Privacy Policy

CRETE PROVENCE ANONYMI EMPORIKI-XENODOCHEIAKI-NAUTILIAKI KAI TOURISTIKI ETAIREIA (hereinafter "we", "us", "our"), operates the website (hereinafter the "Website"), recognizes the importance of the privacy of all its visitors and users and is committed to protect your personal data in compliance with applicable data protection and privacy laws, including the General Data Protection Regulation 2016/679 (hereinafter the "GDPR").

To this end, the present Privacy Policy is intended to inform you about our privacy practices and in particular the ways we, in our capacity as Data Controller of your personal data, handle information collected about you when visiting our Website.

1. Contact Information


Address Milatos, Neapolis, AGHIOS NICOLAOS, 72400, CRETE, GR
TRN 094162768
Telephone Number 2841065000

If you have any questions, comments or concerns about our privacy practices and/or would like to submit a privacy request, please contact us at the abovementioned contact details.

2. Contact Information

When you access and navigate through our Website and make use of specific sections of the Website, certain personal data are being collected and processed for the purposes mentioned below and always upon application of an appropriate legal ground. In particular:

  • Contact details (name, surname, ID or passport number, email address, phone number and home address), credit card details (card type, credit card number, card name, expiration date and security code) and visitor details (arrival and departure dates, any special requests, comments on service preferences) in order to complete and manage your online booking, on the basis of Article 6 para. 1 (b) GDPR;
  • Data automatically collected (such as such as language settings, IP address, location, device settings, device operating system, activity details, time of use, redirect URL, status report, user information, the browser), for purposes of operation of our Website as well as statistical and advertising purposes, on the basis of Article 6 1 (a) GDPR and Article 6 par. 1 (f) GDPR, as further described in our Cookies Policy.

3. Recipients of your Personal Data

We do not allow personal information collected about you to be sold, traded, disclosed to or viewed by any third party. Your personal data is mainly processed exclusively by us and our authorized personnel.

We may, however, disclose your personal data in limited circumstances to certain categories of recipients, always ensuring that they provide the appropriate level of security and confidentiality of your personal data in compliance with applicable data protection laws. In particular, depending on the case, we may disclose your personal data to:

  • Services providers, who may perform services on our behalf relating to the Website’s operation and functionalities, such as IT and booking services providers, only to the extent necessary for the execution of the required services;
  • Law enforcement authorities, government officials, regulatory agencies or other parties, when we are required to do so by applicable law, regulations or legal process in connection, for instance, with an investigation conducted by judicial authorities regarding suspected and/or actual illegal activity or with a court order served on us, or when such disclosure is necessary upon our legitimate interests.

4. Location of your Personal Data

The storage and processing of your personal data is taking place only within the EU/EEA, where an adequate level of personal data protection is ensured.

If we are required to transfer your personal data to a third country, we will promptly inform you thereof and implement appropriate safeguards in accordance with applicable data protection laws, in order to conduct such data transfer and ensure that your personal information remains protected and secure.

5. Retention Period of your Personal Data

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, as outlined in this Privacy Policy, and in any case as required or permitted under applicable law and the corresponding statute of limitation.

The criteria used to determine the retention period of your personal data include inter alia: (i) the time period we have an ongoing relationship with you; (ii) whether there is a legal retention obligation to which we are subject, such as legal, tax or accounting requirements; or (iii) whether retention is advisable in light of our legitimate interest to have an accurate record of your dealings with us in the event of any complaint or challenge, litigation or regulatory investigation.

6. Your Rights

You have the following rights in connection with the processing of your personal data, provided that the respective legal requirements are met:

  • Right of access: you can receive confirmation as to whether or not personal data of yours are processed and request access to, as well as a copy of the processed data.
  • Right to rectification: you can request the correction of inaccurate personal data or the completion of incomplete personal data.
  • Right to erasure of your personal data, where one of the grounds set out under Art. 17 of the GDPR applies.
  • Right to restriction of processing, where one of the grounds set out under Art. 18 of the GDPR applies.
  • Right to object to the processing of your personal data, when we rely on our own or someone else’s legitimate interest, including to the processing for direct marketing purposes.
  • Right to data portability: you can request to receive your personal data in a structured, commonly used and machine-readable format and to transmit them to another controller, provided that the conditions of Art. 20 of the GDPR are met.
  • Right to withdraw your consent: in cases where processing is based on your provided consent, you can withdraw your consent at any time, without however affecting the lawfulness of processing based on consent before its withdrawal.

The aforementioned rights may be exercised at any time by submitting your request in writing at the following e-mail address: . We will respond to your request as soon as possible, taking into account the nature and type of the request.

Finally, if we fail to take action on your requests, you have the right to lodge a complaint with the competent data protection authority. For users resident in Greece the competent authority is the Hellenic Data Protection Authority (HDPA), located in Athens (1-3 Kifissias Avenue, PC 11523),

7. Links to Other Websites

Our Website may provide links to other websites owned or operated by third parties. Please be aware that we do not control other websites, nor have any liability for their content, security safeguards or privacy practices and that, in any case, the present Privacy Policy does not apply to these websites. Therefore, we strongly encourage you to get informed on the privacy policy of any linked website you visit.

8. Updates to our Privacy Policy

We may from time to time amend and update the present Privacy Policy. Although material amendments will be posted on the website, we encourage you to consult this Privacy Policy regularly, so that you are aware of its latest version and any updates.

Last Update: 2024-02-05 14:38:22 (UTC)