Information & Consent
When the policy mentions “the Hotel”, “Cori Rigas Suites”, “our”, “us”, it refers to the hotel registered as Cori Rigas Suites Fira 84700, Santorini [Thira], Greece.
Obligatory nature of providing the data
The data requested, are obligatory in order to comply with the Greek Law and allow us to provide with the services requested by the Guest, as well as collect payment for the services provided to the Guest.
Personal Data we collect & process
This will include:
• Contact Details [e.g. surname, given name, passport / ID number, telephone, home address, e-mail]
• Personal Data [e.g. date of birth, nationality, place of birth]
• Billing Details [e.g. credit card number, VATnumber]
• Date of arrival & departure, arrival/departure details, room number
• Information provided directly by you
• Questions & answers submitted during or after your stay in our Hotel
Third party data provided by the Guest
Purpose of processing personal data
Depending on the Guests’ requests, the personal data collected will be processed in accordance with the following purposes:
• To manage reservations & other hospitality services
• To create & store legal documents in accordance with applicable law
• To collect data to meet requests relating to your stay
• To manage customer databases
• To manage lists with customer’s personal data for operational purposes
• To monitor the use of services [e.g. mini bar, room telephone, Wi-Fi access etc.]
• To manage registration in loyalty programs, as well as obtaining special discounts & offers form the Hotel
• To manage the Guest’s contact requests with the Hotel
• To comply with the Greek & European law
The criteria used to determine our retention periods include:
• The length of time we have an ongoing relationship with the Guest and provide the Services to him/her
• Whether there is a legal obligation to which we are subject [e.g. certain laws require us to keep records of your transactions for a certain period of time before we delete them]
• Whether retention is advisable considering our legal position [such as, for statutes of limitations, litigation or regulatory investigations]
We will use the & disclose Personal Data as we believe to be necessary or appropriate:
• To comply with the applicable law, including laws outside your country or residence
• To comply with legal process
• To respond to request from public & government authorities, including authorities outside your country of residence and to meet national security or law enforcement requirements
• To enforce our terms & conditions as well as our policies
• To protect our operations
• To protect the rights, privacy, safety or property of our own, you or others and
• To allow us to pursue available remedies or limit the damages that we may sustain
Third party access terms to your personal data
Cori Rigas Suites will not disclose your information to third parties for their own business or marketing purposes without your prior consent.
However, we may disclose your information to the following entities:
• Business associates: We may share your information with trusted business associates after your request and with your prior consent [e.g. transfer service companies, restaurants, tour companies, rent a car companies etc.]
• Service providers: We may also share your information with companies that provide services to our account or behalf [e.g. IT contractors, banks, credit card institutions, law firms, mail service companies etc.]
• Credit approval: Upon submission of a credit card approval claim, personal data are disclosed to designated third parties according to applicable legislation in order to decide on the credit approval and its subsequent level.
To provide you the best possible service, we allow access to your personal data to certain members of our personnel. This includes:
• Hotel staff
• Reservations department
• IT department
• Legal services department, if & when required
• Medical services, if and when required
Exercise of rights
The Guest may contact us any time free of charge, to:
• Obtain confirmation about whether or not personal data concerning the Guest are being processed by us.
• Access their personal data
• Rectify any inaccurate or incomplete data
• Request the deletion of their personal data, when among other reasons, the data are no longer necessary for the purposes for which they are collected and retained
• To confirm revocation of consent
• To obtain from us the limitation of data processing when any of the conditions provided in the data protection regulations are met
• To request the portability of your data
NREF bookings are paid in full upon booking
• If a reservation is cancelled 15 days prior to arrival, no fees will be charged
• If a reservation is cancelled 14 days prior to arrival, on non-show or shorten of stay, 100% payment will be charged
Please note that NREF bookings are paid in full upon booking and no modification/cancellation is allowed after the day of booking.
In order to confirm your reservation, a preauthorization of the 1st night will take place, upon booking. A charge of the total amount will take place 14 days prior to arrival.
All payments made using the card are processed through the electronic payment platform of "Alpha e-Commerce" of Alpha Bank and uses TLS 1.2 encryption protocol encryption with 128-bit (Secure Sockets Layer - SSL). Encryption is a way of coding the information until it reaches its recipient, who will be able to decode it using the appropriate key.
Notice: We may refuse to handle requests that are repeated to an unreasonable degree, require disproportional technical effort, jeopardize the privacy protection of others or involve access that is not otherwise required by domestic law.