Unfortunately, as many surveys show, the chances of being on the data protection policy page are extremely low. 

For this reason, we are very pleased that you have found the time to read this text, giving us the opportunity to explain to you the purposes and ways in which we process your personal data. 

First of all, here is an easily understandable summary of the key points of our policy: 

Who are we? 

The company SK Hospitality PC, hereinafter referred to as the "Company" or "we", the Company has its registered office on "15th km. National Road Thessaloniki - N. Moudania, 57001, Thermi, Central Macedonia, Greece", and telephone +302316004010. 

For issues related to the protection of your data you can contact us directly at the dpo@xtremeinfinity.com. 

Based on the legal framework for data protection, the focus of which is the General Data Protection Regulation (GDPR), the Company is the controller of the data you provide. 

How do we collect your data and why? 

We process your various information, such as your name, email address, as a rule, when you contact us through the website or by email. 

There are some more cases in which we process your data, on a small scale and with a specific purpose, such as through cookies files. 

The legal basis for processing on behalf of it is mainly the performance of a contract, but in some cases we rely on our legitimate interest (e.g. ensuring the security of our information systems) or on the existence of a legal obligation (e.g. disclosure of data to competent authorities). 

What are your rights? 

If you believe that we are in breach of data protection law, you have the right to lodge a complaint with the Data Protection Authority. 

How long do we store your data? 

We store your data for as long as necessary based on our relationship (e.g. if you are a customer, what kind of cooperation we have with each other, etc.), your wishes (e.g. if you request their deletion), and any legal obligation (e.g. tax information). To define the storage period, we always keep in mind the principle of limiting the storage period, while in any case we take care of their safe observance. 

Who we share your data with 

With absolutely nobody for direct marketing purposes.  We have selected for organizations that provide security and privacy for marketing and communications. 

As we would like to avoid complex legal terminology and prefer to communicate in a simple and understandable a language as possible, such topics are not easy, so if you have any questions about our policy, please do not hesitate to contact dpo@xtremeinfinity.com. 

1. Who we are (Controller)

SK Hospitality is a Hotel Management & Consulting company (hereinafter referred to as "We" or "Company"). 

We consider the management of your personal data a very serious matter and that is why we make every effort to fully comply with all the rules of processing personal data. 

We collect certain information about our website visitors, which may lead to their direct or indirect identification. 

According to the applicable legal framework, this information constitutes personal data, you as visitors are the "data subjects" and we, as a company, are the "controller" of your data. 

The purpose of our policy is to explain to you in as simple, understandable and concise a way as possible the following: 

• What data we process about you, for what purpose and on what legal basis
• How long we store your data
• Who are the recipients of your data
• What are your rights and how you can exercise them
• What legitimate interests we have
• What applies to your consent when it is necessary
• Cookies

Before we begin, however, we would like to introduce you to the... 

Basic principles for processing your data 

The company is committed to processing your data in a fair and transparent way, always in accordance with the current legal framework, as reflected mainly in the General Data Protection Regulation (GDPR) and Law 3471/2006. 

What does this mean in practice: 

• We collect and process your data only for specified, explicit, and legitimate purposes
• We collect and process only the data that is necessary for the purposes we set
• We make every effort to ensure that your data is accurate, providing you, where appropriate, with the possibility of correction / deletion
• We keep your data for a period of time that is required for the purposes we set
• We make every effort to safeguard the security of your data from unauthorized or unlawful processing and accidental loss, destruction or damage.

In the context of the protection of the data we process, we implement a series of appropriate technical and organizational measures, adopt internal security policies, properly train its staff, who are committed to maintaining confidentiality, while utilizing a series of technologies that ensure the security of your data (e.g. SSL certificate , encryption, certified hosting providers). As required by information security and data protection, technical and organisational security measures are regularly monitored and, if necessary, updated and adapted to new best practices. 

2. What data we process about you and for what purpose

As a rule, we collect and process data of the visitors of the website only when they provide it directly and voluntarily, so simply visiting the website does not necessarily mean that we are processing your data. 

However, this rule cannot apply in two cases: to data collected with the help of cookie files  (see details here) and to certain data, which is automatically collected during your visit. 

2A. Data we collect automatically 

Due to the nature and the way the internet works, as soon as you visit our website, our server records  your IP address  , which constitutes personal data, even if as a website we cannot identify you on our own based on this information.    

We have a legitimate interest in processing this data in order to ensure the security of networks, information and services from accidental events or illegal or malicious actions that compromise the availability, authenticity, integrity and confidentiality of the stored or transmitted data (e.g. control of "denial of service" attacks), but also to establish, exercise or support legal claims. 

On the other hand, we have a legal obligation to keep this information, as the protection of your data from malicious users is our priority and duty. Additionally, we may, based on the current framework, be asked for information from police or judicial authorities, which we should be able to provide, always under strict conditions and terms. 

2B. Data provided to us by you 

Data we process 

For the communication, we collect and process the following information: 

Full name, email address, contact number, and/or mailing address. 

This information, regardless of the capacity you may have, is not publicly displayed, while only the company has access to it. 

Purpose of processing - Legal basis 

The main purpose of processing your data is to contact you after contact us. 

3. Contact Form

Data we process: 

We provide the visitors of the skhospitality.gr the opportunity to contact us through a contact form. 

Full name and email 

Purpose of processing - Legal basis 

We process the information based on your consent, which you provide with a positive action before sending your message, in order to provide you with a response. You have the right to withdraw your consent at any time, without prejudice to the legality of processing based on consent before its withdrawal. Sending just one email or submitting a contact form is not in itself a sufficient reason to include you in our database, nor do we keep your information for marketing. 

4. Where and for how long we store your data

 We use large providers, such as Microsoft, that meet strict standards for data security.  which is necessary for the specific purpose of processing. There are clearly certain storage periods for each data category.  

For example, if you have subscribed to the newsletter, we keep your data for as long as you remain a member of the newsletter. The rules for determining the retention period result from ensuring the rules for data protection, the best practices of the site and the preservation of the proper functioning of the Company. Please note that even if you submit a request for the deletion of your data, it is possible to retain some of them, solely due to legal obligations or for the establishment, exercise and support of legal claims. 

5. Cookies

Like most websites, we use cookies and similar technologies when you access and browse SK Hospitality. 

Weighing up our obligation to protect your data and the needs of SK Hospitality, we use these technologies sparingly, both to make your browsing comfortable and efficient, and to obtain certain anonymised information in relation to your visits. 

Cookies are small text files that are stored on the hard drive of the computer or other electronic device with which the user accesses  the  website.  Google Chrome, Mozilla Firefox, etc.) and contain anonymised information about the web pages you visit and the devices you use. 

By continuing to use our website without changing the default settings, you agree to our use of cookies. 

6. What are your rights

Based on the General Data Protection Regulation you have a number of rights in relation to the processing of your data on behalf of the Company. 

Specifically, as far as SK Hospitality is concerned, you have the: 

• Right of access, that is, to submit a request to be informed if we process data and, if so, what they are, and some other information, such as the purpose of processing, the recipients, etc.,
• Right to rectification, i.e. to request the correction or even the completion of your data, (important note: you have the ability to correct any information through your profile),
• Right to erasure, i.e. to request, under certain conditions, the deletion of your data,
• Right to restriction of processing, i.e. to ensure, under certain conditions, the restriction of the processing of your data by us,
• Right to object, i.e. to object at any time to the processing of your data carried out on the basis of our legitimate interest (marketing),
• Right to data portability, i.e. to request the data you have provided to us in a structured, commonly used and machine-readable format, if this is deemed technically feasible based on the provisions of the GDPR.

Finally, in case of a data breach, which may pose a high risk to your rights and freedoms and if this does not fall under one of the exceptions provided for under the GDPR, we have the obligation to inform you without undue delay. 

Compliance with the legal framework for data processing and, in this context, the exercise of your rights, is a priority for the Company. For this reason, we have the right to request the provision of additional information, which is necessary to confirm your identity before exercising your rights, such as deleting your profile. 

In principle, we are obliged to respond to your request immediately and at the latest within one month. If necessary, taking into account the complexity of your request and the number of requests pending processing, this deadline may be extended by a further two months. In any case, we will inform you as soon as possible and, in any case, within one month from the submission of your request, of its progress and of the reason for any possible delays. 

In the event that your requests are manifestly unfounded or excessive, in particular due to their recurring nature, the Company may either impose the payment of a reasonable fee, taking into account the administrative costs for the provision of the information or the announcement or execution of the requested action, or refuse to follow up on your request. In case you consider that we do not comply with the legislation on the protection of personal data, you have the right to file a complaint with the competent supervisory authority (in Greece the Personal Data Protection Authority). 

For any question or issue you encounter regarding the protection of your data on our behalf, please do not hesitate to contact us at dpo@xtremeinfinity. com.