Privacy Policy

Atlantic Astypalaia Suites (the “Hotel”, “we”, “us”, “our”) respects your privacy and is committed to protecting your personal data in compliance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and applicable Greek data protection legislation.

This Privacy Policy explains what personal data we collect, the purposes and legal bases for processing, how long we retain data, with whom we share it, the safeguards we apply, and your rights under applicable data protection law.

Last updated: 20 February 2026

1. Controller & Contact Details

The data controller for the purposes of the GDPR is:

2. Scope

This Privacy Policy applies to personal data processed when you:

  • visit or use our website;
  • contact us by email, phone, contact form, or social media;
  • request or make a reservation directly or via third parties;
  • stay at the Hotel and use our services;
  • interact with our online advertising, analytics, or tracking technologies.

3. Definitions

  • Personal data: any information relating to an identified or identifiable natural person.
  • Processing: any operation performed on personal data, including collection, storage, use, or disclosure.
  • Controller: the entity determining the purposes and means of processing.
  • Processor: an entity processing personal data on behalf of the controller.

4. Personal Data We Collect

4.1 Data You Provide

  • Identity & contact data: name, surname, email address, telephone number, nationality, language preferences.
  • Reservation data: stay dates, number of guests, accommodation preferences, booking reference, communication history.
  • Payment data: payment status and invoicing information. Full payment card details are processed by authorized payment providers and are not stored by us.
  • Guest service information: preferences or requests relevant to your stay.
  • Legal compliance data: information required under applicable Greek hospitality and tax regulations.

4.2 Data Collected Automatically

  • Device & usage data: IP address, browser type, operating system, pages visited, session duration, interaction data.
  • Approximate location: derived from IP address.
  • Cookie identifiers: where consent is provided for non-essential cookies.

5. Purposes and Legal Bases

5.1 Reservation and Contract Performance

  • Purpose: manage reservations, provide accommodation services, communicate with guests.
  • Legal basis: performance of a contract (Art. 6(1)(b) GDPR).

5.2 Legal Compliance

  • Purpose: comply with tax, accounting, and regulatory obligations.
  • Legal basis: legal obligation (Art. 6(1)(c) GDPR).

5.3 Customer Support & Service Improvement

  • Purpose: respond to enquiries and improve service quality.
  • Legal basis: legitimate interests (Art. 6(1)(f) GDPR).

5.4 Website Analytics

  • Purpose: analyze website performance and user behavior.
  • Legal basis: consent for non-essential cookies (Art. 6(1)(a) GDPR).

5.5 Advertising & Remarketing

  • Purpose: measure advertising effectiveness and deliver relevant advertisements.
  • Legal basis: consent for marketing cookies (Art. 6(1)(a) GDPR).

6. Cookies and Tracking Technologies

Our website uses cookies and similar technologies.

  • Strictly necessary cookies: essential for website functionality.
  • Analytics cookies: used via Google Analytics to understand website usage.
  • Marketing cookies: used via Meta Pixel for advertising and remarketing.

Google Tag Manager is used to manage website tags. It does not collect personal data itself but facilitates the deployment of analytics and marketing tools.

You may manage or withdraw your consent through your browser settings and our cookie consent mechanism.

7. International Transfers

Some service providers, including Google and Meta, may process data outside the European Economic Area. Where such transfers occur, appropriate safeguards such as Standard Contractual Clauses are applied in accordance with GDPR requirements.

8. Data Sharing

We do not sell personal data. We may share data only where necessary with:

  • Authorized personnel;
  • IT and hosting providers;
  • Analytics and advertising providers (Google, Meta);
  • Payment service providers;
  • Professional advisers and public authorities where legally required.

9. Data Retention

  • Reservation data is retained for the duration necessary to manage bookings and post-stay matters.
  • Accounting and tax data is retained in accordance with Greek legal requirements.
  • Marketing and analytics data is retained based on consent and provider retention settings.

10. Data Security

We implement appropriate technical and organizational measures including secure hosting, encryption (HTTPS), access controls, and monitoring procedures to protect personal data.

11. Your Rights

You have the right to:

  • Access your personal data;
  • Request rectification or erasure;
  • Request restriction of processing;
  • Object to processing based on legitimate interests;
  • Withdraw consent at any time;
  • Request data portability where applicable.

To exercise your rights, contact us at [email protected].

You also have the right to lodge a complaint with the Hellenic Data Protection Authority (HDPA).

12. Children

Our services are not directed to children, and we do not knowingly collect personal data from minors.

13. Third-Party Websites

Our website may contain links to third-party websites. We are not responsible for their privacy practices.

14. Changes to This Policy

We may update this Privacy Policy periodically. The updated version will be published on this page with a revised date.

15. Contact

Book Online
Close
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.

Strictly Necessary Cookies

Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.