Privacy Policy

Elia Restaurant (hereinafter referred to as restaurant) considers the protection of your personal data as a high priority.

This Personal Data Protection Statement describes the personal data the Restaurant collects about you, how we use and protect your personal data, the options you have about the way we use this data.

The use of the Internet pages of the Restaurant is possible without any indication of personal data; On this website, the Restaurant has integrated the component of Google Analytics with the application of Anonymizer function. Google Analytics is a web analytics service that places a cookie on the information technology system of the data subject for the collection, gathering and analysis of data about the behavior of visitors to websites. By means of this Anonymizer application the IP address of the Internet connection of the data subject is abridged by Google and anonymized when accessing our websites from a Member State of the European Union or another Contracting State to the Agreement on the European Economic Area. Cookies already in use by Google Analytics may be deleted at any time by the data subject.

However, if a data subject wants to use special enterprise services via our website, processing of personal data could become necessary. If the processing of personal data is necessary and there is no statutory basis for such processing, we generally obtain consent from the data subject.

 

1. Which personal data we collect about you

• Customer Details: Name, Surname
• Contact Details: Phone number, Email
• Reservation Details: Date of Reservation
• Medical data related to your health: Food Allergies, Food Intolerances

 

1.1 Surveys: We may be asking for demographic data or other personal data for the customer surveys we conduct

1.4 Personal data we collect from third parties. It is also possible to collect data about you from third parties, including data from our partners in card payments and from other partners, including social networking according to your settings in these services, as well as from other third party sources who have the legal right to share your data with us.

We use this data for the purposes described in this Statement.

 

2. How we process your personal data

2.1 Service Management: We use your personal data for table reservation and other associated services such as requests related to booking, etc.)

2.2 Promotional Activities: We may use your personal data to send you a “Thank You” letter via your e-mail. You may choose to opt in/out of this service.

2.3 Improving the quality of service: We may use your personal data to improve the quality of the Restaurant’s services and to ensure that our products and services are of interest to you.

2.4 Personalization of the Service: We may use your personal data to make your experiences with us more personal and more social aiming at offering you diversified services.

 

3. What is the Legal Basis for the Processing

Depending on the purpose for which data is used, the legal basis for processing your data may be:

3.1 Your consent

3.2 Our legitimate interest, and in particular:

• for legal reasons, when processing is required by the applicable law
• the contract between us
• The execution of the contract concluded for the provision of table reservation as a service. The provision of data is mandatory as it is the requirement to provide the service and the security of the payment.
• to improve our services
• to prevent fraud: ensure that each payment is completed without any fraud or appropriation

6. How we protect your data

We use reasonable physical, electronic, and administrative safeguards to protect your Personal Data from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into account the nature of the Personal Data and the risks involved in processing that information. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure.

Among other things, we have implemented the following technical and organizational measures:

• Encryption
• detecting and managing security breaches
• use of servers located in rooms with restricted access and subject to regular checks
• use of information systems and programs for computers that are installed in a way that minimizes the use of personal data and/or user authentication data
• adoption of individual procedures for the retention of personal data and their secure deletion/destruction
• access to systems and databases on a need-to-know basis

 

7. Rights of the Data Subject

7.1 Right to receive transparent information: Each data subject shall have the right granted by the European legislator to obtain from the hotel the confirmation as to whether or not personal data concerning him or her are being processed.

7.2 Right of Access: Each data subject shall have the right granted by the European legislator to be aware of and to verify the legitimacy of the processing.

7.3 Right of Rectification: Each data subject shall have the right granted by the European legislator to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her.

7.3 Right of Deletion: You have the right to request a deletion of your personal data when:
a) your data is no longer necessary in relation to the purposes it was initially processed for
b) you withdraw your consent
c) data has been processed illegally
d) The data must be deleted by law

In all other cases, this right is subject to specific restrictions or does not exist as the case may be.

7.4 Right to limit processing: You have the right to request a limitation to the processing of your personal data in the following cases:

1. a) when the accuracy of personal data is questioned
   b) when you oppose the deletion of personal data and request instead the limitation of its use
   c) when personal data is not needed for the initial purpose, yet it is necessary for the establishment, exercise, support of legal claims
2. d) when you object to the processing and until it is verified that there are legitimate reasons that concern us and prevail over the reasons for which you are opposed to the processing.

7.5 Right to object to processing: At any time, you have the right to object to the processing of your personal data for the cases where, as described above, it is necessary for the purposes of legitimate interests we seek as processors, as well as for the processing for direct marketing purposes and consumer profiling.

7.6 Right to Data Portability: You have the right to receive your personal data free of charge in a format that allows you to access it, use it, and process it with commonly-used processing methods. You also have the right to ask from us, if technically feasible, to transfer the data directly to another processor. Your right to do so exists for the data you have provided to us and the processing is carried out by automated means based on your consent or on the execution of pertinent contract.

7.7 Right to file complaint to the DPA. You have the right to file a complaint with the Personal Data Protection Authority (www.dpa.gr): Telephone Center: +30 210 6475600, Fax: +30 210 6475628, E-mail: [email protected]

8. Transmission of personal data outside the EU

The personal data we collect from you is not transmitted or processed outside of the European Union.

9. Data processing period

• We retain your personal data for as long as it is required to fulfill the purposes of this Statement, unless the applicable laws require or allow for a longer period of time.
• We retain personal data collected to satisfy customer reservations for seven years after the end of the stay. We retain other personal data for shorter intervals if this is possible and permitted by law.
• When processing is required as an obligation under provisions of the applicable legal framework, your personal data will be stored for as long as required by the relevant provisions
• When processing is done on the basis of a contract, your personal data will be stored for as long as necessary to execute the contract and for the establishment, exercise, and/or support of legal claims under the contract.
• For marketing purposes, your personal data is retained for up to five years. In any case, you can revoke your consent. Withdrawal of consent does not affect the legality of consent-based processing performed in the period before its revocation. To revoke your consent, please contact the Hotel Data Protection Officer (DPO)
• We will destroy your personal data as soon as possible and in a way that will not allow the data to be restored or reconstructed.

 

10. How to contact us

NAME AND ADDRESS OF THE CONTROLLER

Controller for the purposes of the General Data Protection Regulation (GDPR), other data protection laws applicable in Member states of the European Union and other provisions related to data protection is:

High Beach S.A.

Malia, 70007 Crete, Greece

Phone: +30 2897032783

Email: [email protected]

Website: https://elia.restaurant

 

NAME AND ADDRESS OF THE DATA PROTECTION OFFICER

The Data Protection Officer of the controller is:

Chrisoula Chatzidaki

Data Protection Officer

Ethnikis Antistasseos 122, 71306, Crete, Greece

Phone: +30 2810301745

Email: [email protected]

Website: https://elia.restaurant

Any data subject may, at any time, contact our Data Protection Officer directly with all questions and suggestions concerning data protection.

 

11. Update to this Privacy Policy

This Statement was last updated on May 23, 2024.

We reserve the right to modify and update this Statement at any time, for any reason, without notice to you, other than posting the updated Statement on our website.