Privacy Notice
For MTS City Breaks (hereinafter referred to as travel organization), the respect for and the protection of your personal data is a commitment. We understand and take seriously into consideration the fact that you are aware of and interested in your personal data.
This Privacy Notice applies to your personal data our travel organization collects and processes for the provision of our services, and describes the way we use and protect them, the period we retain them and the options you have about the way we process them, pursuant to the European Legislation for the protection of personal data and in particular the General Data Protection Regulation (GDPR) (EE) 679/2016.
We acknowledge that the protection of personal data is an ongoing responsibility and therefore we will update and amend this Statement from time to time. Please visit our web site www.mtscitybreaks.eu in order to make sure that you are aware of and satisfied with any changes.
1. Who we are
MTS TOURISM SOLUTIONS S.A. (MTS City Breaks) is based in Plaka, 105 56, Athens, at 35 Kapnikareas Street. MTS City Breaks a global supplier of on-line hotel accommodation, car rentals, transfers and tours offers its services exclusively to travel agencies and travel agents. Since our inception in 1997, we have developed a fully reliable platform with a wide-range of content, of more than 200,000 hotels to choose from, and more than 18,000 exclusive hotel partnerships worldwide.
2. Which personal data we collect about you
2.1 Data for the rendering of services: We collect personal data whenever we come in contact or interact with you. Also, in the course of our business and in particular for the provision of our professional services to you, we may collect the following personal data:
- Customer Details e.g. first and last name, father's name, ID number, Passport number, email, contact phone number, home address,
- Billing data: VAT
- Personal Data e.g. Date of Birth, Nationality, Place of Birth,
- Date and place of arrival/departure,
- Preferences and interests e.g. preferred floor, non-smoking room, bed type, cultural interests,
- Medical data related to your health e.g. allergies, kinetic issues,
- Data that may be considered sensitive such as your cultural interests, any health problems, smoking habits. For this reason, we retain such data only if we are required by applicable law or if you explicitly give us your consent in the context of rendering our services e.g. specific eating habits,
- Device data e.g. unique device IDs, IP address, device settings to access our Services, etc.,
- Other data regarding the use of our services by you e.g. interaction with content offered through a service,
- Through the browser cookies you use when browsing our site, in order to respond, promote, and accurately route your request. In this case, we may collect data about the type of browser you use for the purpose of managing our system and to compile aggregate information about visitors to our Website of pure statistical kind that does not identify any physical person.
Data about people under the age of 18 is limited to name, nationality, date of birth, ID number, Passport number and is provided only by a person with parental supervision. In the special case of refugee minors their data is collected from the United Nations High Commissioner for Refugees (UNHCR).
2.2 Fellow Travelers’ Data: When making a reservation for someone else, we will request the minimum required personal data (ordinary or sensitive, e.g. medical history) and travel preferences for this person. Data about people under the age of 18 should be provided only by a custodian. You should obtain and be able to prove the other person's consent or the person’s custody if he is under 18 years old, before providing us with his/her personal data and travel preferences, as access to view data or any changes to his or her data will only be feasible through your account.
2.3 Surveys: We may be asking for demographic data or other personal data for the customer surveys we conduct for the course of our business and only if they are necessary for this purpose.
2.4 During your stay at our premises: We collect additional personal data when entering to our facilities, including data that may be required by the national law. We may also use closed circuit television and other security measures on our premises that can capture or record customer and visitor images. We may also use closed circuit television and other technologies that record sound or record video for the protection of our staff, of our customers and of the visitors to our facilities, to the extent permitted by law.
2.5 Events: If you are planning an event or a conference with us, we collect conference and event requirements, date of the event, number of guests, details for the guest rooms and for the corporate events, details about your company (company name, annual budget and number of events per year). We also collect data for customers who are members of your group or participate in the event. If you contact us as a member of a group, we may have your personal data that we collected from the group and as member of it or your presence at an event, we may promote to you our services according to your preferences, if the law so permits. In case of an event, we may share your personal data with the event organizers, if the law so permits. If you are an event organizer, we may share information about your event with third-party service providers who can promote their services to you, provided the law so permits.
We also collect personal data during our events or events we are sponsors, as part of a contest or other promotional activity or events but always with your consent.
2.6 Social Media: If you opt for participating in social networking activities or offers, we may collect, with your permission, some data from your social networking account, such as location, check-ins, activities, interests, photos, status updates, and the list of your friends. You may also be allowed to take part in contests to provide photos which you can share with your social media contacts for voting, notifications, or other ads.
2.7 Employment Applications: If you decide to apply electronically for employment to our travel organization we collect the information submitted by you and for example will process the following personal information: your educational background, your employment history, your previous employers, your areas of expertise, your professional and other work permits and certifications, educational institutions from which you graduated, your preferences for the type of work, verify information about your recommendations and previous employers, other information you may have you choose to submit through the resume submission process, other data that may be provided to us during any telephone contact or through your application or other communications with you for the purpose of conducting interviews and filling job positions.
2.8 Personal data we collect from third parties. It is also possible to collect data about you from third parties, including data from our partners in airlines and card payments and from other partners, including social networking according to your settings in these services, as well as from other third-party sources who have the legal right to share your data with us. We use and share this data (and we may append these items to the other items we maintain about you in our records) for the purposes described in this Statement.
3. How we use (process) your personal data
3.1 Service Management: We use your personal data to provide services to the travel industry such as booking a room, airplane tickets and other associated services such as keeping required documents in accordance with the applicable legislation, requests related to accommodation, etc.
3.2 Event Scheduling: We may use your personal data to inform you about the scheduled events.
3.3 Promotional Activities: To the extent permitted, and only if your consent is provided by filling in and signing a relevant Consent Form, except and regardless the case of par. 3.5 below (profile configuration) and independent of that, we may use your personal data to send you or offer you informational letters, advertisements and suggested special offers, as well as other promotional messages according to your communication preferences. We use your data to provide account alerts and booking confirmations, to conduct searches, draws and other contests. We may provide these updates via the Internet, mail, online advertising, social media, telephone, text messaging (including SMS and MMS).
3.4 Improving the quality of service: We may use your personal data to improve the quality of the travel organization services’ and to ensure that our services are satisfactory to you. We also use your personal data to provide you with the expected level of quality at our services.
3.5 Personalization of the Service/Profiling: We may use your personal data to make your experiences with us more personal and more social aiming at offering you diversified services. If your consent is provided by filling in and signing the relevant Personal Data Consent Form we store your personal data and information related to the requested services and process them in order to make a customer profile with your preferences and interests so that to be able to propose customized professional services through marketing campaigns tailored to your needs, preferences and interests pursuant to your customer profile.
3.6 Billing of Services: We process your personal data for the purpose of invoicing our professional services rendered.
3.7 Debt Collection: We process your personal data for the purpose of collecting outstanding and uncollected amounts frοm invoiced professional services.
3.8 Prevent & Manage Fraud: We process your personal data for the purpose of preventing and managing possible fraud incidents. In addition to that, we may receive information about penal record if this is necessary for the protection of our rights, the protection of our assets, our customers and our employees/partners.
3.9 Legal Obligations/Claims: We process your personal data for the purpose of defending our legal rights before judicial or other authorities and for fulfilling our obligations to represent and comply with supervisory and auditing authorities
4. What is the Legal Basis for the Processing
Depending on the purpose for which data is used, the legal basis for processing your data may be:
4.1 Your consent,
4.2 Our legitimate interest, and in particular:
- to carry out a contract (to provide the services you have requested from us),
- to improve our services: with the view to upgrading the quality of our services and better understanding your needs and expectations, we are able to provide you with even better services,
- to prevent fraud: ensure that each payment is completed without any fraud or appropriation,
- for the security of our systems: to protect computer and communication systems and to ensure that they work properly and are continually getting improved.
4.3 Comply with obligations provided by the law, and in particular when processing is made for legal reasons, it is required by an applicable provision law or for the public interest.
5. Whom we share your personal data with
To fulfill the above stated purposes of processing your personal data, to provide the expected level of quality and the best level of service we may disclose or transmit any personal data you have provided to our affiliates or related companies, or to third-party service providers who, in collaboration with the Company, assist in providing you services, as an example, technology and information technology service providers for the protection and security of our computer systems, accounting and ERP service providers, legal services or general consulting services, facilities management/company medical physician, Website Service providers in particular via the internet via social media, advertising agencies upon your consent, cooperating with us companies to run corporate programs, companies that conduct customer satisfaction research, tour operators, travel agencies, GDS reservation systems, Online Reservations systems, hotels, shipping companies, insurance companies, transportation companies, personal guides, escorts, public authorities (e.g visa issuance).
In all of the above cases, the travel organization remains, as the data controller, responsible for the processing of your personal data and defines the details of the processing, alone or in cooperation with third parties and enters into a specific agreement with the third parties they undertake processing activities, to ensure that the processing is carried out in accordance with applicable law and that every natural person may exercise his or her rights freely and without hindrance under the applicable legislative framework.
6. How we protect your data
When you provide us your personal data, or when we lawfully collect them, we take measures to ensure that they are securely kept. In order to protect your personal data, we take physical, technical and organizational protection measures. We update and review the security technology we use on a sustained basis. We allow access to your personal data only to those employees and partners who need to know this data in order to provide benefits or services to you and only for the period required for the provision of our professional services and subsequently are destroyed or deleted, unless they have to be kept due to a provision of law. In addition, we educate employees about the importance of confidentiality and of maintaining the privacy and security of your personal data. Among other things, we have implemented the following technical and organizational measures and procedures in order to protect your personal data from any loss, distortion, tampering or alteration:
- encryption
- detecting and managing security breaches
- use of servers located in rooms with restricted access and subject to regular checks
- use of information systems and programs for computers that are installed in a way that minimizes the use of personal data and/or user authentication data
- adoption of individual procedures for the retention of personal data and their secure deletion/destruction
- access to systems and databases on a need-to-know principle
We also ask from our partners and service providers with whom we share personal data to make reasonable efforts in order to maintain the confidentiality of your personal data. In the electronic transactions, we use reasonable technological measures to protect the personal data you send to us through our website. However, no security system or Internet data transmission system guarantees full security.
To protect your personal data, we recommend that you do not send us payment card numbers or other sensitive personal data by email.
We will never ask for confidential personal data or card details via a portable device or SMS or email. We will only ask for your card details by phone when you book or negotiate a promotional package by phone. If you receive a request of this kind, do not reply. Please also inform us at dpo@mtscitybreaks.eu
7. What your rights are
7.1 Right of access: You have the right to be aware of and to verify the legitimacy of the processing. So, you have the right to access the data and get additional data about the way we process it. In particular, you can get information about what type of data we process, the purposes for which we process it, the categories of recipients to which they are sent, their scheduled storage, under an agreement or by law, their origin if they were not collected directly from you as well the existence of any automated decision making process, including profiling.
7.2 Right of Correction: You have the right to review, correct, update or modify your personal data in case they are inaccurate or incomplete by contacting the Data Protection Officer (DPO), with the contact details listed below.
7.3 Right of Deletion: You have the right to request a deletion of your personal data when we process it on your consent or in order to protect our legitimate interests. In all other cases (such as, where there is a contract, obligation to process personal data required by law, public interest), or for us to defend legal claims, this right is subject to specific restrictions or cannot be satisfied as the case may be.
7.4 Right to limit processing: You have the right to request a limitation to the processing of your personal data in the following cases: (a) when the accuracy of personal data is questioned and until it is verified, (b) when you oppose the deletion of personal data and request instead of deleting it the limitation of its use, (c) when personal data is not needed for processing purposes, yet it is necessary for the establishment, exercise, support of legal claims, and (d) when you object to the processing and until it is verified that there are legitimate reasons that concern us and prevail over the reasons for which you are opposed to the processing.
7.5 Right to object to processing: At any time you have the right to object to the processing of your personal data for the cases where, as described above, it is necessary for the purposes of legitimate interests we seek as processors, as well as for the processing for direct marketing purposes and consumer profiling.
7.6 Right to Data Portability: You have the right to receive your personal data free of charge once in a format that allows you to access it, use it, and process it with commonly-used processing methods in a structured, commonly used format. You also have the right to ask from us, if technically feasible, to transmit the data directly to another processor. Your right to do so exists for the data you have provided to us and the processing is carried out by automated means based on your consent or on the execution of pertinent contract.
7.7 Right to withdraw processing consent: You have the right to withdraw your personal data processing consent anytime either by following the relevant option provided in the emails you receive or by sending a statement to our company contact details. In this case, the processing will be stopped by us, without affecting the legality of any processing until your consent has been withdrawn.
7.8 Right to file complaint to the DPA. You have the right to file a complaint with the Personal Data Protection Authority (www.dpa.gr): Telephone Center: +30 210 6475600, Fax: +30 210 6475628, E-mail: contact@dpa.gr
8. Transmission of personal data outside the EU
The current legal framework for the protection of personal data imposes restrictions on the transmission of personal data outside the European Economic Area (EEA), to third countries or to international organizations. These restrictions apply in order not to undermine the level of protection provided by the European and local general context. Personal data may be transferred outside the EAA, provided that the body receiving the personal data has provided appropriate guarantees, under the condition that there are enforceable rights and effective remedies for the data subjects. When a processing activity or agreement with a third party involves the transmission of personal data, the travel organization shall seek the advice of the Data Protection Officer regarding the transmission and required guarantees.
9. How long we keep your personal data
9.1 We retain your personal data for as long as it is required to fulfill the purposes of this Statement, unless the applicable laws require or allow for a longer period of time.
9.2 We retain personal data collected to satisfy customer reservations for five years after the end of the stay. We retain other personal data for shorter intervals if this is possible and permitted by law.
9.3 When processing is required as an obligation under provisions of the applicable legal framework (e.g. tax provisions), your personal data will be stored for as long as required by the relevant provisions.
9.4 When processing is done on the basis of a contract, your personal data will be stored for as long as necessary to execute the contract and for the establishment, exercise, and/or support of legal claims under the contract.
9.5 For marketing purposes, your personal data is retained for up to three years. In any case, you can revoke your consent. Withdrawal of consent does not affect the legality of consent-based processing performed in the period before its revocation. To revoke your consent, please contact the travel organization Data Protection Officer (DPO).
9.6 We will destroy your personal data as soon as possible and in a way that will not allow the data to be restored or reconstructed. If printed on paper, personal data will be destroyed in a secure manner, for example by using a document destroyer or by incinerating the printed documents or otherwise and, if stored in electronic form, the personal data will be destroyed by technical means in order to ensure that data cannot be restored or rebuilt at a later time.
10. How to contact us
If you have any questions about this Statement, about the way the travel organization processes your personal data, in order to exercise your rights, please contact the Data Protection Officer at dpo@mtscitybreaks.eu and fax: +30-210-3379938
11. Publication Information - Changes and Updates
This Statement was last updated on 26/08/2019
We reserve the right to modify and update this Statement at any time, for any reason, without notice to you, other than posting the updated Statement on our website. We may periodically send emails to remind you of the changes and updates of this Statement but you should check our website frequently to get updated on the current Personal Data Protection Statement.