GLOBAL PRIVACY STATEMENT
Last Updated: 14/04/2022
This privacy statement (“Statement”) applies to Club Mykonos S.A., its subsidiaries and all of the hotels within the Club Mykonos Portfolio of Brands1 (collectively, “Club Mykonos,” “we” or “us”). At Club Mykonos, we strive to deliver outstanding products, services, and experiences in Greece and around the world. We value your business and, more importantly, your loyalty. We recognize that privacy is an important issue. We have developed this Statement to explain our practices regarding the personal information we collect from you or about you on this site or via our apps, through written or verbal communications with us, when you visit one of our properties, or from other sources. While this Statement broadly describes the practices we have adopted across Club Mykonos globally, local laws vary and some jurisdictions may place restrictions on our processing activities (e.g., certain jurisdictions may require affirmative consent to send marketing messages). Therefore, our actual practices in such jurisdictions may be more limited than those described herein in order to enable us to comply with local requirements. If you are a resident of the European Economic Area (EEA), please see Appendix A for additional information regarding Club Mykonos’s use of your personal information.
By using any of our products or services and/or by agreeing to this Statement, e.g. in the context of registering for any of our products or services, you understand and acknowledge that we will collect and use personal information as described in this Statement.
Please note that this Statement does not apply to our processing of personal information on behalf of and subject to the instructions of third parties such as airlines, car rental companies, and other service providers, companies that organize or offer packaged travel arrangements, marketing partners, or corporate customers.
1 The Club Mykonos Portfolio of Brands includes Mykonos Ammos Hotel, Mykonos Blanc Hotel, Mykonos Ammos Villas and MyAmmos Lounge Bar
PERSONAL INFORMATION WE COLLECT
We collect personal information at every touch point or guest interaction, and in conducting every aspect of our business, we may collect personal information. This personal information may include: your name, mailing address, billing address, email address, phone number, information related to your reservation, stay or visit to a property; participation in a membership or loyalty program (including Club Mykonos co-branded programs); participation in a contest, sweepstakes, or marketing program (even if you do not stay at one of our hotels); information related to the purchase and receipt of products or services; personal characteristics, nationality, income, passport number and date and place of issue; travel history; payment information, such as your payment card number and other card information, as well as authentication information and other billing and account details associated with mobile billing; guest preferences; marketing and communication preferences; information about vehicles you may bring onto our properties; reviews and opinions about our Portfolio of Brands or properties (if they are identified or associated with you); frequent flyer or travel partner program affiliation and member number; hotel, airline and rental car packages booked; groups with which you are associated for stays at hotels; information provided on membership and account applications; and other types of information that you choose to provide to us or that we may obtain about you.
We may ask for details on joint travelers, including their names and frequent flyer numbers, and the age of the driver of the rental car. We may also collect information related to conversations, including recording or monitoring customer service calls for quality assurance and training purposes, and other communications such as in-app messages and SMS.
In addition, we collect other personal information in certain cases, such as:
- Club Mykonos Loyalty Participation: When you enroll in our Club Mykonos Loyalty program, you will receive a Club Mykonos Loyalty number and we will ask you to create a user ID and password. We also collect information to administer the Club Mykonos program and profiles, including transaction and correspondence details, and to provide you with our Club Mykonos Loyalty App functionality (where available). The Club Mykonos Loyalty App allows you to do such things as using your mobile device to check-in, select your room, receive a room key, and check out. When you manage your profile online, you have the opportunity to provide additional information, such as your preferred airlines and your loyalty program account numbers with them, your room type preferences, your language preferences, your payment card account(s), and your email subscription preferences for receiving news, offers and information from us and our partners. Also, when you book a reservation, we may ask for additional specific account information such as corporate account number, group or convention code or travel agent number. If you apply for a payment card or other account with one of our partners via one of our advertisements or on our properties, you may have the option to automatically add this information as part of your Club Mykonos Loyalty profile.
- Surveys: We may request demographic data or other personal information in customer surveys.
- On-property Collection: We collect additional personal information during registration/check-in at our properties, including such information as may be required by local laws. We may also use closed circuit television and other security measures at our properties that may capture or record images of guests and visitors in public areas, as well as information related to your location while on our properties (via keycards and other technologies). We may also use closed-circuit television and other technologies that record sound or video for the protection of our staff, guests and visitors to our properties where permitted by law. In addition, we may collect personal information in connection with on-property services, such as concierge services, health clubs, spas, activities, child care services, equipment rental, and our Digital Key functionality in the Club Mykonos App (where available).
- Event Profiles: If you plan an event with us, we collect meeting and event specifications, the date of the event, number of guests, details of the guest rooms, and, for corporate events, information on your organization (name, annual budget, and number of sponsored events per year). We also collect information about the guests that are a part of your group or event. If you visit us as part of a group, we may have personal information about you provided to us by the group and may market to you as a result of your stay with a group or attendance at an event in accordance with your preferences as permitted by law. If you visit us as part of an event, we may share personal information about you with the event planners, as permitted by law. If you are an event planner we may also share information about your event with third-party service providers who may market event services to you as permitted by law.
- Social Media: If you choose to participate in Club Mykonos-sponsored social media activities or offerings, we may collect certain information from your social media account consistent with your settings within the social media service, such as location, check-ins, activities, interests, photos, status updates and friend list. We may also allow you to enter into contests to provide photos, such as of your stay with us, which you may share with your connections on social media for votes, shared offers or other promotions.
- Forward-to-a-Friend: From time to time, we may offer a feature that allows you to send an electronic postcard or otherwise share a message with a friend, whether via the Internet, a stand-alone kiosk or mobile device. If you choose to use this feature, we will ask you for the recipient’s name and email address, along with the text of any message you choose to include. By using this feature, you represent that you are entitled to use and provide us with the recipient’s name and email address for this purpose.
- Franchise and Ownership Opportunities: If you are interested in obtaining more information about franchise or ownership opportunities, we may collect information about you in order to assess your suitability to become a franchisee or owner. We may combine the information you provide to us with information we obtain from third parties, such as public records databases. We use this information to conduct due diligence on potential franchisees and owners.
- Employment Applications: If you choose to apply online for employment with Club Mykonos, please see our Applicant Privacy Notice.
- Hotel WiFi Service: When you use WiFi service at our properties, the personal data you provide for access and authentication may be collected and used by us and third parties such as authentication gateway partners and WiFi service providers to facilitate your use of the WiFi service; to remember your registration information; for technical support purposes; and for service improvements and analytics. The personal data collected may include name, room number, and device information (including operating system/version, hardware model and unique device identifiers such as MAC address). Absent your consent, personal data collected during this process will not be used for direct marketing purposes. In some countries, local laws may require that personal data collected during this process be shared with government authorities.
In addition to the information we collect from you directly, we may also infer information about you based on the information you provide to us or from Other Information we collect.
PERSONAL INFORMATION WE COLLECT FROM THIRD PARTIES
We may also collect information about you from third parties, including information from your airline, payment card, and other partners; from your social media services consistent with your settings on such services; and from other third-party sources that are lawfully entitled to share your data with us. We use and share this information (and may append this information to the other information we have on file for you) for the purposes described in this Statement.
USE OF PERSONAL INFORMATION COLLECTED ABOUT YOU
We use your personal information in a number of ways, including to provide and personalize the services you request and expect from Club Mykonos, to offer you the expected level of hospitality in-room and throughout our properties, administer the Club Mykonos Loyalty program, conduct direct marketing and sales promotions and as set forth below in more detail. We will collect your consent prior to processing your data where required by applicable law.
We are obligated to collect certain data, including your name, address, payment information, and, in certain countries, travel document information, in order to process your reservation. Failure to provide this information will result in our inability to process your reservation.
- Club Mykonos Loyalty Program Members: If you are a Club Mykonos Loyalty member, Club Mykonos uses your information to administer the Club Mykonos loyalty program, to personalize your experience across our services and applications, and in connection with our Club Mykonos App and Digital Key functionality (where available). Club Mykonos also use your information to communicate news, promotional, and transactional materials across different Club Mykonos services and to personalize advertising and content delivered to you through online, email, mobile, and display advertising, as well as on our website and applications and through our customer service call center in accordance with any communications preferences you have expressed.
- Service Administration: We use your personal information to administer programs in which you participate, including providing you with access to your account information, such as rewards status and offers for which you are eligible; to fulfil services that are part of such program; to enable direct communication between properties within the Club Mykonos Portfolio of Brands; and between the Club Mykonos Portfolio of Brands and you; and to facilitate collections.
- Meeting and Event Planning: We may use your personal information to provide you with information about meeting and event planning.
- Marketing and Communications: Where permitted we may use your personal information to provide or offer you newsletters, promotions and featured specials, as well as other marketing messages in accordance with any communications preferences you have expressed. We use your information to provide in-stay messaging, account alerts, and reservation confirmations; to send you marketing messages; and to conduct surveys, sweepstakes, prize draws, and other contests. We may provide these communications via email, postal mail, online advertising, social media, telephone, text message (including SMS and MMS), push notifications, in-app messaging, and other means (including on-property messaging, such as your in-room television). With your consent, we also use user-generated content (such as photos) from social media services to deliver display advertising or on our website and apps. We may also collect information from your payment card, which can be appended to personal information and used by Club Mykonos or its business partners to recognize what type of card you have, the bank or network of the card, and present and/or send you targeted marketing messages based on your payment method and in accordance with your communication preferences. We may also partner with third parties to learn whether a visitor to our site has a cash-back offer associated with their payment card and to deliver the visitor advertising and information that explains how to take advantage of that offer through a stay at a hotel within the Club Mykonos Portfolio of Brands.
- Service Improvements: We may use your personal information to improve Club Mykonos’s services and to ensure that our site, products, and services are of interest to you. We also use your personal information to provide you with the expected level of hospitality in-room and throughout our properties. This may include providing you with the ability to control your in-room technology through our website or apps on your personal devices.
- Data Correctness, Analytics, and Personalization: We may aggregate your personal information with data from third-party sources for purposes of keeping the information up to date and analytics. We also rely on information from third parties in order to provide better, more personalized service. For example, if you connect your social media services or other accounts to our services, we may use this information to make your experience with us more personal and social, or share and use it as described elsewhere in this Statement.
PERSONAL INFORMATION WE SHARE
In order to offer you the expected level of hospitality and to provide you with the best level of service, we may share your personal information among members of the Club Mykonos Worldwide Portfolio of Brands, our service providers, and other third parties as set forth in detail below:
- Club Mykonos Portfolio of Brands, Including Franchised Hotels, Managed Hotels, Timeshare and Fractional Resorts: We may share personal information within the Club Mykonos Portfolio of Brands, as well as with owners and operators of franchised hotels, owners of hotels that we manage but do not own, and timeshare or fractional ownership resorts that may individually or jointly use personal information to provide you with services, personalization, and for the purposes described above. In addition, when we cease managing a hotel that we do not own or end a franchise relationship, we may provide the hotel’s owner with certain information about past or future guests of that hotel.
- Electronic Billing Program: If you receive an invoice by email, a summary detailing the goods and services provided to you during your stay will be shared with the payment card provider and, if you participate in a corporate billing program and use a corporate payment card, the payment card provider may share that summary with your employer. Additionally, if you participate in a special rate plan, we may share lists of Club Mykonos Loyalty numbers that used the plan with the entity that provided the special rate plan to you. The privacy policies of your employer, the relevant payment card provider and card issuer apply once we have transferred your information.
- Group Events or Meetings: If you visit Club Mykonos as part of a group event or meeting, information collected for meeting and event planning may be shared with the organizers of those meetings and events, and, where appropriate, guests who organize or participate in the meeting or event.
- Business Partners: We may partner with other companies to provide you with products, services, or offers based upon your experiences at our properties and may share your information with our business partners accordingly. For example, we may help to arrange rental cars or other services from our business partners and share personal information with our business partners in order to provide those services. If you are a Club Mykonos Loyalty member, we may share your personal information with our business partners in order to credit you with mileage or other benefits earned through your participation in the Club Mykonos Loyalty program. We may also share your personal information, such as your email address, with our corporate travel partners to help them assess compliance with travel policies or participation in special rate plans or to engage in co-branded marketing with our corporate travel partners. We may also share personal information with select third parties, such as our airline and payment card partners, to allow us and our partners to deliver advertisements to our shared and prospective customers. We and our partners may be able to provide more relevant offers to you based upon information that we share about your experiences at our properties, as well as information in your Club Mykonos Loyalty profile. Additionally, we may allow third-party partners to recognize you when you visit that partner’s website or app, or to recognize you as one of their customers when you visit Club Mykonos websites or apps so that they may provide more relevant offers to you. We may share a hashed version of your email address with third parties using available security measures that may match it with their own hashed versions of email addresses so that they can send online and email advertisements to you on our behalf.
- Co-Sponsors of Promotions: We co-sponsor promotions, sweepstakes, prize draws, competitions or contests with other companies, and we provide prizes for sweepstakes and contests sponsored by other companies. If you enter one of these sweepstakes or contests, we may share your information with the co-sponsor or third-party sponsor.
- On-property Services: We may share personal information with third-party providers of on-property services such as concierge services, WiFi access providers, spa treatments, or dining experiences.
- Service Providers: We rely on third parties to provide services and products on our behalf and may share your personal information with them as appropriate. Generally, our service providers are contractually obligated to protect your personal information and may not otherwise use or share your personal information, except as may be required by law. However, our fraud detection service providers may use, but not share, your personal information for fraud detection purposes. We may use service providers to communicate news and deliver promotional and transactional materials to you on our behalf, including personalized online and mobile advertising in accordance with your preferences and applicable law. Please see our Cookies Statement for more information. Club Mykonos will only work with parties that offer a method to opt-out of such advertising. We may also share information with service providers to allow you to create itineraries by selecting sites, activities, and restaurants from lists that we have personalized for you based on your preferences and third-party data.
- Business Transactions: As we develop our business, we might sell, buy, restructure or reorganize businesses or assets, or cease being the manager or franchisor of a hotel that is currently part of our portfolio. In such circumstances, Club Mykonos may transfer, sell or assign information collected, including, without limitation, Other Information (described below) and personal information, to one or more affiliated or unaffiliated third parties in connection with these business transactions. To the extent that local laws require it, we will provide notice of our intent to transfer personal data to a third party for this purpose, and explain how you can object to such transfer.
- Telemarketing: If you stay at one of our hotels and are a Club Mykonos Loyalty member, we may share your telephone number among the Club Mykonos Portfolio of Brands, for purposes of telemarketing in accordance with your preferences and applicable law. We may also receive your telephone number from our partners or from other sources, which we may use for telemarketing purposes.
- Other: In addition, Club Mykonos may disclose personal information in order to: (i) comply with applicable laws, (ii) respond to governmental inquiries or requests from public authorities, (iii) comply with valid legal process, (iv) protect the rights, privacy, safety or property of Club Mykonos, site visitors, guests, employees or the public, (v) permit us to pursue available remedies or limit the damages that we may sustain, (vi) enforce our websites’ terms and conditions, and (vii) respond to an emergency.
When you visit and interact with Club Mykonos websites and apps, we collect other information that does not directly identify you about your use of the site, such as a catalog of the site pages you visit, and the number of visits to our sites (“Other Information”). We use Other Information, as well as data received from third parties, to deliver email, online (on our sites and other sites) and mobile advertisements. We may also use Other Information to allow third-party partners to recognize you as a Club Mykonos Loyalty member when you visit the partner’s website or app, or to recognize you as one of their customers when you visit Club Mykonos websites or apps so that they may provide more relevant offers to you.
At this time, we do not respond to Do Not Track signals or other, similar mechanisms. Please see our Cookies Statement for more information.
We may use the information we have collected and aggregated, or anonymized personal information received from third parties, to understand more about our users (for example, we may use the aggregated information to calculate the percentage of our users who have a particular telephone area code). This includes demographic data, such as date of birth, gender and marital status, inferred commercial interests, such as favorite products or hobbies, and other information we may collect from you or from third parties.
Because Other Information does not personally identify you, such information may be disclosed for any purpose where permitted by law. In some instances, we may combine Other Information with personal information. If we do combine any Other Information with personal information, the combined information will be treated by us as personal information in accordance with this Statement.
The term “sensitive information” refers to information related to your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, sex life, or sexual orientation, genetic information, criminal background, and any biometric data used for the purpose of unique identification. In some jurisdictions, mobile phone numbers, location data, and information contained on identity documents also are considered sensitive information.
We do not generally collect sensitive information unless it is volunteered by you or unless we are required to do so pursuant to applicable laws or regulations. We may use health data provided by you to serve you better and meet your particular needs (for example, the provision of disability access).
PERSONAL INFORMATION FROM CHILDREN
We do not knowingly collect personal information from individuals under 18 years of age. As a parent or legal guardian, please do not to allow your children to submit personal information without your permission.
MOBILE AND LOCATION-BASED SERVICES
We provide mobile apps that can be downloaded to your smartphone or mobile device. These apps have a variety of functionalities that enhance the customer experience. In addition to providing services, our apps may collect personal and Other Information that will be used in accordance with this Statement. For example, to book or change a reservation, including a reward stay, you will be required to provide some personal information, such as your Club Mykonos Loyalty credentials or other information as necessary. Our Digital Key functionality within the Club Mykonos Loyalty App collects information we already have about you, including your Club Mykonos Loyalty number and user ID, and additional information, including use of the key. We provide a link to this Statement to customers prior to their downloading of any of our apps.
If you allow our mobile apps to access your location information on your device, our mobile apps may use your mobile device’s Global Positioning System (GPS) technology and other technology (such as wireless transmitters known as beacons) to provide you with information and offers based on the location of your device. Beacons allow us to collect information about your location within participating hotels by communicating with mobile devices that are in range. We may use this location information to enhance your on-property experience by delivering push notifications and other content to your mobile device, providing navigation assistance as you move around our locations, and sending you information and offers about products, services, or activities we believe may be of interest to you. We may share this information with third parties, including business partners and service providers, to provide information, offers, and services that may be of interest to you. You may prevent or limit the collection of location information by changing the settings in the Club Mykonos Loyalty app, or by changing your device’s settings.
For certain properties, we also make available real-time or virtual “concierge” features, which may be pre-loaded onto a Club Mykonos-owned device, downloadable to your web-enabled mobile device, or available as part of the Club Mykonos Loyalty App. For example, you can communicate directly with the hotel; order services from the hotel, such as room service or valet parking; access our websites; access third-party websites, including local attractions and social media; and book a reservation. The hotel will access and use your personal information (such as your name, Club Mykonos Loyalty tier, confirmation number, check-in, and check-out dates, and room number) in providing these concierge services. If you request SMS (text) communications, you will be required to provide your phone number and carrier. We may also communicate with you by means of third-party digital messaging apps. If we do so, the privacy policies of those services apply.
We offer all of these mobile and location-based services only to the extent permitted by applicable local laws.
LINKS TO THIRD-PARTY WEBSITES AND SERVICES
PROTECTING PERSONAL INFORMATION
Club Mykonos will take reasonable measures to (i) protect personal information from unauthorized access, disclosure, alteration or destruction, and (ii) keep personal information accurate and up-to-date as appropriate. Club Mykonos employs a robust team of dedicated information security professionals who are responsible for creating, updating and managing Club Mykonos’s security program. Club Mykonos’s Information Security team is responsible for, among many other things, monitoring our systems for potential intrusions, responding to potential incidents, supporting property-level information security, regularly reviewing and updating the security controls Club Mykonos uses to protect data and providing training on Club Mykonos’s information security program. Club Mykonos maintains a PCI compliance program and an IT compliance program. This compliance program generates audit reports concerning the adequacy and effectiveness of Club Mykonos’s IT internal controls, including a PCI Attestation of Compliance signed by an external PCI Qualified Security Assessor and a SSAE16/SOC1 report addressing the IT general controls over systems that support certain accounting and financial reporting. In the event of a security incident, Club Mykonos will notify regulators and/or consumers as required by applicable laws or regulations.
We also seek to require our affiliates and service providers with whom we share personal information to exercise reasonable efforts to maintain the confidentiality of personal information about you. For online transactions, we use reasonable technological measures to protect the personal information that you transmit to us via our site. Unfortunately, however, no security system or system of transmitting data over the Internet can be guaranteed to be entirely secure.
For your own privacy protection, please do not send payment card numbers or any other confidential personal information to us via email.
We will not contact you by mobile/text messaging or email to ask for your confidential personal information or payment card details. We will only ask for payment card details by telephone when you are booking a reservation or promotional package. We will not contact you to ask for your Club Mykonos Loyalty account log-in information. If you receive this type of request, you should not respond to it. We also ask that you please notify us at loyalty@ClubMykonos.gr.
INTERNATIONAL TRANSFERS OF PERSONAL INFORMATION
As a company, we endeavor to provide you with the same level of service that you have come to expect at Club Mykonos whether you are in Mykonos, Athens or elsewhere. To provide this service, you acknowledge that we may share your personal information among members of the Club Mykonos Portfolio of Brands, our service providers, and other third parties, which may be located in countries outside of your own. The data controller may maintain a local copy of your personal information when so required by applicable laws or regulations. Although the data protection laws of various countries may differ from those in your own country, we will take appropriate steps to ensure that your personal information is handled as described in this Statement and in accordance with the law.
CHANGING AND ACCESSING YOUR PERSONAL INFORMATION
If you are a Club Mykonos Loyalty member, the information you provided to us at the time of registration may be accessed, reviewed and updated at any time by signing in to your Club Mykonos Loyalty profile.
To the extent required by applicable law, you may be able to request that we inform you about the personal information we maintain about you and, where appropriate, withdraw your consent for certain data processing activity and/or request that we update, correct, delete, and/or stop processing your personal information. We will make all required updates and changes within the time specified by applicable law and as required by law. When permitted by law, we may charge an appropriate fee to cover the costs of responding to the request. Such requests may be submitted in writing to DataProtectionOffice@ClubMykonos.gr or Club Mykonos Data Protection Officer, Voukourestiou 3, 19019, Athens, Greece. To protect your confidentiality, we can only respond to such requests to the email address that you have registered or otherwise provided to us. Please remember that if you make such a request, we may not be able to provide you with the same quality and variety of services to which you are accustomed.
In addition, in some circumstances based on applicable law, you may request that we cease sharing personal information about you with our business partners or that Club Mykonos cease using personal information about you by contacting us using the email or mailing address above. We will seek to honor those requests consistently with applicable law.
RETAINING PERSONAL INFORMATION
We retain personal information about you for the period necessary to fulfill the purposes outlined in this Statement unless a longer retention period is required or permitted by applicable law. We retain personal information collected in order to fulfill guest reservations for seven years after the stay is completed. We retain other personal information for shorter periods of time if possible and if permitted by law.
We will destroy your personal information as early as practicable and in a way that the information may not be restored or reconstructed.
If printed on paper, the personal information will be destroyed in a secure manner, such as by cross-shredding or incinerating the paper documents or otherwise and, if saved in electronic form, the personal information will be destroyed by technical means to ensure the information may not be restored or reconstructed at a later time.
CHOICES – MARKETING COMMUNICATIONS
If you have given us your contact information (mail address, fax number, email address or phone number), we may want to inform you in accordance with any preferences you have expressed, and with your consent where required, about our products and services or invite you to events via email, online advertising, social media, Viber, WhatsApp, Messenger, telephone, text message (including SMS and MMS), push notifications, in-app alerts, postal mail, our customer service call center, and other means (including on-property messaging, such as your in-room television).
If you are a Club Mykonos Loyalty member, you may change the communications you receive from us by logging on to your online account and managing your subscriptions, by writing to us (and including your email address) at DataProtectionOffice@ClubMykonos.gr or Club Mykonos Data Protection Officer, Voukourestiou 3, 19019, Athens, Greece..
If you prefer not to receive email marketing materials from us, you may opt-out at any time by using the unsubscribe function in the email you receive from us. Opt-out requests can take up to ten business days to be effective.
To opt out of text messages, tell the hotel front desk that you do not want to receive text messages from the hotel or reply “STOP” to the message you received.
To be added to Club Mykonos’s internal do not call list, send a message to DataProtectionOffice@ClubMykonos.gr or Club Mykonos Data Protection Officer, Voukourestiou 3, 19019, Athens, Greece.
You may control whether our mobile apps send you push notifications by changing your notification settings on your mobile device. If we engage in sending you in-app messages, we will allow control for those in our apps’ settings. For more information about cookies and interest-based advertising and to learn about how to manage these technologies, please see our Cookies Statement.
We may modify this Statement from time to time. When we make material changes to this Statement we will post a link to the revised Statement on the homepage of our site, and if you have registered for any of your products or services, will also inform you through a communications channel that you have provided. You can tell when this Statement was last updated by looking at the date at the top of the Statement. Any changes to our Statement will become effective upon posting of the revised Statement on the site. Use of the site, any of our products and services, and/or providing consent to the updated Statement following such changes constitutes your acceptance of the revised Statement then in effect.
If you have any questions about this Statement or how Club Mykonos processes your personal information, or if you wish to either provide a compliment or a complaint, please contact us by email at DataProtectionOffice@ClubMykonos.gr or Club Mykonos Data Protection Officer, Voukourestiou 3, 19019, Athens, Greece.
ADDITIONAL PROVISIONS APPLICABLE TO PROCESSING OF
PERSONAL INFORMATION OF EEA RESIDENTS
For individuals residing in the EEA, this Appendix outlines certain additional information that Club Mykonos is obligated to provide to you, as well as certain rights you have with respect to the processing of your personal information, pursuant to applicable local laws. This Appendix will control to the extent it conflicts with any provision in the main body of this Statement.
Controller: for more information on the Club Mykonos entities that process your personal information, please write to:
Data Protection Officer: DataProtectionOffice@ClubMykonos.gr or Club Mykonos Data Protection Officer, Voukourestiou 3, 19019, Athens, Greece.
Purposes and Legal Basis for Processing: Club Mykonos processes your personal information for the purposes set forth in Sections 4 (Use of Personal Information Collected About You) and 5 (Personal Information We Share) of the main body of this Statement.
The legal bases for Club Mykonos’s processing activities include processing such information as necessary to comply with our contractual obligations, compliance with our legal obligations, protecting the safety of our employees, guests, and others, for our legitimate business interests, and pursuant to your consent.
The particular legal basis for the processing of your personal information is based on the purpose for which such information was provided or collected:
- Club Mykonos Loyalty Participation: We process the personal information obtained in connection with your participation in the Club Mykonos Loyalty program on the basis of our contractual relationship with you and in furtherance of our business interests, including to personalize your use of our services and applications, to communicate news and promotional items, and to deliver personalized advertising and content.
- Surveys: Completion of surveys is voluntary – we process the information obtained from surveys on the basis of your consent and in furtherance of our business interests, including marketing, service improvements, and analytics.
- On-property Collection:
- When you make a reservation and when you stay at one of our hotel properties, we process your name, address, contact information, along with the details of your stay (arrival and departure day and time, vehicle information and information regarding others traveling or staying with you), on the basis of our contractual relationship with you. We also process such data for our business interests, including for marketing, service improvements, administration of our e-billing program, and analytics and service personalization, as described in Section 4 of our Global Privacy Statement (above).
- We collect certain additional personal information during registration/check-in at our properties (such as national ID or passport information), as necessary to comply with our legal obligations.
- We use closed-circuit television and other security measures at our properties that may capture or record images of guests and visitors in public areas, as well as information related to your location while on our properties (via keycards and other technologies) for the protection of our staff, guests and visitors to our properties.
- We process personal information in connection with on-property services (such as concierge services, health clubs, spas, activities, child care services, equipment rental, and our Digital Key functionality), in order to provide the services to you and for our business interests including for marketing, service improvements, administration of our e-billing program, and analytics and service personalization, as described in Section 4 of our Global Privacy Statement (above).
- Event Profiles: We process the personal information obtained in connection with your event on the basis of our contractual relationship with you and for our business interests, including for marketing, service improvements, and analytics and service personalization, as described in Section 4 of our Global Privacy Statement (above).
- Social Media: Participation in Club Mykonos-sponsored social media activities and offerings is voluntary – we process information obtained from social media participation on the basis of your consent and in furtherance of our related business interests, including for marketing, service improvements, and analytics and service personalization, as described in Section 4 of our Global Privacy Statement (above).
- Promotions and Sweepstakes: Participation in sweepstakes, contests, and other promotional offerings is voluntary – we process the information obtained from such participation based on your consent and as necessary to administer the offering. We also use certain data for our business purposes, including for marketing, service improvements, administration of our e-billing program, and analytics and service personalization, as described in Section 4 of our Global Privacy Statement (above).
- Direct Marketing: We use your personal information to send you marketing messages on the basis of your consent. You may withdraw your consent for direct marketing communications at any time by contacting us at DataProtectionOffice@ClubMykonos.gr or Club Mykonos Data Protection Officer, Voukourestiou 3, 19019, Athens, Greece or by following the unsubscribe instructions in the marketing message, or by logging in to your Club Mykonos Loyalty account and updating your communication preferences.
- Franchise and Ownership Opportunities: We process this information on the basis of our contractual relationship with you and for our related business interests, including maintaining and promoting the Club Mykonos brand and facilitating direct communication between properties within the Club Mykonos Portfolio of Brands.
Retention: We retain personal information about you for the time necessary to accomplish the purpose for which such information was collected, usually for the duration of any contractual relationship and for any period thereafter as legally required or permitted by applicable law. Our retention policies reflect the applicable statute of limitation periods and legal requirements.
Data Subject Rights: Residents of the EEA have the following rights:
Access, Correction and Erasure Requests: You have the right to:
- ask us to confirm whether we are processing your personal information
- receive information on how your data is processed
- obtain a copy of your personal information
- request that we update or correct your personal information
- request that we delete personal information in certain circumstances
Right to Object to Processing: You have the right to request that Club Mykonos cease processing of your personal information:
- for marketing activities, including profiling
- for statistical purposes
- where such processing is based on our legitimate business interests, unless we are able to demonstrate a compelling legitimate basis for such processing or we need to process your personal information for the establishment, exercise or defense of a legal claim
Right to Restrict Processing: You have the right to request that Club Mykonos limit the processing of your personal information:
- while Club Mykonos is evaluating or in the process of responding to a request by you to update or correct your personal information
- where such processing is unlawful and you do not want Club Mykonos to delete your data
- where Club Mykonos no longer requires such data, but you want us to retain the data for the establishment, exercise or defense of a legal claim
- where you have submitted an objection to processing based on our legitimate business interests, pending our response to such request
Where we limit the processing of your personal information pursuant to your request, we will inform you prior to re-engaging in such processing.
Data Portability Requests: You have the right to request that we provide you or a third party that you designate with certain of your personal information in a commonly used, machine-readable format. Please note, however, that data portability rights apply only to personal information that we have obtained directly from you and only where our processing is based on consent or the performance of a contract.
Submitting Requests: your requests may be submitted by writing to the DataProtectionOffice@ClubMykonos.gr or Club Mykonos Data Protection Officer, Voukourestiou 3, 19019, Athens, Greece.. You may also update your personal information as provided in Section 12 (Changing and Accessing Your Personal Information) of the main body of this Global Privacy Statement.
We will respond to all such requests within 30 days of our receipt of the request unless there are extenuating circumstances, in which event we may take up to 60 days to respond. We will inform you if we expect our response to take longer than 30 days. Please note, however, that certain personal information may be exempt from such rights pursuant to applicable data protection laws. In addition, we will not respond to any request unless we are able to appropriately verify the requester’s identity. We may charge you a reasonable fee for subsequent copies of data that you request.
If you have concerns about our data practices or the exercise of your rights, you may contact Club Mykonos at DataProtectionOffice@ClubMykonos.gr or Club Mykonos Data Protection Officer, Voukourestiou 3, 19019, Athens, Greece.or the supervisory authority in the Member State of your residence.
Right to Withdraw Consent: You have the right to withdraw your consent to any processing that we conduct solely based on your consent (such as sending direct marketing materials to your personal email account). You may withdraw your consent to marketing activities by following the instructions on any marketing emails or contacting customer_privacy@Club Mykonos.com. For any other activities for which you have previously consented, you may contact DataProtectionOffice@ClubMykonos.gr or Club Mykonos Data Protection Officer, Voukourestiou 3, 19019, Athens, Greece to withdraw such consent.
Segmentation (also referred to as profiling) and Automated Decision Making: We use personal information to divide large groups of consumers into sub-groups of consumers (known as segments) based on some type of shared characteristics such as geography, behavior, or demographics.
With your consent, we make automated decisions, meaning without human interference, using segmentation and/or your specific personal information to offer you certain benefits based on your characteristics (such as discounted room rates or other special offers based on your geography, behavior, or demographics). For example, if you travel frequently during the week to hotels in France, we may send you special offers for Club Mykonos hotels in France.
International Data Transfers: We may transfer the personal information we collect about you pursuant to the purposes described in this Statement to countries that have not been found by the European Commission to provide adequate protection.
We use appropriate safeguards for the transfer of personal information among our affiliates in various jurisdictions, and where required, we have implemented European Union controller-to-controller standard contractual clauses or other such safeguards for such purposes. To obtain a copy of these clauses or additional information on transfers, you may send your request to DataProtectionOffice@ClubMykonos.gr or Club Mykonos Data Protection Officer, Voukourestiou 3, 19019, Athens, Greece.