stTEN- LOGO

T: +30 28920 27210

Privacy Policy

PRIVACY NOTICE

  1. Data controller’s details

The Société Anonyme with the name «D. TEAM CONSTRUCTION COMPANY AND MECHANICAL ENGINEERING» with registered seat in Argyroupoli, Attica (2, 25th March Street and 30, Vouliagmenis Avenue, P.O. 16452) (hereinafter the “Company“) collects and processes the personal data of its clients and visitors of its website located at the web page www.st-ten.com (hereinafter the “Website“), as a data controller.

This notice aims to inform you about how we collect and process your personal data and your rights in relation to it.

  1. Whom do we collect personal data from

We collect and process personal data that you disclose to us when you enter and browse our Website, when you book your stay in our accommodation, as well as in the context of providing our services to you.

  1. Which categories of personal data we collect and process

We collect and process the following categories of data:

  1. Identification data, including but not limited to name, surname, father’s name, gender, date of birth, VAT number, ID/passport and visa details.

  2. Communication data, including but not limited to postal and e-mail address, telephone number (landline, mobile).

  3. Payment and billing information, including but not limited to bank cards (debit, credit or other) or other payment methods, bank account details, repayments/debts.

  4. Booking details and information on your reservation and purchases (products and services), such as but not limited to, dates, reservation type, arrival and departure information, goods and services purchased or used at the hotel or on the Website or third parties, use of physical and digital room keys, any special requests you have made, service and accommodation preferences (including room and holiday preferences), transportation information, and any comments or content you provide us about the stay.

  5. Health data (if applicable), and specifically information concerning any allergies, dietary preferences, mobility problems.

  6. Device, internet, and network activity: Each time you browse our Website, we collect the Internet Protocol (“IP”) address that is automatically assigned to your computer or device through the use of cookies. Through the cookies we use, we collect information about how you interact with our Website.



The personal data referred to in points (1) – (5) above are provided to the Company either directly from you, as data subjects, or by a third party (e.g. travel agencies).

The personal data under point (6) are collected when you browse our Website with the use of cookies. For more information on how we use cookies and related technologies and how to disable these cookies and related technologies, please refer to our Cookies Policy.

  1. Purpose and legal basis of processing

The Company collects and processes the aforementioned personal data for the following purposes and according to the following legal bases:

  1. Provision of accommodation and tourism services

The abovementioned personal data (categories (1) to (4) is processed for the purpose of providing you with tourist/hotel services. These services include, but are not limited to, your stay at the accommodation, transport services from and to the airport, organization of group trips, etc.

The Legal basis for the processing of the identification, contact and booking data is the performance of the contract between us (art. 6 para 1 (b) of the General Data Protection Regulation (Regulation (EU) 679/2016) (the “GDPR”)).

  1. Billing

The data under points (1) – (3) of the above Section 2 which are related to payments are further processed for the purpose of invoicing the services provided by the Company.

The legal basis for the processing is the fulfillment of the Company’s legal obligations arising from tax legislation (art. 6 para. 1 (c) GDPR).

  1. Direct marketing using electronic means

If you have booked your stay in one of our rooms, your email may also be used for the purpose of promoting similar services by electronic means (e-mail/sms).

The legal basis for such processing is the Company’s overriding legitimate interest in the direct marketing of its services (art. 6 para. 1 (f) GDPR and art. 3 L. 3471/2006).

  1. Sending of Newsletters

Your contact data may be used to send you newsletters if you have provided your specific consent.

The legal basis for this processing is your consent (art. 6 para. 1 (a) GDPR).

  1. Website security

We collect data under point (6) of Section 2 above for the prevention, detection and investigation of theft, fraud, or other illegal or harmful activities, as well as illegal acts or harmful activities in cyberspace.

The legal basis for such processing is our Company’s overriding legitimate interest in protecting itself, its employees, visitors or any other involved party from acts or omissions with illegal or harmful content. (art. 6 para. 1 (f) GDPR).

  1. Evaluation, analysis, improvement of the Website and services

The data under point 6 above in Section 2, which are collected through cookies, if you provide us with your consent, allow us to evaluate, analyse and improve the functionality of our Website, to conduct market research, customer satisfaction and quality assurance.

The legal basis for this processing is your consent (art. 6 para. 1 (a) GDPR).

  1. Provision of personalized advertisements

If you provide us with your consent for the use of cookie technologies, we may process the data under point (6) of Section 2 above for the purpose of displaying personalized advertising which we believe may be relevant and useful to you. This may include advertisements which are displayed on our own Website or on third party websites.

The legal basis for such processing is your consent (art. 6 para. 1 (a) GDPR).

  1. Provision of specific services

If for the fulfillment of the contract between us you provide us with special categories of data, such as health data (any allergies, disabilities, dietary preferences etc.).

The legal basis for this processing is your consent (art. 9 para. 2 (a) GDPR).

  1. Disclosure of personal data to third parties

In order for the Company to provide the aforementioned services and comply with obligations, it discloses the personal data of its customers to categories of persons or entities (recipients). The recipients have access only to as much personal data as is strictly necessary for the fulfillment of the tasks or the provision of the services they have undertaken vis-à-vis the Company. These categories are the following:

        1. The Company cooperates with the following processors who act on its behalf and assist the Company in fulfilling its legal or contractual obligations, under strict confidentiality obligations:

  • accounting service providers;

  • providers of IT system support services;

  • hosting and cloud service providers;

  • providers of services for the promotion of products and services;

  • providers of physical security services;

  • travel reservation service providers.

        1. Financial institutions, to the extent necessary for the execution of the transaction.

        2. Lawyers, to the extent necessary to exercise the Company’s rights and defend its legal interests.

        3. Bailiffs, notaries, judicial, prosecutorial and police authorities, as well as supervisory, auditing or regulatory authorities, municipal and/or public services and other authorities and/or bodies, if required by legal provisions or court decisions or upon their legitimate requests in the performance of their duties.

        4. Companies providing consultancy and auditing services.

        5. Companies organizing and managing events.

        6. Tax authorities, in accordance with the current tax legislation.

        7. Third parties in case of transfer of the Company in any way and for any reason (including preparatory stages).



  1. Data retention period

The personal data concerning you will be processed for as long as it is necessary for the purposes for which it is collected, for compliance with legal and regulatory obligations and as long as it is necessary for the establishment, exercise or defense of any legal rights.

In particular,

a) personal data processed for the purpose of providing hotel/accommodation services are retained for a period of five (5) years from the end of the year in which the transaction was completed. If the applicable legislation requires the retention of specific personal data for a longer period of time, such data shall be retained until the expiry of the relevant time period provided for by law.

b) personal data collected for the purpose of sending newsletters (or for other purposes with your consent), are kept until you withdraw your consent.

c) for the retention period of data collected through cookies, please refer to our Cookies Policy.

In any case, if there are any pending or imminent disputes before a court of other legal proceedings in which the Company is involved and which concern you directly or indirectly, the retention period of your data is extended and the Company retains your personal data until the final completion of these proceedings, regardless of how.

After the expiry of the applicable above-mentioned periods, the personal data concerning you will be securely deleted/destroyed.

  1. Transfer of data outside EEA

In principle, The Company does not transfer personal data to third countries outside EEA.

If a transfer outside EEA is required, the Company will transfer the data in accordance with the provisions of Chapter 5 of Regulation 679/2016 (EU), and if required, you will be informed of this.

  1. What are your rights and how you can exercise them

According to the applicable legislation on the protection of personal data, you can exercise the following rights:

  1. The right of access to personal data concerning you, which includes your right to be informed about the data we process about you;

  2. The right to request the correction or completion of any inaccurate personal data concerning you;

  3. The right of portability, i.e. the right to receive the personal data we hold about you and to transmit it in an appropriate format, under the conditions set out in applicable law;

  4. The right to erasure of your personal data, under the terms and conditions set out in the applicable legislation;

  5. The right to restrict processing, under the terms and conditions set out in the applicable legislation;

  6. The right to object to the processing of personal data, under the terms and conditions set out in the applicable legislation;

  7. The right to withdraw your consent at any time, where the processing of your data is based on it.

If you wish to exercise any of your rights, please send your request to the email info@st-ten.com or in writing to Agioi Deka 70012. Please note that if there is reasonable doubt about your identity, we may ask you to provide additional information to confirm your identity.

Please note that the Company has, in any case, the right to partially or fully refuse to satisfy your request if the conditions set out in the applicable legislation for their exercise and satisfaction are not met.

The Company must respond to your request within one month of receiving it. This deadline may be extended by two more months, if required at the Company’s discretion, taking into account the complexity of the request and the number of requests, in which case the Company will inform you within one month of receipt of the request for this extension and the reasons for the delay.

  1. Right to lodge a complaint before the competent Data Protection Authority

If the Company does not act on your request or in case you consider that our response violates your rights, you have the right to lodge a complaint before the competent Data Protection Authority.

On the following link you may find a list of all the EU Data Protection Authorities: https://digital-strategy.ec.europa.eu/en/library/list-personal-data-protection-competent-authorities.

In Greece the competent Data Protection Authority is the Hellenic Data Protection Authority: 1-3 Kifissia St., 115 23, Athens, https://www.dpa.gr/, tel. 2106475600.



For any matter concerning the protection of your personal data you can contact us by sending an e-mail to info@st-ten.com.