This Privacy Policy is in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council, of 27 April 2016, related to the protection of natural persons with regard to the processing of personal data and on the free flow of such data and repealing Directive 95/46/EC (General Data Protection Regulation).
This Privacy Policy establishes the basis on which the company processes the personal data that our users voluntarily send us through the website and it is applicable when the company collects your personal data through the different contact forms. When processing your personal data, the company will act as the Data Controller.

Data Controller: FISCO S.A. Lyssikrarous str 9, Athens 105 58 (‘company’).

The information that you have provided, together with other information, where applicable, provided by travel agencies, tour operators, or other booking services that collaborate with this company, will form part of the processing of data, under the responsibility of the aforementioned entity.
The aim of data processing is to manage properly your stay or requested service, to respond better to your needs, and, if you have given us your consent, to send you business information under the indicated terms and conditions. In addition, we hereby inform you that, for the same purposes, this data may be used by the group of companies that operate or manage hotels in the AVA Hotels chain.
The categories/types of the data that are processed correspond to the information requested on the booking registration form, creation and access to customer account, newsletters subscriptions. But also information corresponding to curriculum vitae for employees working with our company:
Identification – DNI/Passport/NIE – Postal addresses and/or email – Landline/mobile numbers – Transaction/consumption information – Sex – Age – Payment method information – User preference data – Sensitive or specially protected data is not processed, unless expressly requested by the user to respond to their needs and/or preferences.
The customer may request the management of certain services that are external to the Hotel, such as vehicle, excursions, restaurants, or other services related to the stay. In these cases, the customer expressly authorises their data to be sent to the corresponding third parties for the appropriate management of the requested service.
Profiles and segmentations may be created in order to cater better to your preferences and to improve our services. Under no circumstances will automated decisions be made about the processed data.
Your data may be communicated to other companies, entities, public or private institutions, for the sole purpose, and exclusively in necessary cases, of offering the appropriate service provision, consultation, or management of the established relationship.
The data will be retained while the relationship is active, or its cancellation has not been requested, and will be held for a period of 5 years from the last interaction, as well as during the established legal time frame in accordance with the specific applicable regulations.
Your data is processed under the legitimate interest of the responsible party of the website, in accordance with the provisions of current regulations, the Greek Constitution, and other implementing laws, such as free market economy laws. In addition, having provided the data voluntarily legitimises the processing of this data for the aforementioned purposes. This data may be communicated to the group of companies that operate in the AVA Hotel chain.
You may exercise your right to access your personal data and to rectify your data if it is incorrect.
You may exercise your right to request the deletion of your personal data due to the fact that the information is no longer needed for the purpose that it was initially collected, among other reasons.
In certain circumstances, the Interested Parties may request to restrict the processing of their data, which will be retained only for exercising the right of defence against any claims and/or litigation, and during the applicable legal time frame for data retention.
In certain circumstances, the Interested Parties may oppose the processing of their data. The company FISCO SA will stop processing your data, with the sole exception of legitimate reasons, for historical, or research reasons, for the defense against claims, or in accordance with the provisions of current regulations.
To exercise these rights, the interested party must send a communication to the postal address indicated at the top of this document, indicating the right that they wish to exercise, and enclosing a copy of their identification: DNI, passport, or another valid form of ID.
As a user, you may at any time file a complaint regarding the protection your personal data before the competent Data Protection Authority.