Privacy Policy

1. Introduction

Leivatho Hotel ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or stay at our hotel.

Data Controller: Leivatho Hotel
Leivatho Bay S.A. (Hotel & Tourism Enterprises)
147 Antigonis Street, 10443 Athens, Greece
VAT No. EL998102387 — KEFODE Attiki Tax Office

2. Information We Collect

2.1 Personal Information

We may collect personal information that you provide to us, including but not limited to:

• Name and contact details (email, phone number, address)
• Booking and reservation information
• Payment information (processed securely through third-party payment processors)
• Passport or identification details (as required by Greek law)
• Preferences and special requests

2.2 Automatically Collected Information

When you visit our website, we may automatically collect:

• IP address and browser type
• Device information
• Pages visited and time spent on pages
• Referring website addresses
• Cookies and similar tracking technologies

3. How We Use Your Information

We use the information we collect to:

• Process and manage your bookings and reservations
• Provide and improve our services
• Communicate with you about your stay and our services
• Send promotional materials (with your consent)
• Comply with legal obligations
• Prevent fraud and enhance security
• Analyze and improve our website and services

4. Legal Basis for Processing (GDPR)

We process your personal data based on:

• Contractual necessity: to fulfill our obligations under your booking
• Legal obligation: to comply with Greek and EU laws
• Legitimate interests: to improve our services and communicate with you
• Consent: for marketing communications (which you can withdraw at any time)

5. Sharing Your Information

We may share your information with:

• Service providers (payment processors, booking platforms, email services)
• Legal authorities when required by law
• Business partners with your explicit consent

We do not sell your personal information to third parties.

6. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. However, no method of transmission over the Internet is 100% secure.

7. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Booking records are retained for 10 years in accordance with Greek tax laws.

8. Your Rights

Under GDPR and Greek data protection laws, you have the right to:

• Access: request a copy of your personal data
• Rectification: correct inaccurate or incomplete data
• Erasure: request deletion of your data (subject to legal requirements)
• Restriction: limit how we use your data
• Portability: receive your data in a structured, machine-readable format
• Objection: object to processing based on legitimate interests
• Withdraw consent: for marketing communications

9. Cookies and similar technologies

Our website does not set traditional tracking cookies. We use the browser's localStorage for two small preference values that are essential to the user experience and remain on your device until you clear them. No third-party analytics or advertising trackers are loaded.

• cookie-consent (localStorage; not technically a cookie) — stores your accept/reject decision for the consent banner so it isn't shown again. Retention: until cleared by you.
• language (localStorage) — stores your preferred site language (English, Greek, German). Retention: until cleared by you.

You can clear these values at any time via your browser's site-data settings. Doing so will reset your consent and language preference on next visit.

10. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices of these websites. We encourage you to review their privacy policies.

11. Children's Privacy

This website is not directed at children under 16, and we do not knowingly collect personal information online from children under 16 without verifiable parental consent. Children are warmly welcome to stay at the hotel as guests of their family — any personal data about a minor included in a booking (such as a name or age) is provided by the parent or legal guardian and processed under their consent for the purpose of fulfilling the reservation.

12. International Data Transfers

Your information may be transferred to and processed in countries outside the European Economic Area. We ensure appropriate safeguards are in place for such transfers.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any significant changes by posting the new policy on our website with an updated revision date.

14. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us:

15. Supervisory Authority

You have the right to lodge a complaint with the Greek Data Protection Authority (Hellenic DPA) if you believe your data protection rights have been violated.