General Data Protection Regulation ( GDPR )

Our Data Protection Policy

The protection of your personal data is of great significance for the Apostolata Island Resort and Spa, therefore we are committed to respecting your privacy and we remain vigilant so as to ensure that all our security systems work properly to safeguard your personal data effectively.

What data we collect and how we use them

We collect data about, you when you provide them to us, such as:

Telephone / Email
Id or Passport number (if this is provided by you upon arrival)
Date of Birth
Guest stay information, such as special requests or other preferences
Images and visual recordings by means of closed circuit cameras systems collected during your stay, where this is permitted by law
Other information that you voluntarily provide to us
Medical conditions or allergies (you voluntarily provide to us) that may affect your stay
Contact details of our staff or other individuals we do business with, such as travel agents or suppliers
If you opt for booking on-line by using a credit card, we may retain and process the following data:

Name and surname of cardholder
Residential address
Name of credit card company
Credit card number
3-digit CVV2/CVC2 code
Expiry date of credit card
The data mentioned above is used to provide you with services relevant to your stay at the hotel such as executing your reservation or satisfying certain requests you have made. Moreover, provided we have your valid consent, we process your data in order to send you promotional offers, information regarding the Apostolata Island Resort and Spa, thank you letters or communication through email or SMS. Sensitive personal data which you have provided to us voluntarily may be processed with your valid consent, for example, intolerance to certain foods or medical conditions.

Note: The responsibility for the accuracy and the validity of the data you provide to us lies with you. Your personal data is not used for any other purposes, apart from those mentioned above in our Data Protection Policy, unless we have received your consent or it is required or permitted by law.

What is the legal basis for processing your data?

We collect your personal data that you share with us according to one or more of the following legal basis:

As required to fulfill the terms of our agreement
With your consent, which you can revoke at any time according to your rights as they are thoroughly stated below, by means of a written statement to us
As required so that we can comply with our legal obligations
As required for our own legal interests (or the legal interests of a third party), unless your own interests or fundamental rights or liberties that dictate the protection of your personal data prevail our own legal interests
Consequently, your personal data are lawfully processed by our company at the stage of collection as well as during their process, always in accordance with the law regulating the protection of personal data and in specific, according to the law 2472/1997 (integration of direction 95/46/EC) and 3471/2006, as they are currently in effect as well as the new European General Data Protection Regulation (EU) 2016/679.

How we store and secure the data we collect

Storage and security of the information

We use data hosting programmes so as to store the information we collect as well as technical measures to secure your data.

Retaining data

The time period during which the data we collect from you is retained depends on the type of the information. In any use every possible effort is made so that your data remains safe by taking all the necessary technical and organizational measures.

If it is necessary for us to comply with our legal or regulatory obligations to resolve any disagreement or to strengthen the terms of use, we can retain some of your data as required.

What are your rights and how can you access and check your information?

You are in control of your personal data process. In specific, with the new General Data Protection Regulation (GDPR) 2016/679 of the European Union your following rights are recognized and ensured:

The right to be constantly informed as to how your personal data is used
The right to access the personal data we have collected from you
The right of rectification of inaccurate personal data we have for you
The right to erase personal data we have for you
The right to limit processing of you personal data
The right to data portability, that is the right to transfer your data to you or another institution-service provider
The right to object to the process of your personal data
The right to withdraw consent for processing your personal data at any time you wish
The right to file a complaint to the supervisory authority, which is the Hellenic Data Protection Authority (HDPA) (Kifisias Street 1-3, Athens, Postal Code: 115 23, +30 210 6475600,
How we outsource the information we collect internationally

Our company does not outsource your personal data within the European Union or to third countries. If we are to do so, the users will be informed by means of the updating of our data protection policy.

How we keep your information safe

We use all the necessary technical and organizational measures according to the GDPR in order to make sure that your personal data is safe throughout the duration of their process and we make any possible effort to safeguard them during their storage.

Data Protection Officer and how to exercise your rights

If you wish to exercise your rights or to get informed with regard to the processing of your personal data, you may contact our company by means of email at or by calling (0030) 26710 83581-2. Our Data Protection Officer is Mr. Klonaris Miltiadis who will deal with any queries or requests you may have.

The Apostolata Island Resort and Spa, after having processed your request, reserves the right to satisfy it within a month or more, in case of a justified delay, provided it is legal and valid. Before we provide you with your data, we may ask for identification documents, so that you can prove your identity.

Useful Contact Details

Data Protection Office
MILTIADES N. KLONARIS & ASSOCIATES 1976 Address: 41 SOLONOS STR. 106 72 ATHENS, HELLAS TEL: (30) 2103604021 Fax: (30) 2103605208 E-mail:

Hellenic Data Protection Authority (HDPA)
Data Protection Authority Offices: Kifissias 1-3, 115 23 Athens, Greece Call Centre: +30-210 6475600 Fax: +30-210 6475628 E-mail: