Privacy Policy

Villa Paxos | Apartments in Paxos

Privacy Policy of Villa Paxos

The company Villa Paxos acknowledges and respects the rules on the protection of natural persons with regard to the processing of their personal data, and therefore drafted and communicated this personal data protection policy, in accordance with the provisions of the national, European and international law with regard to the processing of personal data.
By means of this policy, the company under the name Villa Paxos, lays down and discloses the conditions under which, in its function as ‘Controller’, as defined by law, processes your personal data, which it collects, when you enter into transactions at its venues, as well as when you visit its website or mobile applications.


This personal data protection policy is compliant with the provisions resulting from the European Regulation (EU) 2016/679 and all other relevant applicable legislation. This personal data protection policy shall apply for the transactions of any natural person with the company as well as for the information provided through the company and its website.
The website is the website of the company, through which the company informs its clients on the services provided. Through the website, the customer may proceed to book either by being redirected to our page on the website of the company ‘’ or by remaining at our website. Therefore, the personal data protection policy which shall apply while booking or navigating through our website is that of ‘’ or ours. This personal data protection policy shall not apply for information which is collected through any other website. We are not responsible for information that is collected through other websites and we suggest that you read the personal data protection policy of all websites you visit.

What does personal data mean?

‘Personal data’ means information which may be used to identify a natural person (e.g. name and surname, telephone number, VAT number etc.).

What does processing personal data mean?

‘Processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Is provision of personal data mandatory?

We make sure to collect only your personal data which are absolutely necessary for the purpose intended, and particularly:
1. Name and surname, citizenship, address, VAT number, date of arrival and departure. These data are collected for the company to comply with its legal obligations and for the execution of the service contract.
2. The telephone number and the e-mail address are collected and serve the execution of the service contract. These data are collected and may be used for sending you offers or updates, only with your consent.
3. The abovementioned information (1) and (2) will also be registered in a special book of events kept in our accommodation to enable tracing and informing contacts if a COVID-19 case is confirmed.
4. Credit card details are subject to processing for the performance of the service contract, namely to ensure the booking of a room and the fulfillment of the customer's obligation to pay the fee for the services received.
5. Special preferences are collected, with your consent, for the purpose of providing better services and a pleasant staying for the customer, during the execution of the service contract.
6. Complaints are collected for the evaluation of our services, as well as to detect and correct errors and to improve the quality of services provided.
7. Data on the number of visits of our website.
8. Your username on social media, if you interact with us via those media, to help as answer your comments or questions.

How are your data used?

The company processes your personal data to:
- Fulfill the contractual obligation, in order to perform the sale of services, to satisfy its legitimate interests and to ensure its smooth functioning, to comply with its legal obligations and to be able to carry out or to contest legal obligations.
- Create a user account on its website.
- Stay in contact with its clients.
- Send information material (newsletter). With your consent, we will able to use your personal data to inform you about our products, services and actions via e-mail.
- Protect public health.

What is the legal ground for the processing of your personal data?

The data protection regulation defines the reasons why the company may collect and process your personal data. These reasons are the following:
- The performance of the contract to which you are a contracting party
- Meeting the legitimate interests of the company
- Complying with the legal obligations of the company
- Your consent, for the reasons it is given.

Who receives your data?

Access to your data shall be provided to competent supervisory authorities, to the members of the company for which it is strictly necessary, which is bound to respect confidentiality, and to businesses collaborating with us, or to third service providers, who process your data as carrying out the processing on our behalf and following our orders and under the condition of always respecting confidentiality and particularly to:
- Providers of IT services and providers of accounting services
- Credit and financial institutions in the European Union, which are licensed and operate legally.
The abovementioned providers take measures to protect personal data, as well, and process your data following strictly our express written order.

How do we ensure that the Processors respect your data?

The processors are bound by a contract with the company:
- To respect confidentiality
- Not to send data to third parties without the approval of the company
- To take appropriate security measures
- To comply with the legal framework with regard to the processing of their personal data, and in particular the Regulation (ΕU) 2016/679.

How long do we keep your data?

We keep the above data, for as long as required by the national and European law, until the completion of the sales and purchase agreement or provision of services, in paper or in electronic form and moreover, for as long as required after it expires, namely until the completion of the limitation period of the right of the Greek State to carry out regular inspections and to impose fines for related violations. In case of any legal action of any kind involving the undersigned directly or indirectly, the abovementioned time limit shall be suspended throughout the proceedings and until an irrevocable court decision has been taken.

Are your data safe?

To ensure the security of your personal data, the company takes all technical and organizational measures to protect its paper and electronic files, from accidental or unlawful destruction, accidental loss, alteration, prohibited dissemination or access and any other form of unlawful processing.
In all cases, you have complete control of your personal data, which are provided and received for the abovementioned purposes.
The company will not offer for sale, will not transfer in any way and will not disclose personal data of its clients to anyone, without their consent, except for the competent authorities, if it is required by the law.

What are your rights to the access and management of your personal data and your options?

According to the provisions of the national, European and international law, you have the right to ask:
- For a copy of personal data, which are or were subject to processing (right of access)
- To raise any objections at any time and to oppose the processing of data related to them (right of objection)
- To request correction (right of correction) or deletion of his data (right of deletion), provided that it is not contrary to legal provisions
- To ask the company for direct transmission of their data to another controller (right to data portability).
The abovementioned actions are carried out by us, after the submission and identification of your request, and within a reasonable time, which does not exceed 30 days.

Sending e-mails and newsletter

You may allow us or not to send you e-mails and newsletters for advertising purposesat any time. You may withdraw any consent you gave with regard to the processing of your personal data, under the condition that it is not contrary to the law or our legitimate interests. We will comply with your wish, within a reasonable time.

How can you contact us?

If you have any questions or remarks regarding this personal data protection policy or you wish to update your information that we keep, or your preferences, please contact us at our e-mail address: .
If our answer does not satisfy you or you believe that we do not process your personal data in accordance with the law, you may complain to the Hellenic Data Protection Authority (, Kifissias 1-3 Athens, +302106475600).
The applicable legislation is the Greek legislation, as laid down in the Regulation (ΕU) 2016/679on the protection of natural persons with regard to the processing of their personal data, and in general, the national and European legal and regulatory framework with regard to the protection of personal data. The courts of Larisa are competent for any disputes.
This policy may be updated from time to time, due to changes in the relevant legislation or to changes in the company’s structure. Therefore, we encourage our clients/users to check this website regularly to stay informed about updates on confidentiality practices.
Please contact us in one of the following ways to obtain a copy of the information that we hold for you, as well as to ask us to correct your data, or erase your information.
By Telephone: +30 26610 27822