GDPR Compliance

We are committed to complying with the General Data Protection Regulation (GDPR) in relation to all personal data we collect from individuals within the European Union (EU). Here’s how we ensure GDPR compliance: Legal Basis for Processing Personal Data We will only process your personal data if we have a legal basis to do so under the GDPR. These legal bases include:

1. Consent: Where you have given us explicit consent to process your personal data for specific purposes.
2. Contractual Necessity: Where the processing is necessary for the performance of a contract to which you are a party, or to take steps at your request before entering into a contract.
3. Legal Obligation: Where the processing is necessary for compliance with a legal obligation to which we are subject.
4. Legitimate Interests: Where the processing is necessary for our legitimate interests or the legitimate interests of a third party, except where such interests are overridden by your interests or fundamental rights and freedoms.

Rights of Data Subjects Under the GDPR, individuals have certain rights regarding their personal data. These rights include:

1. Right to Access: You have the right to request access to your personal data and obtain information about how we process it.
2. Right to Rectification: You have the right to request the correction of inaccurate or incomplete personal data.
3. Right to Erasure: In certain circumstances, you have the right to request the deletion of your personal data.
4. Right to Restriction of Processing: You have the right to request the restriction of processing of your personal data under certain conditions.
5. Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit it to another controller.
6. Right to Object: You have the right to object to the processing of your personal data under certain circumstances.

Data Protection Officer (DPO) We have appointed a Data Protection Officer (DPO) who is responsible for overseeing compliance with the GDPR. You can contact our DPO at [info@williamshouses-santorini.com]. Data Transfers If we transfer your personal data outside the European Economic Area (EEA), we will ensure that appropriate safeguards are in place to protect your data, such as standard contractual clauses or adequacy decisions. Data Breach Notification In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority and affected individuals without undue delay, as required by the GDPR. Privacy by Design and Default We implement privacy by design and default principles to ensure that the necessary safeguards for data protection are incorporated into our processing activities from the outset. Data Retention We will only retain your personal data for as long as necessary to fulfill the purposes for which it was collected, including any legal, accounting, or reporting requirements. Changes to Our Privacy Policy We reserve the right to update or change our Privacy Policy at any time. Any changes will be effective immediately upon posting the updated Privacy Policy on this page. By continuing to use our website after such changes are made, you acknowledge and agree to the revised Privacy Policy. We encourage you to review this Privacy Policy periodically for any updates. Contact Us If you have any questions about this Privacy Policy or our data practices, please contact us at [info@williamshouses-santorini.com].