Privacy Policy

Privacy Policy

Last Updated: April 23, 2023

At Aristos Life, we are committed to protecting and respecting your privacy.

Please read this notice as it contains important information about how we use personal data.

Information & Consent

This Privacy Notice outlines how we, Aristos Life and our affiliates, collect, use, process, and disclose your information, including personal information about you (hereinafter, the “User”), in conjunction with your access to and use of our booking system.

By reading this Privacy Notice, the user is hereby informed on how we collect, process and protect personal data furnished through the website and booking engine.

When this notice mentions “booking system,” “booking engine,” “system,” “website,” “platform,” “app,” “Guest app,” “services,” “online services,” it refers to all pages and functions under https://aristoslife.com and https://aristos-life.com (hereafter both meaning collectively Aristos Life website or websites) unless specified otherwise.

By accessing the platform or providing information, you agree to our privacy practices as set out in this privacy statement. We may change this notice from time to time.

Our Identity

When this notice mentions “we,” “us,” or “our,”, “data controller,”, “controller,”, it refers to Aristos Life.

Data Processor

Aristos Life operates the booking system through a data processor provider, as outlined below.

For the purposes of the General Data Protection Regulation (“GDPR”) (EU) 2016/679, we are the Data Controller.

Who we are:

NAME: ARISTOS LIFE ΜΟΝΟΠΡΟΣΩΠΗ ΙΔΙΩΤΙΚΗ ΚΕΦΑΛΑΙΟΥΧΙΚΗ ΕΤΑΙΡΕΙΑ / ARISTOS LIFE

Address: ΟΙΑ ΘΗΡΑΣ ΘΕΣΗ ΑΓΙΟ ΝΙΚΟΛΑΟΣ ΛΟΤΖΑ, 84700 ΘΗΡΑ, Σαντορίνη, ΕΛΛΑΔΑ

VAT (AOM/AFM): 801599850

Data Processor

Lodgify operates this booking system on behalf of Aristos Life and is committed to protecting the privacy of the users of this system.

Who is Lodgify:

Name: CODEBAY SOLUTIONS LIMITED (also referred as “Lodgify”)

Registered at the Registrar of Companies for England and Wales under number 5903966

Address: Magma House, 16 Davy Court Way, Castle Mound Way, Rugby, Warwickshire, CV23 0UZ, United Kingdom

Phone: (+44) 20-3871-3305

ICO Registration Number: ZA188069

For the purposes of the GDPR, where Lodgify processes your personal data on behalf of Aristos Life, Lodgify is the the Data Processor.

When this notice mentions “data processor,” “processor,” “Lodgify,” it refers to CODEBAY SOLUTIONS LIMITED.

Users’ personal data may be disclosed to third parties which are companies that provide services to Lodgify.

These third parties are:

Codebay Solutions S.L.U., a subsidiary of Codebay Solutions Ltd which renders trading and logistics services regarding Lodgify web and software.

Other service providers, such as our channel managers, payment providers and third-party applications which integrate with the Services (including but not limited to Airbnb Ireland UC, Booking.com B.V., Homeaway.com Inc., Expedia Lodging Partner Services Sarl, Google LLC, Newfold Digital, Inc., for domain name registrations, and Rental Ninja SL for the PM Module, Stripe Inc., for payments), for the performance of any contract we enter with them or our users;

Advertisers that require the information to select and serve relevant adverts to our users and others; and

Analytics providers that assist Lodgify in the improvement and optimization of Lodgify.com and the Services.

Some personal data of our users may be stored in or transferred to a destination outside the European Economic Area (EEA). It may also be processed by staff operating outside the EEA who work for Lodgify or one of our business partners or service providers. By using the Services, users acknowledge and agree that we may be transferring, storing, and processing their personal data outside of the country in which they reside. Lodgify will take all the reasonable and necessary steps to ensure that users’ data are treated securely.

Lodgify also may disclose personal data of our users as required by law, or when we believe in good faith that disclosure is necessary to protect our rights, protect the safety of our users or the safety of others, investigate fraud, or respond to a government request.

If the data subject wishes to exercise any of the aforementioned rights, he or she may at any time directly contact Aristos Life by sending the appropriate request at the following addresse:

info@aristoslife.com (subject: POLICY)

Obligatory nature of providing the data

The data requested in the forms accessible from the booking engine are, in general, mandatory to meet the stated purposes of services we provide.

If they are not provided or are not provided correctly, we will may be unable to process the request.

The legal bases for the processing of data are the following:

– In the case where users purchase Aristos Life or Lodgify products or subscribe to Aristos Life or Lodgify Services through the website, the legal basis for the processing is the performance of the contract entered into the parties.

– In all other cases, the legal basis for the processing is the consent provided by the user.

Personal data we collect and process

This will include:

personal information about you which we ask you for (i.e. your name, address, and email address) when you make a booking;
financial details in order to process your booking when we require a pre-payment;
details of transactions you carry out through our booking engine and details of the fulfilment of your orders.
our data processor may only collect and process personal data collected and/or processed on behalf of us in accordance with our instructions. Lodgify cannot process it in any other way or for any other purpose.

We grant permission to our data processor:

to use your personal information for reserving rooms and/or other services for you at Aristos Life;
to pass on your financial details to Aristos Life and/or appropriate third party (for example, to a credit card company) for the purpose of confirming or paying for a booking;
to use your information for marketing purposes (where you explicitly agree to this); and
to complete forms and other details on our website (for example when making bookings, changes, cancellations, etc)

Social Media Links:

In the event of accessing or registration through a third-party account, we may collect and access certain amount of information of the User’s profile from the corresponding social media network, solely for internal administrative purposes and/or for the purposes indicated above.

Third-party data (i.e. if you book for family or a friend)

In the event that the User provides third-party data, they declare that they have the third party’s full legal consent and shall undertake to provide the interested party, the “data holder”, with the all hereby within information contained in this Privacy Notice, exonerating us and our data processor from any liability in this regard.

Please note we may carry out the necessary verifications to verify this consent, adopting the corresponding due diligence measures, in accordance with the data protection regulations.

Sensitive Data

Unless specifically requested, we ask that you not send us, and that you do not disclose on or through our website or Services or otherwise to us in any other communication method “Sensitive Personal Data” (for example; social security numbers, national identification ID number, data related to racial or ethnic origin, political opinions, religion, ideological or other beliefs, health, biometrics or genetic characteristics, criminal background, trade union membership, administrative, criminal proceedings and sanctions of any kind which shall be deemed sensitive)

Services by Minors

Our services are intended only for those 18 years and older, and we request that they do not provide any Personal Data though our Services.

Purpose

Depending on the User’s requests personal data collected will be processed in accordance with the following purposes:

To manage the bookings made, including payment management and the management of the User’s requests and preferences.
To manage registration in any company membership programs, as well as obtaining and redeeming points or benefits.
To manage the User’s contact requests with us through the channels provided to us.
To manage the sending of personalized commercial communications from us, by electronic and/or other available means, in which the User expressly consents.
To manage contracted accommodation services, as well as any additional services.
To manage surveys regarding the quality of the services provided by us and/or the perception of us in general.

Data Storage

The data shall only be stored for the time strictly required for each purpose of the processing and shall promptly be deleted straight afterward, without prejudice to the legal storage obligations provided for by the law.

According to that:

In the case where users purchase Aristos Life or Lodgify products or subscribe to Aristos Life or Lodgify Services through the website, the personal data will be kept as long as the contractual relationship between the parties is maintained and, in any case, until legal liabilities are extinguished definitively (by the expiry of the statute-of-limitations period).
In all other cases, the personal data provided will be kept as long as the data deletion is not requested by the user. Likewise, data will be kept according to the legal time-frame set forth in legal, fiscal and accounting matters, taking as reference the date of the request for data deletion.
We will retain your Personal Data for the period necessary to fulfill the purposes outlined in this Privacy Notice unless a longer retention period is required or permitted by law or if the User requests their withdrawal from us, opposes or revokes their consent.

Whether there is a legal obligation to which we are subject (for example, certain laws require us to keep records of your transactions for a certain period before we can delete them)

Whether we are required to report your data to the local authorities for required laws in Greece for accommodation services.

Whether retention is advisable considering our legal position (such as, for statutes of limitations, litigation or regulatory investigations)

Legitimate Interest

The data processing required in fulfilment of the purposes that require the User’s consent cannot be undertaken without said consent.

If the User withdraws their consent to any of the processing, this will not affect the legality of the processing carried out previously.

To revoke such consent, the User may contact us through the appropriate channels. And in those cases in which it is necessary to process the User’s data for the fulfilment of a legal obligation or local law for the execution of the existing contractual relationship between us and the User, the processing would be legitimized as it is necessary for compliance with said purposes.

Data Disclosure

We will use and disclose Personal Data as we believe to be necessary or appropriate:

to comply with applicable law, including laws outside your country of residence.
to comply with legal process.
to respond to requests from public and government authorities, including authorities outside your country of residence and to meet national security or law enforcement requirements.
to enforce our terms and conditions.
to protect our operations.
to protect the rights, privacy, safety, and property of our own, you or others; and
to allow us to pursue available remedies or limit the damages that we may sustain.

We may use and disclose Other Data for any purpose, except where we are not allowed to under applicable law. In some instances, we may combine Other Data with Personal Data (such as combining your name with your location). If we do, we will treat the combined data as Personal Data if it is combined.

International transfers of personal data

We may transfer your personal information to our data processor(s) or/and sub-processor(s) based outside of the EEA for the purposes described in this notice. For example to Lodgify which is legally registered in the United Kingdom or the websites data servers which are located in the UK and USA.

It may also be processed by staff operating outside the EEA who work for Aristos Life or Lodgify or one of our business partners or service providers. By using the Services, users acknowledge and agree that we may be transferring, storing and processing their personal data outside of the country in which they reside. Lodgify will take all the reasonable and necessary steps to ensure that users’ data are treated securely.

If we do this, your personal information will continue to be subject to one or more appropriate safeguards set out in the law. These might be the use of model contracts in a form approved by regulators, or having our suppliers sign up to an independent privacy scheme approved by regulators (like the US ‘ Privacy Shield’ scheme).

If you are accessing any of our systems from outside the USA, you acknowledge that your personal information may be transferred to the USA, a jurisdiction which may have different privacy and data security protections from those of your own jurisdiction, to be processed and stored.

User's Responsibility

The User Guarantees that they are of legal age or legally emancipated, where applicable, fully capable, and that the information furnished to us is true, accurate, complete and up-to-date.

For these purposes the User is responsible for the truthfulness of all the data communicated and will keep the information updated, so that said data reflects their actual situation.

Guarantees that he/she has informed third parties on whose behalf he/she has provided data, where applicable any aspects contained in this document. Also guarantees that they have obtained the third party’s authorization to provide their data to us for the purposes indicated.

Will be responsible for false or inaccurate information provided through the Website and for damages, whether direct or indirect, that this may cause to us or third parties.

Exercise of Rights with Aristos Life

The User may contact us at any time free of charge, to:

To obtain confirmation about whether or not personal data concerning the User are being processed by us.
To access their personal details.
To rectify any inaccurate or incomplete data.
To request the deletion of their personal data when, among other reasons, the data are no longer necessary for the purposes for which they were collected.
To confirm revocation of consent.
To obtain from us the limitation of data processing when any of the conditions provided in the data protection regulations are met.
To request the portability of your data.

Likewise, the user is informed that at any time he/she may file a complaint regarding the protection of their personal data before the competent Data Protection Authority.

Rights of the Data Subject

Exercise of Rights with Lodgify

Each User (data subject) have the following rights regarding their personal data:

a) Right of confirmation: to obtain from the controller the confirmation as to whether or not personal data concerning him or her are being processed. If a data subject wishes to avail himself of this right of confirmation, he or she may at any time contact our data protection manager or another employee of the controller.

b) Right of access: to obtain from the controller free information about his or her personal data stored at any time and a copy of this information.

c) Right to rectification: to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her.

d) Right to erasure (Right to be forgotten): to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies and as long as the processing is not necessary:

– The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.

– The data subject withdraws consent on which the processing is based according to point (a) of Article 6 (1) of the GDPR, or point (a) of Article 9 (2) of the GDPR, and where there is no other legal ground for the processing.

– The data subject objects to the processing pursuant to Article 21 (1) of the GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21 (2) of the GDPR.

– The personal data have been unlawfully processed.

– The personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.

– The personal data have been collected in relation to the offer of information society services referred to in Article 8 (1) of the GDPR.

e) Right of restriction of processing: to obtain from the controller restriction of processing where one of the following applies:

– The accuracy of the personal data is contested by the data subject, for a period enabling the Controller to verify the accuracy of the personal data.

– The processing is unlawful and the data subject opposes the erasure of the personal data and requests instead of the restriction of their use instead.

– The controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defense of legal claims.

– The data subject has objected to processing pursuant to Article 21 (1) of the GDPR pending the verification of whether the legitimate grounds of the controller override those of the data subject.

f) Right to data portability: to receive the personal data concerning the user, which was provided to a controller, in a structured, commonly used and machine-readable format. The user shall have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided as long as the processing is based on consent and the processing is carried out by automated means. Furthermore, in exercising his or her right to data portability pursuant to Article 20 (1) of the GDPR, the data subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible and does not adversely affect the rights and freedoms of others.

g) Right to object: to object, on grounds relating to the user’s particular situation, at any time to processing of personal data concerning the user which is based on point (e) or (f) of Article 6 (1) of the GDPR. This also applies to profiling based on these provisions.

i) Right to withdraw data protection consent: to withdraw consent to the processing of the user’s personal data at any time.

If the data subject wishes to exercise any of the aforementioned rights, he or she may at any time directly contact Lodgify by sending the appropriate request at the following addresses:

– Avenida de Josep Tarradellas, 20-30, P.5., Barcelona, Spain

– privacy@lodgify.com

Finally, each User and Data Subject has the right to lodge a complaint before the appropriate Data Supervisory Authority.

Security Measures

We are committed to ensuring that users’ information is secure. In order to prevent unauthorized access or disclosure, Lodgify has put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.

We will process the User’s data at all times in an absolute confidential way and maintaining the mandatory duty to secrecy with regard to said data, in accordance with the provisions set out in applicable regulations.

When our users enter sensitive information on our site, we encrypt the transmission of that information using secure socket layer technology (SSL).

Nevertheless, please note that no data transmission over the Internet or information storage technology can be guaranteed to be totally secure. As a result, though we strive to protect our users’ information, we cannot ensure or warrant to guarentee the security of any information which users send to us or our third parties, and the Users explicitly do so at their own risk.

Cookies

www.lodgify.com uses cookies. The web user has the option to prevent the generation of cookies, by selecting the corresponding option in his browser program.

For more information, visit their Cookies Policy.

Note

Validity and modifications

Lodgify will be able to modify, totally or partially, this Privacy Policy, publishing any change or alteration in the same manner in which these conditions appear or via any type of communication directed to the users, as Lodgify chooses.

The temporary validity of this Privacy Policy coincides, therefore, with the time of exposure, until they are totally or partially modified, in which case these latter modified will become the valid ones.Privacy Policy

protecting and respecting your privacy.

Please read this notice as it contains important information about how we use personal data.

Information & Consent

By reading this Privacy Notice, the user is hereby informed on how we collect, process and protect personal data furnished through the website and booking engine.

By accessing the platform or providing information, you agree to our privacy practices as set out in this privacy statement. We may change this notice from time to time.

Our Identity

When this notice mentions “we,” “us,” or “our,”, “data controller,”, “controller,”, it refers to Aristos Life.

Data Processor

Aristos Life operates the booking system through a data processor provider, as outlined below.

For the purposes of the General Data Protection Regulation (“GDPR”) (EU) 2016/679, we are the Data Controller.

Who we are:

NAME: ARISTOS LIFE ΜΟΝΟΠΡΟΣΩΠΗ ΙΔΙΩΤΙΚΗ ΚΕΦΑΛΑΙΟΥΧΙΚΗ ΕΤΑΙΡΕΙΑ / ARISTOS LIFE

Address: ΠΕΡΙΟΧΗ ΦΛΟΓΑ 0 84400 ΠΑΡΟΙΚΙΑ ΠΑΡΟΥ, ΕΛΛΑΔΑ

VAT (AOM/AFM): 801599850

Data Processor

Lodgify operates this booking system on behalf of Aristos Life and is committed to protecting the privacy of the users of this system.

Who is Lodgify:

Name: CODEBAY SOLUTIONS LIMITED (also referred as “Lodgify”)

Registered at the Registrar of Companies for England and Wales under number 5903966

Address: Magma House, 16 Davy Court Way, Castle Mound Way, Rugby, Warwickshire, CV23 0UZ, United Kingdom

Phone: (+44) 20-3871-3305

ICO Registration Number: ZA188069

For the purposes of the GDPR, where Lodgify processes your personal data on behalf of Aristos Life, Lodgify is the the Data Processor.

When this notice mentions “data processor,” “processor,” “Lodgify,” it refers to CODEBAY SOLUTIONS LIMITED.

Users’ personal data may be disclosed to third parties which are companies that provide services to Lodgify.

These third parties are:

Codebay Solutions S.L.U., a subsidiary of Codebay Solutions Ltd which renders trading and logistics services regarding Lodgify web and software.

Advertisers that require the information to select and serve relevant adverts to our users and others; and

Analytics providers that assist Lodgify in the improvement and optimization of Lodgify.com and the Services.

If the data subject wishes to exercise any of the aforementioned rights, he or she may at any time directly contact Aristos Life by sending the appropriate request at the following address:

info@aristoslife.com

Obligatory nature of providing the data

The data requested in the forms accessible from the booking engine are, in general, mandatory to meet the stated purposes of services we provide.

If they are not provided or are not provided correctly, we will may be unable to process the request.

The legal bases for the processing of data are the following:

– In all other cases, the legal basis for the processing is the consent provided by the user.

Personal data we collect and process

This will include:

personal information about you which we ask you for (i.e. your name, address, and email address) when you make a booking;
financial details in order to process your booking when we require a pre-payment;
details of transactions you carry out through our booking engine and details of the fullfilment of your orders.
our data processor may only collect and process personal data collected and/or processed on behalf of us in accordance with our instructions. Lodgify cannot process it in any other way or for any other purpose.

We grant permission to our data processor:

to use your personal information for reserving rooms and/or other services for you at Aristos Life;
to pass on your financial details to Aristos Life and/or appropriate third party (for example, to a credit card company) for the purpose of confirming or paying for a booking;
to use your information for marketing purposes (where you explicitly agree to this); and
to complete forms and other details on our website (for example when making bookings, changes, cancellations, etc)

Social Media Links:

Third-party data (i.e. if you book for family or a friend)

Please note we may carry out the necessary verifications to verify this consent, adopting the corresponding due diligence measures, in accordance with the data protection regulations.

Sensitive Data

Services by Minors

Our services are intended only for those 18 years and older, and we request that they do not provide any Personal Data though our Services.

Purpose

Depending on the User’s requests personal data collected will be processed in accordance with the following purposes:

To manage the bookings made, including payment management and the management of the User’s requests and preferences.
To manage registration in any company membership programs, as well as obtaining and redeeming points or benefits.
To manage the User’s contact requests with us through the channels provided to us.
To manage the sending of personalized commercial communications from us, by electronic and/or other available means, in which the User expressly consents.
To manage contracted accommodation services, as well as any additional services.
To manage surveys regarding the quality of the services provided by us and/or the perception of us in general.

Data Storage

According to that:

In the case where users purchase Aristos Life or Lodgify products or subscribe to Aristos Life or Lodgify Services through the website, the personal data will be kept as long as the contractual relationship between the parties is maintained and, in any case, until legal liabilities are extinguished definitively (by the expiry of the statute-of-limitations period).
In all other cases, the personal data provided will be kept as long as the data deletion is not requested by the user. Likewise, data will be kept according to the legal time-frame set forth in legal, fiscal and accounting matters, taking as reference the date of the request for data deletion.
We will retain your Personal Data for the period necessary to fulfill the purposes outlined in this Privacy Notice unless a longer retention period is required or permitted by law or if the User requests their withdrawal from us, opposes or revokes their consent.

Whether there is a legal obligation to which we are subject (for example, certain laws require us to keep records of your transactions for a certain period before we can delete them)

Whether we are required to report your data to the local authorities for required laws in Greece for accommodation services.

Whether retention is advisable considering our legal position (such as, for statutes of limitations, litigation or regulatory investigations)

Legitimate Interest

The data processing required in fulfilment of the purposes that require the User’s consent cannot be undertaken without said consent.

If the User withdraws their consent to any of the processing, this will not affect the legality of the processing carried out previously.

To revoke such consent, the User may contact us through the appropriate channels. And in those cases in which it is necessary to process the User’s data for the fullfilment of a legal obligation or local law for the execution of the existing contractual relationship between us and the User, the processing would be legitimized as it is necessary for compliance with said purposes.

Data Disclosure

We will use and disclose Personal Data as we believe to be necessary or appropriate:

to comply with applicable law, including laws outside your country of residence.
to comply with legal process.
to respond to requests from public and government authorities, including authorities outside your country of residence and to meet national security or law enforcement requirements.
to enforce our terms and conditions.
to protect our operations.
to protect the rights, privacy, safety, and property of our own, you or others; and
to allow us to pursue available remedies or limit the damages that we may sustain.

International transfers of personal data

User's Responsibility

The User Guarantees that they are of legal age or legally emancipated, where applicable, fully capable, and that the information furnished to us is true, accurate, complete and up-to-date.

For these purposes the User is responsible for the truthfulness of all the data communicated and will keep the information updated, so that said data reflects their actual situation.

Will be responsible for false or inaccurate information provided through the Website and for damages, whether direct or indirect, that this may cause to us or third parties.

Exercise of Rights with Aristos Life

The User may contact us at any time free of charge, to:

To obtain confirmation about whether or not personal data concerning the User are being processed by us.
To access their personal details.
To rectify any inaccurate or incomplete data.
To request the deletion of their personal data when, among other reasons, the data are no longer necessary for the purposes for which they were collected.
To confirm revocation of consent.
To obtain from us the limitation of data processing when any of the conditions provided in the data protection regulations are met.
To request the portability of your data.