EL
EN
BG
TR
PRIVACY POLICY & PERSONAL DATA PROTECTION
Our Company places great importance on the lawful processing, security, and protection of your personal data. Please read these terms and our Privacy & Data Protection Policy carefully. By using our websites and signing the relevant consent declaration, you unconditionally accept the practices described herein, the terms of which govern our contractual relationship and are incorporated into the terms of use of each of our services.
In addition to our internal IT systems, this website has been designed to comply with the following national and international legislation regarding data protection and user privacy:
General Data Protection Regulation (GDPR – Regulation (EU) 2016/679)
Law 4624/2019 implementing GDPR in Greece
UK Data Protection Act (DPA) 1988
Article 9A of the Greek Constitution
1. What is Personal Data
Your personal data includes any information, in physical or electronic form, that can directly or indirectly identify you as an individual. This may include your name, tax identification number, social security number, addresses, phone numbers, email, payment details, device identifiers, browsing history, and any other information enabling identification in accordance with GDPR and applicable laws.
2. Lawful Processing
a. Data We Collect
We collect necessary data such as name, ID/passport number, contact details, payment details, stay dates, and other information required to provide our services.
We do not collect sensitive data unless voluntarily provided (e.g., medical information such as allergies to enhance your stay).
b. Minors
If you are under 16, parental consent is required for newsletter subscriptions.
c. Legal Basis for Processing
We process your data based on:
Your consent
Contract execution
Legal obligations
Legitimate interests
Including:
Accommodation Services – to complete reservations and provide services
Legal Compliance – maintaining guest records and tax documentation
Marketing (Consent) – newsletters and offers
Website Analytics – via Google Analytics (non-identifiable data)
Internal Operations – administration, billing, fraud prevention
3. How We Collect Your Data
We collect data:
Through social media interaction
When you subscribe to newsletters or participate in promotions
Via cookies when visiting our website
Through contact forms (secured via encrypted email transmission)
4. How We Use Your Data
We use your data:
To provide requested services
To personalize your experience
To send newsletters (via Istology)
For service improvement
For coordination with partners (e.g., transfers, agencies)
When required by authorities
5. Storage & Retention
Data is stored securely in our OPERA system.
Retention periods:
Inactive accounts: 5 years
Cancelled bookings: 5 years
Tax data: 10 years
All data transfers are encrypted via HTTPS.
6. Processing Principles
We comply with GDPR principles:
lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity, confidentiality, and accountability.
We also uphold your rights: access, rectification, erasure, restriction, portability, objection, and protection from automated decision-making.
7. Your Rights
You have the right to:
Access your data
Correct inaccuracies
Request deletion
Restrict processing
Request data portability
Object to processing
File a complaint with the Data Protection Authority
Withdraw consent at any time
8. Data Minimization
We only collect necessary data required for services.
Data is retained only as long as required and then anonymized or deleted.
9. Cookies Policy
We use cookies in accordance with EU Directive 2009/136/EC.
Cookies help improve functionality, performance, and user experience.
Third-party tools (e.g., Google Analytics, social media plugins) may process data independently.
You may disable cookies via your browser settings.
10. Data Sharing with Third Parties
We do not share your data unless necessary for service provision or legal compliance.
Third parties may include:
Authorities
Booking systems
Service providers (e.g., Google, Istology, taxi services, agencies)
We ensure partners comply with data protection laws.
11. Data Security
We implement appropriate technical and organizational measures including:
Encryption
Firewalls
Access control
Staff training
Security audits
12. Targeted Advertising
With your consent, we may use your data to display relevant offers.
We do not use automated profiling or share data for third-party advertising without explicit consent.
13. Third-Party Links
Our website may contain links to third-party websites.
We are not responsible for their content or privacy practices.
14. Unsolicited Communication
We prohibit spam and misuse of our services.
We may block or terminate accounts violating these terms.
15. Contact
For questions: info@mediterranean-palace.gr
Data Controller:
Mediterranean Palace
3 Salaminos & Karatasou, Thessaloniki, Greece
Tel: +30 2311 240 400
Data Protection Officer: info@mediterranean-palace.gr
You also have the right to lodge a complaint with the Hellenic Data Protection Authority.
16. Data Breaches
We will report any data breach within 72 hours if required.
17. Policy Updates
We will notify users of significant changes and request consent where necessary.
18. Policy Validity
This Policy was published in February 2026 and is subject to periodic updates.
The deletion policy for your personal data is as follows: Deletion of inactive customer accounts: after 5 years. Deletion of cancelled orders: after 5 years. Tax information will be retained for ten (10) years for compliance with tax legislation; reservation data will be retained for five (5) years from the completion of the stay to cover the statute of limitations for legal claims
