent.
We also use third party cookies on our Sites that fall into the categories above (“third party cookies”) for the following reasons:
- to help us monitor traffic on our Sites (like many companies, we use Google Analytics to do this);
- to identify fraudulent or non-human traffic;
- to assist with market research;
- to improve Site functionality;
Advertisers sometimes use their own cookies to measure performance and to identify fraudulent or non-human traffic. To the extent that you have given them your consent to do so, advertisers may also provide you with targeted advertising based on their data. For example, advertisers may use a profile they have built either on their own site or on sites that you have previously visited to present you with more relevant advertisements during your visit to our website www.torhotelgroup.gr.
When does THG send you emails?
After you have made a booking, you will receive a confirmation message with all the information about your booking.
As mentioned above, sometimes THG may send feedback emails after your stay at the hotel. If you do not wish to give us your opinion, you can let us know and we will not request anyfurther feedback.
In the reservation process you can request our newsletter, which contains special offers and more information about THG. You can also choose to stop receiving the newsletter at any time.