The Ace VIP Personal Data Protection & Privacy Policy

Valid from: 4/3/2019

 

OUR COMMITMENT

At The Ace VIP, we prioritize the protection of your personal data as part of our general philosophy to aim for the highest possible customer satisfaction and to build strong relations of trust.

We understand the importance of your personal data and make every possible effort to store and process the information you share with us with utmost care.

We appreciate your trust. Therefore, we have compiled this Privacy Policy which informs you about how we collect, use and share your information. The collection, use and disclosure of your information on our behalf is based on your consent and the provisions of applicable law.

At The Ace VIP, we enhance the protection of your personal data by implementing technical data security measures and internal management procedures, as well as physical data protection measures. We continuously evolve our systems and procedures in order to stand out in relation to others. We thank you for your continued interest and support.

 

PRIVACY POLICY

  1. Consent

“Personal data” means any information that is collected or recorded in a form that may allow direct (e.g. surname) or indirect (e.g. phone number) your identification as a natural person.

We recommend that you read this text, which describes the privacy policy, before you provide us with this information.

This “Customer Personal Data Protection Charter” is a part of the terms and conditions that govern our accommodation services. By accepting these terms and conditions, you explicitly accept the provisions of this Charter.

  1. Scope

At The Ace VIP (hereinafter referred to as “website” or “we”, “us”), we know how important it is to protect the privacy of our customers; we try to be as clear as possible about the way in which we collect, use, share, transfer and store your information. This Privacy Policy gives a summary of the practices we follow with regard to data. This Privacy Policy applies in all accommodations operated by The Ace VIP and our affiliate companies.

This Privacy Policy applies to this website, to all websites, online applications, and online and offline promotional actions by The Ace VIP, as well as any Service or function provided by us that refers to this Privacy Policy or provides a link here to (collectively referred to as our “Services”).

Please note that the Privacy Policy applies to your use of our Services. It applies regardless of whether you use a computer, mobile phone, tablet, TV or other device to access our Services. It also applies to Services that are provided without the use of electronic means.

It is important that you carefully read this Privacy Policy, because with every use of our Services you agree to the practices described in this Privacy Policy. If you do not agree with the practices described in this Privacy Policy, you should not use our Services.

 

  1. For what purposes do we collect data?

We collect and use personal data in order to manage your relation with The Ace VIP and in order to offer our Services to you. Certain personal data are collected to provide you with personalized and improved services.

We collect personal data with the following purposes:

a) Management of reservations and other hospitality services

Creation and storage of legal documents in accordance with applicable law

We collect data in order to prepare and meet requests relating to your stay (e.g. accommodation preferences)

b) Management of your stay at our accommodation

We manage the access to your accommodation

We manage lists with customers’ personal data for operational purposes such as, e.g., daily customer arrival and departure lists and a list with special category customers.

c) Improvement of our accommodation services

In order to tailor our products and Services to better meet your requirements

We process your personal data using marketing programs for marketing and promotional purposes, but also to better understand your requirements and wishes

We provide you with useful information for offers or other promotional messages

We inform you about special offers and new Services

We provide customized content and suggestions based on previous activities with our Services

d) Management of our relations with you before, during, and after your stay

Management of customer databases

We evaluate and analyze the market, our customers, our products and Services

We create statistical data and reports

We acquire knowledge and manage the preferences of new and recurring customers

In order to send newsletters, promotion products and offers, or to contact you by telephone

We manage requests for deletion from update lists

We create and manage questionnaires and statistics

We organize lotteries, contests and offers, to the extent allowed by law

e) Improvement of our Services

We conduct market research and analysis of questionnaires and customer comments

We manage customers’ claims and complaints

f) System security

We record data to ensure security and to avoid fraud

g) Compliance with Greek and European law

h) Conducting market research, customer satisfaction and quality assurance, direct marketing and sales promotions

i) Conducting targeted advertising campaigns on the Internet through third-party websites

 

  1. What personal data do we collect?

Information provided directly by you

A number of our Services provide the possibility to provide information directly to us. For example:

  • When ordering a paid product or service from us, we may ask certain details for the processing of your order, such as your name, passport and billing data.
  • When participating in an online or offline contest or promotional action organized by us, we may ask you for your name, contact details, email address, age and gender, personal and occupational interests, other personal characteristics, and your opinion of our products and/or services.
  • Some of our Services allow you to communicate with other people. This communication will be transmitted through, and stored on our systems.

We are obliged to request the following details about you and/or your family members:

  • Contact details (e.g. surname, given name, father’s name, passport number, ID-card details, telephone, home address, email)
  • Personal data (e.g. date of birth, nationality, place of birth)
  • Information on your children (e.g. given name, date of birth, passport number)
  • Billing details (e.g. credit card number, VAT number)
  • Date of arrival and departure, flight number and accommodation
  • Preferences and interests
  • Questions and comments submitted during or after your stay in one of our accommodations.

The data we collect on persons under the age of 16 are restricted to given name, surname, nationality, and date of birth, and can be provided only by an adult / guardian. We thank you for your efforts to ensure that children do not send us personal data without your consent (especially through the internet). Should any information of this type be sent to us, you can communicate with us to schedule the deletion of such information.

Moreover, information such as your passport number, your recreational activities, your hobbies, any health issues that you may have, or whether you are a smoker or not, can be described as sensitive. We retain such information only if we are obliged to do so by applicable law or if you have explicitly given us your consent (e.g. in order to provide you with an appropriate Service, such as a special diet)

 

Information on your use of our Services

Apart from the information provided directly by you, we may also collect information on your use of our Services through the software of your device, or by other means. For example, we may collect:

  • Device information – such as hardware model, International Mobile Equipment Identity (IMEI) and other unique device identity data, MAC address, IP address, operating system issue, and setting of the appliance you use to access our Services.
  • Connection information – such as the time and duration of use of the Service, search commands entered in the Services, and information that may be stored in cookies we have placed on your device.
  • Location information – such as GPS signal of your appliance, or information on WiFi access points that may be transmitted to us when you use our Services (e.g. WiFi, Mobile Apps).
  • Other information that relates to your use of our Services, such as the applications that you use, the websites that you visit, and the way in which you interact with content offered through a Service.


Information from third parties

We may receive information about you from available public and commercial sources (to the extent permitted by law), which we may combine with other information that we receive directly from you, or in relation to you. We may also receive information about you from third party social networking services when you choose to connect to such services.

 

Other information we collect

We may also collect other information about you, your device or your use of services in manners described at the point of collection, or otherwise with your consent.

You may choose not to provide certain types of information, but this may influence the possibility to use certain Services.

 

  1. When do we collect personal data?

We collect personal data in various cases, such as:

a) Accommodation:

Accommodation reservation

Check-in and payment

Reservation of and use of our services, such as drivers, chefs, catering, and recreational services

Various requests, complaints and/or disputes

b) Participation in marketing programs or events:

Participation in online and offline surveys (for example, Customer Satisfaction Survey)

Participation in contests and games

Subscription to mailing lists, in order to receive offers and other promotions by email

c) Transmission of information from third parties:

Tourist agencies, tourist offices, GDS reservation systems, online reservation systems (such as e.g. Booking.com, Expedia.com, etc.) and other reservation systems

d) Actions through electronic devices

Login on our websites

Completion of online forms (e.g. reservation forms, pre check-in forms, satisfaction survey forms, etc.)

 

  1. Third party access terms to your personal data

At The Ace VIP, it is part of our philosophy and basic principles to not disclose your information with third parties for their unrelated business or marketing purposes, without your consent.

However, we may disclose your information to the following entities:

  • Business associates. We may also share your information with trusted business partners. These entities may use your information in order to provide you with services you have requested, to make provisions relating to your interests, and possibly to provide you with promotions, advertisements and other material.
  • Other third parties, if so required by law or in order to protect our Services. Situations may arise in which we share your information with other third parties:
    • in order to comply with the law or in order to comply with a mandatory legal procedure (such as search warrants or other court orders),
    • in order to confirm or implement our compliance with the policies governing our Services; and
    • in order to protect the rights, ownership or security of The Ace VIP or any of our business partners or customers.
  • Other third parties with your consent or at your command. In addition to the disclosures described in this Privacy Policy, we may share information about you with third parties if you give your consent or if you request us to do so.

In order to provide you the best possible service, we allow access to your personal data or to certain categories thereof to competent, authorized members of our personnel. This includes:

  • Staff
  • Reservations department
  • IT department
  • Marketing/Guest Relations department
  • Legal Services department, if and when required

 

  1. Protection of personal data during international transfer

For the purposes set out in Article 3 of this Charter, we may transfer your personal data to internal or external recipients who may be located in countries that offer different levels of protection for personal data.

Please note that data protection and other laws in the countries to which your information may be transferred may not be equally protective as in your country. The transfer will take place according to the legislation on the processing of personal data, in order to ensure sufficient protection of your personal data.

The Ace VIP implements suitable measures in order to ensure safe transfer of your personal data to an external recipient located in a country that offers a different level of privacy than the one proposed by the country where the personal data are collected.

 

  1. What we do to keep your information safe

We have taken reasonable organizational and technical measures in order to protect the information that we collect in relation to our Services, especially with regard to any sensitive personal data that happen to be collected. Our IT department implements the international standards and practices in order to ensure the safety of the networks and the encryption of the data.

Ensure the confidentiality of the transfer of your personal data

To ensure the confidentiality of data transfer, we use the SSL-128bit encryption protocol. Encryption covers all areas of the website as well as the transfer of data to and from our mail server (Mail Exchanger).

 

Controlled Access (Firewall)

Access to its systems The Ace VIP (Servers) is controlled by Firewall, which allows the use of specific services by customers/users while prohibiting access to systems and databases with confidential data and company information. There are also additional security systems such as WAF, Antivirus, Anti-malware, Cpanel WHM etc. which reduce the chances of malicious actions.

 

Encryption

The system of The Ace VIP first decrypts the information it receives using the same key (predetermined when you start your connection with the service) and then processes it.The systems of The Ace VIP send you information by following the same encryption process. At any point in the Site Enter personal data (name, address, phone number, etc.) there is SSL 128-bit encryption. Encryption is essentially a way of coding the information until it reaches its designated recipient, who will be able to decode it using the appropriate key.

That is, every time you send information to the system, the Browser encrypts them first by using a 128 key Bits and then sends them to the system.

The system of The Ace VIP first decrypts the information it receives using the same key (predetermined when you start your connection with the service) and then processes it. The systems of The Ace VIP send you information by following the same encryption process.

However, you should bear in mind that despite the reasonable measures that we take for the protection of your information, no website, Internet transmission, computer system or wireless connection is ever completely safe.

 

  1. Data storage

We take reasonable measures in order to ensure that the information concerning you will be stored no longer than needed for the purpose for which it has been collected and no longer than required by the contract or the applicable legislation.

 

Cookies Policy

Cookies are small files that store information on your computer, mobile phone, or other device. They allow the entity who places these files on your device to identify you across different websites, services, devices and/or browsing times. Cookies serve a range of useful purposes. For example:

Cookies can remember your login credentials, so you do not have to enter them again each time you connect to a service.

Cookies help us and third parties to understand what parts of our Services are the most popular; they help us see which pages and features are visited by the users, and how much time is spent on each. By studying this kind of information, we can better customize our Services and provide you with better experience.

Cookies help us and third parties to understand which advertisements you have viewed, so that you do not receive the same advertisement each time you access the Service.

Cookies help us and third parties to provide you with relevant content and advertisements by collecting information about your use of our Services and other websites and applications.

When you use a web browser in order to access our Services, you can make settings in your browser to accept all cookies, to reject all cookies, or to notify you when cookies are sent. Each browser is different. Refer to the “Help” menu of your browser in order to find out how you can change your cookie preferences. The operating system of your device may offer more control settings for cookies.

However, please note that certain Services may have been designed in order to work with cookies and that deactivating cookies may affect your ability to use these Services or a specific part thereof.

 

Access and correction of your data – Right to erasure (‘right to be forgotten’)

According to the legislation in certain jurisdictions, you are entitled to request details on the information that we collect and to correct any inaccuracies that may be contained in such information. All other lawful user rights remain unaffected. We may refuse to handle requests that are repeated to an unreasonable degree, require disproportional technical effort, jeopardize the privacy protection of others, are extremely unpractical, or involve access that is not otherwise required by domestic law.

In case you want to modify or delete your personal data please visit our website, in which you will find our contact information. Stay confident that our team will serve you as soon as possible.

You have the right to obtain from the controller the erasure of your personal data.

 

Updates

This policy may be amended from time to time; in order to be sure that you are aware of any changes, please check this policy on a regular base and especially before submitting a reservation request with one of our accommodations. By accessing or using our Services after we have posted an updated version of the Privacy Policy, you agree with the new practices contained in the update. The most recent version of the privacy policy will always be available online in our official website. You can check the “valid from” date at the top in order to find out when the Privacy Policy was last changed.

 

Additional information about data collection and processing


Legal action

The User’s Personal Data may be used for legal purposes by the Owner in Court or in the stages leading to possible legal action arising from improper use of this Application or the related Services.

The User declares to be aware that the Owner may be required to reveal personal data upon request of public authorities.

 

Additional information about User’s Personal Data

In addition to the information contained in this privacy policy, this Application may provide the User with additional and contextual information concerning particular Services or the collection and processing of Personal Data upon request.

 

System logs and maintenance

For operation and maintenance purposes, this Application and any third-party services may collect files that record interaction with this Application (System logs) use other Personal Data (such as the IP Address) for this purpose.

 

Information not contained in this policy

More details concerning the collection or processing of Personal Data may be requested from the Owner at any time. Please see the contact information at the beginning of this document.

 

How “Do Not Track” requests are handled

This Website and Application does not support “Do Not Track” requests.

To determine whether any of the third-party services it uses honor the “Do Not Track” requests, please read their privacy policies.

 

Changes to this privacy policy

The Owner reserves the right to make changes to this privacy policy at any time by giving notice to its Users on this page and possibly within this Application and/or – as far as technically and legally feasible – sending a notice to Users via any contact information available to the Owner. It is strongly recommended to check this page often, referring to the date of the last modification listed at the bottom.

 

Should the changes affect processing activities performed on the basis of the User’s consent, the Owner shall collect new consent from the User, where required.

 

 

Definitions and legal references

 

Personal Data (or Data)

Any information that directly, indirectly, or in connection with other information — including a personal identification number — allows for the identification or identifiability of a natural person.

 

Usage Data

Information collected automatically through this Application (or third-party services employed in this Application), which can include: the IP addresses or domain names of the computers utilized by the Users who use this Application, the URI addresses (Uniform Resource Identifier), the time of the request, the method utilized to submit the request to the server, the size of the file received in response, the numerical code indicating the status of the server’s answer (successful outcome, error, etc.), the country of origin, the features of the browser and the operating system utilized by the User, the various time details per visit (e.g., the time spent on each page within the Application) and the details about the path followed within the Application with special reference to the sequence of pages visited, and other parameters about the device operating system and/or the User’s IT environment.

 

User

The individual using this Application who, unless otherwise specified, coincides with the Data Subject.

 

Data Subject

The natural person to whom the Personal Data refers.

 

Data Processor (or Data Supervisor)

The natural or legal person, public authority, agency or other body which processes Personal Data on behalf of the Controller, as described in this privacy policy.

 

Data Controller (or Owner)

The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data, including the security measures concerning the operation and use of this Application. The Data Controller, unless otherwise specified, is the Owner of this Application.

 

This Application

The means by which the Personal Data of the User is collected and processed.

 

Service

The service provided by this Application as described in the relative terms (if available) and on this site/application.

 

European Union (or EU)

Unless otherwise specified, all references made within this document to the European Union include all current member states to the European Union and the European Economic Area.

 

Cookies

Small piece of data stored in the User’s device.

 

Legal information

This privacy statement has been prepared based on provisions of multiple legislations, including Art. 13/14 of Regulation (EU) 2016/679 (General Data Protection Regulation).

This privacy policy relates solely to this Application, if not stated otherwise within this document.