Personal information/data we collect and process
The personal information that we collect about you include:
- Identity information: name and surname, profession/activity, date of birth etc;
- Contact information: home address, zip code, city, country, email address, telephone number etc;
- Data related to your preferences/interest/desires such as special desires for wine;
- Reservation information: the dates of your reservations;
- Images, video and audio data via security cameras located in public areas in our properties;
- Other data: browse and device data, ID address, app usage data, data collected through cookies, pixel tags and other technologies, geolocation, aggregated data.
For the purposes of General Data Protection Registration (GDPR) (EU) 2016/679 Data Controller is MEGA SPILEO WINERY, thesi Megalo Ampeli, Kalavryta, 25001, Achaia, Greece.
Purpose of personal data processing
The Company undertakes to keep strictly confidential all records of personal data collected and to keep such records exclusively for one and/or more of the following purposes:
- To fulfill our obligations arising from our agreement to provide services to you.
- To provide superior customer service to you personalizing and enhancing your experience.
- To assist us in making your reservation and providing the services you request.
- To communicate with you regarding the provision of our services and responding to your inquiries.
- For marketing, advertising and promotional purposes such as to send you newsletters or marketing communications or to inform you of new products, offers, events or other information that may be of interest of you, if you separately provide you consent for us to do so.
- The personal data we collect from you may be used to send you personalized updates subject to your consent and the specific requirements of the applicable laws. For purposes of promotion activities we may carry out you profiling by using combined data. Said processing within the framework of your information and/or participation to promotion activities for new products or services is based on your consent.
- To operate our business including for internal purposes such as data analysis, statistical and research purposes.
- To conduct surveys and evaluations regarding the quality of the services and products provided by us in order to improve our services.
- To enable you to use our website.
- For the establishment, exercise and defense of legal claims or proceedings.
Legitimate grounds for personal data processing
We collect and process your personal information on the following basis:
- to perform our agreement to provide services to you;
- to comply with legal and regulatory obligations;
- for legitimate business purposes: Using your personal information helps us to operate and improve our business. It also allows us to make our communications with you more relevant and personalized to you, and to make your experience of our services and products more efficient and effective;
- because you have given your consent;
- to secure and protect both your and our own legitimate interests. For this purpose, we use closed circuit television (CCTV) and security cameras located in public areas in our properties, in order to ensure the safety of our customers and installations, as well as specialized security software to detect and prevent malicious activities;
- for the establishment, exercise or defense of legal claims or proceedings.
How do we collect your personal information
For each of the categories of personal information and purposes described above, we gather information when you provide it to us, or interact with us directly, for example:
- during your visit at our properties.
- through your communications with us.
- when you make a reservation over the phone or you communicate with us by email or otherwise.
- when you interact with our online services, by performing such actions as, but not limited to, browsing, making a reservation, communicating with us or otherwise connecting with us or posting to social media pages (facebook, instagram), or signing up for a newsletter or participating in a survey, contest or promotional offer.
- when you give us your data by filling in special forms.
- we collect personal data from internet-connected devices available in our properties.
- we collect your IP address, a number that is automatically assigned to the computer that you are using by your Internet Service Provider (ISP). An IP address is identified and logged automatically in our server log files when a user accesses the Online Services, along with the time of the visit and the pages that were visited. We use IP addresses to calculate usage levels, diagnose server problems and administer the Online Services. We also may derive your approximate location from your IP address.
You can choose whether to accept cookies by changing the settings on your browser or by managing your tracking preferences by clicking on “Cookie Settings” located at the bottom of our homepage. If, however, you do not accept cookies, you may experience some inconvenience in your use of the Online Services. For example, we will not be able to recognize your computer, and you will need to log in every time you visit. You also will not receive advertising or other offers from us that are relevant to your interests and needs.
We will retain your personal data for the period necessary to fulfill the purposes mentioned above unless a longer retention period is required or permitted by law or if you revoke your consent in case that your data processing is based on your consent.
The retention period of your data is determined on the basis of the following specific criteria, as appropriate:
- If processing is required under any applicable laws, your personal data will be stored for as long as this is required under the relevant provisions and in any case for the time necessary for the exercise of claims or defense of rights and legitimate interests.
- If processing is conducted on the basis of a contract, your personal data is stored for as long as this is necessary to implement the contract and to establish, exercise, and/or defend any legal claims under the contract.
- The image and location data at the specific and marked points of the company’s facilities, which are monitored by closed circuit television, are deleted in fifteen (15) days after their recording. If an incident is found, we keep in a separate file the receipts related to the event for three (3) months, or in exceptional cases for a longer period, if required for the investigation of the event.
- If the data collection is based on your consent it may be deleted at any time upon the withdrawal of your consent. You can exercise this option any time by contacting us at the following contact details: email: email@example.com , phone number: +30 2691071555
Your data may be also deleted in one of the following cases:
- when it is no longer necessary for the purposes collected,
- when the deletion is necessary in order to comply with our legal obligations and
- upon your request, provided there are no overriding legal grounds requiring to maintain it.
In the context of the processing purposes described above, we may disclose or transmit your personal data to third-party service providers including, but not limited to, companies that provide technology services for the operation, protection and security of our electronic systems (such as website hosting, information technology and related infrastructure provision, email delivery etc), marketing and other services.
In all these situations we remain responsible for the processing of your personal data, defines the particular details of the processing and signs special agreements with any third parties assigned processing duties, in order to ensure that the processing is carried out in accordance with the applicable laws and that all individuals can freely exercise the rights conferred to them under the applicable legislation.
We reserve the right to disclose information that you are interested in, to any administrative, judicial or public authority or legal or natural person if such notification is required by the law or a court order.
We recognize the need to protect the data of minors, as defined by the current legal framework. We do not collect personal data from minors. Note that οur services and our website are addressed exclusively to adults.
Your Data Processing Rights
According with the existing legislation and the restrictions provided therein, you have the following rights in relation to your personal data:
- To demand to know the categories of your personal data that we store and process, where they come from, the purposes of their processing, the categories of their recipients, the period of storage as well as your relevant rights (right of access).
- To demand the rectification or/and amendment to your data completed so that they are complete and accurate (right to rectification) by providing any necessary document justifying the need for rectification.
- To ask for a restriction of the processing of your personal data (right to restriction of processing).
- To object to any further processing of your stored personal data (right to object).
- To obtain the erasure of your personal data from the records we keep (right to erasure).
- To ask for the transfer of your data kept by the Company to any other controller (right to data portability).
- In case of solely automated individual decision making, including profiling which produces legal effects concerning you or significantly affecting you in a similar way, we implement suitable measures and safeguards for the protection of your rights, freedom and legitimate interests and offers you meaningful intervention carried out by humans, the right to express your opinion and ask for a justification οf the decision based within this framework as well as the right to contest such a decision.
- To withdraw your consent at any time. Withdrawal of your consent shall not affect the legality of consent-based processing in the period prior to such withdrawal.
- Right to complain to the Data Protection Authority: You have the right to file a complaint with the Hellenic Data Protection authority in case you consider that your rights are in any way violated. For the Authority’s competence as well as the way to lodge a complaint you can find detailed information on its website (www.dpa.gr – Individuals – Complaint to the Hellenic DPA).
To exercise any of the above rights, you may contact us at the following contact details: email: firstname.lastname@example.org , phone number: +30 2691071555
We implement appropriate organizational and technical measures to ensure the security and confidentiality of your personal data, and their protection from accidental or unlawful destruction, loss, alteration, prohibited transmission, dissemination or access and any other form of unlawful processing. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of your account has been compromised), please immediately notify us.
We want to engage with you in a way that is meaningful to you. We recognize that you may only want to hear from us in a limited way.
You may choose to unsubscribe from our newsletters by clicking the link at the bottom of one of our communications
Please note that even if you choose to opt-out of communications with us, we will continue to send you transactional messages about your specific reservation or visit to our estate, such as pre-arrival, confirmation and guest satisfaction surveys.
This Policy may be changed whenever necessary. In any case, if you continue to use our services and our website after the modifications that have been made in accordance with the above, you will be deemed to accept these modifications. This Policy was updated on 12/10/2023.