+30 2314 404000
ON Residence,, a Hotel owned by OL.NA. Single-Member Hotel and Tourist Société Anonyme, operated by MACEDONIAN Hotels S.A., member of the TOR Hotel Group, (hereinafter referred to as “Hotel”, “We”), collects and processes your personal data in accordance with the applicable EU and national data protection legislation.
By the present Privacy Policy We wish to inform you on the personal data We collect and process, whether you visit our Hotel as a guest, or our Restaurant OLYMPOS NAOUSSA, as well as when you cooperate with us or you visit our digital environments.
Our Websites https://www.onresidence.gr and https://www.olymposnaoussa.gr contain links to third party websites which are not subject to this Privacy Policy. We are not responsible for their content, use of personal information, or security practices.
Definitions
‘Personal data’: any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
‘Special categories of personal data’: personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation;
‘Processing’: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
‘Pseudonymization’: the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person;
‘Controller’: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
‘Processor’: a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
‘Consent’: of the data subject: any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
‘Personal data breach’: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed;
‘Existing legislation’: The provisions of the existing Greek, EU or other legislation which is applicable to ON RESIDENCE which regulates matters of data protection, such as: Regulation (EU) 2016/679 (GDPR), Greek Law 4624/2019, Greek Law 3471/2006, Directive 2002/58/EC, as well as any other Decisions, Opinions, Directives, Guidelines and Recommendations issued by the European Data Protection Board, the European Data Protection Supervisor, the Hellenic Data Protection Authority (HDPA) and any other competent supervisory authority, as in force from time.
Data Protection Officer
We have appointed a Data Protection Officer to oversee compliance with this privacy policy. If you have any questions about this Privacy Policy or how We handle your personal information, please contact our Data Protection Officer at dpo@onresidence.gr. We welcome questions, comments, and concerns about our cookies policy and privacy practices. If you contact us with a privacy complaint it will be assessed with the aim of resolving the issue in a timely and effective manner.
Information We collect - Purpose of processing - Legal Basis
We ensure that We collect, store and process only the necessary information in order to provide you high quality services. More specifically, We collect:
When you wish to make a booking at ON RESIDENCE or make an inquiry
When you wish to make a booking reservation at ON RESIDENCE, either through our Website or by contacting us by email/ through a travel agent, We may ask you to provide certain personal information including your full name, email address, contact number, postal address, payment details, such as your bank account and payment card information (i.e. credit card type and number, credit card holder name, expiration date). This information is required to process and complete your reservation (including the sending of a confirmation email of the booking to you). We may also collect and store to our systems our communication and relevant documentation you send to us prior to your visit, in order to organize your stay and provide you the services agreed.
We collect the above information in order to arrange your booking reservation at ON RESIDENCE, as well as to process and perform the relevant payment for the purchased services. The legal basis of processing is the performance of the contract with you, as well as our legitimate interest to recover any issued claims in case of disputes.
When your stay with us at ON RESIDENCE
During your stay at ON RESIDENCE We collect information including the data provided during the registration process (full name, date of birth, id/ passport number, visa data, nationality home address, e-mail address, phone number, companion full name, postal code, number of children and their ages). Moreover, We record your itemized spending to properly assemble your folio, which sets out your room rate and other expenses billed to your room. We may also collect allergies and/or special requirement preferences (i.e. mobility requirements, payment difficulties, special requests, service issues, amenities requests, interests, activities, hobbies) but only if you voluntarily provide them to us by signing the relevant forms and providing us your explicit prior consent. Moreover, We may collect information related to accidents that may take place while you visit our Hotel. Finally, ON RESIDENCE may collect personal data of its guests in line with the applicable from time to time health protocols, as issued by the competent public authorities (e.g. vaccination certificates etc).
We collect the above information in order to: a. complete the check-in process, serve your stay and offer you our agreed services. Our legal basis of processing is the performance of our contractual obligations, as well as to our legal obligations. b. to offer you personalized services (regarding preferences etc). Our legal basis is your prior consent, c. for communication, promotional, research and marketing purposes. Our legal basis is your consent, d. to assess and investigate an accident/incident in accordance with our internal procedures, for the proper handling of any respective legal issues. Our legal basis is our legitimate interest as a service provider and our defense of any legal claims, e. the protection of the health of our guests and staff. Our legal basis of processing is reasons of protection of public interest in the area of public health.
For online bookings at ON RESIDENCE, We use the WebHotelier service. Making an online booking, means that you accept the Privacy Policy of our online booking system.
F&B reservations
When you wish to make a F&B reservation, We collect your full name, room number, as well as any other special preferences/allergies you may have. We collect and process such information only for the duration of your stay and up to the end of the operating season that you have visited ON RESIDENCE.
We collect such information in order to manage your reservation and provide you with F&B services. Our legal basis is the fulfillment of our contract and our legitimate interest to provide you our high-quality services.
Reservations for our restaurant OLYMPOS NAOUSSA
Should you wish to make reservation for our restaurant OLYMPOS NAOUSSA, We will collect information such as your full name, your phone number, your email, as well as any other special food preferences or requests you may have.
We collect and process such information only for the duration of your stay and for the purpose of understanding your needs and providing you with a better service at the restaurant.
For our online reservations, We use the i-host service. Making an online reservation for our restaurant OLYMPOS NAOUSSA, means that you accept the Terms of Use and the Privacy Policy of i-host.
We may also collect, should you provide us with your consent, personal data through surveys for the purpose of improving and promoting Our services, as well us for contacting our clients on special occasions (e.g. birthday dates) and presenting them with special offers.
CCTV systems
We collect and process CCTV images through our video-surveillance systems in order to ensure your safety and security, alongside our premises and staff. For further information about our CCTV network, please contact dpo@onresidence.gr.
Our legal basis of processing is the legitimate interest to protect the safety of our guests, employees and premises.
We do not seek to collect personal data directly from minors. We do not knowingly collect personal data from anyone under 18 without parental/ legal guardian consent. As it is impossible to determine the age of persons you use our Websites, If you are a parent and you have a concern about information that may have been provided by your child to us, please contact us at dpo@onresidence.gr .
If you are a job applicant
We may apply for one of our vacancies which are published either to our Websites, or third- party platforms. We may collect and process only the necessary personal information in order for Us to assess your suitability for a job opening (e.g. full name, contact details, working experience and CV details). Our legal basis of processing is our legitimate interest to assess your suitability for our vacancies, as well as to comply with our pre-contractual obligations. Should you provide us with your consent, We may keep your CV for future openings.
For more information on the processing of your personal data please refer to the Job Applicants’ Privacy Notice, which is available here.
If you are an employee
We may collect and process only the necessary information to manage our employment relationship, either at the pre-contractual stage (eg full name, Social Security Numbers, Bank details, contact details, working permit, information on education and training, family status etc), or during the performance of the contract (e.g. evaluations, trainings, leaves etc). We always ensure to provide our employees with a relevant privacy notice as an annex to the employment agreement.
We collect such data in order to comply with our contractual obligations and fulfill our legal obligations as an employer. Our legal basis is the need to process your data in the context of our contractual obligation or during the pre-contractual stage, as well as to comply with our legal obligations.
We may collect and process personal information from our vendors, only as necessary to fulfill our contractual and/ or legal obligations (e.g. full name, TIN number, Bank account details, full address and contact details). Our legal basis of processing is the performance of our contractual agreement and our compliance with our tax obligations.
We use browser cookies and similar technologies (collectively, “cookies”) to collect and store certain information when you use, access, or interact with us via our Websites. We may, for example, collect information about the type of device you use to access our Websites, the operating system and version, your IP address. For information about how We use cookies and the choices you may have, please read further below.
Should you wish for, you may subscribe to our Newsletter, in order to receive the latest news and offers from ON RESIDENCE and TOR Hotel Group. We may collect and process only your email address and your full name. Our legal basis is your prior explicit consent. You may always withdraw your consent, either by choosing the relevant unsubscribe option which is available in all our emails, or by sending an email to: dpo@onresidence.gr
Who do We share your information with?
We keep your personal data secure and safeguarded. Only authorized employees and/or external partners will have access and process your personal data according to the purpose of their processing. We may share your personal data within TOR Hotel Group, Grivalia Hospitality Group, any third parties (legal entities or individuals) as well as the competent public services for the abovementioned purposes.
More specifically, your personal data may be shared with:
Third party service providers (eg. Legal consultants, it & information security services, technical support, insurers and/or professional advisors insofar as reasonably necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, marketing agencies, our payment services provider, companies and organizations for the purposes of fraud protection and credit risk reduction). We endeavor to ensure by relevant data processing agreements that any personal data processing is made in full compliance with the data protection legislation.
Companies within TOR Hotel Group, Grivalia Hospitality Group, if such transfer is necessary for the pursuance of the abovementioned purposes.
Competent Public Services (Police, prosecuting authorities, tax authorities etc.) in the context of performing their duties, or upon relevant request.
In any case of data transfers, We ensure to limit the extent of information that is being disclosed, to the strictly necessary for the performance of the specific purpose of the transfer.
Third-Parties’ websites
We may allow third-party ad servers or ad networks to serve advertisements and/or collect information on the service. These third-party ad servers or ad networks use technology to send, directly to your browser, the advertisements and links that appear on our Websites. They automatically receive your IP address when this happens. They may also use other technologies (such as cookies, JavaScript, or web beacons) to measure the effectiveness of their advertisements and to personalize the advertising content. ON RESIDENCE does not provide any personally identifiable information to these third-party ad servers or ad networks without your consent.
The ON RESIDENCE Privacy Policy does not apply to, and We cannot control the activities of, third-party advertisers. Please consult the respective privacy policies of such advertisers for more information.
International Data Transfers
We may transfer your personal data outside the European Economic Area (“EEA”), such as to Switzerland, or another country. Such transfer is considered as international data transfer for the lawful performance of which, there are special legal requirements. Before any international data transfer, We will ensure that an adequate level of protection is provided by confirm that one of the following requirements is met:
Personal data will be transferred to organizations that participate in data transfer mechanisms for transfers from the EEA or Switzerland to the U.S.
Personal data will be transferred to countries that have privacy laws that have been recognized as providing adequate protection for the data.
Personal data will be transferred to countries that are subject to an adequacy decision by the European Commission,
Personal data is adequately protected by appropriate safeguards, such as by standard contractual clauses signed with the third parties to which the data will be transferred.
Data Retention
We will keep your personal data for as long as needed to fulfil the purposes for which it is collected unless We are required or permitted by law to keep the personal data for a longer period of time.
Deletions of data, pursuant to properly addressed, valid, and verified GDPR-related requests, will occur without undue delay and in any event within one month of receipt of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests.
Our retention periods are based on legal provisions and your information that is no longer needed is either irreversibly anonymized or destroyed securely. Where We don’t need to keep all of your information in full, We will obfuscate or aggregate it, for example, web activity logs and survey responses. This is to ensure that We do not retain your information for longer than necessary.
Data Security
We take appropriate technical and organizational security measures to keep your personal data safe and accurate as well as to protect them against any loss, misuse, or unauthorized access, alteration, disclosure or destruction. We also have implemented measures to maintain the ongoing confidentiality, integrity and availability of the systems and services that process personal data so that We be able to restore the availability and access to your data in a timely manner in the event of a physical or technical incident.
Your Rights
We respect your rights as set forth by the applicable privacy and data protection laws. Especially, you enjoy the following rights related to the data We collect and process about you, and more specifically you may:
You do not have to pay a fee, and We will aim to respond to your request within 30 days upon receipt and identification of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests We handle. We will honor the requests you make related to your rights as the law allows, which means in some cases there may be lawful reasons that will may not enable us to satisfy the specific request you make related to your rights.
In case of exercising one or more of the above-mentioned rights of correction, deletion and restriction of your data, these requests shall also be forwarded to any third-party recipient with whom your personal data may have been shared in the context of the pursuance of the aforementioned processing purposes.
In case you consider that We have not handled with your request properly, you can always refer to the competent Hellenic Data Protection Authority at www.dpa.gr/index.php/en/individuals/complaint-to-the-hellenic-dpa.
To make enquires and/or to exercise any of the abovementioned rights, please fill in this form and send it to our Data Protection Officer at dpo@onresidence.gr.
About Cookies
In some cases we may use cookies to collect personal information, or that becomes personal information if we combine it with other information.
What are cookies?
Cookies are small data files that are placed on your computer or mobile device when you visit a website. Cookies are widely used by website owners in order to make their websites work, or to work more efficiently, as well as to provide reporting information.
Cookies set by the website owner are called "first-party cookies." Cookies set by parties other than the website owner are called "third-party cookies." Third-party cookies enable third-party features or functionality to be provided on or through the website (e.g., advertising, interactive content, and analytics). The parties that set these third-party cookies can recognize your computer both when it visits the website in question and also when it visits certain other websites.
Why do we use cookies?
We use first- and third-party cookies for several reasons. Some cookies are required for technical reasons in order for our Website to operate, and we refer to these as "essential" or "strictly necessary" cookies. Other cookies also enable us to track and target the interests of our users to enhance the experience on our Online Properties. Third parties serve cookies through our Website for advertising, analytics, and other purposes. This is described in more detail below.
How can I control cookies?
You have the right to decide whether to accept or reject cookies. You can exercise your cookie rights by setting your preferences in the Cookie Consent Manager. The Cookie Consent Manager allows you to select which categories of cookies you accept or reject. Essential cookies cannot be rejected as they are strictly necessary to provide you with services.
The Cookie Consent Manager can be found in the notification banner and on our website. If you choose to reject cookies, you may still use our website though your access to some functionality and areas of our website may be restricted. You may also set or amend your web browser controls to accept or refuse cookies.
The specific types of first- and third-party cookies served through our Website and the purposes they perform are described in the table below (please note that the specific cookies served may vary depending on the specific Online Properties you visit):
Performance and functionality cookies:
These cookies are used to enhance the performance and functionality of our Website but are non-essential to their use. However, without these cookies, certain functionality (like videos) may become unavailable.
Advertising cookies:
These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests.
Unclassified cookies:
These are cookies that have not yet been categorized. We are in the process of classifying these cookies with the help of their providers.
How can I control cookies on my browser?
As the means by which you can refuse cookies through your web browser controls vary from browser to browser, you should visit your browser's help menu for more information. The following is information about how to manage cookies on the most popular browsers:
In addition, most advertising networks offer you a way to opt out of targeted advertising. If you would like to find out more information, please visit:
What about other tracking technologies, like web beacons?
Cookies are not the only way to recognize or track visitors to a website. We may use other, similar technologies from time to time, like web beacons (sometimes called "tracking pixels" or "clear gifs"). These are tiny graphics files that contain a unique identifier that enables us to recognize when someone has visited our Website or opened an email including them. This allows us, for example, to monitor the traffic patterns of users from one page within a website to another, to deliver or communicate with cookies, to understand whether you have come to the website from an online advertisement displayed on a third-party website, to improve site performance, and to measure the success of email marketing campaigns. In many instances, these technologies are reliant on cookies to function properly, and so declining cookies will impair their functioning.
Do you use Flash cookies or Local Shared Objects?
Websites may also use so-called "Flash Cookies" (also known as Local Shared Objects or "LSOs") to, among other things, collect and store information about your use of our services, fraud prevention, and for other site operations.
If you do not want Flash Cookies stored on your computer, you can adjust the settings of your Flash player to block Flash Cookies storage using the tools contained in the Website Storage Settings Panel. You can also control Flash Cookies by going to the Global Storage Settings Panel and following the instructions (which may include instructions that explain, for example, how to delete existing Flash Cookies (referred to "information" on the Macromedia site), how to prevent Flash LSOs from being placed on your computer without your being asked, and (for Flash Player 8 and later) how to block Flash Cookies that are not being delivered by the operator of the page you are on at the time).
Please note that setting the Flash Player to restrict or limit acceptance of Flash Cookies may reduce or impede the functionality of some Flash applications, including, potentially, Flash applications used in connection with our services or online content.
Do you serve targeted advertising?
Third parties may serve cookies on your computer or mobile device to serve advertising through our Website. These companies may use information about your visits to this and other websites in order to provide relevant advertisements about goods and services that you may be interested in. They may also employ technology that is used to measure the effectiveness of advertisements. They can accomplish this by using cookies or web beacons to collect information about your visits to this and other sites in order to provide relevant advertisements about goods and services of potential interest to you. The information collected through this process does not enable us or them to identify your name, contact details, or other details that directly identify you unless you choose to provide these.
Cookie Policy update
We may update this Cookie Policy from time to time in order to reflect, for example, changes to the cookies we use or for other operational, legal, or regulatory reasons. Please therefore revisit this Cookie Policy regularly to stay informed about our use of cookies and related technologies.
If you have any questions about our use of cookies or other technologies, please contact us at: dpo@onresidence.gr
Changes to this Privacy Policy
We may make changes to this Policy from time to time based on changes to applicable laws and regulations or other requirements applicable to us, changes in technology, or changes to our business. Any changes We make to the Policy in the future will be posted on this page, and where We change this Policy in ways that also affect how We process personal information about you, where appropriate, We will notify you directly via email or other direct contact with you, and We also will post a notice on our home page that this Policy has changed. If We materially change the way in which We process your personal data, We will provide you with prior notice, or where legally required, request your consent prior to implementing such changes. We strongly encourage you to read our privacy policy and keep yourself informed of our practices.
Τhis Privacy Policy has been last updated on April 2024
