1. Purpose of this Policy

By this Policy, the Company under the name ‘’President Hotel Athens -GEKE S.A.’’, hereinafter referred to as the “Company” or "Hotel" or "President Hotel", with headquarters in Athens, Kifisias Avenue no. 43, 11523, with VAT number: 094033829, telephone number: 2106989000 and email address: president@president.gr, to which this website belongs, provides as Data Controller, within the meaning of the applicable legislation, to the users/visitors of its website, information on the processing of their personal data during browsing and use thereof, when necessary, based on the relationship with them.

2.Definitions

Data Subject: The website user and any other natural person who visits our website.
Personal data: Any information that can directly or indirectly identify a natural person (the "Data Subject"), such as name, surname, address, contact details (telephone number, e-mail address)etc.;
Processing:  any operation or set of operations which is performed, whether or not by automated means, on personal data or on sets of personal data, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, searching for information, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of personal data of which the Company has or will become aware, either directly from you through the website or under the transaction relationship with the Company;
Controller:  The company under the name ‘’President Hotel Athens -GEKE S.A.’’, to which this website belongs and which determines the purposes and means of the processing of personal data; 

Processor: a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;

Recipient: a natural or legal person, public authority, agency or other body, to which the personal data are disclosed, whether a third party or not;

Data Protection Officer – DPO: the person designated by the Data Controller, who has the position and performs the duties defined by the current legal framework for personal data protection;

3. What type of data we collect, for what purpose and on what legal basis

We collect and process the following personal data of yours on a case-by-case basis:

Business Activity/ Processing	Personal Data (or categories of personal data)	Purpose of the processing	Legal basis for the processing
Login to our website president.gr	IP address, date and time of access (timestamp-timezone), access provider, browser and its version, operating system and its version.	Provision of personalized services to you, design of proper connection, security and system stability, continuous provision of our services while you browse the website.	a) legitimate interest in the context of making our website available to the public in a safe way and providing services to it.
Communication Form	E-mail address, content of the message (comment) are required data, while name, surname and telephone number are optional data.	Communication, request/query/complaint handling and information provision	a) the contractual relationship between us and your specific request. b) legitimate interest, in the context of providing services to you.
Communication via Chatbot	Name, email.	Communication, management of request/inquiry/complaint, and provision of information.	a) our transactional relationship and your specific request. b) legitimate interest, in the context of providing services to you.
Booking request [Book now]	Country, full name, email address, phone number, payment details (Optional: discount code/voucher, address, city/region, state/province, postal code, company/organization, purpose of stay, special comments such as booking preferences, special instructions, and preferences regarding arrival time). In case you want us to issue an invoice, the relevant tax office is also required. NOTE: The registration of your data is carried out through the secure environment of Webhotelier who is processor, after redirection.	Booking details and finalization. Satisfaction of your special requests & needs within the framework of the contractual relationship with the hotel.	a) company's compliance with legal obligations and the applicable legislative framework. b) provision of our services in the context of our contractual relationship and your specific request.
Creation of corporate account	Email (username), password, full name, company name, corporate email, country, city/location, address, postal code, company phone number, website, special invoicing details (such as company billing information). Optional Information: Phone number, mobile number, fax, Skype account. NOTE: The registration of your data is carried out through the secure environment of Webhotelier who is processor, after redirection.	Completion of your Booking.	a) provision of our services within the scope of our contractual relationship and your specific request.
Creation of travel agent account	Email (username), password, full name, company name, corporate email, country, city/location, address, postal code, company phone number, website, special invoicing details (such as company billing information). Optional Information: Phone number, mobile number, fax, Skype, data related to the association to which the agency belongs. NOTE: The registration of your data is carried out through the secure environment of Webhotelier who is processor, after redirection.	Completion of Your Booking.	a) provision of our services within the scope of our contractual relationship and your specific request.
Modification/Cancellation of Booking	Booking number, email.	Management/modification or cancellation of your booking.	a) provision of our services within the scope of our contractual relationship and your specific request.
Registration to President Members’ Club	Email address or registration via Google (email address or phone number) or via Facebook account (name, profile picture, email address).	Registration and enjoyment of relevant privileges while booking.	a) The contractual relationship between us and your specific request for registration as well as the performance of a contract regarding the provision of services and privileges to members of the program.
Organization of Event/ Conference	email, optional: Name, phone number, date of event, selection of meeting room.	Organization and management of your event.	a) necessary steps for the potential conclusion of a contract between us.
Information regarding the use of Cookies: Our website uses Cookies. Our Company, through the published Cookies Policy (see https://president.gr/cookie-policy/ ), provides users/visitors of its website with information about the use of Cookies, such as the type of Cookies used by the website, the data retention period, the type of data collected, the purpose of use of each Cookie, the way in which the user/visitor has the possibility to turn on or disable the use of cookies and so on.

We shall inform you that all personal data provided by you through our website for the above purposes is necessary for us in order to provide you our services the best possible way and to achieve any settlement, management or resolution of your request, question or complaint. Therefore, the non-provision of your data could make the communication between us through the website and in general the contractual relationship between us inefficient and / or impossible.

4. Processing of special categories of personal data

Our Company does not process special categories of personal data through this website, such as data related to your racial or ethnic origin, your religious or philosophical beliefs, health data or data related to your sex life or your sexual orientation, as the above data are not necessary for us.

For this reason, we kindly ask you not to include such data when filling in message fields, which otherwise will be processed by us on your own initiative and as an integral part of any request you may have (indicative example: preferences during the reservation regarding your stay or the way of serving you, particular requests or needs regarding our provision of services to you).

5. Data concerning minors

Our website does not concern natural persons, who have not reached the age of eighteen (18). Therefore, our Company does not process personal data of minors. However, our company, with a particular sense of responsibility regarding the sensitive age of children, declares that it does not process personal data arising from visitors/users of the website under the age of eighteen (18), without the prior consent of the person who has parental care of the child. It should be pointed out that, when the processing of personal data is based on consent in accordance with art. 6 par. 1 a of the GDPR 2016/679, in relation to information society services directly provided to a child, the consent provided by the minor and consequently the processing is lawful if the minor is at least 15 years old. In case where the minor is less than 15 years old, this processing is lawful only if and to the extent that the said consent is provided or approved by the person who has parental care of the minor (see art. 8 of the GDPR 2016/679 in conjunction with art. 21 of law 4624/2019).

6. Recipients of your personal data

The personal data we collect from you in the context of our relationship are processed by:

1. the authorized and properly trained competent staff of our Company bound by absolute secrecy and confidentiality,
2. partners of our Company, to whom the Company, in accordance with art. 28 of the GDPR entrusts the execution of specific tasks on its behalf (processors) and with which it has ensured GDPR-compliant processing for the protection of your data, by signing contracts and undertaking to observe adequate measures, in accordance with the corresponding GDPR provisions (art. 28, 32), such as, indicatively but not limited to, third party partners – companies in the context of managing the website and providing support services for our applications. In particular, we would like to inform you that when you make your reservation through this website, you are redirected to the reservation environment of Webhotelier Technologies Ltd, which processes the personal data included in your reservations, on behalf of the hotel, as Processor, providing the relevant guarantees in particular regarding the processing of information/payment data (indicative: complies/is certified with the PCI DSS Security Standard).
3. public bodies and authorities, such as public agencies and bodies, independent authorities, regulatory authorities, police, competent authorities, prosecutors, other administrative agencies, etc., when we are required to do so by the applicable legal framework.

We do not transfer your personal data to third countries (outside the EU or EEA) or international organizations, which do not ensure an adequate level of protection (according to an adequacy decision or certification). In any case, any transfer follows and complies with the relevant provisions of the applicable legislative framework, in particular art. 44 et seq. of the GDPR 2016/679 while there will be relevant information to the users with an update of this personal data protection policy or with a more specific statement/information by the Company.

 

7. Data retention period

We retain your personal data for as long as required by the nature and purpose of each processing or as defined by the applicable legislative and regulatory framework, taking into account the legal obligations of our Company, our contractual relationship and any legal claims arising from it, in order to accordingly justify the retention time of the personal data. During the pre-contractual stage and especially in case of filling out an electronic communication form on the company's website, your data are kept for up to 5 years.

In any case, we apply a maximum retention period of twenty (20) years (general limitation of legal proceedings). After the expiration of the above period, the data that are no longer necessary will be erased in a secure and unrecoverable manner.

 

8. Your rights according to the GDPR

In any case, you have control over the processing of your personal data. Each user, as a data subject, may at any time exercise their rights, as provided for in the GDPR and in particular articles 12 to 23 thereof, but also the relevant national legislation and in particular:

1. The right to be informed, announced and briefed about exercising your rights (Art. 12, 13, 14 GDPR), meaning your right to be informed on how your personal data are used (as it is thoroughly done in the present Policy).
2. The right to access the personal data that concern you and to the extent the Company processes them, as a Data Controller (Art. 15 GDPR). Our Company will provide you a copy of the personal data upon your relevant request.
3. The right to rectify inaccurate data as well as to add data when they are incomplete (Art. 16 GDPR).
4. The right to erase your personal data (“The right to be forgotten”), subject to the obligations and legal rights of the Company over their preservation according to the applicable legislative and regulatory provisions (Art. 17 GDPR).
5. The right to restrict the processing of your personal data if, either their accuracy is doubted, or the processing is illegal, or they lack the purpose of processing, but their erasure is not applicable (Art. 18 GDPR).
6. The right to transfer your personal data to another Data Controller (data portability), if the processing is based on you consent and is conducted with automated means or to execute the contract between us (Art. 20 GDPR). In such a case, you have the right to receive the personal data concerning you, which you provided us, in a structured, commonly used and machine-readable format.
7. The right to object for reasons that concern your special condition in case your data are being processed for purposes of the Company’s legitimate interest (Art. 21 GDPR) and especially the right to object to the automated decision-making including profiling (Art. 22 GDPR).
8. The right to withdraw the already given consent (article 7 par. 3 GDPR) at any time, for the processing based on the consent. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

Moreover, you have the right to lodge a complaint with the competent supervisory authority in the Member State in which you have your residence or place of work or is the place of the alleged infringement, if you consider that the processing of your personal data infringes the GDPR (art. 77 GDPR) and that your request has not been sufficiently satisfied by us. The competent supervisory authority in Greece is the Hellenic Data Protection Authority (1 – 3 Kifisias Avenue, 115 23, Athens, +30 2106475600, contact@dpa.gr ).

9. The way to exercise your rights and lodge a complaint

You have the right to exercise your rights either by sending an email to the e-mail address dpo@president.gr  (by filling in the Rights Exercise Form we provide you) or by letter to our postal address or by hand delivery in our Company's headquarters.

Our Company will make every effort to take the required actions within (1) month from the date of receipt of your request, unless the tasks related to the satisfaction of the request are characterized by particularities and/or complications, based on which the Company retains the right to extend the time of completion of actions.

In any case, you will receive an update on the progress of your request within one (1) month of its submission. We reserve the right to request certain information from you in order to confirm your identity and to ensure your right to access your personal data (or to exercise any other right).

This is a protective measure that ensures that personal data are not disclosed to any person who does not have the right to receive them. We also reserve the right to contact you for more information about your request in order to shorten the response time.

10. Security of your personal data  

Our company applies reasonable and appropriate technical and organizational security measures to ensure an appropriate level of security and protection of your personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data transmitted, stored or otherwise processed as well as to ensure the preservation of both technical and physical security in accordance with article 32 of the GDPR. The Company applies relevant Policies and in general, it observes the principles of processing in accordance with the wording of the GDPR (Art. 5 GDPR), to ensure the availability, integrity, and confidentiality of your personal data. 

11. Social media

Our Company uses the following social media: Instagram, Facebook, LinkedIn.

• Facebook: https://www.facebook.com/president.gr/
• Instagram: https://www.instagram.com/presidenthotelathens/
• LinkedIn: https://www.linkedin.com/company/president-hotel-athens/

Regarding certain processings, our Company and the Controllers of the above-mentioned social media platforms act as joint Controllers within the meaning of Art. 26 of the GDPR.

We can only have a limited influence on the processing of data by social media Controllers. Therefore, we act within the framework of the possibilities available to us and in accordance with the applicable legislation on the protection of personal data.

The Controller of the social media platforms manages the overall information infrastructure of the respective service, applies its own technical and organizational data protection measures and maintains its own relationship with you as a user and therefore as a Data Subject (provided that you are a registered member of the respective social media service).

For more information regarding the processing of your data by the providers of social media platforms and in general about your rights, please refer to the respective Privacy or Security Policies of each provider.

Any data you provide to us when visiting our page on social media, such as comments, videos, images, "likes", public messages, etc., are published on the platform of the social media of your choice and are not used or processed by us for purposes other than your information and in the context of the provision of our services to you, when you wish to get in touch with us in this way. The processing of your personal data is carried out based on art. 6 par. 1 f GDPR, in the context of the best possible provision of our services to you.

12. Statements of the Company

1. The Company is not liable for any damage (direct, indirect, positive, deponent) that may be caused to the visitor on account of the website or its use. The visitor is solely responsible for the protection of their system against viruses.
2. The Company does not make decisions or proceed to profiling based on an automated processing of your data.
3. The present policy may be amended / updated at any time. You will be informed about all the significant changes, while, every time the Policy is amended, the updated version will be posted on the page. For this reason, the visitor must be updated and regularly refer to this Policy.
4. No other use of the visitor's personal data will be made for purposes other than those mentioned herein, without prior information and, where necessary, their consent.

13. Useful Contact Details

Data Controller Details

President Hotel Athens -GEKE S.A. Address: 43 Kifisias Avenue, Athens, Greece, 115 23 Phone: (+30) 210 6989000 Email: president@president.gr Website: www.president.gr

Data Protection Authority Contact Details (HDPA, competent national supervisory Authority)

Address: 43 Kifisias Avenue, Athens, Greece, 115 23 Tel: +30 210 6475600 Fax: +30 210 6475628 Email address: contact@dpa.gr Website: www.dpa.gr

Data Protection Officer (DPO) contact details

E-mail: dpo@president.gr *Please note that you may contact this email only for personal data protection issues. Any other matter referred to at this email address will not be considered. For any issue other than personal data protection, please contact the competent department.

 

Last update: March 2025