PaymentPolicy - Payment Gateway

Payment Policy

AGREEMENT ON PAYMENT MANAGEMENT SYSTEM GENERAL

TERMS OF USE AND PROVISION OF SERVICES

This agreement includes the terms and conditions governing the use of the website santocollection.directpayments.gr, a website providing hotel services via the Internet (hereinafter referred to as "site and/or Website"), and is concluded between on the one hand the company under the name of “ΑRTEMIOS SINGLE MEMBER S.A.” based in Heraklion, Crete (28A Alex. Papanastasiou St.) and is legally represented by the Chairman of the Board of Directors and CEO Mr. Andreas Metaxas , s/o Nikolaos, TRN 801702114, Tax Office of Heraklion (hereinafter referred to as the "COMPANY") and, on the other hand, the visitor, user or customer or member or purchaser of the services provided on the site.

This website is an e-service platform using a payment management system, which enables the visitor to make reservations and receive services at one of the hotels or villas forming part of the SANTO COLLECTION Resorts & Villas (“Santo Pure Oia Suites & Villas”, “Santo Mine Oia Suites” and “The Villas by Santo Collection”), just by clicking. Then, payment services are provided through a related link to another website, which is not owned by the Company but constitutes an independent Payment Service Provider, which is in cooperation with the Company, and through which payment is made.

This online platform has been developed and operated with a view to providing the users with the option of making online and offline reservations as well as receiving other services at the SANTO COLLECTION, owned by the Company, i) Santo Pure Oia Suites & Villas a hotel of a 55 room capacity, located in Thesi Fanari, Oia, Santorini (hereinafter referred to “SANTO PURE”), ii) Santo Mine Oia Suites a hotel of a 37 room capacity, located in Thesi Fanari, Oia, Santorini (hereinafter referred to “SANTO MINE), and iii) “The Villas by Santo Collection”, comprising 2 Villas located in Thesi Fanari, Oia, Santorini (hereinafter referred to “The Villas”) as described in detail in the paragraph entitled Reservation and Other Services Booking, through this payment management system.

GENERAL TERMS

The following terms and conditions shall apply to the use of santocollection.directpayments.gr website. Any user who visits santocollection.directpayments.gr (hereinafter referred to as the "visitor" or "user" or "customer") is hereby deemed to provide their consent and irrevocably accepts the terms described below unreservedly and irrevocably. If a user does not agree with these terms, then they shall bear the responsibility to abstain from visiting and using this website as well as from any other transaction or use of its services.

The Company reserves the right at its entire and sole discretion, to alter, amend, add or remove part of the contents of the hereby terms and conditions of use and any transactions effected through the site whenever it deems necessary, without prior notice or any further indication, and these changes shall have immediate effect. Therefore, you are advised to regularly check the terms for any changes. Continued use of the site after any such changes having been made, is considered as an unconditional acceptance of these changes.

The information provided by this Website is complete, true, valid, and up-to-date, whether it concerns the identity of our Company or the transactions and services rendered through the website. These warranties are without prejudice to any technical or typographical errors that cannot be predicted or have occurred inadvertently or due to a disruption of this site or due to force majeure. The company, within the context of good faith, shall not be liable for or bound by electronic data entries made by error/omission according to general experience and shall be entitled to proceed to the correction of such information at any time it shall perceive their existence. In no event can the Company guarantee the uninterrupted and error-free operation of the santocollection.directpayments.gr platform and it disclaims any liability towards customers/users for any harm or damages resulting from the disruption of access to the website due to technical reasons or problems and difficulties that may affect or inhibit or suspend its operation and the submission or execution of reservations and other services.

The entire content of this website, including images, graphics, photographs, texts etc. constitute the Company’s intellectual property (copyright) and are protected by the relevant provisions of the Greek law and the International conventions. Any copying, analog/digital recording and mechanical reproduction, downloading, processing, resale, creating derivative work or misleading the public regarding the beneficial owner and provider of the content of the site is strictly forbidden.

Online bookings can be made 24/7. If you encounter any problems whilst making your booking, please contact our call center on 0030 22866 00630.

In the event that the customer/user is a legal entity, it shall act for the purposes of the present agreement through its legal representatives. The legal entity represented expressly recognizes as absolutely valid, enforceable and binding all transactions that shall be carried out by its representatives in its name and on its behalf, under the conditions and limits set forth by its competent administrative body.

The Customer and Representatives declare that all information provided to the Company and especially those pertaining to personal data are accurate and true. The Company shall not be obliged to verify and/or to check the accuracy of the data furnished by the Customer or its Representatives during the transmission of such orders.

The Customer authorizes the Company to proceed to the execution of the orders transmitted within the framework of the present agreement, provided that the transmission of such orders has been verified by the usage of the Customer’s reference Code. The Company has the right to refuse the execution of a Customer’s transaction through the payment management system. In such an event, the refusal must be justified, unless this is prohibited by the relevant law in force.

The Company, under the conditions laid down by the applicable legislation, reserves the right to require from the Customer at any time written confirmation of the transmitted orders, signed by the person or persons having legal representation authority. The Company is entitled to set restrictions on the limit, type or number of orders to be transmitted.

The Company has adopted all necessary measures that correspond to the current state of science and technology in order to ensure the security of the supply of the e-services and the maintenance of the confidentiality of information pertaining to the Customer. However, the Company shall not be liable for any damage sustained by the Customer, in case of interference or attempted interference to the Internet network, as well as in the event where the system fails to function due to reasons not attributed to the gross negligence or malice of the Company.

The Customer declares that he is aware of the fact that, in the present state of technological evolution, the transmission of information through the Internet, private or public telecommunication networks or any other electronic means may entail the risk of malicious interception or alteration of the Codes or the orders of the Customer by unauthorized third parties and that the Customer entirely undertakes such risks. The Customer also assumes the risk and the liability for errors attributed to the function of the Internet network and the telecommunication networks which result to the destruction or alteration of the content of electronic orders, electronic update or any other information that the Customer receives through the services of the payment management system.

When executing transactions through the payment management system, the Company is liable to the Customer only for malice or gross negligence. The liability of the Company does not extend in any case to the reimbursement of consequential damages. It is also expressly clarified that if the Customer is a legal entity, the present agreement does not create any contractual obligations of the Company towards the Customer´s representatives, directors, administrators or other agents, since the contractual relation is formed only between the Customer as a legal entity and the Company.

RESERVATION AND OTHER SERVICES BOOKING

· A booking option for Reservations or Other Services is offered through the Company’s website or through direct communication (e-mails, faxes, etc.), i.e. the option to reserve in advance an available service on the express order of a user. Other Services may include:

o Flowers order

o Food and beverage products

o Honeymoon packages

o In room services - decorations

o Private dinners

o Reservation extension

o Room upgrade

o Spa services

o Stay over tax

o Restaurant reservation

o Hotel items purchasing

o Transportation

The booking order shall be binding upon the user who must in all cases pay the relevant price, unless the applicable cancellation procedure is followed in relation to the selected service under the following conditions.

· By following the booking procedure, as established and set out on the Company’s website or all relevant exchanged correspondence (e-mails, faxes etc.), a user authorizes the Company to carry out the reservation.

· Upon such a mandate, the user provides the following information: 1) Full name 2) E-mail address 3) Payment request type (individual or corporate). Subsequently, when creating and submitting a request, the user receives the payment request, which includes the following information: 1) reference code, which is unique per transaction, 2) the total amount to be paid and 3) the final payment date, after the expiration of which the Company is entitled to cancel the reservation. All of the above data is stored in the company database when evaluating and implementing the request.

· Bookings are confirmed by the Company, which undertakes to notify the user/principal of such confirmation. Updates shall be made via the payment management system and shall take place within a reasonable period of time from the submission of the booking request. In the event that any of the information requested was not submitted correctly or any other data did not apply when the booking was made in connection with the completion of the payment through the Payment Service Provider, a message shall be sent to the customer concerning the unsuccessful outcome of the transaction.

· If any change is made to the particulars of a product selected and booked by a user, the Company shall make any reasonable effort to notify the user of such a change via the email address submitted.

PRICING POLICY - METHOD OF PAYMENT - CANCELLATION POLICY

· The prices shown in the emails sent by the Company next to each offered product represent the total price for a specific service, including all corresponding taxes, and duties and any fee payable for the services offered, as these apply at the time of booking or completion of the transaction.

· It is noted that any changes to the prices after a booking has been confirmed shall only be made in exceptional cases, primarily due to an increase in the imposed taxes, fees and/or duties.

· The stay-over tax is in effect from 1-1-2018 and enforced in accordance with the applicable law.

· The price of each product shall be paid in the manner indicated on the Company’s website or all relevant exchanged correspondence (e-mails, faxes etc.). The primary method is payment by credit card of the specific type/s indicated in the Company’s website in line with the instructions and conditions as may be notified by the Company to users from time to time.

· The particulars of the credit card holder are automatically forwarded to the Payment Service Provider collaborating with the Company, which shall charge the service provision to the holder’s credit card for all the services provided.

· Payment can also be made in installments, by the user’s entering the requested details in the relevant field.

· Users must use credit cards that they legally hold and are authorized to use under the agreement they have concluded with an authorized credit institution. The use of a third-party credit card by an unauthorized person is strictly forbidden. The user-holder has the right to use the card only within the period in which the Card is valid, as this is printed on the card, within the daily limit agreed between the issuing Bank and the cardholder and for the use that will be permitted on every occasion by the Bank. It is necessary, amongst others, that the user be able to make purchases paying a lump-sum or installments through physical or electronic interaction and only to domestic or foreign companies that accept payments by credit cards bearing the logo indicated in the card agreement. Furthermore, it should be expressly stated when each card transaction shall be considered complete, with specific reference to remote transactions. The Cardholder must use the credit card in accordance with the conditions governing its issuance and use, take all appropriate measures to safely store the card and notify, without any delay, the issuing authority in case of loss or theft, recording on his/her account of any unauthorized transaction, any error or other irregularity in keeping of the account by the authority that granted him the said card.

· In providing and charging the services, the Company may request from any user any information considered necessary (copy of ID card or passport and/or credit card, evidence of home address, etc.), in order to identify the user’s particulars with the details of the holder of the credit card used, as well as for any other reason that the Company may deem necessary, in the context of the provision of services. In the case of documents that cannot be sent by email, these shall be delivered in hard copy at the registered office of the Company.

· If a user opts to start a transaction for the purchase of services offered by the Company and/or simply to complete the transaction by paying a Payment Service Provider of those referred to in Law 4537/2018 (including banks, electronic money institutions and physical points of sale/shops operating as agents of electronic money institutions in accordance with Law 4537/2018), the relevant providers may charge the user/payer with transaction fees, in line with their applicable commercial policy, regardless of the means or method of payment selected by the user (i.e. in cash or by card or via the banks participating in DIAS DEBIT service, supporting payments at the cashier’s desk, via Internet Banking, Phone Banking and ΑΤΜs). With the exception of banks, all other Payment Service Providers normally charge a fee.

The right of withdrawal shall not apply and the user expressly states at the conclusion of the contract that he does not wish to exercise this right.

· The cancellation policy of your booking will follow the terms and conditions of your booking/other services confirmation.

LIMITATION OF LIABILITY

Under no circumstances shall the Company be held civilly or criminally liable for any damage (incidental, special or consequential, including without limitation, alternatively and/or cumulatively, loss of profits, data, lost profits, compensation, etc.) that may be incurred by visitors or third parties owing to the operation or not and/or use of the website and/or inability to provide services and/or products and/or information made available through the website and/or any unauthorized third-party intervention in products and/or services and/or information made available through the website.

USER LIABILITY

Users/customers agree and undertake to use the services, information and data of the website as provided by law and based on the rules of good faith and good commercial practice. They are required not to use the site for: 1. sending, publishing, e-mailing or otherwise transmitting any content that is illegal for any reason, causes unlawful infringement and damage to the COMPANY or to any third party or violates the confidentiality or secrecy of information of any person; 2. sending, publishing, e-mailing or otherwise transmitting any content that causes infringement of moral consideration, social values, minors, etc.; 3. sending, publishing, e-mailing or otherwise transmitting any content which users have no right to transmit under the law or the contracts in force (such as inside information, proprietary and confidential information acquired or disclosed as part of employment relationships or covered by confidentiality agreements); 4. sending, publishing, e-mailing or otherwise transmitting any content that infringes any patent, trademark, trade secret, copyright or other proprietary rights of third parties of any kind; 5. sending, publishing, e-mailing or otherwise transmitting any content which contains software viruses or any other computer code, files or programs designed to interrupt, damage, or destroy any computer software or hardware; 6. intentional or unintentional violation of applicable law or provisions; 7. third party harassment in any way; 8. collection or storage of personal data of other users. In the event of a breach of this term, the user is required to fully compensate the company for the damage suffered from this breach.

The Customer shall be held liable towards the Company for any illegal use of the Payment Management System or any non-contractual act or omission made by him/her or his/her representatives or other persons acting as agents. Furthermore, the Customer shall refrain from conducting through the system any payment act or any transaction on behalf of third parties, for which payment act or transaction commission fees or any other compensation shall be received, as well as from conducting any such transaction professionally. The Customer’s access to the services supplied through the e-platform presupposes that the Customer possesses the appropriate technical equipment, for the sufficiency of which the Company is not responsible. The Customer confirms that he/she has perfect command of the use of equipment, means or programs necessary for achieving communication with the e-platform, in order to carry out booking transactions. The Customer’s ability to have access to the website neither institutes nor proves any right of the Customer over the software and on the intellectual or industrial property rights of the Company. It is expressly prohibited for the Customer, its representatives or other agents to copy, to imitate or make any other unauthorized use of the software, as well as to make use of the Payment Management System for any illegitimate purpose.

The Customer is obliged to exercise utmost due diligence, taking all necessary security measures in order to prevent unauthorized use of the system and his/her codes and/or other identification data by third authorized or unauthorized parties. The Customer, if a legal entity, expressly declares that it has been established and has been operating legally, it has full power to conclude and execute a transaction under the hereby agreement, it has obtained all necessary corporate approvals required for concluding the present agreement and, until the date the booking is made, there has been no change or modification affecting the persons authorized to represent and bind the Customer, by signing in its name and on its behalf. Furthermore, even in the abovementioned case where this agreement is signed by a person or persons lacking in part or in total the authority to represent the Customer, any act of the Customer that constitutes co-operation in the execution or the functioning of the present agreement shall be construed as a tacit declaration of the Customer’s approval of the representation powers of the persons who signed the agreement on its behalf and of the persons that acted on its account for carrying out the relevant transaction through electronic means.

COPYRIGHT

The entire content of this website, including trademarks, logos, images, graphics, photographs, texts etc. constitute the Company’s intellectual property (copyright) and are protected by the relevant provisions of the Greek and EU law and the International conventions, or the intellectual property of third parties, for which the Company has been licensed for its own exclusive needs and for the operation of the website. Any copying, transferring, or creating derivative work based on this content or misleading the public regarding the true provider of the site services is strictly forbidden. Reproduction, re-publishing, uploading, communication, dissemination or transmission or any other use of the content in any way or for any commercial or other purposes is permitted only with the prior written consent of the Company or any other copyright holder. Names, images, logos and distinctive features listed and describing the branded website santocollection.directpayments.gr or the products or services of the Company or third parties constitute assets of the Company or third parties respectively, and they are protected by the relevant laws on trademarks. Their use on this site shall not in any way give any third parties permission or right to use them in turn.

The Customer’s ability to have access to the website neither creates nor proves any right of the Customer over the software and on the intellectual or industrial property rights of the Company. It is expressly prohibited for the Customer, its representatives or other agents to copy, to imitate or make any other unauthorized use of the software of the Company, as well as to make use of the Payment Management System for any illegitimate purpose. The Customer is obliged to refrain from any interference or attempt to interfere through the Payment Management System and the website of the Company to any Codes or data belonging to the Company or to other customers of the Company or to third parties.

LIMITED AUTHORIZATION

Subject to the terms and conditions set forth in this agreement, the santocollection.directpayments.gr website grants you a non-exclusive, non-transferable, personal, limited authorization to access, use and display this site and the details thereon. This authorization is not a transfer of title in the website and its details and is subject to the following restrictions: (1) you must retain, on all copies of the website and its details, all copyright and other proprietary notices contained therein, and (2) you may not modify the website or its details in any way or reproduce or publicly display, distribute or otherwise use the website and its details for any public or commercial purpose, unless otherwise specified herein.

Force Majeure

The website shall not be held liable for any interruption, delay or deterioration of the quality of its services due to reasons lying out of the scope of its control, namely due to force majeure events. It is agreed that "force majeure" includes all facts or events being outside the sphere of control or influence of the parties which could not have been foreseen even with the exercise of exceptional diligence on their part, as well as all the facts or events for which neither party is responsible. Such events may include, but not be limited to, (i) war (whether declared or not), hostilities, invasion, act of foreign enemies, extensive military mobilization; (ii) civil war, riot, rebellion and revolution, military or usurped power, insurrection, act of terrorism, sabotage or piracy; (iii) currency and trade restriction, embargo, sanction; (iv) act of authority whether lawful or unlawful, compliance with any law or governmental order, expropriation, seizure of works, requisition, nationalization; (v) plague, epidemic, natural disaster or extreme natural event; (vi) explosion, fire, destruction of equipment, prolonged break-down of transport, telecommunication, information system or energy; (vii) general labor disturbance such as boycott, strike and lock-out, go-slow, occupation of factories and premises etc.

Secure Transactions

The only method of payment accepted is payment by credit card to the Payment Service Provider when the booking is confirmed. Only credit cards bearing the logos displayed on www.santocollection.gr are acceptable.

All card payments are processed through Alpha Bank's “Alpha e-Commerce” e-payment platform and use TLS 1.2 encryption with Secure Sockets Layer (SSL) 128-bit encryption protocol. Encryption is a way of coding the information until it reaches its recipient, who will be able to decode it using the appropriate key.

The Company shall not be held liable for any credit card transactions on the “Alpha e-Commerce platform” of Alpha Bank.

The Company reserves the right to cancel Reservation and/or Other Services bookings at any time in the event of providing untrue information or credit card details.

Links to the www.santocollection.gr

The links included in our website lead to pages of the e-shop or, in certain cases, lead users to connect through the website to the websites of third-party providers, enterprises etc. These associated sites are not under the Company’s control and the Company shall not be held liable for the content of any such website or any link that may be included in an associated website, or any changes or updates to such websites. The Company is not responsible for online broadcasts or any form of transmission received from any associated website. The Company provides these links on its website solely to facilitate the use of the e-shop, and visitors/customers are not obliged to use these links; the fact that they are included in the website does not imply that the Company approves of or accepts their content.

Validity and duration

These Terms of Use apply from the very first moment of use and throughout the whole time the user makes use of the website’s services.

If, for any reason, a user does not accept one or more of these terms of use, he/she must refrain from using the Website and its services.

Applicable Law / Dispute Resolution

All matters and disputes arising in the context of use or interpretation of the herein terms and conditions, if not settled amicably, shall fall within the exclusive jurisdiction of the Court of Justice of Heraklion, Crete, and the applicable law shall be Greek Law.

The customer declares that, prior to the signing of this contract, he/she has been informed in detail of the online payment services provided under this contract, in accordance with the applicable law.

Privacy Policy

This Privacy Statement describes the privacy practices of ΑRTEMIOS SINGLE MEMBER S.A., a company incorporated under the laws of Greece ("société anonyme") with its registered seat located at 28A Alexandrou Papanastasiou Ave., Heraklion, 71306 for data that we collect:

through websites operated by us from which you are accessing this Privacy Statement, including www.santocollection.gr, www.metaxahospitality.gr, santocollection.directpayments.gr (collectively, the “Websites”)
through the software applications made available by us for use on or through computers and mobile devices [the “Apps”)
through our social media pages that we control from which you are accessing this Privacy Statement (collectively, our “Social Media Pages”)
through HTML-formatted email messages that we send you that link to this Privacy Statement and through your communications with us
when you visit or stay as a guest at one of our properties, or through other offline interactions

Collectively, we refer to the Websites, the Apps and our Social Media Pages, as the “Online Services” and, together with offline channels, the “Services.” By using the Services, you agree to the terms and conditions of this Privacy Statement.

Applicable Law

"Applicable Data Protection Law" shall mean the Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons with regard to the Processing of Personal Data and on the free movement of such data which applies as of May 25^th 2018, the “GDPR”, and any other applicable law implementing, amending, supplementing or replacing this Regulation;

The Limited Company under the company name “ΑRTEMIOS SINGLE MEMBER S.A.”, in its capacity as the Controller of Personal Data, hereinafter referred to as the “Company”, in the context of the General Data Protection Regulation (EU) 2016/679 which entered into force on 25/05/2018, hereinafter referred to as the “GDPR”, as currently applicable, shall hereby provide the following update on the processing of your personal data and your rights as the data subject. The new Regulation shall replace the existing legal framework on the protection of individuals from the processing of personal data.

This update is addressed to individuals who perform any transaction with the Company, their respective legal representatives, as well as their special or universal successors, to representatives of legal persons and to any natural person who has business relations with the company in any capacity.

Personal data processing is the collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, transmission, restriction or erasure of personal data which was or will be brought to the attention of the Company, either as part of your business relations with it or as part of any update which is received by the Company from any third party, a natural or legal person or public sector body, while exercising a legal right of their own or the company.

In compliance with the current legislative framework, the Company has taken all steps required, by implementing all appropriate technical and organizational measures for the lawful adherence, processing and safe retention of personal data files, and is committed to ensure and protect in every way the processing of your personal data against any loss or leakage, alteration, transfer or any other unlawful processing.

ΑRTEMIOS SINGLE MEMBER S.A. hereby guarantees that it fully complies with the respective obligations under Applicable Data Protection Law.

Collection of Personal Data

“Personal Data” are data that identify you as an individual or relate to an identifiable individual.

We collect Personal Data in accordance with law, such as:

· Name, Email address, Phone number

· Date of Birth

· Nationality

· Allergies or dietary restrictions

· ID/Passport Number

· Credit Card Number

· Room Preferences

· Date of reservation made

· Start and end date of reservation

· The date and time you used our services

· Reference Code (identical, produced following a payment request)

· Amount due

· Final date when payment is due

· Medical information

· Transportation details (flight number, etc.)

In more limited circumstances, we also may collect:

Data about family members and companions, such as names and ages of children
Images and video and audio data via: (a) security cameras (b) hotel activities taking place during your visit

If you submit any Personal Data about other people to us or our Service Providers (e.g., if you make a reservation for another individual), you represent that you have the authority to do so and you permit us to use the data in accordance with this Privacy Statement.

How We Collect Personal Data

We only collect information which is necessary, relevant and adequate for the purpose you are providing it for.

We collect Personal Data in a variety of ways:

Online Services. We collect Personal Data when you make a reservation, purchase goods and services from our Websites or Apps, communicate with us, or otherwise connect with us or post to social media pages, or sign up for a newsletter or participate in a survey, contest or promotional offer.
Property Visits and Offline Interactions. We collect Personal Data when you visit our properties or use on-property services and outlets, such as restaurants, concierge services, health clubs, child-care services, and spas. We also collect Personal Data when you attend promotional events that we host or in which we participate, or when you provide your Personal Data to facilitate an event.
Customer Care Centers. We collect Personal Data when you make a reservation over the phone, communicate with us by email, fax or via online chat services or contact customer service. These communications may be recorded for purposes of quality assurance and training.
Strategic Business Partners. We collect Personal Data from companies with whom we partner to provide you with goods, services or offers based upon your experiences at our properties or that we believe will be of interest to you (“Strategic Business Partners”). Examples of Strategic Business Partners include on-property outlets, travel and tour partners, timeshare partners, rental car providers and travel booking platforms. Strategic Business Partners are independent from the ΑRTEMIOS SINGLE MEMBER S.A.
Other Sources. We collect Personal Data from other sources, such as public databases, joint marketing partners and other third parties.
Internet-Connected Devices. We collect Personal Data from internet-connected devices available in our properties. For example, a smart home assistant may be available for your use and to tailor your accommodations and experience.
Physical & Mobile Location-Based Services. We collect Personal Data if you download one of our Apps or choose to participate in certain programs. For example, we may collect the precise physical location of your device by using satellite, cell phone tower, Wi-Fi signals, or other technologies. We will collect this data if you opt in through the App or other program (either during your initial login or later) to receive the special offers and to enable location-driven capabilities on your mobile device. If you have opted-in, the App or other program will continue to collect location data when you are in or near a participating property until you log off or close application (i.e., the App or other program will collect this data if it is running in the background) or if you use your phone’s or other device’s setting to disable location capabilities for the ΑRTEMIOS SINGLE MEMBER S.A. App or other program.

Collection of Other Data

“Other Data” are data that generally do not reveal your specific identity or do not directly relate to an individual. To the extent Other Data reveal your specific identity or relate to an individual, we will treat Other Data as Personal Data. Other Data include:

Browser and device data
App usage data
Data collected through cookies, pixel tags and other technologies
Demographic data and other data provided by you
Aggregated data

How We Collect Other Data

We collect Other Data in a variety of ways:

Your browser or device. We collect certain data through your browser or automatically through your device, such as your Media Access Control (MAC) address, computer type (Windows or Macintosh), screen resolution, operating system name and version, device manufacturer and model, language, internet browser type and version and the name and version of the Online Services (such as the Apps) you are using. We use this data to ensure that the Online Services function properly.
Cookies. We collect certain data from cookies, which are pieces of data stored directly on the computer or mobile device that you are using. Cookies allow us to collect data such as browser type, time spent on the Online Services, pages visited, referring URL, language preferences, and other aggregated traffic data. We use the data for security purposes, to facilitate navigation, to display data more effectively, to collect statistical data, to personalize your experience while using the Online Services and to recognize your computer to assist your use of the Online Services. We also gather statistical data about the use of the Online Services to continually improve design and functionality, understand how they are used and assist us with resolving questions.

Cookies further allow us to select which advertisements or offers are most likely to appeal to you and display them while you are using the Online Services or to send marketing emails. We also use cookies to track responses to online advertisements and marketing emails

If you do not want data collected with cookies, you can learn more about controlling cookies at http://www.allaboutcookies.org/manage-cookies/

You can choose whether to accept cookies by changing the settings on your browser or by managing your tracking preferences by clicking on “Cookie Settings” located at the bottom of our homepage. If, however, you do not accept cookies, you may experience some inconvenience in your use of the Online Services. For example, we will not be able to recognize your computer, and you will need to log in every time you visit. You also will not receive advertising or other offers from us that are relevant to your interests and needs.

Pixel Tags and other similar technologies. We collect data from pixel tags (also known as web beacons and clear GIFs), which are used with some Online Services to, among other things, track the actions of users of the Online Services (including email recipients), measure the success of our marketing campaigns and compile statistics about usage of the Online Services.
Analytics. We collect data through Google Analytics and Adobe Analytics, which use cookies and technologies to collect and analyze data about the use of the Services. These services collect data regarding the use of other websites, apps and online resources. We use Google Analytics and Google AdWords, services which transmit website traffic data to Google servers. Google Analytics does not identify individual users and does not associate your IP address with any other data held by Google. We use reports provided by Google to help us understand website traffic and webpage usage and optimize advertisements bought from Google's own and other advertising networks. Google may process the data in the manner described in Google's Privacy Policy and for the purposes set out above in this section. You can learn about Google’s practices by going to www.google.com/policies/privacy/partners/ and opt out by downloading the Google Analytics opt-out browser add-on, available at https://tools.google.com/dlpage/gaoptout.
We also use Yandex Metrica and Yandex Direct services, which collect user- and session parameters via cookies. Information collected by such cookies does not reveal your identity, but it can help us to improve our website performance. Information about your use of this website will be transferred to Yandex and stored on Yandex's servers. Yandex will process this information to assess how you use the website, compile reports for us on our website operation, and provide other services. Yandex processes this information as specified in Yandex Privacy Policy.
Our website also uses Facebook pixel, which collects anonymized aggregated data that helps us with optimization of ad purchases on Facebooks different platforms (including Instagram). Facebook collects a user id that will allow them to match if a user has visited a site with the Facebook pixel. We as advertisers can however never identify the behavior of a specific user. Facebook and its related platforms are in a closed advertising ecosystem where their users can regulate if they consent to advertisers using data collected from their websites to purchase ads on Facebook.
Your IP Address. We collect your IP address, a number that is automatically assigned to the computer that you are using by your Internet Service Provider (ISP). An IP address is identified and logged automatically in our server log files when a user accesses the Online Services, along with the time of the visit and the pages that were visited. We use IP addresses to calculate usage levels, diagnose server problems and administer the Online Services. We also may derive your approximate location from your IP address.
Aggregated Data. We may aggregate data that we collected and this aggregated data will not personally identify you or any other user.

Sensitive Data

Unless specifically requested, we ask that you not send us, and you not disclose, on or through the Services or otherwise to us, any Sensitive Personal Data (e.g., social security numbers, national identification number, data related to racial or ethnic origin, political opinions, religion, ideological or other beliefs, health, biometrics or genetic characteristics, criminal background, trade union membership, or administrative or criminal proceedings and sanctions).

ΑRTEMIOS SINGLE MEMBER S.A. shall not process any personal data of yours which are related to your racial or ethnic origin, political opinions, religion or philosophical beliefs, trade union membership, genetic or biometric data, which confirm your identification as the data subject, and data concerning health or data concerning your sex life or sexual orientation, unless: a) you have given your explicit consent for a specific purpose; b) the data have been manifestly made public by you; c) processing is necessary for the provision of our services; d) processing is necessary for reasons of substantial public interest. In any case, we have taken all necessary technical and organizational measures to securely keep and process your personal data belonging to the special categories above. The personal data of minors shall be processed subject to the prior consent of their parents or the persons who have undertaken their parental responsibility, unless otherwise specified by law. For the purposes hereof, minors are persons who have not attained the age of 18 years.

Processing of Personal Data and Other Data - Purposes of processing

ΑRTEMIOS SINGLE MEMBER S.A. will only process information that is necessary for the purpose for which it has been collected. You will always have the option not to receive marketing communications from us (and you can withdraw your consent or object at any time). We will never send you unsolicited ‘junk’ email or communications or share your personal information with anyone else who might.

We use Personal Data and Other Data to provide you with Services, to develop new offerings and to protect the company ΑRTEMIOS SINGLE MEMBER S.A. and our guests as detailed below. In some instances, we will request that you provide Personal Data or Other Data to us directly. If you do not provide the data that we request, or prohibit us from collecting such data, we may not be able to provide the requested Services.

We use Personal Data and Other Data for our legitimate business interests, including the following:

Provide the Services you request. We use Personal Data and Other Data to provide Services you request, including:

§ To facilitate reservations, payment, send administrative information, confirmations or pre-arrival messages, to assist you with meetings and events and to provide you with other information about the area and the property at which you are scheduled to visit

§ To complete your reservation and stay, for example, to process your payment, ensure that your room is available and provide you with related customer service

§ To support our electronic receipt program. When you provide an email address in making a reservation, we use that email address to send you a copy of your bill. If you make a reservation for another person using your email address, that person's bill will be emailed to you, as well. You can opt out of receiving your bill via email and instead receive a paper copy by contacting the front desk

§ To respond to correspondence, you send to us and fulfil the requests you make to us (for example: enquiries regarding reservation confirmations, dates of stay or value of reservations);

§ To verify the accuracy of information that we hold about you, your Hotel or Hotel guest and create a better understanding of you as a customer.

We may use and process your personal information where this is necessary to perform a contract with you and to fulfil and complete your orders, purchases and other transactions entered into with us (or one of our third-party partners. We will use Personal Data and Other Data to manage our contractual relationship with you, because we have a legitimate interest to do so and/or to comply with a legal obligation.

Personalize the Services according to your Personal Preferences. We use Personal Data and Other Data to personalize the Services and improve your experiences, including when you contact our call center, visit one of our properties or use the Online Services, to:

§ Customize your experience according to your Personal Preferences

§ Present offers tailored to your Personal Preferences

We will use Personal Data and Other Data to provide personalized Services according to your Personal Preferences either with your consent or because we have a legitimate interest to do so.

Communicate with you about goods and services according to your Personal Preferences.

We use Personal Data and Other Data to:

§ Send you marketing communications and promotional offers, when you have provided your consent, as well as periodic customer satisfaction, market research or quality assurance surveys

§ To comply with a request from you in connection with the exercise of your rights (for example where you have asked us not to contact you for marketing purposes, we will keep a record of this on our suppression lists in order to be able to comply with your request)

We will use Personal Data and Other Data to communicate with you with your consent, to manage our contractual relationship with you and/or because we have a legitimate interest to do so.

Loyalty Programs. We use Personal Data and Other Data to:

§ Offer and manage your participation in our global loyalty programs, as well as others that are specific to certain properties or tailored to your interests

§ Send you offers, promotions and information about your account status and activities

§ Assess your benefits

§ Administer points earned through co-branded credit cards

§ Manage your choices regarding how you wish to earn, track and use your points

We will use Personal Data and Other Data in this way with your consent, to manage our contractual relationship with you and/or because we have a legitimate interest to do so.

Sweepstakes, activities, events and promotions. We use Personal Data and Other Data to allow you to participate in sweepstakes, contests and other promotions and to administer these activities. Some of these activities have additional rules and may contain additional information about how we use and disclose your Personal Data. We suggest that you read any such rules carefully.

We use Personal Data and Other Data in this way with your consent, to manage our contractual relationship with you and/or because we have a legitimate interest to do so.

Business Purposes. We use Personal Data and Other Data for data analysis, audits, security and fraud monitoring and prevention (including with the use of closed-circuit television, card keys, and other security systems), developing new goods and services, enhancing, improving or modifying our Services, identifying usage trends, determining the effectiveness of our promotional campaigns and operating and expanding our business activities.

We use Personal Data and Other Data in this way to manage our contractual relationship with you, comply with a legal obligation and/or because we have a legitimate interest to do so.

Lawfullness of processing

The Company shall legally process personal data, provided that processing:

· Is necessary for servicing, supporting and monitoring your reservation or other relationship with the Company and the proper execution of any agreements between you and the company.

· Is necessary in order for the Company to comply with any legal obligations or for the purposes of the legitimate interests pursued by the Company, which arise from your business relationship with the company, or other legal rights of the company.

· Is necessary for the performance of a task carried out in the public interest, in the context of the current legislative and regulatory framework.

· Is based on your prior explicit consent, if processing is not based on any of the aforementioned legal processing bases.

Withdrawal of Consent

You have the right to withdraw your consent, whenever required, at any time without said withdrawal affecting the lawfulness of processing based on consent before its withdrawal. The withdrawal of your consent may be submitted through sending a request at metaxahospitality@dpo.gr

Disclosure of Personal Data and Other Data

The Company shall not transmit or disclose your personal data to third parties, except in case of the following categories.

Our goal is to provide you with the highest level of hospitality and Services, and to do so, we share Personal Data and Other Data with the following:

ΑRTEMIOS SINGLE MEMBER S.A. We disclose Personal Data and Other Data to other companies within ΑRTEMIOS SINGLE MEMBER S.A. group for the purposes described in this Privacy Statement, such as providing and personalizing the Services, communicating with you, facilitating the loyalty programs, and to accomplish our business purposes. ΑRTEMIOS SINGLE MEMBER S.A. is the party responsible for the management of the jointly-used Personal Data. We share your Personal Data and Other Data used for making a reservation with the applicable property to fulfill and complete your reservation.
Strategic Business Partners. We disclose Personal Data and Other Data with select Strategic Business Partners who provide goods, services and offers that enhance your experience at our properties or that we believe will be of interest to you. By sharing data with these Strategic Business Partners, we are able to make personalized services and unique travel experiences available to you. For example, this sharing enables spa, restaurant, health club, concierge and other outlets at our properties to provide you with services. This sharing also enables us to provide you with a single source for purchasing packages that include travel-related services, such as airline tickets, rental cars and vacation packages.
Service Providers. We disclose Personal Data and Other Data to third-party service providers for the purposes described in this Privacy Statement. Examples of service providers include companies that provide website hosting, data analysis, payment processing, order fulfillment, information technology and related infrastructure provision, customer service, email delivery, marketing, auditing and other services.
Corporate Reorganization. We may disclose or transfer your Personal Data and Other Data to a third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of the ΑRTEMIOS SINGLE MEMBER S.A. business, assets or stock (including any bankruptcy or similar proceedings).

We take steps to ensure that any third-party partners who handle your information comply with data protection legislation and protect the information just as we do. We only disclose personal information that is necessary for them to provide the service that they are undertaking on our behalf. We therefore have ensured that any processors acting on our behalf shall meet all requirements and provide sufficient assurance regarding the implementation of the appropriate technical and organizational measures, so that the processing of your personal data occurs in a way that its protection is ensured. We will aim to anonymize your information or use aggregated none specific data sets wherever possible.

We may use and disclose Other Data for any purpose, except where we are not allowed to under applicable law. In some instances, we may combine Other Data with Personal Data (such as combining your name with your location). If we do, we will treat the combined data as Personal Data as long as it is combined.

Non- ΑRTEMIOS SINGLE MEMBER S.A. Entities

This Privacy Statement does not address, and we are not responsible for the privacy, data or other practices of any entities outside of the ΑRTEMIOS SINGLE MEMBER S.A., including Franchisees, Owners, Authorized Licensees, Strategic Business Partners or any third party operating any site or service to which the Services link, payment service, loyalty program, or website that is the landing page of the high-speed Internet providers at our properties. The inclusion of a link on the Online Services does not imply endorsement of the linked site or service by us. We have no control over, and are not responsible for, any third party’s collection, use and disclosure of your Personal Data.

In addition, we are not responsible for the data collection, use, disclosure or security policies or practices of other organizations, such as Facebook, Apple, Google, Microsoft, RIM or any other app developer, app provider, social media platform provider, operating system provider, wireless service provider or device manufacturer, including with respect to any Personal Data you disclose to other organizations through or the Apps or our Social Media Pages.

Third Party Advertisers

We may use third-party advertising companies to serve advertisements regarding goods and services that may interest you when you access and use the Online Services, other websites or online services. To serve such advertisements, these companies place or recognize a unique cookie on your browser (including through the use of pixel tags).

Security

We seek to use reasonable organizational, technical and administrative measures to protect Personal Data.

In compliance with the current legislative framework, ΑRTEMIOS SINGLE MEMBER S.A. has taken all steps required, by implementing all appropriate technical and organizational measures for the lawful adherence, processing and safe retention of personal data files, and is committed to ensure and protect in every way the processing of your personal data against any loss or leakage, alteration, transfer or any other unlawful processing.

Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of your account has been compromised), please immediately notify us in accordance with the “Contacting Us” section, below.

LINKS TO OTHER WEB SITES

In order to anticipate your needs, our website provides links to other web sites and third parties for your convenience and information. We are not responsible for the collection, use, maintenance, sharing or disclosure of data (including personal data) by such third parties. We encourage you to contact these third parties to ask questions about their privacy practices, policies and security measures before disclosing any personal data. We recommend that you review the privacy statements and policies of linked web sites to understand how those web sites collect, use and store information.

Data subject rights

You have choices when it comes to how we use your data and we want to ensure you have the information to make the choices that are right for you.

As personal data subject, you have the following rights:

· Right of access to the personal data concerning you, provided that they are being processed by the company, in its capacity as the controller, to the purposes of said processing, the categories of data and the recipients or categories of recipients (Article 15 GDPR).

· Right to rectify inaccurate data and complete incomplete data (Article 16 GDPR).

· Right to erase your personal data subject to the company’s obligations and legal rights to retain them, pursuant to the current applicable laws and regulations (Article 17 GDPR).

· Right to restrict the processing of your personal data if either the accuracy of said data is contested or the processing is unlawful or the purpose of the processing was eliminated, and provided that there is no legitimate reason to retain them (Article 18 GDPR).

· Right to the portability of your personal data to another controller, provided that the processing is based on your consent and is carried out by automated means. This right shall be exercised subject to the company’s legal rights and obligations to retain the data and to perform a task which is carried out in the public interest (Article 20 GDPR).

· Right to object on grounds relating to your particular situation, in case your personal data is processed to perform a task carried out for reasons of public interest or in the exercise of official authority vested in the company or for the purpose of legitimate interests which are pursued by the company or any third party.

If you no longer want to receive marketing-related emails, you may opt out by following the instructions in any such email you receive from us

In addition, members of our loyalty programs can opt out from marketing-related emails through their program account, or by sending a letter to:

ΑRTEMIOS SINGLE MEMBER S.A. (Santo Collection) Heraklion, Crete (28A Alex. Papanastasiou St.)

We will try to comply with your request as soon as reasonably practicable. If you opt out of receiving marketing emails from us, we may still send you important administrative messages, from which you cannot opt out.

Special Notice for California Residents: Customers who reside in California and have provided their Personal Data to us can request, once per calendar year, information about our sharing of certain categories of Personal Data to third parties and within ΑRTEMIOS SINGLE MEMBER S.A., for their direct marketing purposes. Such requests should be submitted to us metaxahospitality@dpo.gr or:

ΑRTEMIOS SINGLE MEMBER S.A. (Santo Collection) Heraklion, Crete (28A Alex. Papanastasiou St.)

We will provide a list of the categories of Personal Data disclosed to third parties for their direct marketing purposes during the immediately preceding calendar year, along with the names and addresses of these third parties. We reserve our right not to respond to requests submitted to addresses other than the addresses specified in this paragraph.

How You Can exercise your rights and submit complaints

If you would like to review, correct, update, suppress, restrict or delete Personal Data that you have previously provided to us, or if you would like to receive an electronic copy of your Personal Data for purposes of transmitting it to another company (to the extent this right to data portability is provided to you by law), you can contact us at metaxahospitality@dpo.gr or by mail:

ΑRTEMIOS SINGLE MEMBER S.A. (Santo Collection), Heraklion, Crete (28A Alex. Papanastasiou St.)

You will receive a response from us within 30 days from the receipt of your request. In case, we will need more time to respond to you (up to 2 more months), we will contact you to communicate to you the reason of the delay.

In your request, please make clear what Personal Data you would like to have changed, whether you would like to have your Personal Data suppressed from our database, or other limitations you would like to put on our use of your Personal Data. For your protection, we only fulfill requests for the Personal Data associated with the particular email address that you use to send us your request, and we may need to verify your identity before fulfilling your request. We will try to comply with your request as soon as reasonably practicable.

Please note that we often need to retain certain data for recordkeeping purposes and/or to complete any transactions that you began prior to requesting a change or deletion (e.g., when you make a purchase or reservation, or enter a promotion, you may not be able to change or delete the Personal Data provided until after the completion of such purchase, reservation, or promotion). There may also be residual data that will remain within our databases and other records, which will not be removed. In addition, there may be certain data that we may not allow you to review for legal, security or other reasons.

Any refusal of the Company or any unjustified delay in responding to your requests following the exercise of your rights, shall give you the right to recourse to the Hellenic Data Protection Authority as the competent supervisor for the application of the GDPR.

In any case, you reserve the right to submit a complaint to the competent supervisory authority, if you consider that your personal data processing infringes the current applicable legislation. For more information, please visit www.dpa.gr

Retention Period

We take reasonable measures to ensure that your personal information will be stored no longer than needed for the purpose for which it has been collected and no longer than required by the contract or the applicable legislation.

The criteria used to determine our retention periods include:

The length of time we have an ongoing relationship with you and provide the Services to you (for example, for as long as you have an account with us or keep using the Services). However, the retention period shall not exceed a period of twenty (20) years after the last calendar day of the year when your respective relationship with the company ended.
In case of litigation, any personal data related to you shall be retained by all means until the end of the litigation, even if the above period of twenty (20) years has lapsed.
Whether there is a legal obligation to which we are subject (for example, certain laws require us to keep records of your transactions for a certain period of time before we can delete them)
Whether retention is advisable considering our legal position (such as, for statutes of limitations, litigation or regulatory investigations)

Cross-Border Transfer

ΑRTEMIOS SINGLE MEMBER S.A. provides a global service. Sharing data cross-border is essential to the Services so that you receive the same high-quality service wherever you are in the world. By making a reservation, visiting or staying at a ΑRTEMIOS SINGLE MEMBER S.A. branded property or using any ΑRTEMIOS SINGLE MEMBER S.A. branded service, you understand that we might transfer your Personal Data globally, within the contest of the restrictions set out by applicable law.

The Company shall not transfer personal data to a third country or an international organisation unless it is expressly authorized by you to do so.

A transfer of personal data to a third country or an international organisation may take place where the Commission has decided that the third country, a territory or one or more specified sectors within that third country, or the international organisation in question ensures an adequate level of protection. Such a transfer shall not require any specific authorisation.

In the absence of a decision pursuant to Article 45(3) of GDPR, the company may transfer personal data to a third country or an international organisation only if the company has provided appropriate safeguards, and on condition that enforceable data subject rights and effective legal remedies for data subjects are available (article 46 GDPR).

The appropriate safeguards referred to in the previous paragraph may be provided for, without requiring any specific authorisation from a supervisory authority, by:

a. a legally binding and enforceable instrument between public authorities or bodies;

b. binding corporate rules in accordance with article 47 GDPR

c. standard data protection clauses adopted by the Commission in accordance with the examination procedure referred to in Article 93(2) GDPR;

d. standard data protection clauses adopted by a supervisory authority and approved by the Commission pursuant to the examination procedure referred to in Article 93(2) GDPR;

e. an approved code of conduct pursuant to Article 40 GDPR together with binding and enforceable commitments of the controller or processor in the third country to apply the appropriate safeguards, including as regards data subjects' rights; or

f. an approved certification mechanism pursuant to Article 42 GDPR together with binding and enforceable commitments of the controller or processor in the third country to apply the appropriate safeguards, including as regards data subjects' rights

Transfers should only be allowed where the conditions of Regulation GDPR for a transfer to third countries are met.

Updates to This Privacy Statement

The “LAST UPDATED” legend at the top of this page indicates when this Privacy Statement was last revised. Any changes will become effective when we post the revised Privacy Statement on the Online Services. Your use of the Services following these changes means that you accept the revised Privacy Statement. If you would like to review the version of the Privacy Statement that was effective immediately prior to this revision, please contact us at (email)

Privacy Preferences

At ΑRTEMIOS SINGLE MEMBER S.A., we respect your privacy and want to provide you with information and choices. The options provided below allow you to express your preferences: what and how much you share with us and when and how you hear from us.

Cookie Preferences

We want to learn what is relevant to you and ensure you have a personalized experience. As described earlier, we use digital tools like cookies and tags on our web pages. Cookies also help us provide, protect and improve our services.

To adjust your preferences, please visit our Cookie Settings page.

Marketing Preferences

We want to engage with you in a way that is meaningful to you. We recognize that you may only want to hear from us in a limited way.

You may choose to unsubscribe from our newsletters by clicking the link at the bottom of one of our communications

*Please note that even if you choose to opt-out of communications with us, we will continue to send you transactional messages about your specific reservation or stay with us, such as pre-arrival, confirmation and guest satisfaction surveys.

If we intend to use your Personal Data for a purpose that is materially different from these purposes or if we intend to disclose it to a third party not previously identified, we will notify you and offer you the opportunity to opt-out of such uses and/or disclosures where it involves Personal Data or opt-in where Sensitive Personal Data is involved.

Disclosures to Service Providers

We sometimes contract with other companies and individuals to perform functions or services on our behalf such as spas and restaurants within our hotels, website hosting, data analysis, payment processing, order fulfillment, information technology and related infrastructure provision, customer service, email delivery, auditing and other services. They may have access to Personal Data needed to perform their functions but are restricted from using the Personal Data for purposes other than providing services for us or to us. ΑRTEMIOS SINGLE MEMBER S.A. requires that its Service Providers that have access to Personal Data received from the EEA and Switzerland provide the same level of protection as required by the Privacy Shield Principles. We are responsible for ensuring that our Service Providers process the Personal Data in a manner consistent with our obligations under the Principles.

Data Security

We use reasonable physical, electronic, and administrative safeguards to protect your Personal Data from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into account the nature of the Personal Data and the risks involved in processing that information, according to the provisions of the General Data Protection Regulation (EU) 2016/679 which entered into force on 25/05/2018, (the “GDPR”) as currently applicable.

Data Integrity and Purpose Limitation

We limit the collection and use of Personal Data to the information that is relevant for the purposes of processing and will not process Personal Data in a way that is incompatible with the purposes for which the information has been collected or subsequently authorized by you. We take reasonable steps to ensure the Personal Data is reliable for its intended use, accurate, complete, and current to the extent necessary for the purposes for which we use the Personal Data.

Privacy Policy Changes

This Policy may be changed from time to time, consistent with the requirements of the Privacy Shield. You can determine when this Policy was last revised by referring to the "LAST UPDATED" legend at the top of this page. Any changes to our Policy will become effective upon our posting of the revised Policy on the Site.

Contacting Us

ΑRTEMIOS SINGLE MEMBER S.A., 84702 Oia, Santorini, Greece

Santo Collection, Oia, 84702, Santorini

Tel: +30 22866 00630

Email: info@santocollection.gr