Datenschutzerklärung
Our company ALTHEA BOUTIQUE HOTEL KARPATHOS, Amoopi Beach, Karpathos,
Dodecanese, 85700, Greece, T: +30 22450 81152
Email: [email protected] respects privacy and protects the personal data of data subjects (customers, employees, visitors, etc.) according to the European General Data Protection Regulation (GDPR 2016/679), in accordance with Greek implementing legislation (Law 4624/2019) and the instructions of the Hellenic Personal Data Protection Authority (HDPA).
I. What personal data we collect about you
We only collect your necessary data and keep it for as long as necessary according to the law for the execution of a reservation and room rental agreement, by filling in a paper or electronic reservation form as indicatively:
a) name, surname, gender, date of birth, ID/ passport number, nationality, or other identification element
b) your contact details, such postal or email address, phone number etc.
c) payment information via credit and debit cards or other means.
d) health data about allergies, dietary requirements, requirements by people with special needs related to the provision of our services (e.g. breakfast, room location, accessibility of premises, etc.)
e) facial images collected through our CCTV system at hotel reception, lobby or business center, which we retain for fifteen (15) days for the protection of people and goods, which we subsequently destroy, except in cases of illegal actions that justify additional retention time.
f) cookies from our website to determine our commercial policy (See Cookie Policy).
II. Purposes of collection and processing
We legally collect (according to article 6 GDPR), and process your personal data, according to the principles of legality, objectivity, transparency and accountability. We also take appropriate technical and organizational measures to protect your data (pseudonymization, anonymization, encryption, etc.).
Each type of data processing is legal, as the case may be, based either a) on your express consent (for website cookies, publicity and marketing), b) on our existing contract (for hospitality, work), c) on our legitimate interest (as regards the installation of cameras for the safety of persons, prevention of theft and other illegal actions, protection of persons and goods), d) for our compliance with legal obligations (tax, insurance, audit, etc.), in order to serve you and to constantly improve our services, with actions such as:
a) the provision of telephone answers to your questions, recommendations, complaints and observations
b the advertising promotion of our services to our customers
c) the defense of rights in courts and authorities and compliance with court decisions, legal orders, regulations or circulars.
III. Personal data transfers to third parties
For the above purposes, respecting the principles of proportionality and data minimization, we may exceptionally transmit, disclose, grant access to your personal data, to legally authorized third parties, in Greece and possibly within the European Economic Area (EEA), such as:
a) to our partners, such as travel agencies, booking websites, hotel software companies, camera installation companies and transport companies.
b) to ministries, public services, social security, judicial and police authorities, etc., as long as this is required by law
c) to banks and financial institutions to settle our financial transactions
We assure you that our third-party partners are bound by us with Data Processing Agreements that ensure confidentiality and data protection in accordance with the GDPR. In addition, we do not use fully automated decision-making processes or process data of minors, since we are an “adults only” hotel, other than those required for the execution of the room rental contract.
ΙV. Your rights as a data subject
In accordance with the GDPR, you have the following rights:
a) updating, accessing and obtaining a copy of your personal data.
b) correcting any inaccurate or outdated data we hold about you.
c) deletion of your personal data if they are no longer necessary for the execution of the contract, either they were processed illegally, or the deletion is required by law and they are not required to be kept for legal purposes (such as pending legal claims, labor, insurance, tax obligations, etc.)
English
d) data portability by requesting direct transmission of your personal data from our Company to another, in case this is technically possible.
e) opposition to the processing which may entail termination of our contractual relationship, as long as your consent is necessary for its continuation.
f) filing a complaint to our company Data Protection Officer [email protected] and eventually to the Hellenic Data Protection Authority.
IV. Policy Changes
We reserve the right to modify this Privacy and Privacy Policy and our related practices at any time considering any legislative or technological changes. In any case, we will inform you appropriately by publishing on our website any revised personal data protection statement. Last Change: 6.6.2025.