Welcome in our website www.costanavarino.com. We provide this Privacy Statement as an explanation of the information we collect, how we use it, and how the use of this information can benefit your experience on our premises (namely our golf premises, the W Costa Navarino, the Westin Resort Costa Navarino, the Romanos a Luxury Collection Resort, and the Mandarin Oriental Costa Navarino, hereinafter collectively referred as ‘’Premises’’) and your digital experience on our website. Our mission is to consistently exceed our guests’ expectations in terms of the products and services we provide to our business and leisure travelers. We strive to create an experience that is responsive to our guests’ needs by using the information you entrust us with responsibly. We are committed to respecting your privacy and adhering to the principles of applicable Greek and European data protection and privacy laws. We wish to help you make informed decisions, so please take a moment to read the sections below.
Who we are
Temes S.A. is a leading investor, developer and operator in the high-end tourism and real estate sector in Greece. Please find below our contact details:
5, Pentelis Street
17564 PALEO FALIRO , ATTIKI , GREECE
Tel.: +30 211 0160200, 210 9490200
Temes S.A. is the Data Controller of your personal data collected through this website or/and in the cases referred here below, unless an explicit reference to another data controller is made.
Collection of Personal Data
We collect personal data about our guests and visitors through different collection channels such as our website, our Costa Navarino Mobile Application, social media and of course onsite at our Premises, so that we can provide an experience that is responsive to our guests’ and visitors’ needs. We endeavor to collect your personal data only with your knowledge and with your permission, if necessary. In particular, in each case we collect your data we provide you with a detailed and specific privacy notice. Throughout your experience with us, we collect Personal Data in accordance with law, such as:
- Identity Data, e.g. name, surname, passport, visa or other government-issued identification data, tax number, membership or loyalty program data
- Demographic Data: place and date of birth, gender, nationality, language preference
- Contact Data, e.g. home or work postal address, work and personal e-mail address, telephone (Home/ Work/mobile) and fax numbers
- Family Data: data about family members and companions, such as names and ages of children
- Financial and Travel Data: Credit and debit card number or other payment data, Financial information in limited circumstances, Travel itinerary, tour group or activity data
- Social Media Data: social media account ID, profile photo and other data publicly available, or data made available by linking your social media
- Lifestyle Data: Guest preferences and personalized data, such as prior guest stays or interactions, goods and services purchased, your interests, activities, hobbies, food and beverage choices, services and amenities of which you advise us or which we learn about during your visit
- Health Data, e.g. as required for participation in certain activities, use of services and special service and amenity requests.
How we collect Personal Data
TEMES S.A. collects personal information you provide, through multiple communication channels, such as:
- Data collection in our Premises: We may collect personal data during your stay in our Premises by asking you to fill in certain documents/forms in relation to your overall accommodation, check-in, concierge services, restaurants, spa treatments, activities (e.g. golf/ fitness activities), child care services and equipment rental. We also collect Personal Data when you make a reservation over the phone, communicate with us by email, fax or via online chat services or contact customer service. These communications may be recorded for purposes of quality assurance and training. Please note that when you check-in in our hotel and provided that we are a franchise hotel of Marriott International Inc, the latter becomes Data Controller of your Personal Data.
- Online Services/Website: We collect Personal Data when you communicate with us through our website, or otherwise connect with us or post to social media pages, or sign up for a newsletter or participate in a survey, contest or promotional offer.
- Surveys and questionnaires: We may also collect further demographic data or other personal information via onsite or online surveys and questionnaires.
- Through our Mobile Application we collect personal data that you may provide by downloading and registering to our Application. Registration with us is optional. However, if you don’t register with us you may not be able to use some of the features offered by the Application. When you register with us and use the Application, you generally provide: (a) your name, last name, email address, user name, password and other registration information; (b) transaction-related information, such as for when you make reservations; (c) information you provide us when you contact us for help; In addition, the Application may collect certain information automatically, including, the type of mobile device you use, your mobile devices unique device ID, the IP address of your mobile device, your mobile operating system, the type of mobile Internet browsers you use, and information about the way you use the Application. More info is available at the dedicated Privacy Notice of our Mobile Application.
- Events: Whether you plan an event with us or you just attend one as a guest, we may collect your personal data about the theme and date of the event, statistics and other personal information of guests attending the event. We may share personal information about you with event planners or third-party service providers or vice versa.
- Real Estate Offers: In case you are interested in obtaining more information about real estate opportunities, we may collect information about you, such as identity (e.g. name, surname) or contact data (e.g. telephone home or work address, work and personal e-mail address) telephone (Home/ Work/mobile) and eventually your Express of Interest either for a certain real estate opportunity or/and in order to provide you in the future with the most appropriate property offers and opportunities. In this case, Data Controllers apart from Temes S.A. shall be Costa Navarino North Properties S.A. and Costa Navarino South Properties S.A., or/and any other property owners of the specific assets.
- Golf activities: In case you are interested in taking part in golf activities, we may collect your personal data in order to lease the required equipment and to let you participate in tournaments. In this case, Data Controllers of your data shall be Temes S.A., Panorama S.A. and Dunes S.A. based on the property rights of each golf court.
- Third Parties: We may also collect information about you from third parties (such as travel agents, real estate agents, corporate clients, third party operators and other business partners), as well as from other sources that share your data with us pursuant to legal or contractual obligations. We may also further use and share this information for the same purposes.
Purpose for data processing
We ask for your personal data only to the extent that we need it or intend to use it for the following purposes:
-providing the services you request, based on our contractual relationship. We use Personal Data to provide the services you have requested, including:
- Facilitating reservations and bookings of hotel accommodations and related services; engaging in pre‑arrival communications (logistics, changes, preferences, etc.); and processing payments and security deposits.
- Facilitating check-in and check-out; processing payments; providing concierge, luggage storage and parking services; making arrangements with third‑party providers on behalf of guests (such as coordinating tours and other sightseeing excursions; arranging taxi, shuttle and chauffeur services; and facilitating reservations and bookings at restaurants and events); administering and facilitating access to WiFi, TV and other connectivity services (including access to business center amenities, such as fax and photocopying services) and entertainment systems; facilitating in-room dining (including taking into account any dietary or other health restrictions expressed by the guest); housekeeping services (including preferences for special pillows, duvets and other amenities expressed by the guest) and dry-cleaning services; handling customer requests, inquiries and complaints; and determining eligibility for age‑restricted goods and services (such as alcohol or in-room adult entertainment).
- Communicating with customers about conferences and other event planning; facilitating reservation and bookings of events; engaging in pre event communications (logistics, accommodations, changes, etc.); preparing for and coordinating events in accordance with customer instructions, expectations and preferences; facilitating catering; communicating about billing and recovering amounts owed; processing payments and security deposits; performing credit checks; handling customer requests, inquiries and complaints; and communicating with participants during events.
- Facilitating reservations and bookings with regard to amenities and facilities including; determining eligibility for services; honoring disability or other health-related restrictions and providing appropriate and safe activities, services and treatments; arranging requested professionals for specific treatments and services
-complying with our legal obligations, pursuant to the applicable legal and regulatory framework. We use your Personal Data for the following purposes:
- Client identification, bookkeeping and tax obligations,
- responding to requests from public and government authorities;
- meeting national security or law enforcement requirements;
- protecting the rights, privacy, safety, or property of ours clients, guests, visitors and other relevant individuals
-based on your explicit consent, we process your data
- for marketing and communication purposes in relation to our products and services, our strategic marketing partners, and other trusted third parties. In this case you may receive tailor made offers & benefits, invitations to events, newsletters and optional participation in surveys, based on your preferences and your interests, whereas we may use the data and preferences you have provided or are stored on other data platforms in one of the data sources mentioned here above (see “How we collect personal data”). In any case, you are entitled to withdraw any time your consent or/and to object to such processing of your personal data, without any negative consequence for you.
-based on our business legitimate interest, we process your data for
- performing market research via surveys to better serve your needs and improve your experience at Costa Navarino, improve the efficiency of our websites and our various means of communications, facilitate our advertising campaigns, and/or promotional activities
- administering customer-care services to facilitate and address inquiries, comments and complaints about any of our services (such as in person, through phone lines, email, or on social media)
Transfer of data
- We may disclose your Personal Data to third party service providers including, for example, companies that provide website hosting, data analysis, payment processing, order fulfillment, activities and food & beverage booking, information technology and related infrastructure provision, customer service, email delivery, marketing, auditing and other services. We may also disclose your Personal Data to third parties, such as lawyers, consultants and insurance companies in order to defend and exercise our rights.
- As mentioned above, in case you check-in in our hotels, we may disclose your Personal Data to Marriott Group that becomes Data Controller of your data and provides with its own privacy notice at check-in points.
- We also may disclose your Personal Data to Third Party Operators within our Premises or in our strategic partners in order to provide you with the requested services
- We may disclose your data to respond to requests from public and government authorities, including authorities outside your country of residence and to meet national security or law enforcement requirements and to allow us to pursue available remedies or limit the damages that we may sustain.
Links to other websites
In order to anticipate your needs, the Costa Navarino website and our Mobile Application provide links to other websites for your convenience and information. TEMES S.A. is not responsible or liable for any content presented by or contained on any independent website, including, but not limited to, any advertising claims or marketing practices. Please note that while TEMES S.A. will protect your information on TEMES S.A. owned and operated websites, we cannot control and will not be responsible for the privacy policies of third party websites, including websites owned or controlled by operators, third party owners of hotel, resort, interval ownership, or residence properties that may use the name of a Costa Navarino brand, or websites not controlled or authorized by TEMES S.A.. Third party websites that are accessed through links on our website have separate privacy and data collection practices, and security measures. Please note that the online booking process is managed by a third party through their websites. We have no responsibility or liability for the practices, policies and security measures implemented by third parties on their websites. We encourage you to contact them to ask questions about their privacy practices, policies and security measures before disclosing any personal data. We recommend that you review the privacy policies of linked websites to understand how those websites collect, use and store information.
TEMES S.A. does not seek to obtain nor does it wish to receive personal data directly from minors (i.e. under the age of 15) without their parental or legal guardian’s consent; however, we cannot always determine the age of persons who access and use our websites. If a minor (as defined by applicable law) provides us with his/her data without parental or guardian consent, we will not proceed with any data processing, unless the parent or guardian contact us having this information removed.
Under the current privacy protection legislation, you have the following rights: (i) You may ask to know if your personal data is being collected and to what extent; (ii) You may request a copy thereof; (iii) You may request that this data be corrected or completed if you believe it is incorrect or incomplete; (iv) You may request that your personal data be deleted. In this case, TEMES S.A will delete them unless it decides to retain them for one of the legitimate reasons under which it is entitled to refuse; (v) You may object to any of the processing purposes or you may request that their processing be limited;
In these cases, TEMES S.A will respond in writing within 30 days of receipt and identification of the request.
In addition, in the event of exercising one or more of the above-mentioned rights of correction, deletion and restriction of your data, these requests shall also be forwarded to any third-party recipient to whom the personal information may have been disclosed in the scope of pursuance of the afore-mentioned processing purposes.
Data Protection Officer (DPO)
To further facilitate customers’ communication and enforce their afore-mentioned rights related to their personal data, TEMES S.A. has appointed a Data Protection Officer (DPO), whom you may contact at:
Data Protection Office
5 Pentelis str., P. Faliro, 17564
Tel: +30 211 0160 249
In case you consider your personal data affected in any way, you may contact the Greek national Data Protection Authority, as follows:
Postal Address: 1-3 Kifissias Avenue, PC 115 23, Athens
Call Center: +30 210 6475600
Fax: +30 210 6475628
Retention Period of Personal Data
We will retain your Personal Data for the period necessary to fulfill the purposes outlined in this Privacy Statement unless a longer retention period is required or permitted by law.
The criteria used to determine our retention periods include:
The length of time we have an ongoing relationship with you and provide the Services to you (for example, for as long as you have an account with us or keep using the Services)
Whether there is a legal obligation to which we are subject (for example, certain laws require us to keep records of your transactions for a certain period of time before we can delete them)
Whether retention is advisable considering our legal position (such as, for statutes of limitations, litigation or regulatory investigations)
TEMES S.A. has already applied the necessary technical and organizational measures and if needed we are willing to take any further reasonable measure to: (i) protect personal information from unauthorized access, disclosure, alteration or destruction, and (ii) keep personal information accurate and up-to-date, as appropriate. All TEMES S.A. owned websites and servers have security measures in place to help protect your personal data against loss, misuse, and alteration while under our control. Although “guaranteed security” does not exist either on or off the Internet, we safeguard your information using both procedural and technical safeguards, including password controls and “firewalls”.
Please, notice that TEMES S.A. will never contact you by mobile or email to ask for your confidential personal data or payment card details. We may only ask for payment card details by telephone when you are booking a reservation or promotional package.
Updates to the Privacy Statement
TEMES S.A. may amend this Privacy Statement from time to time in order to meet changes in the regulatory environment, business needs, or to satisfy the needs of our guests, properties, strategic marketing partners, and service providers. Updated versions will be posted to our website and date stamped so that you are always aware of when the Privacy Statement was last updated.