


Personal Data Protection Policy
Colors Ksenodociakes Epichirisis E.E. in compliance with the General Data Protection Regulation 2016/679 as well as the national legal framework governing the protection of personal data which it processes either as Controller or as Processor, has established this policy to be communicated to any interested party involved in data management procedures of the company’s basic principles.
The Company’s policy as well as all its procedures have been established on the basis of the following pillars of values:
1. Personal data is the sole property of any natural person and must be protected against erroneous or unauthorized processing
2. The privacy of any natural person is a fundamental right of the individual, which in no case should be trespassed
3. The main way of data protection, either in electronic or paper form, is primarily to ensure controlled access and to maintain appropriate infrastructures for processing them
4. In any case, privacy, integrity, availability and resilience of data must be preserved
The company selects the procedures and security mechanisms it adopts for each individual infrastructure or process by implementing a wider strategic design based on the following stages:
1. Identification of its data and dataflows
2. Assessing existing practices based on legal requirements
3. Developing a DPIA methodology to calculate the final impact on natural persons, where this is needed
4. Determining mechanisms based on the results of the above analysis and calculating the residual risk
In view of the above, in order for the company to be able to comply both with the legal framework and with the principles it puts in place for its operation, the following mechanisms, procedures and measures have been adopted:
1. Physical access control policy at the company’s premises: rated employee access and continuous escorts
2. Logical Access Control Policy (role allocation and corresponding granding of access rights, user accounts, protection policy for all information systems)
3. Active and passive fire protection measures
4. Separation of duties procedures
5. Personnel selection and evaluation procedures (qualification requirements and recommendations, signature of confidentiality contracts)
6. Information systems security measures (firewall, customized policies, traffic control, antivirus, ups, computer locking, access control, etc.)
7. Procedures for systematic controls (continuous internal audits for compliance with control measures)
8. Infrastructure tracking practices (security alert, emergency response team, fire detectors, CCTV)
9. Subcontractor and vendor management (procedures and criteria for selection – evaluation, verification of suppliers and partners, binding binding contracts with special confidentiality terms – confidentiality – data protection)
10. Existence of insurance policies (fire, civil liability)
Colors Ksenodociakes Epichirisis E.E. is the Data Controller. If you wish to communicate directly with the company manager you can use the email dpo@colorshotel.gr or the central telephone number of the company.