Thank you for visiting our HiGreece website!
Hereinafter we will inform you about the handling with your data according to art. 13 of the General Data Protection Regulation (GDPR).
The party responsible for data processing is the Greek Youth Hostels Association (GRYH) | Σύλλογος Ξενώνων Νέων Ελλάδας, 20200 Kryoneri Korinthia, Greece.
We only collect data, which are necessary
- to accomplish the affected person’s contract,
- to accomplish precontractual measures following a person’s request
- to keep eligible interests.
Storage of the IP address
We save the IP address transmitted by your browser for seven days to recognize, localize and eliminate assaults on our website. Upon expiry of seven days we delete or anonymise the IP address. The Legal basis is art. 6 par. 1 lit f) GDPR.
When visiting our websites, so called usage data will be saved temporarily for statistical purposes and to improve the quality of our websites. This data record contains
- the website from where the file was requested
- the name of the file,
- date and time of the request,
- the transferred amount of data,
- access status (file transferred, file not found),
- type description of used browser,
- the IP address of the inquiring computer (shortened, no personal reference possible)
The mentioned protocol data will only be saved anonymised.
Data processing for contractual fulfilment or implementation of pre-contractual measures
We process data of membership registration according to art. 6 par. 1 lit. b) GDPR for the purpose of contractual fulfilment or implementation of pre-contractual measures. The following data is affected: contact data (name, address, email-address, mobile/phone number), booking data (amount and age of guests, boarding details) as well as possibly bank account.
Data will be stored for 10 years. In case of existing legal storage periods affected data will be archived for the period of terms and disabled for general access, if not required any longer longer for contractual fulfilment.
Data processing to protect eligible interests of persons responsible
We collect data according art. 6 par. 1 lit. f) GDPR via contact form to answer your request. Our primary interest is to offer you a fast and straightforward approach and handling your requests in the medium-term to initiate a contractual relationship, too. The following data is affected: company, association, institution, membership number (if available), title, name, address, phone number, email address.
Data will be stored up to 6 months after the final processing of your request. In case of existing legal storage periods affected data will be archived for the period of terms and disabled for general access, if not required any longer for contractual fulfilment.
We collect your name and your address according art. 6 par. 1 lit f) GDPR, to advise you by mail about new offers. Our eligible interest is to increase the occupancy rate of our offered courses and our sales.
If we got your data in connection with your booking we will use your name and email address to promote our (similar) products. Also in this case our eligible interest is to increase the occupancy rate of our Youth Hostels and our sales.
We collect your name and your email address in accordance with art. 6 par. 1 lit f) GDPR to hear your opinion about your stay in our Youth Hostels. Our eligible interest is to identify needs for improvement of our offered services.
Transmitting data to a third party
If there is a forwarding permission in terms of data-protection law (especially in accordance to the legal provisions mentioned above), we transmit your data to a third party. If necessary, personal data will be transmitted to companies involved in the handling of the contract, e.g. credit institutions for payment handling, cooperation partners for realisation of booked services and so on.
We transmit your data within processing an order in accordance to art. 28 GDPR to service contractors, who support us handling our websites and associated processes. Our service contractors are strictly bound by our instructions and respectively indented. We work together with the following service providers:
- Google (Google Analytics)
Transmitting data to third countries
In some cases we transmit personal data to a third country beyond the EU. We always take care of an appropriate data privacy level. In case of Google (US) an appropriate data privacy level of the according participation of the Privacy-Shield-Convention is following (art. 45 par 1 GDPR).
We offer the possibility to subscribe to our email newsletter. If you have given us a separate approval that we can inform you about products or services by email, an appropriate processing in accordance to art. 6 par. 1 lit a) GDPR follows. Your approval can be cancelled at any time without changing is legitimacy. If the approval will be cancelled, the data processing will be stopped.
If you don’t want to get any further newsletters you can unsubscribe at any time: Please send your cancellation to Greek Youth Hostels Association (GRYH) | Σύλλογος Ξενώνων Νέων Ελλάδας, 20200 Kryoneri Korinthia, Greece or via email to firstname.lastname@example.org
Technical standards – protected connection
We are transferring our data via SSL (Secure Socket Layer) generally associated with a 256bit encryption. This technology offers maximum security and is therefor also used by banks and its data protection in online banking. Your data is transmitted encrypted, when you can see an icon of a key or closed lock in the lower status bar of your browser.
Our measures are state of the art and will be adjusted continuously. However we indicate that our data privacy for transferring data within the internet according to the current state of the art cannot be ensured.
Usage of „cookies“
Cookies are little data packages, usually smaller than 1kb. Cookies contain information, which allow webservers to recognise users (computer) at their next visit or on following pages. In order to be able to recognise users at their next visit, the cookie of your browser has to be saved on your local harddisk. All other cookies will only be used for single visits, won’t be saved on harddisk and will be deleted when you close your browser. Those cookies are needed for several search requests, for example.
It is possible that linked pages using cookies, we can’t advert to. Most browsers accept cookies automatically. However you can deactivate saving cookies or let your browser notify about sending cookies.
Google Analytics and Google Remarketing
To get a need-based design of our website we create pseudonymous user profiles with the help of Google Analytics. Google Analytics uses so called „Cookies“, text files saved on your harddisc, which enable an analysis of your use of our website. Usually the information of your use, generated by the cookie, will be transferred and saved to a server of Google located in the US. Since we activated IP anonymisation on our website, your IP will be shortened in one of the member states of the European Union or another contractual state of the Agreement on the European Economic Area. Only in exceptional cases the full IP will be transmitted to a Google server in the US and shortened there. Google will take these information to evaluate your use of our website, to create reports about our website activities and to render further services associated with the use of our website and the internet.
You can revoke the creation of pseudonymous user profiles at any time. There are several possibilities
- You can set an „Opt-Out-Cookie“, which assigns Google to not save or use your data for web analysis. Please note, that this will only work as long as this Opt-Out-Cookie will be saved by your browser.
- You can prevent saving cookies for building a profile with appropriate settings within your browser software.
- According to your used browser you can install a plugin to prevent tracking.
Moreover this website uses Googles Remarketing feature. With that feature visitors of our website will be addressed by targeted banner advertisement on other websites of the Google partner network. Google Remarketing happens with cookies of our website as well as other websites of the Google partner network (including own brand websites of Google) (combined usage of first party and third party cookies). When visiting a website of the Google partner network your previous surfing behavior can by analysed by cookies and used for targeted product recommendations and advertisement based on interests. If you don’t want to get advertisement based on interests, you can deactivate Googles usage of cookies by viewing the website to deactivate doubleclick. As an alternative you can deactivate the usage of third party cookies by viewing the opt out website of the network advertising initiative .
On several subpages you can find embedded YouTube videos. When you are viewing these subpages, YouTube content will be reloaded. In that case YouTube will get your IP address, which is technical required to access the content. We have no bearing on the further use by YouTube. However we activated the extended data privacy mode offered by YouTube. That means, that YouTube won't set cookies to analyze user behaviours.
Contact details of our privacy officer
You can reach our privacy officer at the following email address: email@example.com
Rights of affected people
According to the GDPR affected people are entitled to get information (art. 15) about relevant personal data as well as the correction of false data or cancellation (art. 16, 17). Furthermore there is the right of limitation of data processing (art. 18) and according to art. 20 GDPR the right on data portability.
Right of objection
If data will be processed on the basis of art. 6 1 lit. f) (data handling to protect eligible interests), an affected person has the right to enter an objection. You have this right regarding data handling of customer administration and advertising. Then we won’t process your personal data any longer unless there are verifiable urgent reasons for processing worth being protected, which outweigh the interests, rights and liberties oft he affected person or the processing serves the enforcement, exertion or defense of interests.
Right of complaint at a controlling authority
Each affected person hast the right of complaint at a controlling authority, if he or she believes, that the procession of personal data offends against regulations in terms of data-protection law. The right of complaint can especially be claimed at a controlling authority within the member state of the residence of the affected person or the place of the alleged infringement.