PRIVACY POLICY

INTRODUCTION

The website cavoparadiso.gr and the application Cavo Paradiso Mykonos belong to the company CAVO PARADISO S.A., with General Commercial Registry No. 047919738000, with registered offices in the Municipality of Mykonos, Cyclades, Greece, at Kalamopodi, P.C. 84600, taxpayer identification number (TIN) & VAT number EL 997969796, tel. (0030) 22890 27205, e-mail: info@cavoparadiso.gr.

The Company has taken the appropriate measures which ensure that the processing of your personal data complies with the General Data Protection Regulation (EU) 2016/679 (GDPR). Especially, Cavo Paradiso adopts internal policies and implement measures which meet the principles of data protection by design and data protection by default.

We collect your personal data either directly from you, or through affiliated companies. We collect your data through the Website / App and / or via other ways (social media, cookies, analytics tools, e-mails etc.).

By using the Website / App, you agree to be bound by this Privacy Policy. In case you disagree with the Privacy Policy, you must refrain from any action, interaction, access and use of the Website / Application.

This Privacy Policy applies to Users of the Website / App. Therefore, the words "you", "your" and generally the use of the second plural form refers to Users. Throughout the Privacy Policy, the terms “we”, “us” and “our”, refer to the Company. This Privacy Policy may also apply to the guests of the Club, for the processing of their Data during their visit to the Club, as described below.

SCOPE AND AIM

While you are browsing through different webpages of the Website or using the App, we may ask you to disclose some personal data in order to provide the Services to you. The present Privacy Policy (hereafter Privacy Policy) describes the type of your personal data which are subject to the processing, the way and the context in which your personal data are collected, the purposes and means of the processing of your personal data, the lawfulness of processing, the entities to which your personal data may be disclosed, the purpose limitations, the \ storage period and measures we take to ensure lawful and fair processing and the principles relating to processing of your Data. It also includes information about your rights and data protection.

The Privacy Policy applies only to processing of personal data for the purposes which are listed below. We also collect personal data through our pages on social media, cookies, analytics tools etc. In this case data processing may also be subject to another privacy policy (e.g. Google privacy policy).

DEFINITIONS

For the purposes of this Privacy Policy:

(1) 'personal data' or 'data' means any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

(2) 'processing' means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

(3) 'data controller' means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the Controller or the specific criteria for its nomination may be provided for by Union or Member State law;

(4) 'processor' means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the Controller;

(5) 'consent' of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;

(6) 'recipient' means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;

(7) 'third party' means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;

(8) 'supervisory authority' means an independent public authority which is established by a Member State pursuant to Article 51 G.D.P.R.

(9) 'restriction of processing' means the marking of stored personal data with the aim of limiting their processing in the future;

(10) 'profiling' means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements;

Website: The website https://www.cavoparadiso.gr/.

Application or App: The application Cavo Paradiso Mykonos.

Cavo Paradiso: The website https://www.cavoparadiso.gr/ or the app Cavo Paradiso Mykonos.

User: The person who browses the Website or uses the App and the Services.

Company: The company CAVO PARADISO S.A..

Services: The offered options to Users via the Website / App.

Club: The Cavo Paradiso Night Club located in Mykonos island.

PRINCIPLES RELATING TO THE PROCESSING OF YOUR PERSONAL DATA

We process your personal data lawfully, fairly and in a transparent manner ('lawfulness, fairness and transparency'). We collect your personal data for specified, explicit and legitimate purposes. Your data are not further processed in a manner that is incompatible with those purposes ('purpose limitation'). Furthermore, your personal data that we process are adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed ('data minimisation'). Your personal data are also accurate and, where necessary, kept up to date. We take every reasonable step to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay ('accuracy'). Your personal data are kept in a form which permits identification of you for no longer than is necessary for the purposes for which the personal data are processed ('storage limitation'). Your personal data are processed in a manner that ensures their appropriate security, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures ('integrity and confidentiality').

DATA CONTROLLER

For any processing of your personal data for the following purposes, the company "CAVO PARADISO S.A." is the Data Controller (e-mail: info@cavoparadiso.gr). The Data Controller determines the purposes and means of the processing of your personal data.

PERSONAL DATA WE COLLECT AND PROCESS - LAWFULNESS OF PROCESSING - PURPOSES - RETENTION PERIOD

1. Provision of services

Personal Data collected via the reservation form (book a ticket for upcoming events): If you wish to conclude a distance contract with the Company for the provision of our services, we will process your data, such as your name & surname, your e-mail, your phone number, your age range, your billing address (street, city, state / country, postal code), the way you found our Club, the number of guests and your payments. We do not store your credit / debit card details that you enter in the electronic environment of collaborating bank / payment service provider. You will need to show us your identity / passport on your arrival at the Club in order to let you in.

If you wish to book a ticket for more than one person, you need to provide us with their names / surnames. You are responsible of ensuring that these guests have given consent to this processing operation before you disclose their data to our Company. The Company shall not be held liable for any damage due to your omission of taking their prior consent. To book a table you need to send us an e-mail at makeyoureservation@cavoparadiso.gr.

Lawfulness of Processing: Processing is necessary for the performance of our contract to which you are party.

Purpose: The provision of our Services / the fulfilment of our obligations as a party of the contract. We may as well use your e-mail address and/or your contact phone number to provide information to you about our contract and the purchased services, the confirmation of our agreement, your passbook etc.

Retention Period: We will store your personal data for as long as the law stipulates from the end of your last purchase from the Website / App.

2. Booking requests

Personal Data collected via the “Floating Platform reservation form”: If you wish to express your interest to arrive at the club with our floating platform, we will process your name & surname, your e-mail, your mobile phone number, the dates preferred, the number of guests and other information you may want to share with us.

Lawfulness of Processing: We will process your Personal Data in order to take steps at your request, prior to entering into a contract.

Purpose: We need your personal data to check the availability on our floating platform and inform you about it.

Retention Period: We will store your personal data for one year after receiving them.

Personal Data collected via the “Book a Table reservation forms”: If you wish to express your interest to book a table, we will process your name & surname, your e-mail, your mobile phone number, the dates preferred, the number of guests and other information you may want to share with us. If you are booking a table at the Sushi Bar, we will also process your preferred time of booking.

Lawfulness of Processing: We will process your Personal Data in order to take steps at your request, prior to entering into a contract.

Purpose: We need your personal data to check the availability and inform you about it and the prices.

Retention Period: We will store your personal data for one year after receiving them.

3. Communication

Personal Data collected when you contact us (via e-mail, telephone, social media etc.): When you seek for information about our services or when you need support for our services, or if you wish to share other information with us, we will process the Data which you disclose to us.

Lawfulness of Processing: We will process your Personal Data in order to take steps at your request, prior to entering into a contract, or when processing is necessary for the purposes of the legitimate interests pursued by the Company or on the basis of your consent.

Purpose: We need your personal data to communicate with you, answer your request, handle a complaint etc.

Retention Period: Unless there is another legal reason or obligation to retain them, we will store your personal data for one year after receiving them.

4. Social media interaction

Personal Data collected when you interact with our Company on social media: We collect your Personal Data (profile name, comments, reviews, reactions, messages) that you share with us when visiting our pages / profiles / channels on social media platforms (Facebook, Instagram, X, Pinterest, Youtube, Spotify, Google Maps).

Lawfulness of Processing: By using the above-mentioned services (social media) you acknowledge that your interaction (like, comment, message) with our pages / profiles / channels etc. gives us the right to process your personal data on the basis of your consent. Processing of the Data you share on social media is also subject to the privacy policy of each social media site.

Purpose: We need your personal data to respond to your requests / messages or interact with you in any way on the social media environment. We may also process this information for marketing purposes (e.g. send you information about our services).

Retention Period: Your personal data will be retained for as long as you remain a fan / follower / member / subscriber of our pages / profiles, or for as long as your activity (posts, comments, reactions etc.) remains on our social media pages.

5. Photos & videos

Personal Data collected during you visit to the Club: We may process photos or videos of you, taken by our authorized personnel while participating in our Club's events. Photos may be taken with cameras or drones.

Lawfulness of Processing: 1) We may process a photo of video of you when processing is necessary for the purposes of the legitimate interests of the Company such as the promotion of our services. 2) When you voluntarily pose on a photo or video, you give us the right to process your personal data on the basis of your consent for the following purposes.

Purposes: We may process your photos and videos for: 1) the promotion of an event in the media (either live broadcast or playback of photos / videos taken), 2) the publication of photos / videos from an event on the official websites and social networking pages of the Company.

Retention Period: Your personal data will be retained until any withdrawal of your consent and for as long as the Club hosts similar events. Any retention of your data by third party recipients (TV stations, magazines, etc.) is subject to the relevant policy of each recipient.

The Company shall not be liable for any process of your personal data (photos and videos) by other guests or the above-mentioned recipients.

6. Repeat Client

Personal Data: We store the data of a User who wants to be treated as a repeat client (Repeater) the next time he is visiting the Club (reservation details). When a User declares that he is a repeat client we check our files to confirm that he is has visited again the Club.

Lawfulness of Processing: The User who wishes that his/her personal data are kept with no time limit for the next time he/she is vising our Club may give us his/her consent for this processing.

Purpose: We need to store the data of a potential repeat client in order to confirm in the future that he/she has visited again our Club and grant him/her a discount.

Retention Period: Your personal data will be retained until any withdrawal of your consent and for as long as the Club hosts similar events.

7. Cookies and Technical Information

The Website and third parties may store cookies on your device. We use cookies and other similar technologies (analytics) for statistical analysis and other purposes. We also use functionality Cookies. We may process your IP in order to guarantee optimal functionality of the Website and to prevent cyberattacks. For more information (e.g. purposes, lawfulness, retention period etc.) please read the Cookies Policy.

The Company cooperates with advertising / promotional businesses, statistical analysis businesses, suppliers and service providers who process personal data on our behalf. We disclose your personal data to our partners, solely for the processing purposes referred to in this Privacy Policy.

We may also process your personal data, if processing is necessary for the purposes of the legitimate interests pursued by the Company (market research/analysis and marketing strategic, security reasons, statistical analysis of reservations), or for direct marketing. Any processing of your Personal Data in this context will be carried out in accordance with the G.D.P.R.

We collect and process your personal data only for legal purposes, as mentioned above. We may process your personal data for purposes other than those for which your personal data were initially collected, only where the processing is compatible with the purposes for which your personal data were initially collected. We may also process your personal data, in case the processing is necessary for compliance with legal obligations to which the Company is subject.

The time that your Personal Data may be retained by the Company is also determined by our legal obligations in the applicable Legislation. If there is a dispute, pursuant to our contract, we may keep your personal data for as long as the relevant Law stipulates.

Note: The Website and Application work in the same way and the Data you enter are stored in the same databases and servers. Therefore, the terms "Website" and "Application" in this Policy are equivalent and refer to the same online reservation management system, which operates both in web interface and as an application for mobile devices. However, some features and related options as well as the terms of this Policy may only apply to the use of the Website or the Application due to their different technical and functional characteristics.

PROCESSING OF SPECIAL CATEGORIES OF PERSONAL DATA

We will not ask you to disclose special categories of Data. You must refrain from sending us special categories of Personal Data, unless necessary. The Company shall not be liable for any damage incurred to you or a third party due to an illegal act or omission performed by you, regarding special categories of Personal Data. In case you send us Special Categories of Personal Data you consent to the processing of your personal data in accordance with our Company's statutory purposes.

Only adults shall use the Services. Therefore, we do not collect or process children's Data. Whenever we detect that a User has disclosed to Cavo Paradiso any children's Data we will erase them. The Company shall not be held liable for any and all damages arising from any use of the Website / App by a child.

CHILDREN' S DATA

Our Site and Apps are not directed to or intended to be used by individuals under the age of 18. Only adults shall use the Services. Therefore, we do not knowingly request, collect or process children's Data. Whenever we detect that a User has disclosed to Cavo Paradiso any children's Data we will erase them. The Company shall not be held liable for any and all damages arising from any use of the Website / App by a child. If you are under the age of eighteen (18), please do not submit any Personal Data through the Services. We encourage parents and legal guardians to monitor their children's Internet usage and to help enforce our Privacy Policy by instructing their children never to provide Personal Data through the Services without their permission. If you have reason to believe that your child under the age of 18 has provided Personal Data to us in connection with our Site or Apps, please email us at info@cavoparadiso.gr and we will endeavor to delete the personal information that she or he provided from our databases.

CONSENT

We may ask you to give your consent to the processing of personal data relating to you. This may include ticking a checkbox on the Website / App. With this action you declare that you have read and agree to the Privacy Policy. Ticking that box, is a clear affirmative action, which is considered as a freely given, specific, informed and unambiguous indication of your agreement to the processing of your personal data for the above-mentioned purposes, when we process your data on the basis of your consent. You may withdraw your consent at any time, without affecting the lawfulness of processing based on your consent before your withdrawal.

While using the Application you may be asked to decide, through relevant options on your device, whether you wish to allow the Application to access your calling system, in order to contact us.

We will provide all the information you need to express your prior agreement (consent) to the processing of personal data relating to you, if processing is based on your consent.

If you refuse to disclose your Personal Data to the Company or if you prevent the App from accessing your device's functionalities you may not be able to use the Services, communicate with the Company or conclude an agreement with us.

You may withdraw your consent for the processing of your data either by performing the necessary adjustments on your terminal device (for App Users) or by contacting the Company.

RECIPIENTS & PROCESSORS

We may need to disclose your Personal Data to authorized recipients for (i) the maintenance / repair of our equipment (PCs, servers, hardware) that support the operation of the Website, for (ii) the development of the Website, etc.

Where processing is to be carried out on behalf of the Company, we use only processors providing sufficient guarantees to implement appropriate technical and organizational measures which ensure processing will meet the requirements of the GDPR and reinforce the protection of your rights. Some of the processors and/or recipients are listed here: i) Eurobank S.A., ii) Meta Platforms Ireland Limited (Instagram & Facebook), iii) Google Inc.

Eurobank Privacy Policy: https://www.eurobank.gr/en/gdpr-general-data-protection-regulation/.

Instagram Privacy Policy: https://help.instagram.com/519522125107875/?maybe_redirect_pol=0.

Facebook Privacy Policy: https://www.facebook.com/about/privacy.

The Company and Facebook Inc. are joint controllers for the collection and disclosure by transferring to Facebook of the data collected through embedded Facebook plugins (Share or Like button).

Google Privacy Policy: https://www.google.com/intl/en/policies/privacy/.

The Company uses Google Analytics. The Company and Google Inc. are Joint Controllers for some of the processing operations, while for other processing operations Google Inc. and the Company are sole Controllers.

Google Inc. determines some of the purposes and means of the processing of personal data collected through its technology. For any processing of personal data for the purposes and means determined by Google Inc., it is the data Controller. Google Inc. may use your personal data for its own purposes, such as for profiling or combined with other data from user accounts in other services. The processing of your Data under the Google Analytics service, either by the Company or by Google Inc., is carried out on the basis of your consent.

TRANSFER OF PERSONAL DATA TO A THIRD COUNTRY

A transfer of personal data to a third country (outside European Economic Area (EEA)) may take place where the Commission has decided that the third country ensures an adequate level of protection. In the absence of a decision, we may transfer personal data to a third country only if the processor has provided appropriate safeguards, and on condition that enforceable data subject rights and effective legal remedies for data subjects are available. Otherwise, we will transfer your data to a third country only under GDPR conditions (data subject's consent / contract / vital interests, etc.).

YOUR RIGHTS

The Company protects your personal data and respects your rights and freedoms.

As Data Subject you have the right to be informed on the processing of your personal data, the right of access to your personal data and to information relevant to processing, the right of rectification of your personal data , the right to erasure of your personal data, the right to restriction of processing, the right to data portability, the right to object to the processing of your personal data, the right not to be subject to a decision based solely on automated processing, including profiling and the right to withdraw your consent at any time.

To be informed about or exercise the above rights, you need to apply in writing to the Company with registered offices in the Municipality of Mykonos Greece, Kalamopodi – P.C. 84600, or via e-mail: info@cavoparadiso.gr. We are ready to handle your request with respect to your rights and privacy. Otherwise, you could lodge a complaint to a supervisory authority (www.dpa.gr – tel: +30 210 6475600, contact@dpa.gr), if the Data Controller does not take action on your request.

We take all efforts to facilitate the exercise of Data Subjects' rights. We will not refuse to act on any request of yours for exercising your rights, which are described above, unless we are unable to identify the Data Subject.

We will respond in writing to such requests from you, without undue delay and in any event within one month of receipt of your request. In this case we will provide you with information on action taken on behalf of your request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests. We will inform you of any such extension within one month of receipt of the request, together with the reasons for the delay.

We will communicate any rectification or erasure of personal data or restriction of processing to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort.

Otherwise, if we do not intend to act on your request, we will inform you without delay and at the latest within one month of receipt of the request of the reasons for not taking action.

Where requests from a data subject are manifestly unfounded or excessive, in particular because of their repetitive character, the Company may either: (a) charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the action requested, or (b) refuse to act on the request.

STORAGE & SECURITY OF PERSONAL DATA

The Company has taken the appropriate organizational and technical measures in order to secure your personal data. Personal data collected through Cavo Paradiso are stored at the Company' s computer systems, at the server where the official Company's e-mail is hosted and at the Website's / App's server in European Union to which only authorized persons have access. Personal Data may also be stored at other collaborating companies' data centers. Your personal data are generally kept in electronic form or in a physical archive, when necessary (tax information, invoices etc.). Cavo Paradiso ensures that your personal data are transferred encrypted, by using an SSL certificate. Our Website / App is scanned on a regular basis for security holes, malwares and known vulnerabilities in order to make your visit as safe as possible. Your personal information is only accessible by a limited number of persons who are required to keep the information confidential. All transactions are processed through a gateway provider and are not stored or processed on our servers. The Company shall not be liable for any damage caused by risks appearing in online systems / websites of Banks or other payment service providers, or entities advertised in this Website / App, collaborating companies etc., even if Users are referred to said websites by links, banners, frames etc. placed on the Website / App. Liability for the content, information, visitors' safety and protection of your personal data, as well as the quality of services provided is born solely by owners, managers and administrators of said websites, which you visit at your own risk.

DISPUTE RESOLUTION

For any dispute you may have with the Company, regarding this Privacy Policy, the use of the Website and the Services, we are willing to resolve the issue with respect of your rights.

In case of controversy or claim of any nature regarding the process of your personal data and the context of this Privacy Policy, the applicable law is the law of the Hellenic Republic, the G.D.P.R. and the instructions, decisions, guidelines and opinions of the Hellenic Data Protection Authority. Any dispute between the Company and the Users or third parties from the use of the Website / Application will be resolved through friendly negotiations between them and through Alternative Dispute Resolution (Mediation). Otherwise, for all actions or legal procedures, the Courts of Athens will be competent.

UPDATES TO THE PRIVACY POLICY

The Company reserves the right to amend this Privacy policy. Any changes will be posted here. You should periodically check whether changes have been made. Last edited by INTERNETLAW - https://www.internetlaw.gr/ - on 20.05.2022.