Privacy Policy
  1. Introduction

At Kinglin Athens (managed and owned by UTOPIA Properties μΙΚΕ) we stress the importance of privacy and are committed to adopting high standards for the protection of

personal information. This Privacy Policy outlines the way we collect, receive, and process your personal data (PD) when you contact us or use one of our services.

Moreover, this Privacy Policy aims to inform you (the natural person) about the type of PD we collect, why we collect it, on what legal basis it's been collected and processed, the policies and procedures we have established for its collection, procession, use, storage and for sharing certain types of personal data in certain limited circumstances. In addition, our Privacy Policy outlines the procedures you should follow if you have any questions or requests in respect of your personal information or our policies and procedures, or if you wish to update, manage, export or delete your personal information, as well as all the contact details for such requests, as listed in §13.

Furthermore, this Privacy Policy declares our compliance with legislation - and specifically with the EU General Data Protection Regulation 679/2016, as well as with the Greek National Law 4624/2019 - and also our respect for the protection of privacy and security of personal data.

This Privacy Notice applies to personal data provided to or collected by us (as the data controller) in connection with the services we offer.

This Privacy Policy was posted on our website on 01/03/2022, replaces any earlier post and t is generally addressed to any natural person who has made or intends to make use of our services as a customer.

  1. Who we are

Aiming to offer guests an incomparable experience during their stay, Kinglin Athens luxury apartments provide them with a unique experience of the flowing warmth of Greek hospitality and the elegance of a heritage home breathing history and style. From welcoming goods to personalized amenities, private transportation, wellness - beauty and fitness services, car - limo and helicopter rentals, organized private tours and excursions with experienced travel tips and endless choices for entertainment and leisure, every guest is treated as a VIP, going above and beyond to grant your every wish. At Kinglin Athens each guest will experience a high standard of luxury, unique access to exclusive services and activities.

  1. What PD we process

Personal data (PD) means any information that can be used to identify directly or indirectly a specific individual (you as a natural person).

We have to process PD (ie to collect, manage, store, delete) for the effective execution of our everyday business functions and services and, in some occasions, for the compliance with relevant legislation and regulations.

You (as a natural person) are not obliged to provide us the personal data that we request, but if you choose not to do so, we may not be able to provide you with specific services, or with high quality services or respond to any queries you may have.

When making a reservation (over the phone, by using our website, or at our premises) or using our services it is necessary for us (Kinglin Athens) to have information in order to identify you, contact you and process your purchase and requests.

This information (personal data), depending on the type of transaction, usually includes your name, address, phone number, e-mail address, time of booking, personal identification document with date of birth upon check-in, IBAN, credit card number and expiration date.

It may also include, if you choose to share that information with us, your preferences

regarding the delivery of your service such as flight number & time of arrival for provision of transfer services, type of room, type of bed, and demographic information such as country of residence, preferences and interests.

We do not seek to collect personal information about children under 13, and you must be 18 or older to use our services.

We may use the information you provide to send you offers and information about our services.

  1. Why we collect PD

We require certain PD (personal data) to understand your needs and provide you with a better service, and in particular for the following reasons:

- To establish and maintain a responsible commercial relationship with you and to provide ongoing service.

- To understand your needs and preferences. We maintain a record of the products and services you receive from us and we may ask for additional information so that we can serve you better. For example, we may record your preference for room type.

- To develop, enhance market or provide products and services. For example, we look at our guests' use of our services so that we can better understand how to improve our services.

- To manage and develop our business and operations. For example we analyze guest patterns of usage of our services to help us manage them efficiently and plan for future growth.

- To meet legal and regulatory requirements.

  1. How do we collect PD

We may collect personal data from a variety of sources. This includes:

  • Personal data you give us directly by making a reservation, or by using our services.
  • You have made an information request, a complaint or enquiry to us.
  • Personal data we collect automatically when visiting our website, and/or booking engine.

We use various kinds of technologies for the collection and storage of the information, including the use of cookies (see §11). Our web server collects information (such as ΙΡ address, search engine, ....) used for activities such as calculating number of visitors at our

website, identifying points of interest, checking communication effectiveness, etc. We do not process GPS-type data.

We may also receive personal information indirectly, in the following scenarios:

- We have seized personal information as part of market research or an investigation.

- From our partners or cooperating organizations.

- It is likely to use information from advertising networks, our customers or third parties, in order to let you know about special services that may interest you.

- Your personal information is publicly available.

When you contact us, we keep a record of our communication messages so as to resolve any issues that may arise. We do not allow any unauthorized entities, especially without your consent, to access your personal information.

  1. When do we disclose PD

We disclose personal information only in these limited circumstances:

  • We may disclose a guest's personal information to a person who, in our reasonable judgment, is seeking the information as an agent of the guest - for example, a travel agent who is booking a reservation on behalf of the guest.
  • Personal information will be shared with a third party involved in supplying the guest with the services they have purchased to the extent necessary to affect the supply and the processing of the transaction (i.e. beauty, massage services etc.).
  • Personal information may be shared with a third party retained by us to perform functions on its behalf such as reservations handling, data processing or storage, guest surveys or research.
  • Personal information may be shared with an agent retained by us to evaluate a customer's credit worthiness or in order to collect a customer's account.
  • Personal information may be shared with a public authority or an agent of public authority if in our reasonable judgment it appears that there is an imminent danger to life or property which could be avoided or minimized by disclosure of the information, or which disclosure is compelled by a legal authority. Personal information may also be shared when it is reasonably necessary and in order to comply with laws, regulations, legal procedures or governmental demands.
  • Personal information may be shared with data processors, who are third parties, who provide to us elements of services. We have contracts in place, with our data processors. This means that they cannot do anything with your PD unless we have instructed them to do so. They will not share your personal information with any organization apart from us. They will hold it securely and retain it for the period we instruct them.

Any such disclosure of a guest's personal information, by us to a third party, will be made only on a confidential basis (NDA) conditioned upon the information being used only for the purpose for which it has been disclosed.

  1. How we use PD

We process (i.e. collect, store, disclose, delete etc) your personal data (PD) only for specific and limited purposes. Moreover, we will only use your personal data, where we have a legal ground to do so, in order to:

- Process your request and satisfy your demand

- Provide you with personalized and updated services

- Contact you to ask for your opinion (your opinion may be posted on our website) or let you know about new services that may interest you

- Process your payment or prevent or detect potential frauds

- Respond to your questions or complaints

- Implement the framework of this Privacy Policy

- Develop and improve our services, communication methods and the functionality of our websites

- Provide personalized communication and targeted advertising. In cases where we use your personal information for direct marketing purposes, promotional communication for new services or other offers, that we believe may interest you, such as special discounts, special offers for children or seniors etc., you may exercise your rights (see §9) by informing us that you do not wish to receive such messages from us in the future (see §13).

  1. How long we keep your Personal Data

We keep your personal data for only as long as we need to. It depends on what we are using it for, as set out in this Privacy Policy.

For example, we may need to use it to answer your queries, complaints, or comments about a service and - as a result - we may retain your personal data for a reasonable amount of time after the queries and complaints have been answered, and the service has been completed (eg a period necessary for possible claims to be answered, or as regards comments, a period necessary for them to be reviewed by our personnel, for the purposes of recognizing employees for excellence of service delivery and for developing

improvements in service delivery). We may also need to keep your personal data for accounting purposes (the retention period depends on tax authorities' legislation or financial audits regulations).

If we no longer need your data, we will permanently delete / destroy them.

In addition, your personal data retaining period depends on the lawfulness of processing (legal basis for the processing), such as:

- When the processing of PD is necessary for the purposes of the legitimate interests pursued by Kinglin Athens, then processing of personal data will take place for as long as is necessary for the pursuit of Kinglin's intended purpose and for as long as it is required until the lapse of any relevant claim has expired.

- When PD is voluntarily provided by natural persons themselves, for example as part of the registration at check-in, we will retain your data (both in hard copy and in electronic form) for as long as we maintain a contractual relationship with you or for as long as it is necessary for compliance with our legal obligations or until your relevant consent has been withdrawn. In any case we shall retain your PD depending on our legal obligations or the lapse of possible legal claims.

- When you (the data subject) withdraw your consent to the processing of your personal data and we have no other legitimate reasons to continue its process, we will destroy/delete your personal data. However, when you unsubscribe (eg from marketing communications or webpage) we will maintain your email address to ensure that we do not send you any mail/form in the future.

- When processing is necessary for the performance of a contract to which you (the data subject) are a part or in order to take steps at your request prior to entering into a contract; then we will retain your data for as long as you maintain a contractual relationship with us or for as long as it is necessary for compliance with our legal obligations or for as long as it is required until the lapse of possible legal claims.

  1. Your Rights

Under data protection law, you have rights we need to make you aware of. The rights available to you (as our guest, user of our services, our website visitor etc) depend on our reason for processing your personal information (ie your rights should not be contrary to relevant legislation). Specifically, your rights are:

- Your right to be informed: You have the right to be provided with clear, transparent and easily understandable information about how we use your personal data and your rights. This Privacy Policy is providing you with relevant information.

- Your right to access and rectification: You have the right to access, correct or update your personal data at any time.

- Your right to PD portability: You can receive personal data you have provided us with, in a structured, machine-readable and interoperable format, and to transmit it to another controller. This right should apply where your personal data has been provided on the basis of your consent or in the framework for the performance of a contract.

- Your right to erasure: You have the right to ask us to erase your personal information in certain circumstances. The exercise of your right can always be done in accordance with legal requirements (eg you cannot ask for a deletion of your PD when tax authorities require it to be retained for 10 years).

- Your right to restriction of processing: You have the right to ask us to restrict the processing of your information in certain circumstances, including processing for direct marketing.

- Your right to submit a complaint to the Hellenic Data Protection Authority, http://www.dpa.gr/ or any national Data Protection Authority about how we process your personal data.

- Your right to withdraw consent: If you have given your consent to anything we do with your PD, you have the right to withdraw your consent at any time (although if you do so, it does not mean that anything we have done with your valid consent up to that date is unlawful). You can withdraw your consent to the processing of your PD at any time by contacting us, through ''Contact Us'' (see § 13).

You can exercise your rights by sending an email to ''Contact Us'' (§ 13) asking for a Subject Access Request (SAR) form, and submitting the properly filled SAR form through the "Contact Us". We are obliged to respond to you within one month of the receipt of your SAR.

Further information and advice about your rights can be obtained from the Hellenic Data Protection Authority, http://www.dpa.gr/ or any national Data Protection Authority in your country.

  1. Our Obligations

We (Kinglin Athens) are responsible for accountability; in respect with the principles of processing personal data (ie legitimacy, objectivity and transparency, purpose limitation, minimization of PD, accuracy of PD, limitation of storage period, security, integrity, and confidentiality).

We shall not collect, use or disclose your personal information for any other purpose than those identified above, except with your consent.

We will only use (process) your personal data where we have a legal ground to do so. We determine the legal grounds based on the purposes for which we have collected and used your personal data. In every case, the legal ground will be one of the following:

  • Your Consent: For example, where you have provided your consent to receive offers or marketing emails from us. You can withdraw your consent at any time by submitting an email to "Contact Us'' (§13 of Privacy Policy).
  • Performance of a contract with you (or in order to take steps prior to entering into a contract with you): For example, where you have purchased a service from us and we need to use your contact details and payment information in order to process your order and deliver your service or to contact customer satisfaction survey.
  • Compliance with legislation: In some cases, we may have legal obligation to process / retain your personal data, (eg compliance with legislation relevant to tax authorities or financial investigation units).
  • Our legitimate interests: if processing is necessary for the purposes of our legitimate interests, except where such interests are overridden by your interests or fundamental rights and freedoms. This is the case when it is necessary to understand our customer, promote our services or operate our sites and apps efficiently. For example, we will rely on our legitimate interest when we study what content has been viewed on our sites and apps, so that we can understand how they are used. It is also in our legitimate interest to carry out marketing analysis to determine what services may be relevant to the interests of our customers and potential customers.

In the framework of pursuing our legitimate interests (protection of persons and goods) we operate in the building a CCTV system (excluding the rooms' interior, including the balconies). Guests have in their disposal cover-hoods for the cameras mounted in the balconies. The CCTV system retains data for a limited period of 14 days, which may be prolonged in case of investigation by the relevant law authorities.

In addition, we implement the appropriate technical and organizational measures to protect us and our partners against unauthorized access or alteration, tampering or destruction of PD we have in our possession.

Specifically:

- We control data collection, storage and processing practices, including security measures (access control), to protect against non-authorized access to systems and processes.

- Access to personal information is limited & controlled, and subject to strict contractual obligations of confidentiality.

- In case that our partners (third parties for maintenance or support purposes) have potential access to PD, certain appendices of the existing cooperation contracts cover the requirements of the Data Protection Regulation.

Throughout the entire processing cycle of PD (from collection to destruction), we take the appropriate technical and organizational measures to ensure the confidentiality, integrity and availability of PD. Similar measures are required by third parties who handle or process PD on our behalf.

  1. Use of Cookies

We use "cookies" on our website. Cookies are pieces of information that an Internet site transfers to your hard drive for record-keeping purposes. The use of cookies is an industry standard -- you'll find them almost everywhere on the Internet. Our site and our booking engine use cookies to recognize visitors when they return to our sites. Once we know it's you, we can customize your online visit.

You may refer to our booking engine's Privacy Policy for detailed information regarding the Cookies used by the booking engine.

In Kinglin's web-site you have the options to either ''disable all'' or ''allow all'' or ''customize'' our cookies. However, if you choose to modify (customize) cookies the ''necessary cookies'' shall remain on. The necessary cookies are classified as cookies that must be present for the website to provide the basic functions of the website.

Even after your initial settings selection, you can change your cookie settings for our website at any time.

  1. Links to other websites

Our website may contain links to other websites (eg booking engine). We (Kinglin Athens) do not control any third-party website and therefore we cannot be held responsible for the content of any linked website or any link contained therein. Where we provide links to websites of other organizations it's only for your own convenience and, therefore, you should exercise caution and look at the privacy statement applicable to the website in question.

  1. Contact Us

You can contact us at:

Kinglin Athens

Mitromaras 8 Athens

Tel: +302109213994

Email: reservations@kinglinathens.com

Web: https://www.kinglinathens.com