Meltemi Villas Privacy Policy

Meltemi Villas Privacy Policy

Privacy terms and data processing agreement

  1. Meltemi Villas

Periyiali Ktimatiki Ltd is a Republic of Cyprus based company, with registered office at 5 Nikola Azina 8221 Chloraka, Cyprus.

Periyiali Ktimatiki Ltd operates under the registered trade name “Meltemi Villas”.

Our business operations are located in the Republic of Cyprus and we store our data on servers in the European Economic Area (EER). Our website server is physically located in The Netherlands, our booking engine system is hosted in Germany and our primary email database is hosted in the Republic of Ireland. Other office documents are stored in servers located in the Republic of Ireland, Germany and locally at our premises in the Republic of Cyprus. All local storage is encrypted and password protected.

Meltemi Villas is committed to comply with all applicable Cyprus and European data protection laws and regulations and is dedicated to protecting your privacy and safeguarding your personally identifiable information (hereinafter “Personal Data”) whether you are making a reservation or you are staying in the villas that we manage (hereinafter “Guest”, “Customer” or “you”).

Meltemi Villas is committed to respecting your privacy and adhering to the principles of applicable data protection and privacy laws. This Notice contains information in accordance with Article 13 of the General Data Protection Regulation (Regulation EU 2016/679 – GDPR), regarding the processing of your Personal Data as a Guest by Meltemi as Data Controller.

Periyiali Ktimatiki Ltd (“Meltemi Villas”) uses and maintains these terms for privacy (“Privacy Terms”) that summarizes when and how your Personal Information is collected, used, safeguarded and disclosed in connection with your access to, and use of, websites operated by Meltemi Villas and any micro-sites, mobile site or subdomains of such sites (collectively, the “Website”) and all features, functions, software and services offered through the Website (including the online booking engine). The Website and the features, functions, software and services offered through the Website collectively constitute the “Service.”

If you would like to make use of the Service, you will have to enter into an agreement with Meltemi Villas for use for the Service. After you have entered into the agreement (the “Agreement”) you are a customer of Meltemi Villas (“Customer”).

  1. Data processing agreement

These Privacy Terms apply to the Service. By entering into the Agreement the Customer accepts these Privacy Terms. In this respect, these Privacy Terms serve as a (one-sided) data processing agreement between the Customer and Meltemi Villas.

We reserve the right to change the provisions of these Privacy Terms from time to time. If we make changes, we will notify Customer in advance. Customer will have to explicitly accept the amended Privacy Terms.

If Customer does not explicitly accept the amended Privacy Terms and this results in a situation in which Meltemi Villas in its sole opinion is not willing or able to continue to provide the Service, Meltemi Villas has the right to terminate the Agreement and this data processing agreement without being liable to Customer.

As long as Customer has not explicitly agreed to the amended Privacy Terms, the then current version of the Privacy Terms shall apply to the provision of the Service until the Agreement is terminated.

We encourage you also to periodically review the latest Privacy Terms.

  1. Definitions

Definitions will be defined in this agreement. If a definition is not defined in this agreement, the definition will be defined by the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and appealing Directive 95/46/EC (the “GDPR”).

  1. What is Personal Information?

“Personal Information” means any information relating to an identified or identifiable natural person (“data subject”) according to the definition of personal data as set out in GDPR.

An identifiable person is someone who can be identified, directly or indirectly, in particular by reference to a name, an identification number, location data, an online identifier or to one or more factors specific to his physical, physiological, genetic, mental, economic, cultural or social identity.

“Personal Information” is information that identifies an individual (such as a name, address, telephone number, mobile number, e-mail address, or other account numbers), and all information about that individual’s location or activities, such as information about his or her use of the Service, IP-addresses or mobile device identifiers, when this can be linked to any Personal Information.

“Personal Information” also includes demographic information such as date of birth, gender, geographic area and preferences when this information can be linked to any other Personal Information.

“Personal Information” does not include “aggregate” information, which is data about a group or category of products, services or users, when this “aggregate” information cannot be linked to any Personal Information. Aggregate data helps us understand trends and our Customers’ needs so that we can better consider new features and functions, or otherwise tailor our Services. These Privacy Terms do not restrict or limit our collection and use of “aggregate” information.

  1. What Personal Information do we collect?

Active Collection

Personal Information may be collected in a number of ways when Customer uses our Service.

We generally collect your Personal Data directly from you, but in some cases we may collect your Personal Data from other sources. We do not generally collect Special Categories of personal data, unless it is volunteered by you or unless we are required to do so pursuant to applicable laws or regulations. We may use health data provided by you to serve you better and meet your particular needs and special requests or those of your companions.

Types of Personal Data which we collect include among others the following:

If you make a reservation:

  • Your full name, home, professional and e-mail addresses, telephone and fax numbers, date of birth, gender, lifestyle information such as room preferences, leisure activities, and other information necessary to fulfill special occasions and special requests (e.g. health conditions that require special room accommodations, religious and dietary requests) home, professional and email addresses, telephone and fax numbers, ID and Passport numbers, Tax Identification Number, nationality, country of residence, date of birth, gender, marital status and occupation.

During and after your stay at Meltemi Villas:

  • If Customer contacts us by e-mail or other means, we may collect the content of the messages, e-mail address and our response.
  • Your full name, home, professional and email addresses, telephone number, ID and Passport numbers, Tax Identification Number, nationality, country of residence, date of birth, gender, marital status and occupation.
  • Details of your stay, such as arrival and departure dates, type of room, room preference, full names, dates of birth and passport numbers of companions, purpose of visiting (e.g. vacation, business, conference etc.), special occasions, specific requests to Meltemi Villas (e.g. health conditions that require special room accommodations, any special dietary, religious or disability requests).
  • Information relating to your membership in, participation at or receipt of one of our services or programs, such as Customer ID, honorific, points history etc.
  • Social preferences, interests and leisure and any other activities, frequent guest’s itinerary/program.
  • Food and beverage consumptions in-room and within the Meltemi Villas, bills details.
  • Information on your bookings and payments (guest’s IBAN) from on-line system, payment ID, booking reference.
  • Details of complaints and other remarks you may have.
  • Details of illness/accident, past history records, name of doctors in case of illness or injury during your stay at Meltemi Villas and other remarks you may have.
  • Details of claims, name of lawyer and other remarks you may have.
  • Reviews/feedback in relation to our services provided during your stay, post photos, quotes.
  • Additionally, in the course of your reservation or your stay at Meltemi Villas you may be asked to provide us with the aforementioned Personal Data about other individuals such as your companions. By providing such information, you represent and warrant to us that you have obtained such individuals’ permission to so do and that such individuals are aware of, understand and accept our Privacy Policy and this Notice.
  • The registration of Customer and/or correspondence with us via e-mail constitutes a commercial relationship and implies the Customer’s consent for us to communicate to Customer about our Service.
  • Personal Information and demographic information may also be collected if Customer provides such information in connection with creating a profile or group, leaving comments, posting content, sending an e-mail or message to another user or participating in any interactive chat rooms, forums or features on the Website and when Customer uses our Service.

Log Files

  • When Customer uses the Service, some information of Customer is also automatically collected, such as its: Internet Protocol (IP) address, operating system, the browser or mobile device type, the address of a referring website, Customer’s activity on the Website and regarding the use of the Service.
  • IP addresses are collected as a part of demographic and profile data known as traffic data so that data can be sent to Customer.
  • We treat this information as Personal Information if this information can be linked to any Personal Information mentioned above. Otherwise, it is used in the aggregate only.

Cookies

  • By using the Website Customer agrees that we may automatically collect certain information through the use of “cookies”.
  • Cookies are small data files that are stored on a user’s hard drive at the request of our Website which enable us to recognize Customers who have previously visited the Website. Furthermore, the Cookies allow us, in conjunction with our web server’s log files, to calculate the aggregate number of people visiting our Website and which parts are most popular. This helps us gather feedback to improve our Website and better serve our Customers.
  • Cookies do not allow us to gather any Personal Information about Customer and we do not intentionally store any Personal Information that your browser provided us in your Cookies.
  • If Customer wishes to block, erase, or be warned of cookies, please refer to your browser or mobile device’s instructions or help screen to learn about these functions. However, if a browser or mobile device is set not to accept cookies or if a user rejects a cookie, some portions of the Website and Service may not function properly. For example, Customer may not be able to sign in and may not be able to access certain Website features or Service.
  • You may find out more specific information about our use of cookies and web beacons at our Cookie Policy. You can find out more information about how to change your browser cookie settings at www.allaboutcookies.org.
  • We may also use third parties to serve ads on our Website. These third parties may place cookies, clear gifs or other devices on your computer to collect information, and information provided by these devices may be used, among other things, to deliver advertising targeted to your interests and to better understand the usage and visitation of our Website and the other site Websites tracked by these third parties. If you wish to not have this information used for the purpose of serving you targeted ads, you may opt-out by clicking here www.youronlinechoices.eu. Please note this does not opt you out of being served advertising. You will continue to receive generic ads. Please note that we have no access or control of any third party tracking technologies. If you wish to block third-party cookies, please refer to your browser instructions or help screen to learn about these functions.
  • We use Google Analytics to analyse the use of this website. Google Analytics generates statistical and other information about website use by means of cookies, which are stored on users’ computers. The information generated relating to our website is used to create reports about the use of the website. Google will store this information. Google’s privacy policy is available at: http://www.google.com/privacypolicy.html.

Device Identifiers

  • When Customer accesses the Service by or through a mobile device (including but not limited to smartphones or tablets), we use one or more “device identifiers,” such as a universally unique identifier (“UUID”). Device identifiers are small data files or similar data structures stored on or associated with Customer’s mobile device, which uniquely identify its mobile device.
  • A device identifier may be data stored in connection with the device hardware, data stored in connection with the device’s operating system or other software, or data sent to the device by us. A device identifier may convey information to us about how Customer browses and uses the Service. A device identifier may remain persistently on your device, to help you log in faster and enhance your navigation through the Service. Some features of the Service may not function properly if use or availability of device identifiers is impaired or disabled.

User Identifiers

  • When Customer accesses the Service, we use one or more “user identifiers.” User identifiers are small data files or similar data structure assigned to a Customer that will be used to enable Customer to continue to use the Service. A user identifier may convey information to us about how Customer browses and uses the Service. A user identifier may remain persistently on Customer’s device or computer, to help Customer log in faster and enhance Customer’s navigation through the Service. Some features of the Service may not function properly if use or availability of user identifiers is impaired or disabled.

Location Data

  • When Customer accesses the Service by or through a mobile device, we may access, collect, monitor and/or remotely store “location data,” which may include GPS coordinates (e.g. latitude and/or longitude) or similar information regarding the location of your mobile device. Location data may convey to us information about how you browse and use the Service. Some features of the Service, particularly location-based services, may not function properly if use or availability of location data is impaired or disabled.

Other sources of Personal Data

In some cases we will receive your Personal Data from other sources such as:

  • A third party agent such as an online travel agency, business partner, travel agent or tour operators when you make a reservation through them.  
  • Your insurance company, their agents, doctors, your companions may disclose or share Personal Data or relevant medical/health data (special categories of Personal Data) with us in case of an accident/injury/an emergency situation on your behalf.
  • In addition, from time to time we may collect demographic, contact or other Personal Information Customer provides in connection with Customer’s voluntary participation in surveys, sweepstakes, promotional offers, and other activities.

From time to time we may change the information requested upon registration or with respect to certain features or Service. Meltemi Villas will inform Customer of such change.

From time to time we post customer testimonials/comments/reviews on our Website which may contain personally identifiable information. We will obtain the Customer’s written consent via e-mail prior to posting the testimonial to post their name along with their testimonial.

  1. Controller of Personal Information

Customer will at all times be the data controller of the Personal Information for purposes of the Service and these Privacy Terms. Meltemi Villas shall at all times remain the data processor. If Meltemi Villas nevertheless processes Personal Information for its own purposes, Meltemi Villas will be deemed to be a (joint) data controller with regard to the Personal Information. A ‘data controller’ and ‘data processor’ shall have the same meaning as in the GDPR.

Customer shall be responsible for compliance with its obligations as data controller under the applicable data protection law, in particular for justification of any transmission of Personal Information to Meltemi Villas and for the decision concerning the processing and use of the Personal Information. This shall include providing any required notices and obtaining any required consents. If Meltemi Villas is deemed to be a (joint) data controller in relation to the Personal Information, it shall also be responsible for compliance with its obligations as data controller under the applicable data protection law.

  1. Purposes of processing Personal Information

Meltemi Villas collects and process your Personal Data for the following purposes:

  • Performing a contract or transaction such as making a reservation and handling your stay at Meltemi Villas, by providing the products and services you requested, fulfilling your special requests;
  • Better understanding your interests and preferences and offering you a unique experience during your stay;
  • To comply with obligations imposed by law or regulations such as the tax authorities or the police;
  • Handling your remarks, complaints, incidents, illnesses, accidents and claims during your stay or after your departure;
  • Managing and improving our products, services, programs, various types of communications, advertising campaigns, and/or promotional activities, our day-to-day operations and your experience from Meltemi Villas;
  • For marketing reasons/communications with you in relation to the products and services offered by Meltemi, our strategic marketing partners, and other trusted third parties,
  • To make contact or interact with you, to conduct financial data evaluation/statistical analysis based on demographics, reservation, your stay or other data/market research and for your registration to our loyal membership program.
  1. Legal basis for processing your personal data

We are committed to collecting and processing your Personal Data in accordance with applicable data protection laws. We will only process your Personal Data if at least one of the following conditions applies:

  • You have given your consent to the processing of your Personal Data for one or more specific purposes e.g. for marketing purposes and subscribing to receive newsletters;
  • Processing is necessary for the performance of a contract with you or in order to take steps at your request prior to entering into a contract e.g. to make a reservation and provide the products and services you request;
  • Processing is necessary for compliance with a legal obligation to which Meltemi is subject e.g. sharing your Personal Data with regulatory authorities;
  • Processing is necessary in order to protect your vital interests or those of another natural person e.g. in an emergency, an incident, illness or accident;
  • Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in Meltemi;
  • Processing is necessary for the purposes of the legitimate interests pursued by Meltemi or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of Personal Data, e.g. when it is necessary to protect our property or establish, exercise or defend legal claims.

Consent

As part of our commitment to keep you informed, we may mail, e-mail, telephone, or contact you by other means to inform you about news, events, activities, new Meltemi products and services, or upcoming Meltemi special offers, events, enhancements, or other relevant information that may be of interest to you. You may also receive mailings or other communications from carefully selected third parties. We always offer you the option to decline any or all of these communications by following the directions included in our e-mails or other communications, or by contacting Meltemi directly.

Meltemi includes, in any case, provisions for:

  • Determining what disclosures are made in order to obtain valid consent.
  • Ensuring the request for consent is presented in a manner which is clearly distinguishable from any other matters, is made in an intelligible and easily accessible form, and uses clear and plain language.
  • Ensuring the consent is freely given (i.e. is not based on a contract that is conditional on the processing of Personal Data that is unnecessary for the performance of that contract).
  • Documenting the date, method and content of the disclosures made, as well as the validity, scope, and volition of the consents given.
  • Providing a simple method for a data subject to withdraw their consent at any time.
  1. Who might we share your personal data with?

We apply strict security rules regarding the processing of Personal Data and third parties’ access to our records and files. We only share your Personal Data when this is necessary to conduct our business or to fulfil an obligation imposed by law.

We may share your information with:

  • Any subcontractors or agents or employees, for purposes connected with the provision of our services/products and the management of our business and for Meltemi Villas to perform the accommodation contract with the Guest and in particular exercise their rights and fulfil their obligations deriving from the accommodation of the Guest and comply with obligations imposed by law or regulations such as the tax authorities or the police;
  • Our third-party partners, service providers, tour operators, suppliers, bankers and retail partners for the purposes of operating and providing you with the products and services that you have requested;
  • Professional advisors and auditors for the purpose of seeking professional advice or to meet our audit responsibilities;
  • Tour operators, insurance companies, insurance brokers, doctors, lawyers for the purposes of handling accidents, illnesses and claims.
  • Any third party in order to meet our legal and regulatory obligations, including statutory or regulatory reporting or the detection or prevention of unlawful acts, tax, regulatory or other public authorities.

When we share Personal Data with other organizations/ third-parties, we safeguard that they keep them safe, that they are authorized to retain these data and that they must not use your Personal Data for other purposes. Such sharing or transfer of Personal Data will be protected by appropriate safeguards (e.g. appropriate contractual clauses, data processing contracts, intra-group disclosures of Personal Data, etc.) and in particular if the recipient operates outside the EEA, appropriate protections will be put in place to make sure your Personal Data remains adequately protected including appropriate contract clauses such as standard contract clauses approved by European Commission.

From time to time, we may also share Personal Information with third parties when you give us your consent to do so. For example, we may enter into relationships with other parties to make specific services or offers available directly to our users. If a user opts-in to these third party services or marketing offers, we may share the Personal Information you provide at the time of sign-up or such other Personal Information, such as your name or other contact information, that we deem reasonably necessary or appropriate for our business partner to provide these services or offers or get in contact with you.

We may disclose Personal Information in the good faith belief that we are lawfully authorized or required to do so, or that doing so is reasonably necessary or appropriate to comply with the law or with legal process or authorities, respond to any claims, or to protect the rights, property or safety of Meltemi Villas, our users, our employees or the public, including without limitation to protect Meltemi Villas or our users from fraudulent, abusive, inappropriate or unlawful use of the Service. Meltemi Villas will promptly notify Customer of any request of an executive or administrative agency or other governmental authority that it receives and which is related to Personal Information of Customer, unless prohibited by applicable law. Meltemi Villas will provide Customer with reasonable information in its possession that may be responsive to the request as stated above, and any assistance reasonably required for Customer to respond to the request in a timely manner. Customer acknowledges and agrees that Meltemi Villas has no responsibility to interact directly with the entity making the request.

Please note that nothing herein restricts the sharing of aggregate information, which may be shared with third parties without your consent.

  1. Security safeguards / Protection of Personal Information

Meltemi recognizes the importance of information security and is constantly reviewing and enhancing our technical, physical, and logical security rules and procedures. All Meltemi owned websites and servers have security measures in place to help protect your personally identifiable information against loss, misuse, and alteration while under our control.

Meltemi Villas shall ensure it implements and maintains compliance with appropriate technical and organizational security measures for the processing of Personal Information. We follow generally accepted standards to protect the Personal Information submitted to us, both during transmission and once we receive it.

We have put in place physical, electronic, and managerial procedures that are designed to prevent unauthorized access, loss, or misuse.

We use SSL (secured socket layer) technology to encrypt your transmission of sensitive information to us, such as account passwords, credit card numbers and other payment-related identifiable information).

We restrict internal access to Personal Information to employees who need the information to perform their duties. The unauthorized access or use of such information by an employee is prohibited and constitutes grounds for disciplinary action. Employees of Meltemi Villas are bound to a confidentiality clause.

Our information management systems are configured in such a way as to block or inhibit employees from accessing information that they have no authority to access.

No method of transmission over the Internet, or method of electronic storage, is 100% secure, however. Therefore, we cannot guarantee its absolute security.

Meltemi Villas shall ensure it has a procedure to periodically test and evaluate its technical and organizational security measures for the processing of Personal Information.

  1. How long do we store Personal Information?

Meltemi is committed not to retain Personal Data for a period longer than necessary for the reasons that the Personal Data was obtained and/or to meet legal and regulatory requirements. After this period, we will erase Personal Data. However, if Personal Data is needed after this period for statistical/analytical/historical/legitimate business purposes, we will take appropriate measures to anonymise this data.

  1. Customer’s instructions

Customer may provide Meltemi Villas written instructions in addition to those specified in the terms of service and these Privacy Terms with regard to the processing of Personal Information. Meltemi Villas will comply with all such instructions without additional charge to the extent necessary for Meltemi Villas to comply with laws applicable to Meltemi Villas as data processor in the performance of the Service. Customer and Meltemi Villas will negotiate with respect to any change in the Service and/or fees resulting from such instructions.

  1. Cooperation and notification obligations

Meltemi Villas and the Customer will – to the extent possible – co-operate with each other to promptly and effectively handle enquiries, complaints, and claims relating to the processing of Personal Information from any government official or authority (including but not limited to any data protection legislation enforcement agency), third parties or individuals (including but not limited to the data subjects).

Meltemi Villas and the Customer are aware that applicable data protection legislation may impose a duty to inform the competent authorities or affected data subjects in the event of a data breach. Data breaches should therefore be notified by Meltemi Villas to the Customer within 24 hours after they have been discovered, regardless of their origin. This also applies to serious operational faults or where there is any suspicion of an infringement of provisions relating to the protection of Personal Information or other irregularities in the handling of Personal Information belonging to the Customer. In consultation with the Customer, Meltemi Villas shall take appropriate measures to secure the Personal Information and limit any possible detrimental effect on the data subjects. Where obligations are imposed on the Customer as a data controller under applicable data protection legislation, Meltemi Villas shall fully and at its own expense assist in meeting them.

  1. Records of data processing activities

Meltemi Villas and the Customer maintain records of their data processing activities and are aware that they are responsible for the integrity of their own record. The record contains the name and contact information of Meltemi Villas, the Customer, their representatives and, if applicable, their data protection officers. The record also contains the categories of processing activities that have been executed by Meltemi Villas on behalf of the Customer, as well as a general description of the technical and organizational measures that have been undertaken to protect the data. If applicable, the record also contains information regarding to which foreign country or which international organization data has been passed on.

  1. What choices does Customer have regarding the use of its Personal Information?

Before sharing your Personal Information with third parties in ways not covered by these Privacy Terms, including any use for direct marketing purposes, you will be notified and required to opt-in to such sharing at the point at which such information is collected.

Meltemi Villas may send you marketing and promotional postal and/or electronic mail about our products and services.

If you no longer want your information to be used by Meltemi Villas for direct marketing sent by postal mail please contact us at info@meltemivillas.com.

You can also opt-out by following the unsubscribe instructions included in each promotional e-mail. This shall not affect our ability to send you service and account related e-mails or to use your Personal Information as otherwise described in these Privacy Terms.

We will comply with the request of Customer as soon as possible after receipt.

  1. How can Customer review, update, correct, or delete Personal Information?

Customer may review, update, correct or delete its Personal Information collected through the Website and Service by e-mailing us at info@meltemivillas.com.

Note that the deletion of Customer information data may lead to the termination of the Account of Customer and the use of the Service.

To have access to your Personal Information, you must provide sufficient proof of identification as we request, and we reserve the right to deny access to any user if we believe there is a question about your identity. We will respond to all access requests within 4 weeks.

Customer can request us to limit or stop the processing of its Personal Information in the future. We will meet the request of Customer, but Customer may be hindered in its use of the Service or may no longer be able or allowed to use the Service, as stated in Article 4 of these Privacy Terms.

Customer can request us with reasonable intervals to transfer the Personal Information we process about him or her to him or her or another third party as specified by Customer, as long as the requested information does not include Personal Information of other natural persons and as long as the requested information has been processed based on the legal grounds of Customer permission or necessity for providing the Service and performing the contract. We will meet the request of Customer within 4 weeks after we have received the request.

Customer has the right to file a complaint to the competent privacy authority. For the Republic of Cyprus, this authority is the following: Office of the Commissioner For Personal Data Protection1, Iasonos Street, 1082 NicosiaTel: +357 22818456, Fax: +357 22304565Email: commissioner@dataprotection.gov.cywww.dataprotection.gov.cy

If a data subject contacts Meltemi Villas directly with a request as stated before, we will redirect the data subject to Customer and only after permission of the Customer shall we provide an overview of Personal Information of that data subject.

We reserve the right to retain your information in our files if we believe it is necessary or advisable to resolve disputes, enforce applicable terms of service, and for technical and legal requirements and constraints related to the Service.

  1. Audit Rights

Customer may audit Meltemi Villas’s compliance with the terms of these Privacy Terms up to once per calendar year, unless the applicable data protection laws provide the right to perform a more frequent audit of the Service. Customer must give Meltemi Villas at least 4 weeks’ notice of any audit. Any audits are at the Customer’s expense. Any request for Meltemi Villas to provide assistance with an audit is considered a separate service if such audit requires the use of different or additional resources. Meltemi Villas will seek the Customer’s written approval and agreement to pay any related fees.

The audit must be conducted during regular business hours in the Republic of Cyprus at the facility of Meltemi Villas. If a third party is to conduct the audit, the third party must be mutually agreed to by Meltemi Villas and Customer.

  1. Incident Management

Meltemi Villas shall evaluate and respond to incidents that create suspicion of unauthorized access to or handling of Personal Information. The response will be to restore confidentiality, integrity and availability of the environment of the Service. Furthermore, Meltemi Villas shall establish root causes and remediation steps.

Meltemi Villas shall inform Customer within 24 hours after a data breach has been noticed. Meltemi Villas shall provide Customer with a description of the data breach, the type of data / Personal Information that was the subject of the breach and steps taken in order to cure the data breach and prevent further consequences of the breach. Meltemi Villas will provide further information upon request of Customer. Meltemi Villas and Customer shall coordinate in good faith any related (public) statements and/or notifications to any privacy authority and/or affected data subjects/persons.

Meltemi Villas will inform the Customer immediately after it has become aware of the fact that (i) Meltemi Villas and/or its personnel infringe applicable data protection legislation or obligations under this privacy statement, (ii) third parties have unauthorized or unintended access to the Personal Information.

Meltemi Villas will keep the Customer duly informed on any new developments in relation to a data breach. All notifications of data breaches by Meltemi Villas to the Customer will be made in writing. If time and circumstances do not permit a written notification, Meltemi Villas may notify the Customer through other means, provided that such notification is followed up by a written confirmation by Meltemi Villas as soon as possible thereafter.

  1. Return / deletion of Personal Information upon termination

At the moment the agreement for making use of the Service is terminated for any cause, Meltemi Villas will make available for retrieval all Personal Information of Customer. Following the return of the Personal Information, or as agreed to otherwise by Meltemi Villas and Customer, Meltemi Villas will promptly permanently delete or otherwise render inaccessible all copies of the Personal Information of Customer, except as may be required by law.

  1. Termination

This data processing agreement between Customer and Meltemi Villas shall automatically terminate at the moment the agreement for making use of the Service is terminated. However, the terms of this data processing agreement shall continue to apply for as long as Meltemi Villas possesses Personal Information of Customer.

  1. Your rights under EU data protection laws

In this section Meltemi Villas addresses the rights deriving from Regulation (EU) 2016/679 and how these rights can be exercised by you.

     21.1 Your Right of Access or Rectification
Meltemi assumes that Personal Data collected directly from you will be accurate and complete. You have the right to ask for a copy of your Personal Data we hold about you. If you want to exercise your right of access or rectification, you may use the Data Subject Request Form.
     21.2 Your Right to Erasure
You may request that any Personal Data held about you be deleted or removed, and, in such case, any third parties who process or use that data must also comply with such request. An erasure request can only be refused if an exemption applies. If you want to exercise your right of access or rectification, you may use the Data Subject Request Form.
Meltemi is obligated to erase Personal Data where one of the following applies:
•    Personal Data is no longer necessary in relation to the purposes for which they were collected or otherwise processed;
•    You withdraw consent and no other legal basis for processing exists;
•    You object to the processing carried out on the grounds of Meltemi Villas legitimate interests and there are no other overriding legitimate grounds for the processing;
•    the Personal Data has been unlawfully processed.
If Meltemi cannot actually delete Personal Data, Meltemi will ensure that it:
•    is not able, or will not attempt, to use the Personal Data to inform any decision in respect of any individual or in a manner that affects the individual in any way;
•    does not give any other organization access to the Personal Data;
•    protects the Personal Data with appropriate technical and organizational security; and
•    commits to permanent deletion of the information if, or when, this becomes possible.
     21.3 Your Right to Restrict Processing
You have the right to restrict Meltemi from processing Personal Data by using the Data Subject Request Form.
     21.4 Your Right to Object
You have the right to object at any time to processing of your Personal Data by using the Data Subject Request Form.
     21.5 Your Right to Data Portability
Upon request and provided that the relevant requirements stipulated in Article 20 of GDPR are met, you have the right to receive a copy of your Personal Data in a structured format using the Data Subject Request Form.

  1. How to make a complaint
    If you are not satisfied with the way in which your Personal Data has been processed, please submit your complaint or request/objection in one of the manners set out below in the Contact us section.
    Please note that we may ask you to verify your identify before we can act on your request or complaint. We may ask you for more information to ensure that you are authorized to make such a request or complaint when you contact us on behalf of another data subject.
    If you are dissatisfied with our response to your complaint or request, you may lodge a complaint with the competent data protection authority.
  2. Governing Law

This data processing agreement shall be governed exclusively by the law of the Republic of Cyprus unless mandatory law dictates otherwise.

The Customer agrees that any claim and/or dispute related to the execution of this data processing agreement, shall be referred to, according to the exclusive decision of Meltemi Villas to:

(a)   mediation (as per European Directive 2008/52/EC) by an independent person; or

(b)   the courts of the Republic of Cyprus;

unless mandatory law dictates otherwise.

  1. Updates to the Privacy Notice
    Meltemi Villas may amend this Privacy Notice from time to time in order to meet changes in the regulatory environment, business needs, or to satisfy the needs of our guests, properties, strategic marketing partners, and service providers. Updated versions will be posted to our web site and date stamped so that you are always aware of when the Privacy Notice was last updated.

    Last update: January 2019 (Version 1.1)

     
  2. Key Terms

Personal Data” means any information relating to an identified or identifiable natural person (“Data Subject“); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Special categories of personal data” means the Personal Data referring to racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data, data concerning health or data concerning sex life or sexual orientation.

Processing” means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, use, disclosure, alignment, restriction, erasure.

Consent” of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he/she, by a statement or by a clear affirmative action, signifies agreement to the processing of Personal Data relating to him or her.

Data Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data.

Data Processor” means a natural or legal person, public authority, agency or other body which processes Personal Data on behalf of the Data Controller.

European Economic Area (“EEA”)”: EU Member States plus Norway, Iceland and Lichtenstein.