Privacy policy

Declaration on the Protection of Personal Data in accordance with the General EU Data Regulation 679/2016 of the company under the name “Filoxenia Services OE” as the owner and operator of the “Charm Hotel, Hersonissos”, located in Ierapetra, Crete.

Please take a few minutes to carefully read and understand the following Privacy Policy.

General Statement

Our company operates in the field of tourism, providing hotel accommodation, leisure, and related hospitality services. In the context of our business activities and in order to provide our services in a professional and efficient manner, it is necessary for us to collect and process specific categories of personal data from our guests, employees, suppliers, partners, and website visitors. The personal data collected is limited to what is strictly necessary for the purpose of executing our contractual obligations, complying with legal requirements, and improving the quality of our services.

Categories of Data Collected and Purpose of Processing

We collect and process personal data provided by our guests during the reservation process either directly through our website, via email, over the phone, or through travel agents and booking platforms. The personal information collected may include your full name, date of birth, nationality, identification details, contact details such as email address, telephone number, postal address, as well as payment details such as credit or debit card number, and bank account information when applicable. We may also collect specific preferences, dietary restrictions, or health-related data you voluntarily provide to us to enhance your experience with us. These data are stored in our reservation and customer management systems and retained for the purposes of completing the contractual relationship, invoicing, legal compliance, and personalized customer service.

Furthermore, through our official website, visitors may submit their contact information to request information, make a reservation inquiry, or subscribe to our newsletter. In all such cases, the data is processed only with the visitor’s explicit consent and is not shared with third parties for any purpose other than the fulfillment of the request or the provision of the subscribed services.

Additionally, we maintain records and process personal data of our employees and external collaborators as required by labor, tax, and social insurance legislation, as well as to fulfill our internal operational needs. Personal information is also collected from suppliers and service providers, when necessary, in the course of commercial cooperation with individuals acting as natural persons or as legal representatives of companies.

Legal Basis for Data Processing

The processing of personal data is based on one or more of the legal bases established by the General Data Protection Regulation (EU) 679/2016. In most cases, data processing is necessary for the execution of a contract to which the data subject is a party or for the implementation of pre-contractual measures taken at their request. In other cases, the processing is required for compliance with a legal obligation to which the company is subject, or is carried out based on the data subject’s explicit consent, which can be withdrawn at any time. In some instances, processing may also be necessary for the protection of vital interests, the performance of a task carried out in the public interest, or the purposes of legitimate interests pursued by the company, provided such interests do not override the rights and freedoms of the data subject.

How Data is Collected

The collection of personal data may occur through various channels. It may happen directly when you provide your details at the time of making a reservation, completing a check-in form, contacting us by telephone or email, or interacting with our personnel during your stay. We may also collect personal data through third-party platforms such as booking websites, provided that you have given your consent to those platforms to share the data with us. If you submit a request via the contact form on our website, we will collect the information you voluntarily provide, including your name and email address, for the purpose of replying to your inquiry.

Data may also be collected through cookies and similar technologies used on our website to enhance user experience, analyze traffic, and personalize content, always in accordance with your browser preferences and cookie settings. We also use security surveillance systems (CCTV) in public hotel areas for the purposes of safety, protection of property, and crime prevention, and these systems may capture and record your image during your presence in those areas.

Purpose and Use of Data

The primary purpose of data processing is the proper execution of our hospitality services, including making and managing reservations, check-in and check-out procedures, personalized customer service, billing, and compliance with tax and legal obligations. We also process data to maintain effective communication with our guests, respond to their requests and complaints, and provide updates or offers via email, SMS, or other means, always within the limits of the consent provided by each recipient.

Data may also be used to improve our services and ensure customer satisfaction. In such cases, statistical or anonymized processing may be conducted for internal assessment and service quality enhancement. Any personal data collected is processed strictly within the scope of the original purpose, and no automated decision-making or profiling that significantly affects the data subject is carried out without explicit consent.

Security Measures

We are fully committed to ensuring the confidentiality, integrity, and availability of your personal data. For this purpose, we apply both technical and organizational security measures suitable to the nature of the data and the risks posed by their processing. These measures include secure data storage systems, access control procedures, encryption protocols where applicable, and the continuous training and supervision of authorized personnel handling the data. Access to personal data is strictly limited to employees or associates who need it to perform their duties and are contractually bound to maintain confidentiality.

Data Retention Period

Personal data are retained only for the period necessary to fulfill the purposes for which they were collected, including compliance with legal, accounting, and tax obligations. Guest data related to bookings and invoicing are generally retained for a minimum of five (5) years as required by tax law. Employment-related data are kept in accordance with labor regulations, and personal data obtained for marketing purposes will be stored until the consent is withdrawn. In specific cases, such as pending legal claims or judicial procedures, data may be retained for the duration required to exercise or defend legal rights. Once the applicable retention period has expired, personal data are securely deleted or anonymized.

Disclosure and Transmission of Data

We do not disclose personal data to third parties unless such disclosure is required by law, necessary for the performance of a contract, or based on your explicit consent. In the context of our operations, we may transmit data to selected external service providers acting on our behalf, such as accountants, IT support professionals, and reservation system providers. These parties are contractually bound to handle your data with strict confidentiality and in full compliance with the GDPR.

In certain cases, we may share your personal data with third-party service providers when you have specifically requested a related service, such as transportation arrangements, excursions, restaurant reservations, or wellness treatments. Payment information may be disclosed to financial institutions or authorized payment processors for the sole purpose of completing financial transactions. Furthermore, your data may be provided to public authorities, including tax offices, law enforcement agencies, or the Ministry of Tourism, in compliance with mandatory reporting obligations.

Your Rights as a Data Subject

As a data subject, you have the right to access your personal data, request correction of inaccuracies, request the deletion of data under certain conditions, and restrict or object to processing. You also have the right to data portability, i.e., to receive your data in a structured, commonly used, and machine-readable format. Where processing is based on your consent, you may withdraw it at any time, without affecting the lawfulness of processing carried out before such withdrawal.

You may exercise any of the above rights by contacting us in writing at our physical address: Hersonissos, Heraklion, 700 14, Crete, Greece, or by email at: info@charmhotel.gr. We undertake to respond to your request within thirty (30) days of its receipt, unless the request is particularly complex or extensive, in which case we will inform you accordingly.

Cookies and Website Use
Our website uses cookies to provide a more personalized, secure, and efficient browsing experience. Cookies are small text files stored on your device that help us recognize your preferences, understand user behavior, and enhance the functionality of our website. Some cookies are strictly necessary for the website to function properly, while others (such as analytics and performance cookies) are used to collect statistical data and improve the performance of our online services.

In accordance with applicable legislation, including the General Data Protection Regulation (EU) 679/2016, the ePrivacy Directive, and Greek Law 3471/2006, our website incorporates a cookie consent mechanism that allows visitors to choose which categories of cookies they wish to accept or reject. Upon your first visit to our website, a banner is displayed informing you of the use of cookies and allowing you to set your preferences or withdraw your consent at any time. Essential cookies remain active as they are necessary for the technical operation of the site, but all non-essential cookies, including those used for statistical, marketing, or personalization purposes, are activated only upon your explicit consent.

Our website uses Google Analytics to collect anonymized data on user interaction, such as page views, session duration, and navigation paths. These analytics help us better understand how visitors use the website and enable us to optimize content and usability. If you wish to disable the collection of data via Google Analytics, you may do so by adjusting your browser settings or by visiting the following link: https://tools.google.com/dlpage/gaoptout.

You may also manage or revoke your cookie preferences at any time by accessing the relevant cookie settings page directly from our website’s footer or by clearing cookies in your browser and reloading the page.

Changes to this Privacy Statement

We reserve the right to amend this Privacy Policy at any time to reflect changes in our services, applicable legislation, or technological developments. Any updates to this Policy will be published on our website and will be effective upon publication. We recommend that you periodically review this Policy to stay informed about how we process your personal data.

Contact Information

For any questions or concerns regarding this Privacy Policy or the processing of your personal data, you may contact us at:

Charm Hotel
Hersonissos, Heraklion, Crete 700 14, Greece
Email: info@charmhotel.gr
Telephone: +30 6983815763