Legal

Privacy Policy

Last updated May 2026

Anemolia Villas (“we”, “us”, “our”) respect your privacy. This policy explains what personal data we collect when you visit anemoliavillas-alonissos.gr or stay with us, how we use it, who we share it with, and the rights you have under the EU General Data Protection Regulation (Regulation 2016/679, “GDPR”) and Greek law (Law 4624/2019).

1. Who we are

Anemolia Villas operate three private villas with pools in Pefkos, Alonissos, P.C. 37005, Greece. For any privacy-related matter or to exercise your rights, please contact the data controller at anemoliavillas@gmail.com.

2. What data we collect

We collect only what we need:

  • Booking & stay data — full name, email, phone, address, payment details, ID / passport details (where required by Greek law for guest registration), arrival / departure dates, party composition, preferences and special requests.
  • Contact form data — whatever you submit through the form (name, email, phone, message). Delivered via the Brevo transactional email service.
  • Newsletter data — name and email if you voluntarily subscribe to the newsletter.
  • Browsing data — IP address, device type, operating system, browser, pages visited, time on site. Collected via anonymised analytics.
  • Cookies — see section 7.

3. Why we process your data

  • To fulfil your booking & stay (Article 6(1)(b) GDPR — performance of a contract).
  • To meet legal obligations, such as guest registration with Greek authorities and tax / accounting records (Article 6(1)(c) GDPR).
  • To respond to your enquiries via the contact form (Article 6(1)(b) GDPR — pre-contractual steps).
  • To send our newsletter, only with your explicit consent (Article 6(1)(a) GDPR). You can withdraw consent at any time via the unsubscribe link.
  • To improve the site through aggregated, non-personalised analytics (Article 6(1)(f) GDPR — legitimate interest).

4. Who we share your data with

We do not sell your data. We share it only with carefully chosen service providers who have signed data processing agreements:

  • HotelPoint — booking engine that powers online reservations.
  • Brevo (Sendinblue SAS, France) — sends transactional and marketing email on our behalf.
  • Google Maps (Google Ireland Ltd.) — displays the embedded map on location and contact pages.
  • Google Fonts (Google Ireland Ltd.) — provides our typography. Loaded directly from Google servers, so your IP address is shared.
  • Hosting provider — stores the site and database within the EU.
  • Greek authorities — guest registration data is transmitted as required by law.
  • Booking partners (e.g. Booking.com, where applicable) — only the details needed to fulfil reservations made through them.

5. International transfers

Some processors (mainly Google) may transfer data outside the European Economic Area. In such cases the transfer is governed by Standard Contractual Clauses approved by the European Commission, with additional safeguards where required.

6. How long we keep your data

Data Retention
Booking & stay records 10 years (tax requirement)
Contact form messages 2 years from last contact, then deleted
Newsletter subscription Until you unsubscribe
Web analytics 14 months
Server / security logs 30 days

7. Cookies

The site uses a minimal set of cookies:

  • Strictly necessary cookies — for the site to function (session, language preference, WPML language switcher). No consent required.
  • Functional cookies — remember non-essential preferences (e.g. menu state). Set only with your consent.
  • Statistics cookies — measure aggregated traffic. Set only with your consent. We do not use advertising cookies.

You can change or withdraw consent at any time via the cookie preferences link in the footer. You can also block all cookies in your browser settings — some site features may not work properly.

8. Your rights

Under GDPR you can, free of charge:

  • Access — receive a copy of the data we hold about you.
  • Rectification — correct inaccurate or incomplete data.
  • Erasure — request deletion, where retention is not required by law.
  • Restriction or objection to certain processing.
  • Portability — receive your data in a structured, machine-readable format.
  • Withdrawal of consent at any time, where processing is based on consent.

To exercise any right, email us at anemoliavillas@gmail.com. We respond within 30 days. If you are not satisfied with our response, you can file a complaint with the Greek Data Protection Authority — www.dpa.gr.

9. Security

We use HTTPS encryption across the site, secure password hashing, and access limited to staff who need it. Payment data is processed by PCI-DSS-compliant payment providers — we do not see or store full card details on our servers.

10. Minors

Our services are not directed at minors. We do not knowingly collect data from individuals under 16 without verifiable parental consent.

11. Updates to this policy

We may revise this policy from time to time. Material changes will be highlighted on this page and, where appropriate, notified by email. The “Last updated” notice at the top reflects the most recent revision.

12. Contact

For any privacy-related question, email us at anemoliavillas@gmail.com.