Crystal Waters takes active steps and measures to protect your privacy. This Privacy Notice describes what information we may collect from our friends and guests, club members, private residence owners, renters and prospective residence owners and club members (referred to as “Guests, Members and Owners from here on), as well as visitors to the Crystal Waters website, as well as the way in which Crystal Waters stores and uses this information to best serve your requirements. We assure you, we will always protect your information as though it were our own.
When you see the term “Crystal Waters”, “We” and / or “our”, this refers to Crystal Waters Ltd, subsidiaries and affiliates of Crystal Waters, and all of the legal entities that manage and / or operate Crystal Waters hotels, resorts and / or residences.
When we say “you” or “your”, we are referring to anyone whose personal information we process. Personal information means any information that could be used to identify you, and the way we treat that information is explained in this Privacy Notice.
What type of information do we collect from you?
We are fully committed to safeguarding the privacy of the personal information you entrust us with. The personal information we collect from you will typically include the following:
- Your name, personal and work contact details, date and place of birth, nationality, image, passport and visa information
- Guest profile – which of our hotels you have stayed at, arrival and departure dates, room service details, room preferences, messages received from you and the numbers / email addresses we have received those messages from
- Any information connected to your payments – credit card and / or account details
- Guest reward scheme membership including frequent guest account and / or registration details as well as any frequent flyer or travel partner programmes
- Information pertaining to any employees connected to corporate accounts
- Health information (guests may disclose information relevant to the delivery of service – for example a disability that may require step-free access)
- Details about your areas of interest where we wish to send you marketing information about similar products and/or services.
- Information about your preferences so that we can make your stay with us especially enjoyable (e.g. your favourite morning paper)
- Images captured via closed circuit television systems
- Information collected while you are connected to on-site WIFI and required to make your internet experience as smoothe as possible – the type of device you are using, location, card key etc.
- Technical information collected while you are on a Crystal Waters app or website (more details of this provided below)
How your personal information is collected
For the most part, information is only gathered when you choose to provide it to us, and when you interact directly with us. Examples of when you might divulge information to us includes:
- When you make a reservation either over the phone, online or in person
- When you make a reservation to stay at one of our properties via a third party
- When you purchase any items or pay for any services through our website
- When you check-in and during your stay at one of our hotels, resorts or private residences
- When you create or login to a personal profile on a Crystal Waters website or App
How we use your information
We are only allowed to collect information if we have a legal basis to do that. Here are come guidelines which set out how and why your personal information:
- To fulfil our obligations to you when providing you with our services and provide a five-star customer service
- To ensure we provide the services and products you have requested from us and to process payments for such services and products
- To fulfil service requests such as travel arrangements, room service etc.
- To contact you when we need more information about your stay or prospective stay and / or event (e.g. what time you might arrive at our hotel, venue availability etc)
- To ensure the safety of all guests, staff and visitors
- To share your information with others where necessary to fulfil our services for you or where acting as agent for a third party on your behalf;
- To comply with our statutory and regulatory obligations, including verifying your identity, prevention of fraud and money laundering and to assess your credit worthiness;
- Communicate with you during the course of providing our services, for example with your enquiries and requests;
- To respond to any information requests, you may have about our hotels, resorts or residential properties, and any and all correspondence and communication from you
- Statistical purposes so we can analyse figures to help us manage our business and plan strategically for the future;
- To provide you, or to enable third parties to provide you, with information about goods or services we feel may interest you: where you have provided permission for us to do so or, if you are an existing customer where we choose to contact you by electronic means (including newsletter and email) with information about our own goods and services similar to those which you have already obtained from us or negotiated to obtain from us (for those marketing messages you can unsubscribe at any time);
- To carry out market research and / or surveys around customer satisfaction and quality assurance
- To send you any newsletters or promotions you have chosen to receive about our properties, discounts and special offers
- Track your use of our service, including your navigation of our website in order to improve the website performance and user experience;
- To ensure that content from our website is presented in the most effective manner for you and for your device;
- To notify you about changes to our service
- To operate our business in a manner that ensures the best possible experience, whilst fulfilling regulatory and legal requirements. This will include internal purposes such as auditing, data analysis, statistical analysis (of customer preferences for example), and information necessary for the purpose of service improvement
- To ensure your safety and security as well as that of other guests, visitors and staff whilst at any Crystal Waters resorts, hotel or premises
If we are using aggregated information to identify trends and general customer expectations, we will anonymise your information – this means removing any details that makes it possible to identify you.
This Privacy Notice talks a lot of our legal obligations. Most of our compliance obligations are designed to prevent fraud and money laundering. There is particular emphasis on the following laws and regulations:
- Proceeds of Crime Act 2002
- Money Laundering Regulations 2017
- Bribery Act 2010
- Terrorism Act 2002
If you do not provide the information we need to comply with these laws, we could be breaking the law if we continue to provide some of our services to you. We will always explain when this is the case when we are collecting information from you.
Who we share your information with and why
We will only share your information when it is needed and to your benefit and / or if we are obligated to do that. We only work with and engage with organisations who can show us they respect your privacy as much as we do. If we haven’t already, we will ask them to tell us how they secure your data and how far access to your personal data is restricted. We won’t let any of our service providers use your personal data for their own purposes and they can only use the information for the specific reason it is given to them.
The Crystal Waters group operates via and as part of a global network of data centres, hotels, serviced apartments, reservation centres and offices; it may be necessary to share or transfer information you have submitted (in connection to your booking for example) outside of the country in which it was originally submitted and / or collected. Any information you provide either at the point of reservation or during the course of your stay, or at anytime before, between and / or after these events, may be transferred between us, in order that we may carry out and / or facilitate the services you have requested from us or to answer any queries or communications between you and us. The storage of data in line with our legal obligations may also require us to transfer data across the Crystal Waters group. Where the service you have requested is provided by one of our partners, we will limit the transfer of your information only to that which is necessary for the third party to carry out the services required of them.
In the instance that information originating in the EU and / or subject to EU laws and regulations is required to be transferred to a country outside of the EU, we will ensure that the recipients of such information / data are subject to and adhere to at least the same standards and obligations as those set out under GDPR regulations. We will do this by contractually binding our partners to provide at least the same degree of protection over your data and information as we do. Some of the assurances we secure are internationally recognised certification schemes.
Even in the case that we received information requests from law enforcement agencies or regulators, we will verify the source of such requests and their right to such information before we comply with their requests.
How we keep your information secure
Crystal Waters operates on a “need to know” basis which means that only those who need to access your information will be able to access your data. Access restrictions also apply to contractors and other third parties who have a business need to know. Everyone who has access to your information have agreed to a duty of confidentiality.
Some of the steps we have taken to protect your personal data are:
- Any paperwork we have with personal data on it is organised and stored in locked cabinets
- Digital storage is secure and restricted to people within or connected to Crystal Waters, with a business need to access your information.
- The CRM systems (the software we use to file, manage and monitor all our customer interactions) comply with stringent security measures to prevent your data from being accidentally lost, used, accessed, altered or disclosed in an unauthorised way.
If we have to transfer, store, or process your personal information anywhere outside the UK and the European Economic Area, and the country in question does not offer the same level of protection for your personal data, we will take the following steps to safeguard your information:
- We will try to transfer it to a country with privacy laws that afford the same protection as that of the EEA.
- Use service provider contracts approved by the European Commission which ensures that your personal data has the same protection standards as the EEA.
For how long do we keep your personal data?
We do not keep your information any longer than we are allowed to keep it. Usually that will mean keeping it beyond the time period over which we are providing a service to you; this is because we often have to hold on to personal data for at least seven years for legal, regulatory and accounting purposes.
Your rights and choices in relation to your personal information
You have the right to know what information of yours is used, by whom, and how it is used. You also have some control over it. For example, you have the right to:
- Ask us for the personal data that we hold and process about you (data subject access request).
- Ask us to correct your information if you think it is incorrect or incomplete.
- Ask that personal data we hold about you is given to you in a commonly used, machine-readable format.
- Ask that we do not automate any decisions about you.
You can also ask us to delete your personal information if:
- We continue to process your personal data beyond the period necessary for the purpose it was originally collected AND the period we are legally obligated to keep it.
- You would like to withdraw consent and we consent is the legal basis we rely on for processing your data.
- The personal information has to be deleted to comply with legal obligations.
- Your personal information has been processed in breach of data protection legislation.
Sometimes we will not be able to, for legal reasons, delete your personal data but you can still ask us to stop processing your data if:
- You consider the information we hold about you is inaccurate.
- It is unlawful for us to process your information.
- You don’t want us to process the information but need us to keep hold of it to help you in the course of a legal claim.
You can expect us to respond to a request from you to exercise your rights within one month of receiving it. If your request is complicated it might take a little longer. All reasonable requests are free of charge to you. You may be charged however, where you request is complex, resource heavy, unreasonable, excessive and / or repetitive.
If you do ask for access to your personal data, we will want to make sure we’re not giving your information to someone who doesn’t have any right to it. As a security measure to ensure we do not unwittingly disclose your information to anyone who has no right to receive it, we may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights).
If you would like to exercise any of your rights please contact: firstname.lastname@example.org
Complaints and Contact Details
If you have any complaints about the way we use your personal information you can contact us at email@example.com. In the unlikely event that we are not able to resolve your complaint, you can get in touch with the Information Commissioner’s Office (ICO) if you are in the UK, or the data protection authority in your country,
Alternatively, you can go with the more traditional option of writing to: The Euroterra Greece team, Provincial Road of Lefkada-Nydri, Nikiana, Lefkada, Greece 31100.
None of our services are for children under the age of thirteen so we would never knowing collect any information about or from children via our websites or any other method.
This cookie notice is for visitors to our website.
What are cookies?
For almost any modern website to work properly, it needs to collect certain basic information on its users. To do this, a site will create files known as cookies – which are small text files – on its users’ device, for example, your computer or mobile phone. These cookies are designed to allow the website to recognise its users on subsequent visits, or to authorise other designated websites to recognise these users for a particular purpose.
The Crystalwaters.gr website logs the user’s IP address which is automatically recognised by the web server. This is used to record the number of visitors to our site and to help monitor the performance of individual web pages.
These cookies collect information about how visitors use a website, for instance, which pages visitors go to most often and if they get error messages from web pages. These cookies do not collect information that identifies a visitor; all information collected by these cookies is anonymous. We only use such information to improve our services and our website. Examples of performance cookies used on the website are listed below.
We use Google Analytics to monitor the performance of the website. Google Analytics sets cookies to help us accurately record the number of visitors to the website and volumes of usage. This helps us to identify where visitors to the site may be encountering problems and also gives us an indication of the types of content visitors find particularly useful.
For more information about Google Analytics visit the Google Analytics website.
Removing and disabling cookies
If you do not wish to accept cookies on to your machine you can disable them by adjusting the settings on your browser. However, this will affect the functionality of the websites you visit.
We would like you to contact us regarding issues in relation to your personal data and privacy protection. Please feel free to get in touch with us regarding any of the following:
- updating your details,
- changing our communication method,
- discontinuing of updates and promotional emails,
You may contact us on any subject in relation to this document by:
- Tel.: +30 2645072383
- Provincial Road of Lefkada-Nydri, Nikiana,