Stylianos Christakos (hereinafter "we", "us", "our"), operates the website www.villacarvella.com (hereinafter the "Website"), recognizes the importance of the privacy of all its visitors and users and is committed to protect your personal data in compliance with applicable data protection and privacy laws, including the General Data Protection Regulation 2016/679 (hereinafter the "GDPR").
- Contact Information
Data Controller according to the GDPR is Stylianos Christakos
Agiou Konstantinou 5 str
Commercial Registry Number
If you have any questions, comments or concerns about our privacy practices and/or would like to submit a privacy request, please contact us at the abovementioned contact details.
- Personal Data Collected, Purpose and Legal Basis of the Processing
When you access and navigate through our Website and make use of specific sections of the Website, certain personal data are being collected and processed for the purposes mentioned below and always upon application of an appropriate legal ground. In particular:
- Contact details (name, surname, ID or passport number, email address, phone number and home address), credit card details (card type, credit card number, card name, expiration date and security code) and visitor details (arrival and departure dates, any special requests, comments on service preferences) in order to complete and manage your online booking, on the basis of Article 6 para. 1 (b) GDPR;
- Data automatically collected (such as such as language settings, IP address, location, device settings, device operating system, activity details, time of use, redirect URL, status report, user information, the browser), for purposes of operation of our Website as well as statistical and advertising purposes, on the basis of Article 6 1 (a) GDPR and Article 6 par. 1 (f) GDPR, as further described in our Cookies Policy.
- On-line technologies
- Recipients of your Personal Data
We do not allow personal information collected about you to be sold, traded, disclosed to or viewed by any third party. Your personal data is mainly processed exclusively by us and our authorized personnel.
We may, however, disclose your personal data in limited circumstances to certain categories of recipients, always ensuring that they provide the appropriate level of security and confidentiality of your personal data in compliance with applicable data protection laws. In particular, depending on the case, we may disclose your personal data to:
- Services providers, who may perform services on our behalf relating to the Website's operation and functionalities, such as IT and booking services providers, only to the extent necessary for the execution of the required services;
- Law enforcement authorities, government officials, regulatory agencies or other parties, when we are required to do so by applicable law, regulations or legal process in connection, for instance, with an investigation conducted by judicial authorities regarding suspected and/or actual illegal activity or with a court order served on us, or when such disclosure is necessary upon our legitimate interests.
- Location of your Personal Data
The storage and processing of your personal data is taking place only within the EU/EEA, where an adequate level of personal data protection is ensured.
If we are required to transfer your personal data to a third country, we will promptly inform you thereof and implement appropriate safeguards in accordance with applicable data protection laws, in order to conduct such data transfer and ensure that your personal information remains protected and secure.
- Retention Period of your Personal Data
The criteria used to determine the retention period of your personal data include inter alia: (i) the time period we have an ongoing relationship with you; (ii) whether there is a legal retention obligation to which we are subject, such as legal, tax or accounting requirements; or (iii) whether retention is advisable in light of our legitimate interest to have an accurate record of your dealings with us in the event of any complaint or challenge, litigation or regulatory investigation.
We do not seek to obtain nor do we wish to receive personal data directly from children without consent given or authorised by the holder of parental responsibility over the child; however, we cannot always determine the age of persons who access and use our websites. We shall make reasonable efforts to verify in such cases that consent is given or authorised by the holder of parental responsibility over the child, taking into consideration available technology.
- Your Rights
You have the following rights in connection with the processing of your personal data, provided that the respective legal requirements are met:
- Right of access: you can receive confirmation as to whether or not personal data of yours are processed and request access to, as well as a copy of the processed data.
- Right to rectification: you can request the correction of inaccurate personal data or the completion of incomplete personal data.
- Right to erasure of your personal data, where one of the grounds set out under Art. 17 of the GDPR applies. In this case, we will erase them unless we decide to retain them for one of the legitimate reasons under which we are entitled to refuse.
- Right to restriction of processing, where one of the grounds set out under Art. 18 of the GDPR applies.
- Right to object to the processing of your personal data, when we rely on our own or someone else's legitimate interest, including to the processing for direct marketing purposes.
- Right to data portability: you can request to receive your personal data in a structured, commonly used and machine-readable format and to transmit them to another controller, provided that the conditions of Art. 20 of the GDPR are met.
- Right to withdraw your consent: in cases where processing is based on your provided consent, you can withdraw your consent at any time, without however affecting the lawfulness of processing based on consent before its withdrawal.
The aforementioned rights may be exercised at any time by submitting your request in writing at the following e-mail address: [email protected]. We will respond to your request as soon as possible, taking into account the nature and type of the request.
Finally, if we fail to take action on your requests, you have the right to lodge a complaint with the competent data protection authority. For users resident in Greece the competent authority is the Hellenic Data Protection Authority (HDPA), located in Athens (1-3 Kifissias Avenue, PC 11523), www.dpa.gr.
- Links to Other Websites
Our website provides links to other websites for your convenience and information. We are not responsible or liable for any content presented by or contained on any independent website, including, but not limited to, any advertising claims or marketing practices. We cannot control and will not be responsible for the privacy policies of third party websites, including websites owned or controlled by operators, third party owners of hotel, resort, interval ownership, or websites not controlled or authorized by us. Third party websites that are accessed through links on our website have separate privacy and data collection practices, and security measures. Please note that the online booking process is managed by a third party through their websites. We have no responsibility or liability for the practices, policies and security measures implemented by third parties on their websites. We encourage you to contact them to ask questions about their privacy practices, policies and security measures before disclosing any personal data. We recommend that you review the privacy policies of linked websites to understand how those websites collect, use and store information.
Last update: 31/5/2022