Privacy policy

PRIVACY POLICY

This Privacy Policy explains how we collect, use, protect, and process personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR).

1. Personal Data We Collect

When you visit our website, make a reservation, contact us, or subscribe to our communications, we may collect the following personal data:

• Full name

• Email address

• Phone number

• Postal address

• Booking and reservation details

• Billing details required for invoicing

• Any information you voluntarily provide through contact forms or communication

Payment card details are processed securely by certified payment providers and are not stored on our servers.

2. When We Collect Personal Data

We collect personal data when you:

• Make a reservation through our website or booking system

• Contact us via forms, email, or phone

• Subscribe to a newsletter or marketing communication

• Provide information required for legal or operational purposes

3. How We Use Your Personal Data

We use personal data for the following purposes:

• To process and manage reservations

• To communicate with guests before, during, and after their stay

• To provide customer support and respond to inquiries

• To comply with Greek tax, accounting, and tourism legislation

• To improve our website, services, and user experience

• To send marketing or promotional communications only with prior consent

4. Legal Basis for Processing

Personal data is processed on one or more of the following legal bases:

• Performance of a contract (reservation and accommodation services)

• Legal obligation (tax and tourism regulations)

• Legitimate interest (service security, fraud prevention, service improvement)

• Consent, where required (marketing communications)

5. Data Protection & Security

Your personal data is stored on secure systems with restricted access and protected by appropriate technical and organizational security measures.

Access to personal data is limited to authorized personnel and trusted service providers who are contractually bound to confidentiality.

6. Data Sharing & Third Parties

We do not sell or trade personal data.

Personal data may be shared only with:

• Booking platforms and reservation systems

• Payment service providers

• Accountants and public authorities, where required by law

• IT and hosting providers supporting website operation

All third parties are required to process data in compliance with GDPR.

7. Data Retention

Personal data is retained only for as long as necessary:

• Reservation and invoicing data: up to 10 years, as required by Greek law

• Communication records: up to 3 years

• Marketing data: until consent is withdrawn

8. Your Rights

Under GDPR, you have the right to:

• Access your personal data

• Request correction or deletion

• Request restriction of processing

• Object to processing based on legitimate interest

• Withdraw consent at any time

• Lodge a complaint with the Hellenic Data Protection Authority (www.dpa.gr)

Requests may be submitted via the contact details provided on this website.

9. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices or content of those websites.

10. Updates to This Policy

This Privacy Policy may be updated periodically to reflect changes in legislation or business practices. The latest version will always be available on this website.

11. Contact

If you have any questions regarding this Privacy Policy, you may contact us via the details provided in the website footer or through the contact form.

Verification of Guest Identity

In accordance with Greek legislation applicable to accommodation providers, we are required to verify the identity of guests staying at our properties.

For this purpose, a few days prior to arrival, we may request:

• An official identification document (such as a national ID card or passport)

• A recent selfie, solely for identity verification purposes

These details are collected exclusively to comply with legal obligations imposed by Greek authorities and to ensure accurate guest registration.

All identification data is processed securely, used strictly for verification and statutory reporting purposes, and is permanently deleted upon guest departure, unless a longer retention period is required by law.