SEEBLICK Studios, Rethymnon
Privacy policy according to the provisions of the GDPR

1. Scope of processing of personal data

In principle, we process personal data of our users only insofar as this is necessary to provide a functioning website and our content and services. The processing of personal data of our users takes place regularly only with the consent of the user. An exception applies to cases in which prior consent can not be obtained for reasons of fact and the processing of the data is permitted by law.

2. Legal basis for the processing of personal data

Insofar as we obtain the consent of the data subject for processing of personal data, Art. 6 para. 1 lit. a EU General Data Protection Regulation (GDPR) as legal basis.
In the processing of personal data necessary for the performance of a contract to which the data subject is a party, Art. 6 para. 1 lit. b GDPR as legal basis. This also applies to processing operations required to carry out pre-contractual actions.
Insofar as processing of personal data is required to fulfill a legal obligation that is subject to our company, Art. 6 para. 1 lit. c GDPR as legal basis.
If processing is necessary to safeguard the legitimate interests of our company or a third party, and if the interests, fundamental rights and freedoms of the data subject do not prevail over the first interest, Art. 6 para. 1 lit. f GDPR as legal basis for processing.

3. Data deletion and storage duration

The personal data of the data subject will be deleted or blocked as soon as the purpose of the storage is deleted. In addition, such storage may be provided for by the European or national legislator in EU regulations, laws or other regulations to which the controller is subject. Blocking or deletion of the data also takes place when a storage period prescribed by the standards mentioned expires, unless there is a need for further storage of the data for conclusion of a contract or fulfillment of the contract.

4. Data protection officer of Seeblick Studios, Rethymnon is Mr. Antonis Giatakis.

Provision of the website and creation of log files

5. Description and scope of data processing

Each time our website is accessed, our system automatically collects data and information from the computer system of the calling computer.
The following data can be collected here:

(1) Information about the browser type and version used
(2) The operating system of the user
(3) The Internet service provider of the user
(4) The IP address of the user
(5) Date and time of access

The legal basis for the temporary storage of data is Art. 6 para. 1 lit. f GDPR.

6. Purpose of the data processing

The temporary storage of the IP address by the system is necessary to allow delivery of the website to the computer of the user. To do this, the user's IP address must be kept for the duration of the session.

For these purposes, our legitimate interest in the processing of data according to Art. 6 para. 1 lit. f GDPR.

7. Cooperation with contract processors and third parties

If, in the context of our processing, we disclose data to other persons and companies (contract processors or third parties), transmit them to them or otherwise grant access to the data, this will only be done on the basis of a legal permission (eg if a transmission of the data to third parties, as required by payment service providers, pursuant to Art. 6 (1) (b) GDPR to fulfill the contract), you have consented to a legal obligation or based on our legitimate interests (eg the use of agents, webhosters, etc.).
If we commission third parties to process data on the basis of a so-called "contract processing contract", this is done on the basis of Art. 28 GDPR.

The data processed by us are deleted or limited in their processing in accordance with Articles 17 and 18 GDPR. Unless explicitly stated in this privacy policy, the data stored by us are deleted as soon as they are no longer required for their purpose and the deletion does not conflict with any statutory storage requirements. Unless the data is deleted because it is required for other and legitimate purposes, its processing will be restricted. That The data is blocked and not processed for other purposes. This applies, for example for data that must be kept for commercial or tax reasons.

We, or our hosting provider, collects on the basis of our legitimate interests within the meaning of Art. 6 para. 1 lit. f. GDPR Data on every access to the server on which this service is located (so-called server log files). The access data includes name of the retrieved web page, file, date and time of retrieval, amount of data transferred, message about successful retrieval, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting provider ,
Logfile information is stored for security purposes (for example, to investigate abusive or fraudulent activities). Data whose further retention is required for evidential purposes shall be exempted from the cancellation until final clarification of the incident.

8. Transfers to third countries

If we process data in a third country (ie outside the European Union (EU) or the European Economic Area (EEA)) or in the context of the use of third party services or disclosure or transmission of data to third parties, this will only be done if it is to fulfill our (pre) contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we process or have the data processed in a third country only in the presence of the special conditions of Art. 44 et seq. GDPR. That the processing is e.g. on the basis of specific guarantees, such as the officially recognized level of data protection (eg for the US through the Privacy Shield) or compliance with officially recognized special contractual obligations (so-called "standard contractual clauses").

9. Duration of storage

The data will be deleted as soon as it is no longer necessary for the purpose of its collection. In the case of collecting the data for providing the website, this is the case when the respective session is completed.

10. Opposition and removal possibility
The collection of data for the provision of the website and the storage of the data in log files is essential for the operation of the website. There is consequently no contradiction on the part of the user.

Use of cookies

Our website may use cookies. Cookies are text files that are stored in the Internet browser or the Internet browser on the user's computer system. When a user visits a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic string that allows the browser to be uniquely identified when the website is reopened.

If we use cookies, then to make our website more user-friendly.

When accessing our website, users are informed by an information banner about the use of cookies for analysis purposes and referred to this privacy policy.
Cookies are stored on the computer of the user and transmitted by this on our side. Therefore, as a user, you have full control over the use of cookies. By changing the settings in your internet browser, you can disable or restrict the transmission of cookies. Already saved cookies can be deleted at any time. This can also be done automatically. If cookies are disabled for our website, it may not be possible to use all the functions of the website to the full.


Contact form and e-mail contact

11. Description and scope of data processing

On our website is a contact form available, which can be used for electronic contact. If a user realizes this option, the data entered in the input mask will be transmitted to us and saved. These data are usually:
Name and email address.
Alternatively, contact via the provided e-mail address is possible. In this case, the user's personal data transmitted by e-mail will be stored.
Legal basis for the processing of the data is in the presence of the consent of the user Art. 6 para. 1 lit. a GDPR.
If the processing is necessary for the performance of a contract to which the data subject is a party or for the implementation of pre-contractual measures taken at the request of the data subject, the legal basis for the processing of the data is Article 6 (1) lit. b GDPR.
If the processing is required to fulfill a legal obligation to which the controller is subject, the legal basis for processing the data is Art. 6 (1) lit. c GDPR. The legal basis for processing in order to safeguard our legitimate interests is Article 6 (1) lit. f GDPR.

12. Purpose of the data processing

In this context, there is no disclosure of the data to third parties. The data will be used exclusively for the processing of communication, reservation and booking of studios, rooms and other tourist services, for payment and any other mutual obligations resulting from your stay at our studios.

13. Duration of storage

The data will be deleted as soon as it is no longer necessary for the purpose of its collection. For the personal data from the input form of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the relevant facts have been finally clarified.

14. Safety measures

We take appropriate technical measures in accordance with Art. 32 GDPR, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing as well as the different likelihood and severity of the risk to the rights and freedoms of natural persons and organizational measures to ensure a level of protection appropriate to the risk.
Measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical access to the data, as well as their access, input, disclosure, availability and separation. In addition, we have established procedures that ensure the enjoyment of data subject rights, data erasure and data vulnerability. Furthermore, we consider the protection of personal data already in the development, or selection of hardware, software and procedures, according to the principle of data protection by technology design and by privacy-friendly default settings taken into account (Article 25 GDPR).

15. Cooperation with contract processors and third parties

If, in the context of our processing, we disclose data to other persons and companies (contract processors or third parties), transmit them to them or otherwise grant access to the data, this will only be done on the basis of a legal permission (eg if a transmission of the data to third parties, as required by payment service providers, pursuant to Art. 6 (1) (b) GDPR to fulfill the contract), you have consented to a legal obligation or based on our legitimate interests (eg the use of agents, webhosters, etc.).
If we commission third parties to process data on the basis of a so-called "contract processing contract", this is done on the basis of Art. 28 GDPR.

The data processed by us are deleted or limited in their processing in accordance with Articles 17 and 18 GDPR. Unless explicitly stated in this privacy policy, the data stored by us are deleted as soon as they are no longer required for their purpose and the deletion does not conflict with any statutory storage requirements. Unless the data is deleted because it is required for other and legitimate purposes, its processing will be restricted. That The data is blocked and not processed for other purposes. This applies, for example for data that must be kept for commercial or tax reasons.

We, or our hosting provider, collects on the basis of our legitimate interests within the meaning of Art. 6 para. 1 lit. f. GDPR Data on every access to the server on which this service is located (so-called server log files). The access data includes name of the retrieved web page, file, date and time of retrieval, amount of data transferred, message about successful retrieval, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting provider ,
Logfile information is stored for security purposes (for example, to investigate abusive or fraudulent activities). Data whose further retention is required for evidential purposes shall be exempted from the cancellation until final clarification of the incident.

16. Transfers to third countries

If we process data in a third country (ie outside the European Union (EU) or the European Economic Area (EEA)) or in the context of the use of third party services or disclosure or transmission of data to third parties, this will only be done if it is to fulfill our (pre) contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we process or have the data processed in a third country only in the presence of the special conditions of Art. 44 et seq. GDPR. That the processing is e.g. on the basis of specific guarantees, such as the officially recognized level of data protection (eg for the US through the Privacy Shield) or compliance with officially recognized special contractual obligations (so-called "standard contractual clauses").

17. Opposition and removal possibility

The user has the possibility at any time to revoke his consent to the processing of the personal data. If the user contacts us by e-mail, he may object to the storage of his personal data at any time. In such a case, the conversation can not continue.

Rights of the person concerned

If we process your personal data, you are the person concerned in the sense of GDPR and you have the following rights to the person responsible:

A  Right to information

You may ask the person in charge to confirm if personal data concerning you is processed by us.
If such processing is available, you can request information from the person responsible about the following information:
(1) the purposes for which the personal data are processed;
(2) the categories of personal data being processed;
(3) the recipients or categories of recipients to whom the personal data relating to you have been disclosed or are still being disclosed;
 (5) the existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing;
(6) the existence of a right of appeal to a supervisory authority;
(7) all available information on the source of the data if the personal data is not collected from the data subject;

B  Right to rectification

You have a right to rectification and / or completion to the controller, if the personal data you process is incorrect or incomplete. The responsible person must make the correction without delay.

C  Right of blocking and / or deletion


You may require the controller to delete your personal information without delay, and the controller is required to delete that information immediately if one of the following is true:
(1) Personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
(2) You revoke your consent, to which the processing acc. Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. GDPR and there is no other legal basis for processing.
(3) According to. Art. 21 para. 1 GDPR objection to the processing and there are no prior justifiable reasons for the processing, or you lay gem. Art. 21 para. 2 GDPR Opposition to processing.
(4) Your personal data have been processed unlawfully.

The data processed by us are deleted or limited in their processing in accordance with Articles 17 and 18 GDPR. Unless explicitly stated in this privacy policy, the data stored by us are deleted as soon as they are no longer required for their purpose and the deletion does not conflict with any statutory storage requirements. Unless the data is deleted because it is required for other and legitimate purposes, its processing will be restricted. That The data is blocked and not processed for other purposes. This applies, for example for data that must be kept for commercial or tax reasons.

Exceptions

The right to erasure does not exist if the processing is necessary

to fulfill a legal obligation which requires the processing under the law of the Union or of the Member States to which the controller is subject, or is subject to a retention obligation;

D  Right to information

If you have asserted the right of rectification, erasure or restriction of the processing to the controller, the latter is obliged to notify all recipients to whom your personal data have been disclosed of this rectification, blocking or deletion of the data or restriction of processing because, this proves to be impossible or is associated with a disproportionate effort.
You have a right to the person responsible to be informed about these recipients.

E  right to data portability

You have the right to receive personally identifiable information you provide to the controller in a structured, common and machine-readable format. In addition, you have the right to transfer this data to another person without hindrance by the person responsible for providing the personal data, provided that
(1) the processing on a consent acc. Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or on a contract acc. Art. 6 para. 1 lit. b GDPR is based and
(2) the processing is done by automated means.
In exercising this right, you also have the right to obtain that your personal data relating to you are transmitted directly from one person to another, insofar as this is technically feasible. Freedoms and rights of other persons may not be affected.

F  Right of objection

You have the right at any time, for reasons that arise from your particular situation, against the processing of your personal data, which pursuant to Art. 6 para. 1 lit. e or f GDPR takes an objection.

G  Right to complain to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you shall have the right to complain to a supervisory authority, in particular in the Member State of its residence, place of work or place of alleged infringement, if you believe that the processing of the personal data concerning you is against the GDPR violates.
The supervisory authority to which the complaint has been submitted shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy pursuant to Article 78 of the GDPR.