The company under the corporate name “CHOLIHOUSE REAL ESTATE MANAGEMENT CONSULTANTS P.C.” and the distinctive title “Holihouse”, headquartered in Kalamata, at 22 Kaisari Street, and Athens, 119 Solonos Street, with Tax Identification Number 801868704 of the Tax Office (D.O.Y.) of Kalamata (hereinafter the “Company”), respects the privacy of natural persons and takes very seriously the need to protect their personal data. It considers the lawful processing, security, and protection of your personal data to be extremely important when you communicate or cooperate with us, regardless of your capacity (indicatively and not limited to: prospective or active customer, representative or legal representative of companies, partner or partner of our customers or prospective customers, visitor to the Company’s website, employee, supplier, external associate of the Company).
You may contact the Company at the email: info@holihouse.gr
The Company’s website is: www.holihouse.gr
This text provides any person who provides services to the Company, as well as any person who is interested in receiving and/or already receives services from the Company, and any visitor/user of the Company’s website (hereinafter the “Website”) with brief information regarding the practices followed for the management and protection of personal data.
Please read these terms carefully. By accepting them in printed form, or by submitting the relevant consent statement and providing consent when using our website, you accept the practices described herein, the terms of which govern our relationship and are incorporated into the terms of use of our services.
What are personal data?
Your personal data include any information that can lead, either directly or in combination with other information, to your identification as a natural person. This category may include, as applicable, information such as full name, identity card number, Tax Identification Number, your postal and electronic addresses, telephone numbers, gender, nationality, IP, cookies, as well as special categories of personal data, and any other information that allows your unique identification, in accordance with the provisions of the General Data Protection Regulation 2016/679 (“GDPR”), Law 4624/2019, applicable Greek and European legislation, and the decisions of the Hellenic Data Protection Authority.
What is processing of personal data?
Processing of personal data means any operation or set of operations performed, with or without automated means, on personal data or on sets of personal data, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
How are personal data collected?
The Company collects personal data that you provide to us when completing applications and expressions of interest for our services, when communicating with us regarding matters relating to the services provided, when browsing our website, as well as when concluding and performing a contract with the Company and using our services, either on your behalf or on behalf of natural or legal persons whom you legally represent. More specifically, your personal data are collected in the following ways:
(a) When you provide them yourself, in the context of communication, conclusion of a contract or use of the Company’s services (e.g., when you contact us by phone, by email or by filling out an application or form in order for us to provide services or to serve you or your partners; when you enter into and sign a contract with the Company for the provision of our services, in the context of which you voluntarily provide us with your personal data, as well as the personal data of partners, legal representatives, employees or suppliers; when you visit our offices or communicate with customer service or our call center, either for service provision or to express opinions, complaints or comments; when you participate in short meetings organized by the Company for the purpose of providing our services (e.g., delivery of instructions, briefing on the Company’s tools, receipt of training material, video-recorded training, etc.); when you contact our postal or email address; when you subscribe to our newsletter; when we receive your Curriculum Vitae with your consent via LinkedIn or our website, etc.).
(b) Automatically, through the browser you use to access any of the Company’s websites, through technologies such as cookies, IP logging, etc. (e.g., when you visit our website, through which we collect via cookies information from your terminal device, such as IP address, operating system, type and version of browser, etc.).
(c) When they are transmitted to us by a third party or partner, provided that you have previously given the required consent for such transmission, or the transmission takes place in the context of serving a lawful purpose (when we receive documents, requests, orders, reports, cover letters or warrants from third-party bodies such as supervisory, prosecutorial, judicial or tax authorities, for the investigation of offenses and the protection of you, your family, our employees and the Company, to address all forms of crime and prevent infringement of legal interests).
Where your consent is required for the collection and processing of personal data, such as, indicatively, for further updates, subscription and receipt of a newsletter, it is requested from you explicitly, while you retain the right to withdraw it at any time.
What personal data are collected?
The collected data, indicatively and not limited to, include:
(a) Basic Personal Data: Full name, father’s name, mother’s name, details and photocopy of identity card or other legitimizing document, date of birth, gender, nationality, marital status, etc.
(b) Contact Details: Home address, work address, telephone numbers (home, work, mobile), email addresses, etc.
(c) Professional Profile: Capacity, profession, position in a company, duties and responsibilities, education level, professional experience, etc.
(d) Tax-Related Details: Tax Identification Number, competent Tax Office, Social Insurance Agency, bank account number, IBAN, debts to the Company, payment details, etc.
(e) Property-Related Details: Property address, ownership details, Property Registration Number (A.M.A.), EOT/MITE details, audiovisual material, photos and videos of the premises, amenities and property characteristics, and any additional information required for correct registration and presentation.
(f) Other Personal Data: Data provided by customers that are necessary for the customization and configuration of accommodations on rental platforms, as well as contact details of third parties provided by the owner for the effective organization and performance of the cooperation (details of manager, cleaning crew, tax consultant, accounting office, etc.).
Furthermore, we automatically collect information sent by the computer, mobile device, or browser you use to access our services through the website www.holihouse.gr
(“Automatic Data”). This information includes, indicatively, the Internet Protocol address of your device (e.g., desktop computer, laptop, tablet, smartphone), service usage statistics, access information, as well as data collected through Cookies, Pixel Tags and similar technologies. This technical information is used for the smooth operation and performance of the websites and electronic services, and is not permanently stored in the Company’s infrastructure. We may also receive data from third-party sources, such as social networks (LinkedIn, Facebook, etc.) and other companies’ websites.
The collection, processing and protection of your personal data are carried out in accordance with the applicable provisions when you contact the Company, when you enter into a contract and/or purchase our services, when you contact us by phone for information about our services, or when you submit electronic requests through our website or our email address.
Lawful processing
The Company will use your information for the following lawful and specific processing purposes (in accordance with the relevant articles of the GDPR), as applicable, either on the basis of your explicit consent (which you may freely withdraw at any time), or for the performance of a contract or pre-contractual relationship with you, or for the pursuit of our legitimate interest or for the protection of your vital interests or the vital interests of our employees and partners, as well as for the pursuit of the Company’s legitimate interests, and in particular:
A. Partners, prospective partners, and their legal representatives:
for the preparation, conclusion and performance of contracts that Holihouse enters into with its customers, partners and suppliers, and for the proper and effective provision of accommodation management and promotion services,
for servicing, supporting and monitoring our contractual relationship and ensuring proper performance of obligations arising from it,
for costing, invoicing and financial management of Holihouse services,
for the Company’s compliance with its tax and social insurance obligations,
for the Company’s compliance with the applicable legislative and regulatory framework,
for safeguarding the Company’s legitimate interests,
for safeguarding the vital interests of the Company’s employees and protecting its assets,
for the provision of the Company’s services to customers and the adaptation and/or interconnection of accommodations with third parties (rental platforms),
for managing requests for information about the Company’s services,
for satisfying requests from partners, owners or guests, in the context of the proper operation and management of accommodations,
for communication and information purposes, such as sending email, SMS and/or newsletters about the Company’s activities and services that may interest you, provided you have given your consent (opt-in). You retain the right to withdraw your consent (opt-out) at any time,
for promoting the Company’s services through social networks and professional networking pages managed by it,
for the Company’s internal operations and analyses, such as internal management, fraud prevention, use of information systems for management, invoicing, accounting, billing and auditing, as well as compliance with tax regulations.
B. External associates and suppliers:
for the preparation and performance of contracts the Company concludes with them for the purchase of products or the provision of services,
for compliance with tax legislation,
for necessary communication, either at the pre-contractual stage or during contract performance.
C. Visitors to the Company’s website:
for electronic communication and servicing needs through the website.
D. Employees and job applicants:
for the conclusion and performance of the employment contract,
for compliance with labor, social insurance and tax legislation generally,
for compliance with health and safety rules and regulations at work,
for the protection of their vital interests,
and generally for the exercise of the Company’s managerial right.
In any case, you may modify your preferences at any time by sending a relevant request to legal@holihouse.gr.
Cookie policy on our website
In accordance with the European E-Privacy Directive 2009/136/EC (which will be replaced by the ePrivacy Regulation), as well as with the Guidelines of the Hellenic Data Protection Authority of 25.2.2020, the Company’s websites use cookies. Cookies are small text files containing information and stored in the browser of the visitor/user’s computer or device while browsing the websites and can be removed at any time.
The Company uses cookies for the following purposes:
for the smooth and fast operation of the websites,
to recognize the device, browser and operating system used by the user, in order to provide a personalized browsing experience,
to store user settings during or between visits (e.g., language, preferences, login details) to avoid retyping,
to improve the performance, functionality and security of the websites,
to provide content based on the user’s interests and needs,
to analyze browsing behavior and usage of the websites.
The Company does not use cookies:
to collect personal data without consent,
to transmit personal data to advertising companies,
to transmit data to third parties without consent.
Cookies are divided into four categories:
Necessary cookies (first-party): required to be enabled for proper operation of the website. Strictly necessary cookies are exempt from the consent requirement under the GDPR.
Preference cookies: remember user choices such as language, currency or display settings.
Statistics cookies: originate from third-party services such as Google Analytics and record traffic and usage statistics.
Marketing cookies: originate from technology companies or third-party advertising providers to display personalized advertising or to collect data for future advertising purposes.
Depending on how long they are stored on the user’s device, cookies are classified into:
Session cookies: deleted when the browser is closed.
Persistent cookies: remain on the device until deleted or until their preset expiration period.
In addition, certain third-party services used by the websites (such as social media buttons or statistics services) place their own cookies, which are not controlled by the Company.
When you visit the websites, data may be processed by third parties (third-party cookies), such as Google Analytics, Facebook Pixel, social plug-ins or tools of other technology companies. The third-party providers are exclusively responsible for such processing, and the data may be transferred within or outside the European Economic Area.
If you do not want third parties such as Google, Facebook, Instagram to receive information from your browser, you can opt out based on the options provided in the policies of the respective services. You can also modify your browser settings to be notified about the use of cookies or to reject their use entirely. Note that disabling cookies may significantly limit the functionality and user experience of the website.
You can delete cookies from your device at any time. More information about cookies and ways to block or manage them can be found at:
http://cookiepedia.co.uk/all-about-cookies
http://www.allaboutcookies.org/
The Company’s websites also use internet tags that help measure visitor response. The Company assures that through internet tags and cookies no personally identifiable information is collected, such as names, addresses, emails or telephone numbers.
What applies regarding links to other websites?
The Company’s websites may contain references via hyperlinks to other websites, for the content and services of which the Company bears no responsibility, nor does it guarantee continuous and safe accessibility. Under no circumstances should the Company be considered to accept or adopt the content or services of the linked websites or to be connected with them in any way. Any problem that may arise when using the above websites is the sole responsibility of the owner of that website. In the case of hyperlinks to other websites, the Company is not responsible for the terms of management and protection of personal data that they follow.
We use social media to present the Company’s work and services through widely used and modern channels. The Company’s use of social media is specifically indicated on the websites.
The Company strongly encourages users to consult the relevant policy of each third party (e.g., search engine service providers, social networking service providers such as Facebook, LinkedIn, Twitter, etc.) in order to be informed about the practices they follow for the protection of personal data.
The Company’s websites may contain display of material with advertising/informational content, purpose and character. The Company bears no responsibility towards the visitor/user, as well as any third parties, for any unlawful act or omission, inaccuracy or inability to comply with the laws and regulations of any country or of the European Union, in relation to the content of these updates. The Company is not obliged to examine and does not examine the legality or otherwise of the informational material displayed on the above websites and therefore no liability of any kind may be attributed to it. This responsibility lies with the advertisers, sponsors and/or creators of the displayed advertising material.
Transfer of your data to third parties
As a rule, the Company does not transfer your personal data to third parties, unless such transfer is absolutely necessary for the provision of our services, for meeting requests related to the services we offer, or if required by the applicable legal and regulatory framework.
Access to and processing of your personal data is granted exclusively to the absolutely necessary and authorized Company personnel (employees, partners, external associates), who are bound by confidentiality obligations.
Your personal data may be disclosed or transferred:
to competent Public Authorities, due to the Company’s legal obligations (such as AADE, EFKA, etc.), which act as independent Data Controllers,
to accountants, IT engineers, information systems technicians, suppliers, Applications & Products providers, Google Workspace application providers, as well as electronic communication platforms such as Zoom or Microsoft Teams, who cooperate with the Company under independent service agreements and act, as the case may be, as Processors, being bound by confidentiality and professional secrecy,
to the Company’s customers, who act as independent Data Controllers and are not corporately affiliated with the Company,
to official state and supervisory bodies (such as prosecutorial authorities, Cyber Crime Division, Hellenic Data Protection Authority, tax and other supervisory authorities) where required for compliance with the law or to prevent harm to you or to the Company from unlawful actions.
The Company selects reliable providers and imposes contractual restrictions and commitments on third parties who receive your personal data to ensure that data are used in accordance with the law. All partners and employees of the Company are bound by confidentiality clauses and professional secrecy.
For the processing of your data, it may be required to store, transfer or process them in other countries, including countries within the European Economic Area (EEA). Such transfer is carried out on the basis of adequacy decisions of the European Commission, binding corporate rules, standard contractual clauses and other approved safeguards.
Principles of collection and processing
This Privacy and Personal Data Protection Policy aims to inform you about the terms of collection, processing and transfer of your personal data, which we may collect in the capacity of Data Controller or Processor. The Company, as well as its appropriately trained staff, fully comply with the ten Processing Principles of the GDPR 2016/679 (lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity, confidentiality and accountability).
The Company protects and ensures the exercise of your rights regarding the use of your Personal Data (information, access, rectification, erasure, restriction of processing, notification, data portability, objection and not being subject to automated decisions based on profiling, as provided by Greek law).
The above apply without any discrimination whatsoever and apply to every processing operation we carry out and to all services we provide.
Data retention and deletion policy
The Company always requests from you only the absolutely necessary set of personal data provided for by law, in order to provide its services and communicate effectively with you. Personal data are collected and processed exclusively by authorized Company employees per department, and only for purposes connected with servicing our contractual or other legal relationship, or for the purpose of informing you about the Company’s activities and services, provided you have given us your explicit consent.
The Company retains your personal data only for as long as required by the contractual terms of each service, in conjunction with applicable social insurance, tax, labor and general legislation, and depending on the purpose of processing. After this necessary period, the Company proceeds either with anonymization or destruction of the data.
Unsolicited commercial communication (spam)
The Company expressly prohibits the use of its services and website for sending bulk or unsolicited commercial messages (spam). It is also not permitted to send or receive messages from or to our customers when they include or use invalid or forged headers, nonexistent or invalid domain names, techniques to conceal the true origin of the message, false or misleading information, or otherwise violate the terms of use of electronic services.
The Company does not allow the collection of email addresses or other customer details through its services or website, nor does it authorize any attempt to use its systems in a way that may cause damage, burden, disrupt or weaken the smooth operation of our services or prevent their lawful use by third parties.
With regard to our website and our email address, if any unauthorized, abusive or inappropriate use of data or services is found, the Company reserves the right, without prior notice and at its sole discretion, to take any necessary measure. Such measures may include blocking messages from a specific domain, mail server or IP address.
The Company may also proceed immediately to delete any account that uses its services in a manner which, in its sole and substantiated judgment, is involved in or associated with the transmission of messages that violate this policy.
Security of your personal data
In any case, the Company takes appropriate technical and organizational measures to ensure the confidentiality, integrity and availability of your personal data. Our goal is to ensure that your data are transmitted, stored and processed in accordance with adequate international security standards and procedures.
The Company has trained and committed personnel and recognizes the particular importance of protecting your privacy and personal data. For this purpose we implement appropriate security policies and use necessary technical and operational means, such as anonymization, pseudonymization, data encryption, use of firewalls, definition of access levels, authorized personnel and partners, continuous staff training, periodic security audits and compliance with international security standards, in order to protect personal data from unauthorized or unlawful processing, as well as from accidental destruction, loss or damage.
Each partner of the Company who has access to the above data acts as a Processor and uses these data exclusively for the purposes referred to in this Policy. The Company discloses the information you provide only in the ways described in this Policy and in accordance with your explicit and specific consent per type of processing, which you may withdraw at any time freely by contacting us.
Display of targeted advertising
Following your prior written consent, the Company may use your personal data, in combination with other data it has collected and after human intervention by the marketing department, to display advertisements that correspond to your apparent preferences, either on our website or on other websites.
However, the Company does not use automated tools to monitor or evaluate your consumer profile nor to correlate general preferences with other personal data (such as your email address) for the purpose of displaying advertisements or sending personalized offers, unless you have accepted the relevant marketing cookies. In addition, the Company does not share your personal data with third parties so that they can send you targeted advertisements, unless you have explicitly and in writing consented.
If you wish to stop receiving updates, emails or newsletters, you may use the unsubscribe link at the end of each relevant email or newsletter you receive from us.
How do we ensure that Processors respect your personal data and the data of your partners?
Processors of personal data on behalf of the Company have contractually and in writing committed to:
maintain absolute confidentiality and similarly bind their personnel, where they are external partners,
not transfer personal data to third parties without the Company’s prior written permission,
take appropriate organizational and technical security measures to protect data,
immediately inform the Company of any personal data breach incident,
delete and/or return personal data to the Company after termination of our contract,
fully comply with the applicable legal framework on personal data protection, and in particular with the GDPR, applicable Greek legislation, and the decisions of the Hellenic Data Protection Authority.
Data subject rights and contact for questions or remarks
In accordance with applicable personal data protection legislation and the GDPR, you have the following rights:
Right to information and access: the right to know whether your data are being processed, and the manner and purpose of processing.
Right to rectification: the right to request correction of your personal data if inaccurate or incomplete.
Right to erasure (“right to be forgotten”): the right to request deletion of your personal data, subject to the conditions set by law.
Right to restriction of processing: the right to request restriction of processing when specific lawful conditions are met.
Right to data portability: the right to request transfer of your data to a third party.
Requests to exercise the above rights may be submitted by sending your request to: legal@holihouse.gr
If you exercise any of the above rights, the Company will respond within one (1) month from receipt of the request. This period may be extended by a further two (2) months depending on the complexity of the request or the number of requests submitted.
Finally, you retain the right to file a complaint with the Hellenic Data Protection Authority (www.dpa.gr), 1–3 Kifisias Ave., 115 23 Athens, tel. +30 210 6475600, email: concontact@dpa.gr
, if you believe that the processing of your personal data violates applicable national or EU legislation on personal data protection.
What is the applicable law for the processing of your data by us?
The applicable law is Greek law, as shaped in accordance with the GDPR 2016/679/EU, and generally the applicable national and European legislative and regulatory framework for the protection of personal data. For any dispute arising from the processing of your personal data, the Courts of Kalamata shall have exclusive jurisdiction.
For any matter concerning your personal data and/or for clarifications, you may contact Mr. Ioannis Voutsis by telephone at 27210 27931 or by letter to the address 22 Pan. Kaisari Street, Kalamata.
This policy was updated on 3 August 2018.
