Data Protection Policy

Last updated on 22/04/2019.

“Morphó” (hereinafter referred to as “the Company”) takes the privacy of its website users and clients very seriously. For this reason, we strictly adhere to the following Data Protection Policy, which ensures the protection of fundamental rights to privacy and personal data.

This Policy aims to inform you about how our Company collects, uses, and stores your personal data through our website, as well as your rights regarding such processing.

By navigating our website, you agree to this Policy. This Policy applies only to the website https://www.morphohoteldesign.gr/. Our website may contain links to other websites; however, our Company is not responsible for the processing of personal data or the content of those external websites.

1. Definitions
For the purposes of this Policy, the following definitions apply:

1.1 “Website” – The online site of our Company accessible through the domain https://www.morphohoteldesign.gr/, including all its web pages.

1.2 “Social Network” – An online site serving as an interface between users, where our Company maintains a page for the purposes of information and promotion of its services.

1.3 “User” – The online user of the Website whose data is referenced and whose identity can be identified directly or indirectly (data subject).

1.4 “GDPR” – Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, “on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC” (General Data Protection Regulation), as applicable.

1.5 “Personal Data” – Any information relating to an identified or identifiable online User of the Website.

1.6 “Processing” – Any operation or set of operations performed on personal data, whether or not by automated means, such as collection, recording, organization, storage, alteration, retrieval, use, transmission, dissemination, or any other form of provision, alignment, combination, restriction, erasure, or destruction.

1.7 “Cookie” – A small piece of text code sent to be stored by our Company’s web server on the User’s device when accessing the Website. Cookies enable the Website to retrieve this information whenever the User reconnects, providing relevant services. Depending on their type, some cookies are necessary for the technical functioning of the Website, while others are used for statistical analysis or marketing purposes. When combined with other information, cookies may lead to identifying Users.

1.8 “Recipient” – Any natural or legal person to whom personal data is disclosed, whether or not a third party.

1.9 “Consent” – Any freely given, specific, informed, and unequivocal indication of the data subject’s wishes by which they agree, through a statement or clear affirmative action, to the processing of personal data relating to them.

2. Processing Principles
2.1 In processing your personal data, our Company adheres to fundamental principles of processing, fully complies with applicable laws, and meets all obligations as the data controller.

3. Types of Data
3.1 While navigating our Website, we automatically collect essential technical information via cookies, including:

IP Address.
Information about Website usage and the User’s device (e.g., connection date and time, browser and operating system used, visited web pages).

3.2 If a User contacts us via the Website’s contact form, we collect and process their name, phone number, email address, and any other personal data included in the message text.

3.3 The categories of personal data mentioned above are also collected if a User contacts us via Social Networks where our Company maintains an official page.

3.4 You are not obligated to provide personal data, and there are no consequences for not providing it.

3.5 You must refrain from providing special category data (“sensitive”) or data related to criminal convictions and offenses. If you voluntarily provide such data in violation of this requirement, we disclaim any responsibility towards you or third parties.

4. Purposes and Legal Bases of Processing
4.1 Our Company collects and processes personal data as necessary to serve legitimate interests [Art. 6(1)(f) GDPR], including:

Ensuring the smooth and user-friendly operation of our Website and maintaining system security and stability.
Responding to inquiries and managing requests submitted via the Website’s contact form.

4.2 Our Company may process personal data based on Users’ consent [Art. 6(1)(a) GDPR] for communication and marketing purposes via Social Networks where we maintain an official presence.

5. Third-Party Recipients of Data
5.1 Our Company does not disclose personal data or share our database for financial or other compensation with any third parties.

5.2 To fulfill the processing purposes outlined in this Policy, our Company may provide access to or transfer personal data to the following third parties, provided there is:

A web hosting service provider with whom we have a contractual relationship.
Companies that provide maintenance and support services for software and databases.
Third-party marketing and advertising firms.

5.3 The processing of personal data by these partners is done only under our instructions and in accordance with this policy or a policy of at least equivalent protection.

5.4 Our Company may disclose personal data if required by a court or other administrative authority or as otherwise legally obligated.

6. Data Privacy and Security
6.1 Our Company implements appropriate internal policies and takes all necessary organizational, technical, physical, electronic, and procedural security measures, including technological standards, to ensure the correct use and integrity of your personal data and to prevent unauthorized or accidental access, processing, erasure, alteration, or other use.

6.2 Personal data processing is carried out solely by authorized personnel bound by strict confidentiality obligations.

6.3 However, it is your responsibility to ensure that your equipment (e.g., personal computer) is secure and protected from malicious software (e.g., viruses). Without adequate security measures (e.g., secure browser settings, updated anti-malware software, avoiding software from dubious sources), there is a risk that data and passwords may be disclosed to unauthorized third parties.

7. Data Retention
7.1 We retain your personal data for as long as necessary to fulfill processing purposes, considering our business needs, applicable statutes of limitations, and legal obligations.

7.2 After the retention period ends, your personal data will be deleted from our records and system.

8. Rights
8.1 As data subjects, you have the right to request access to the personal data we hold about you and to receive a copy of it. You also have the right to request correction of inaccurate data or completion of incomplete data. If legal conditions are met, you may request data deletion, data portability to another controller, and restriction or objection to its processing.

8.2 Requests should be addressed in writing by postal mail to the Company’s address or by email to dataprotection@morpho.gr. Our Company will respond to each request in accordance with Art. 12 GDPR.

8.3 If your rights are violated, you have the right to lodge a complaint with the Data Protection Authority.

9. User Obligations
9.1 By using the Website, you confirm that you are over sixteen (16) years of age. If you are under sixteen (16) years of age, you must refrain from using the Website and providing personal data without parental consent. In any case, by using the Website, you acknowledge that our Company is not responsible for any violation of these obligations by you, to the extent that it cannot, even with reasonable efforts, verify your age or obtain parental consent.

10. Cookies
10.1 Our Website uses essential cookies necessary for its technical operation and does not perform any additional processing.

11. Amendments, Jurisdiction, and Applicable Law
11.1 Our Company reserves the right to modify and update this Policy as deemed necessary. Changes take effect upon public posting on the Website.

11.2 If any provision of this Policy is deemed invalid, illegal, or unenforceable, the remaining terms will remain valid and effective, provided they do not contradict the intent expressed in this Policy.

11.3 For any disputes arising between our Company and Users regarding this data protection policy and its subject matter, the courts of Athens are competent, and Greek law applies.

12. Contact
12.1 For further information or requests regarding this data protection policy, please contact our Company as follows:

“Morphó”
Address: Nikis 2, Athens, 10563
Phone: +30 211 411 5077
Fax: +30 211 411 5077
Email: dataprotection@morpho.gr