Main Menu
VIEW VILLAS

Privacy Policy (GDPR)

Last updated : 2 June 2025

1. Who we are

This website, www.villa-loutraki.gr (the “Site”), is operated by GHDP – Greek Hospitality and Development Projects I.K.E. (“we”, “us”, “our”).
Registered address : Skaloma Perachoras 0, 203 00 Loutraki-Perachora, Corinthia, Greece
E-mail : reservations@villa-loutraki.gr  Telephone : +30 6970 497 702
We act as the data controller for all personal data collected through the Site.
You may lodge a complaint with the Hellenic Data Protection Authority, 1-3 Kifisias Ave., 115 23 Athens, Greece, tel. +30 210 647 5600.

2. What personal data we collect

  • Data you provide directly – name, e-mail, phone, postal address, booking details (villa, dates, guests, special requests), payment reference (the full card number is processed only by our payment gateway).

  • Data collected automatically – IP address, browser and device type, operating system, time-zone, referring pages, pages visited, buttons clicked and form submissions.

  • Data from third parties – payment confirmations from Stripe, booking details from channel managers or online travel agencies you use.

We do not deliberately collect special-category data unless you voluntarily disclose them in a booking request (for example, accessibility needs).

3. Why we process your data and legal bases

  • Responding to enquiries you submit through contact or booking forms – pre-contractual steps at your request (Art 6 (1)(b) GDPR).

  • Confirming, administering and performing villa bookings – contract with you (Art 6 (1)(b)).

  • Processing payments and keeping accounting records – legal obligation under tax law (Art 6 (1)(c)).

  • Sending operational messages such as arrival instructions – our legitimate interest in running the business and assisting guests (Art 6 (1)(f)).

  • Sending marketing updates or special offers – your consent, which you can withdraw at any time (Art 6 (1)(a)).

  • Website analytics, fraud prevention and IT security – legitimate interests (Art 6 (1)(f)).

4. Cookies and tracking technologies

The Site uses first-party cookies to manage sessions and remember preferences, and Google Analytics 4 to measure traffic and improve performance. You can disable cookies in your browser, but some functions may stop working. Full details are provided in our separate Cookie Policy.

5. Who receives your data

  • WebHotelier | primalres, our EU-based booking & payments platform, which stores reservation and card-token data in its PCI-DSS Level 2 environment.

  • Secure EU web-hosting provider.

  • External accountants & auditors under confidentiality.

  • Greek tax and regulatory authorities when legally required.

  • Google LLC for traffic analytics (data transferred under SCCs).

6. International transfers

Where data leave the European Economic Area (for example, to Google LLC in the USA), we rely on European Commission Standard Contractual Clauses and apply additional technical and organisational protections.

7. Data retention

  • General enquiries – kept for 12 months after the last correspondence.

  • Booking records and invoices – retained for 10 years, in line with Greek tax law.

  • Card tokens – deleted seven days after check-out.

  • Analytics data – stored for 26 months (Google Analytics default).

  • Marketing-consent logs – kept until consent is withdrawn, then stored for three years as proof.

Once a retention period expires, data are securely erased or irreversibly anonymised.

8. Your rights

You may, at any time and at no cost, exercise the following rights :

  1. Access the personal data we hold about you.

  2. Rectify inaccurate or incomplete data.

  3. Erase data (“right to be forgotten”) when the law allows.

  4. Restrict processing under specific circumstances.

  5. Object to processing based on legitimate interests or to direct marketing.

  6. Receive the data you provided in a structured, machine-readable format (“data portability”).

  7. Withdraw consent where processing relies on it (e.g. newsletters).

To exercise any right, e-mail reservations@villa-loutraki.gr or call +30 6970 497 702. We will respond within one month, extendable by up to two months for complex requests. You also have the right to complain to the Hellenic DPA if you believe your data-protection rights have been infringed.

9. Security measures

  • TLS/HTTPS encryption for all Site traffic.

  • Online payments processed through WebHotelier’s PCI-DSS infrastructure – no full card data stored on our servers.

  • All transactions authenticated with 3-D Secure in line with PSD2.

10. Children

The Site is intended for adults aged 18 and over. We do not knowingly collect data from minors. If we learn that personal data of a person under 18 have been collected, we will delete them without undue delay.

11. Changes to this policy

We may update this Privacy Policy from time to time. Any substantial change will be posted on the Site and, where appropriate, notified by e-mail. Continued use of the Site after a revision takes effect constitutes acceptance of the updated policy.

12. Questions

For any privacy-related question, e-mail reservations@villa-loutraki.gr or call +30 6970 497 702 (Monday – Friday, 09 :00 – 17 :00 EET).

SEND ENQUIRY
ΒOOK DIRECT
send enquiry
  • Sterling Villa Locations
  • Fast easy access
  • Amazing Views
  • Concierge Services
Instagram