Privacy Policy

GLOBAL PRIVACY STATEMENT

 

This privacy statement (“Statement”) applies to HOTELBRAIN S.A., its subsidiaries and all of the hotels within the HOTELBRAIN S.A. Portfolio of Brands1 (collectively, “HOTELBRAIN S.A.,” “we” or “us”). At HOTELBRAIN S.A., we strive to deliver outstanding products, services, and experiences in Greece and around the world. We value your business and, more importantly, your loyalty. We recognize that privacy is an important issue. We have developed this Statement to explain our practices regarding the personal information we collect from you or about you on this site or via our apps, through written or verbal communications with us, when you visit one of our properties, or from other sources. While this Statement broadly describes the practices we have adopted across HOTELBRAIN S.A. globally, local laws vary and some jurisdictions may place restrictions on our processing activities (e.g., certain jurisdictions may require affirmative consent to send marketing messages). Therefore, our actual practices in such jurisdictions may be more limited than those described herein in order to enable us to comply with local requirements. If you are a resident of the European Economic Area (EEA), please see Appendix A for additional information regarding HOTELBRAIN S.A. use of your personal information.

By using any of our products or services and/or by agreeing to this Statement, e.g. in the context of registering for any of our products or services, you understand and acknowledge that we will collect and use personal information as described in this Statement.

Please note that this Statement does not apply to our processing of personal information on behalf of and subject to the instructions of third parties such as airlines, car rental companies, and other service providers, companies that organize or offer packaged travel arrangements, marketing partners, or corporate customers.

1 The HOTELBRAIN S.A. Portfolio of Brands includes the hotels listed at https://hotelbrain.com/el/hotels-resorts/

Click on the links below for specific information:

GLOBAL PRIVACY STATEMENT

PERSONAL INFORMATION WE COLLECT

PERSONAL INFORMATION WE COLLECT FROM THIRD PARTIES

USE OF PERSONAL INFORMATION COLLECTED ABOUT YOU

PERSONAL INFORMATION WE SHARE

OTHER INFORMATION

SENSITIVE INFORMATION

PERSONAL INFORMATION FROM CHILDREN

MOBILE AND LOCATION-BASED SERVICES

LINKS TO THIRD-PARTY WEBSITES AND SERVICES

PROTECTING PERSONAL INFORMATION

INTERNATIONAL TRANSFERS OF PERSONAL INFORMATION

CHANGING AND ACCESSING YOUR PERSONAL INFORMATION

RETAINING PERSONAL INFORMATION

CHOICES – MARKETING COMMUNICATIONS

STATEMENT MODIFICATIONS

CONTACT US

 

PERSONAL INFORMATION WE COLLECT

We collect personal information at every touch point or guest interaction, and in conducting every aspect of our business, we may collect personal information. This personal information may include: your name, mailing address, billing address, email address, phone number, information related to your reservation, stay or visit to a property; participation in a membership or loyalty program (including HOTELBRAIN S.A. co-branded programs); participation in a contest, sweepstakes, or marketing program (even if you do not stay at one of our hotels); information related to the purchase and receipt of products or services; personal characteristics, nationality, income, passport number and date and place of issue; travel history; payment information, such as your payment card number and other card information, as well as authentication information and other billing and account details associated with mobile billing; guest preferences; marketing and communication preferences; information about vehicles you may bring onto our properties; reviews and opinions about our Portfolio of Brands or properties (if they are identified or associated with you); frequent flyer or travel partner program affiliation and member number; hotel, airline and rental car packages booked; groups with which you are associated for stays at hotels; information provided on membership and account applications; and other types of information that you choose to provide to us or that we may obtain about you.

We may ask for details on joint travelers, including their names and frequent flyer numbers, and the age of the driver of the rental car. We may also collect information related to conversations, including recording or monitoring customer service calls for quality assurance and training purposes, and other communications such as in-app messages and SMS.

In addition, we collect other personal information in certain cases, such as:

In addition to the information we collect from you directly, we may also infer information about you based on the information you provide to us or from Other Information we collect.

 

PERSONAL INFORMATION WE COLLECT FROM THIRD PARTIES

We may also collect information about you from third parties, including information from your airline, payment card, and other partners; from your social media services consistent with your settings on such services; and from other third-party sources that are lawfully entitled to share your data with us. We use and share this information (and may append this information to the other information we have on file for you) for the purposes described in this Statement.

 

USE OF PERSONAL INFORMATION COLLECTED ABOUT YOU

We use your personal information in a number of ways, including to provide and personalize the services you request and expect from HOTELBRAIN S.A., to offer you the expected level of hospitality in-room and throughout our properties, administer the HOTELBRAIN S.A. Loyalty program, conduct direct marketing and sales promotions and as set forth below in more detail. We will collect your consent prior to processing your data where required by applicable law.

We are obligated to collect certain data, including your name, address, payment information, and, in certain countries, travel document information, in order to process your reservation. Failure to provide this information will result in our inability to process your reservation.

 

PERSONAL INFORMATION WE SHARE

In order to offer you the expected level of hospitality and to provide you with the best level of service, we may share your personal information among members of the HOTELBRAIN S.A. Worldwide Portfolio of Brands, our service providers, and other third parties as set forth in detail below:

 

OTHER INFORMATION

When you visit and interact with HOTELBRAIN S.A. websites and apps, we collect other information that does not directly identify you about your use of the site, such as a catalog of the site pages you visit, and the number of visits to our sites (“Other Information”). We use Other Information, as well as data received from third parties, to deliver email, online (on our sites and other sites) and mobile advertisements. We may also use Other Information to allow third-party partners to recognize you as a HOTELBRAIN S.A. Loyalty member when you visit the partner’s website or app, or to recognize you as one of their customers when you visit HOTELBRAIN S.A. websites or apps so that they may provide more relevant offers to you.

We use cookies and other technologies (such as “pixel tags,” “web beacons,” “clear GIFs”, links in emails, JavaScript, device IDs assigned by Google or Apple, or similar technologies) to collect this information. If you want to remove or block Cookies from your device at any time, you can update your browser settings (consult your browser’s “help” menu to learn how to remove or block Cookies). HOTELBRAIN S.A. is not responsible for your browser settings. You can find good and simple instructions on how to manage Cookies on the different types of web browsers at www.allaboutcookies.orgNote for EEA and UK-Residents: If you are based in Europe, you also can adjust your Cookie preferences by adjusting the Cookie Settings through the Cookie Consent Manager, which can be found here: Cookie Preferences.

You can learn more about interest-based advertising and how to opt out of our vendors’ and other advertisers’ use of Cookies to tailor content or advertising to you by visiting http://optout.networkadvertising.org/#!/ and http://www.aboutads.info/choices.

At this time, we do not respond to Do Not Track signals or other, similar mechanisms.  Please see our Cookies Statement for more information.

We may use the information we have collected and aggregated, or anonymized personal information received from third parties, to understand more about our users (for example, we may use the aggregated information to calculate the percentage of our users who have a particular telephone area code). This includes demographic data, such as date of birth, gender and marital status, inferred commercial interests, such as favorite products or hobbies, and other information we may collect from you or from third parties.

Because Other Information does not personally identify you, such information may be disclosed for any purpose where permitted by law.  In some instances, we may combine Other Information with personal information. If we do combine any Other Information with personal information, the combined information will be treated by us as personal information in accordance with this Statement.

 

SENSITIVE INFORMATION

The term “sensitive information” refers to information related to your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, sex life, or sexual orientation, genetic information, criminal background, and any biometric data used for the purpose of unique identification. In some jurisdictions, mobile phone numbers, location data, and information contained on identity documents also are considered sensitive information.

We do not generally collect sensitive information unless it is volunteered by you or unless we are required to do so pursuant to applicable laws or regulations. We may use health data provided by you to serve you better and meet your particular needs (for example, the provision of disability access).

 

PERSONAL INFORMATION FROM CHILDREN

We do not knowingly collect personal information from individuals under 18 years of age. As a parent or legal guardian, please do not to allow your children to submit personal information without your permission.

 

MOBILE AND LOCATION-BASED SERVICES

We provide mobile apps that can be downloaded to your smartphone or mobile device. These apps have a variety of functionalities that enhance the customer experience. In addition to providing services, our apps may collect personal and Other Information that will be used in accordance with this Statement. For example, to book or change a reservation, including a reward stay, you will be required to provide some personal information, such as your HOTELBRAIN S.A. Loyalty credentials or other information as necessary. Our Digital Key functionality within the HOTELBRAIN S.A. Loyalty App collects information we already have about you, including your HOTELBRAIN S.A. Loyalty number and user ID, and additional information, including use of the key. We provide a link to this Statement to customers prior to their downloading of any of our apps.

If you allow our mobile apps to access your location information on your device, our mobile apps may use your mobile device’s Global Positioning System (GPS) technology and other technology (such as wireless transmitters known as beacons) to provide you with information and offers based on the location of your device. Beacons allow us to collect information about your location within participating hotels by communicating with mobile devices that are in range. We may use this location information to enhance your on-property experience by delivering push notifications and other content to your mobile device, providing navigation assistance as you move around our locations, and sending you information and offers about products, services, or activities we believe may be of interest to you. We may share this information with third parties, including business partners and service providers, to provide information, offers, and services that may be of interest to you. You may prevent or limit the collection of location information by changing the settings in the HOTELBRAIN S.A. Loyalty app, or by changing your device’s settings.

For certain properties, we also make available real-time or virtual “concierge” features, which may be pre-loaded onto a HOTELBRAIN S.A.-owned device, downloadable to your web-enabled mobile device, or available as part of the HOTELBRAIN S.A. Loyalty App. For example, you can communicate directly with the hotel; order services from the hotel, such as room service or valet parking; access our websites; access third-party websites, including local attractions and social media; and book a reservation. The hotel will access and use your personal information (such as your name, HOTELBRAIN S.A. Loyalty tier, confirmation number, check-in, and check-out dates, and room number) in providing these concierge services. If you request SMS (text) communications, you will be required to provide your phone number and carrier. We may also communicate with you by means of third-party digital messaging apps. If we do so, the privacy policies of those services apply.

We offer all of these mobile and location-based services only to the extent permitted by applicable local laws.

 

LINKS TO THIRD-PARTY WEBSITES AND SERVICES

Our site and our mobile applications may contain links to third parties’ websites. Please note that we are not responsible for the collection, use, maintenance, sharing, or disclosure of data and information by such third parties. If you provide information on and use third-party sites, the privacy policy and terms of service on those sites are applicable. We encourage you to read the privacy policies of websites that you visit before submitting personal information.

HOTELBRAIN S.A. may also partner with a limited number of Internet providers to offer Internet access to our guests. Your use of on-property Internet service is subject to the third-party Internet provider’s terms of use and privacy policy. You can access those terms and policies using the links on the service sign-in page, or by visiting the Internet provider’s website.

 

PROTECTING PERSONAL INFORMATION

HOTELBRAIN S.A. will take reasonable measures to (i) protect personal information from unauthorized access, disclosure, alteration or destruction, and (ii) keep personal information accurate and up-to-date as appropriate. HOTELBRAIN S.A. employs a robust team of dedicated information security professionals who are responsible for creating, updating and managing HOTELBRAIN S.A.’s security program. HOTELBRAIN S.A.’s Information Security team is responsible for, among many other things, monitoring our systems for potential intrusions, responding to potential incidents, supporting property-level information security, regularly reviewing and updating the security controls HOTELBRAIN S.A. uses to protect data and providing training on HOTELBRAIN S.A.’s information security program. HOTELBRAIN S.A. maintains a PCI compliance program and an IT compliance program. This compliance program generates audit reports concerning the adequacy and effectiveness of HOTELBRAIN S.A.’s IT internal controls, including a PCI Attestation of Compliance signed by an external PCI Qualified Security Assessor and a SSAE16/SOC1 report addressing the IT general controls over systems that support certain accounting and financial reporting. In the event of a security incident, HOTELBRAIN S.A. will notify regulators and/or consumers as required by applicable laws or regulations.

We also seek to require our affiliates and service providers with whom we share personal information to exercise reasonable efforts to maintain the confidentiality of personal information about you. For online transactions, we use reasonable technological measures to protect the personal information that you transmit to us via our site. Unfortunately, however, no security system or system of transmitting data over the Internet can be guaranteed to be entirely secure.

For your own privacy protection, please do not send payment card numbers or any other confidential personal information to us via email.

We will not contact you by mobile/text messaging or email to ask for your confidential personal information or payment card details. We will only ask for payment card details by telephone when you are booking a reservation or promotional package. We will not contact you to ask for your HOTELBRAIN S.A. Loyalty account log-in information. If you receive this type of request, you should not respond to it. We also ask that you please notify us at info@hotelbrain.com.

 

INTERNATIONAL TRANSFERS OF PERSONAL INFORMATION

As a company, we endeavor to provide you with the same level of service that you have come to expect at HOTELBRAIN S.A. whether you are in Mykonos, Athens, Crete, Ionio or elsewhere. To provide this service, you acknowledge that we may share your personal information among members of the HOTELBRAIN S.A. Portfolio of Brands, our service providers, and other third parties, which may be located in countries outside of your own. The data controller may maintain a local copy of your personal information when so required by applicable laws or regulations. Although the data protection laws of various countries may differ from those in your own country, we will take appropriate steps to ensure that your personal information is handled as described in this Statement and in accordance with the law.

 

CHANGING AND ACCESSING YOUR PERSONAL INFORMATION

If you are a HOTELBRAIN S.A. Loyalty member, the information you provided to us at the time of registration may be accessed, reviewed and updated at any time by signing in to your HOTELBRAIN S.A. Loyalty profile.

To the extent required by applicable law, you may be able to request that we inform you about the personal information we maintain about you and, where appropriate, withdraw your consent for certain data processing activity and/or request that we update, correct, delete, and/or stop processing your personal information. We will make all required updates and changes within the time specified by applicable law and as required by law. When permitted by law, we may charge an appropriate fee to cover the costs of responding to the request. Such requests may be submitted in writing to DataProtectionOffice@hotelbrain.com or HOTELBRAIN S.A. Data Protection Officer, Konstantinou Karamanli St.195, 16673 Voula, Greece To protect your confidentiality, we can only respond to such requests to the email address that you have registered or otherwise provided to us. Please remember that if you make such a request, we may not be able to provide you with the same quality and variety of services to which you are accustomed.

In addition, in some circumstances based on applicable law, you may request that we cease sharing personal information about you with our business partners or that HOTELBRAIN S.A. cease using personal information about you by contacting us using the email or mailing address above. We will seek to honor those requests consistently with applicable law.

 

RETAINING PERSONAL INFORMATION

We retain personal information about you for the period necessary to fulfill the purposes outlined in this Statement unless a longer retention period is required or permitted by applicable law. We retain personal information collected in order to fulfill guest reservations for seven years after the stay is completed. We retain other personal information for shorter periods of time if possible and if permitted by law.

We will destroy your personal information as early as practicable and in a way that the information may not be restored or reconstructed.

If printed on paper, the personal information will be destroyed in a secure manner, such as by cross-shredding or incinerating the paper documents or otherwise and, if saved in electronic form, the personal information will be destroyed by technical means to ensure the information may not be restored or reconstructed at a later time.

 

CHOICES – MARKETING COMMUNICATIONS

If you have given us your contact information (mail address, fax number, email address or phone number), we may want to inform you in accordance with any preferences you have expressed, and with your consent where required, about our products and services or invite you to events via email, online advertising, social media, Viber, WhatsApp, Messenger, telephone, text message (including SMS and MMS), push notifications, in-app alerts, postal mail, our customer service call center, and other means (including on-property messaging, such as your in-room television).

If you are a HOTELBRAIN S.A. Loyalty member, you may change the communications you receive from us by logging on to your online account and managing your subscriptions, by writing to us (and including your email address) at DataProtectionOffice@hotelbrain.com or HOTELBRAIN S.A. Data Protection Officer, Konstantinou Karamanli St.195, 16673 Voula, Greece.

If you prefer not to receive email marketing materials from us, you may opt-out at any time by using the unsubscribe function in the email you receive from us. Opt-out requests can take up to ten business days to be effective.

To opt out of text messages, tell the hotel front desk that you do not want to receive text messages from the hotel or reply “STOP” to the message you received.

To be added to HOTELBRAIN S.A.’s internal do not call list, send a message to DataProtectionOffice@hotelbrain.com or HOTELBRAIN S.A. Data Protection Officer, Konstantinou Karamanli St.195, 16673 Voula, Greece.

You may control whether our mobile apps send you push notifications by changing your notification settings on your mobile device. If we engage in sending you in-app messages, we will allow control for those in our apps’ settings. For more information about cookies and interest-based advertising and to learn about how to manage these technologies, please see our Cookies Statement.

 

STATEMENT MODIFICATIONS

We may modify this Statement from time to time. When we make material changes to this Statement we will post a link to the revised Statement on the homepage of our site, and if you have registered for any of your products or services, will also inform you through a communications channel that you have provided. You can tell when this Statement was last updated by looking at the date at the top of the Statement. Any changes to our Statement will become effective upon posting of the revised Statement on the site. Use of the site, any of our products and services, and/or providing consent to the updated Statement following such changes constitutes your acceptance of the revised Statement then in effect.

 

 

CONTACT US

If you have any questions about this Statement or how HOTELBRAIN S.A. processes your personal information, or if you wish to either provide a compliment or a complaint, please contact us by email at DataProtectionOffice@hotelbrain.com or HOTELBRAIN S.A. Data Protection Officer, Konstantinou Karamanli St.195, 16673 Voula, Greece.

 

 

APPENDIX A

ADDITIONAL PROVISIONS APPLICABLE TO PROCESSING OF

PERSONAL INFORMATION OF EEA RESIDENTS

For individuals residing in the EEA, this Appendix outlines certain additional information that HOTELBRAIN S.A. is obligated to provide to you, as well as certain rights you have with respect to the processing of your personal information, pursuant to applicable local laws. This Appendix will control to the extent it conflicts with any provision in the main body of this Statement.

Controller: for more information on the HOTELBRAIN S.A. entities that process your personal information, please write to:

DataProtectionOffice@hotelbrain.com or HOTELBRAIN S.A. Data Protection Officer, Konstantinou Karamanli St.195, 16673 Voula, Greece.

Purposes and Legal Basis for Processing: HOTELBRAIN S.A. processes your personal information for the purposes set forth in Sections 4 (Use of Personal Information Collected About You) and 5 (Personal Information We Share) of the main body of this Statement.

The legal bases for HOTELBRAIN S.A.’s processing activities include processing such information as necessary to comply with our contractual obligations, compliance with our legal obligations, protecting the safety of our employees, guests, and others, for our legitimate business interests, and pursuant to your consent.

The particular legal basis for the processing of your personal information is based on the purpose for which such information was provided or collected:

Retention: We retain personal information about you for the time necessary to accomplish the purpose for which such information was collected, usually for the duration of any contractual relationship and for any period thereafter as legally required or permitted by applicable law. Our retention policies reflect the applicable statute of limitation periods and legal requirements.

Data Subject Rights: Residents of the EEA have the following rights:

Access, Correction and Erasure Requests: You have the right to:

Right to Object to Processing: You have the right to request that HOTELBRAIN S.A. cease processing of your personal information:

Right to Restrict Processing: You have the right to request that HOTELBRAIN S.A. limit the processing of your personal information:

Where we limit the processing of your personal information pursuant to your request, we will inform you prior to re-engaging in such processing.

Data Portability Requests: You have the right to request that we provide you or a third party that you designate with certain of your personal information in a commonly used, machine-readable format. Please note, however, that data portability rights apply only to personal information that we have obtained directly from you and only where our processing is based on consent or the performance of a contract.

Submitting Requests: your requests may be submitted by writing to the DataProtectionOffice@hotelbrain.com or HOTELBRAIN S.A. Data Protection Officer, Konstantinou Karamanli St.195, 16673 Voula, Greece. You may also update your personal information as provided in Section 12 (Changing and Accessing Your Personal Information) of the main body of this Global Privacy Statement.

We will respond to all such requests within 30 days of our receipt of the request unless there are extenuating circumstances, in which event we may take up to 60 days to respond. We will inform you if we expect our response to take longer than 30 days. Please note, however, that certain personal information may be exempt from such rights pursuant to applicable data protection laws. In addition, we will not respond to any request unless we are able to appropriately verify the requester’s identity. We may charge you a reasonable fee for subsequent copies of data that you request.

 

If you have concerns about our data practices or the exercise of your rights, you may contact HOTELBRAIN S.A. at  DataProtectionOffice@hotelbrain.com or HOTELBRAIN S.A. Data Protection Officer, Konstantinou Karamanli St.195, 16673 Voula, Greece.or the supervisory authority in the Member State of your residence.

Right to Withdraw Consent: You have the right to withdraw your consent to any processing that we conduct solely based on your consent (such as sending direct marketing materials to your personal email account). You may withdraw your consent to marketing activities by following the instructions on any marketing emails or contacting customer_privacy@hotelbrain.com. For any other activities for which you have previously consented, you may contact DataProtectionOffice@hotelbrain.com or HOTELBRAIN S.A. Data Protection Officer, Konstantinou Karamanli St.195, 16673 Voula, Greece to withdraw such consent.

Segmentation (also referred to as profiling) and Automated Decision Making: We use personal information to divide large groups of consumers into sub-groups of consumers (known as segments) based on some type of shared characteristics such as geography, behavior, or demographics.

With your consent, we make automated decisions, meaning without human interference, using segmentation and/or your specific personal information to offer you certain benefits based on your characteristics (such as discounted room rates or other special offers based on your geography, behavior, or demographics). For example, if you travel frequently during the week to hotels in France, we may send you special offers for HOTELBRAIN S.A. hotels in France.

International Data Transfers: We may transfer the personal information we collect about you pursuant to the purposes described in this Statement to countries that have not been found by the European Commission to provide adequate protection.

We use appropriate safeguards for the transfer of personal information among our affiliates in various jurisdictions, and where required, we have implemented European Union controller-to-controller standard contractual clauses or other such safeguards for such purposes. To obtain a copy of these clauses or additional information on transfers, you may send your request to DataProtectionOffice@hotelbrain.com or HOTELBRAIN S.A. Data Protection Officer, Konstantinou Karamanli St.195, 16673 Voula, Greece.