Privacy Policy (GDPR Compliance)

1. Controller

The controller responsible for the processing of personal data is:

Theano Kostopoulou Property Management

Address: Argasi, Zakynthos, Greece
Email: info@theanokostopoulou.gr
Phone: +30 6986133343
Contact person for data protection: Theano Kostopoulou

2. Purpose of Processing

We collect and process personal data of guests, property owners, and business partners for the following purposes:

-Managing reservations, check-in/check-out, and communication with guests.

-Issuing invoices and complying with tax and tourism regulations in Greece.

-Providing guest support and ensuring proper operation of accommodations.

-Fulfilling contractual obligations with property owners and partners.

-Marketing and communication (only with prior consent).

3. Legal Basis

The processing of personal data is carried out in accordance with Article 6 GDPR on the following bases:

-Performance of a contract: to process reservations and provide accommodation services.

-Legal obligation: to comply with tax, accounting, and tourism laws.

-Legitimate interest: to ensure the security of our services, prevent fraud, and improve customer experience.

-Consent: for sending newsletters and promotional materials (where applicable).

4. Categories of Data Processed

We may process the following categories of data:

-Identification data: full name, ID/passport number (where required by law).

-Contact details: email address, phone number, residential address.

-Booking information: dates of stay, property details, number of guests.

-Payment information: payment method, billing details.

-Communication history with guests.

5. Data Recipients

Personal data may be shared with:

-Our PMS and channel manager providers.

-Online booking platforms (e.g., Airbnb, Booking.com, Expedia).

-Accountants, tax authorities, and other public authorities as required by law.

-Authorized staff and service providers (cleaning, maintenance) when necessary.

-IT and hosting providers ensuring secure storage of data.

6. Data Retention

-Reservation and invoicing data: retained for up to 10 years to comply with tax obligations.

-Guest communication and support records: retained for up to 3 years after departure.

-Marketing/consent-based data: retained until consent is withdrawn.

7. Security Measures

We implement appropriate technical and organizational measures to ensure the security and confidentiality of personal data, including:

-Secure, password-protected systems.

-Restricted access for authorized personnel only.

-Encrypted communication and secure payment processing.

8. Rights of Data Subjects

Guests and partners have the right to:

-Access their personal data.

-Request rectification or erasure of data.

-Request restriction of processing.

-Object to processing based on legitimate interest.

-Withdraw consent for marketing communications.

-Lodge a complaint with the Hellenic Data Protection Authority (www.dpa.gr).

Requests regarding personal data can be submitted via email to info@theanokostopoulou.gr

9. International Data Transfers

Where data is transferred outside the EU (e.g., to booking platforms based in the USA), such transfers are carried out in compliance with GDPR requirements and with appropriate safeguards.

10. Updates to This Policy

We may update this Privacy Policy from time to time to ensure compliance with applicable laws and to reflect changes in our operations. The latest version will always be available on our website.

ite.