DECLARATION OF CONFIDENTIALITY
Information on the Processing of Personal Data
We would like to assure you that for Moussamas Bros S.A. the protection of our
customers' personal data is of paramount importance. That is why we are taking
appropriate steps to protect the personal data we process and to ensure that the
processing of personal data is always carried out in accordance with the obligations
laid down by the legal framework, both by the company itself and by those third
parties that process personal data on behalf of the company.
What is GDPR?
The General Data Protection Regulation (GDPR) is the new regulatory
framework of the European Union (EU) in the area under consideration. The purpose
of the law is to lay down the conditions for the processing of personal data to protect
the rights and freedoms of natural persons, and in particular the right to the
protection of personal data.
Head of Processing – Data Protection Officer (DPO)
The company Moussamas Bros S.A., having its seat in Peania Greece, at 40,2 Km
Attica Avenue, email: firstname.lastname@example.org, tel: +302106689000, website:
www.hiathens.com, as duly represented, informs that, for the purposes of its
business activities, processes the personal data of its clients & associates in
accordance with applicable national law and European Regulation 2016/679 on the
protection of natural persons with regard to the processing of personal data and on
the free movement of such data (General Data Protection Regulation, hereinafter
referred to as the “Regulation”), as such is in force.
For any matter relating to the processing of personal data, contact the DPO, Mrs
Despina Chrysopoulou, email: GDPR@hiathens.com, telephone: +302107278555
Which is the legitimate ground for processing your personal data; and how
do we process them?
We are processing the personal data that you directly provide us with, as well as the
data that booking engines and travel agencies forward to our hotel, so that you can
enjoy our hotel services. Specifically, but not exhaustively, we are collecting and
processing your full name, email address, mobile and landline phone numbers, credit
card number, date of birth, information relating to your preferences regarding your
staying at the hotel, i.e. preferences on the rooms, favourite activities, dietary habits,
health conditions dictating special room arrangements.
Legitimate grounds for processing your personal data constitute:
a) the provision of accommodation, F&B establishment, and entertainment services
that you wish to receive from us. As legitimate grounds can also be considered:
the provision of information concerning our hotels’ services, room reservations,
services concerning your arrival and departure, use of our facilities, and anything
that can contribute to the fulfilment of our contractual obligations in this
b) the safeguarding and protection both of your, as well as our, legal interests.
Thus, we use CCTV and security cameras, in order to be able to protect the
safety and security of individuals, materials, facilities, as well as special security
software to detect and prevent malicious actions. Cameras are to be found in
the hotels’ outdoor and indoor premises;
c) the compliance with an obligation imposed by the law. Specifically, we maintain
personal data records of all of our customers staying at our hotel (full name,
address, Passport or ID number). In addition, we maintain copies of proves of
payments for twenty (20) years;
d) the consent you provide under the specific conditions set out in the legal
framework, in order to receive information on the activity, products, services,
etc. of Moussamas Bros S.A. and/or third cooperating companies, which process
personal data in accordance with the, from time to time, applicable framework.
Do we share your personal data?
Our company shares your data with third parties, which have been assigned the
processing of your data on our behalf. In those cases, our company remains
responsible for your data processing, and defines the specifics of the processing. Our
company concludes data processing agreements with the third parties, in order to
ensure the compliance of the process with the current legal framework, and the
exercise of the rights of every natural person.
Our company shares your data within our Group, as well as with cooperating third
companies for purposes of advertising, product and services information and
updates, as well as for promotions, under the condition that your consent has been
Finally, we share your data with consulting firms, accounting firms, as well as with
Personal Data Storage Period
The data storage time is decided on the basis of the following specific criteria, as the
case may be:
When processing is imposed as a requirement under provisions of the applicable
legal framework, your personal data shall be stored for as long as required by the
When processing is done on a contractual basis, your personal data will be stored for
as long as necessary for the performance of the contract and for the foundation,
exercise, and / or support of legal claims under the contract.
For marketing purposes, your personal data shall be kept until your consent is
revoked. The revocation shall take place at any time, and does not affect the legality
of consent-based processing in the period prior to the said revocation.
To revoke your consent, please contact the Data Protection Officer, please get in
touch with Mrs. Despina Chrysopoulou, email: GDPR@hiathens.com, telephone:
You can also use the unsubscribe options, by clicking on the corresponding link in
our electronic communications.
What are your rights in respect with your personal data
Every natural person whose data are being processed by Moussamas Bros S.A.
enjoys the following rights:
Right of Access:
You have the right to be aware and verify the legitimacy of the processing. Thus,
you have the right to access the data and get additional information about their
Right to Correct:
You have the right to study, correct, update or modify your personal data. You can
come in contact with our DPO using the above-mentioned contact details.
Right to Delete:
You have the right to request the deletion of your personal data when we process it
based on your consent or in order to protect our legitimate interests. In all other
cases (such as, by way of indication, where there is a contract, obligation to process
personal data required by law, public interest), such right shall be subject to specific
restrictions or shall not exist, as the case may be.
Right to limit processing:
You have the right to request the limitation of the processing of your personal data
in the following cases: (a) when the accuracy of the personal data is questioned and
until such data is verified, (b) when you object to the deletion of personal data and
request the limitation of their use rather than their deletion, (c) when such personal
data are not needed for processing purposes, they are, however, indispensable for
the foundation, exercise, support of legal claims, and (d) when you oppose to the
processing and until it is verified that there are legitimate grounds that concern us
and supersede the reasons for which you are opposed to the processing.
Right to oppose the processing:
You are entitled to oppose the processing of your personal data, at all times, in case
where, as described above, this is necessary for the purposes of legitimate interests
pursued by us as controllers, as well as in the processing for direct marketing
purposes and consumer profile training.
Right to portability:
You have the right to receive your personal data free of charge in a format that
allows you to access, use, and edit them with commonly used editing methods.
Moreover, you have the right to ask us, if technically feasible, to pass the data
directly to another controller. Such right to do so exists for the data you have
provided to us and their process is carried out by automated means based on your
consent or performance of a relevant contract.
To exercise any of the above rights you can contact the Data Protection Officer
(DPO), please get in touch with Mrs. Despina Chrysopoulou, email:
GDPR@hiathens.com, telephone: +302107278555.
Right to lodge a complaint to the Personal Data Protection Authority
You have the right to file a complaint with the Personal Data Protection Authority
(www.dpa.gr): Switchboard: +30 210 6475600, Fax: +30 210 6475628, E-mail:
Security of Personal Data
Moussamas Bros S.A. shall implement appropriate technical and organizational
measures aimed at the safe processing of personal data and the prevention of
accidental loss or destruction and the unauthorized and/or unlawful access to, use,
modification or disclosure thereof. In any case, the way in which internet operates
and the fact that it is free to anyone cannot guarantee that unauthorized third
parties will never be able to violate the applicable technical and organizational
measures gaining access and, possibly, using personal data for unauthorized and/or unfair purposes.