Skip to main content
Sarti Thea Logo

Your Data Rights

Your Rights Under GDPR

Under the General Data Protection Regulation (GDPR), you have specific rights regarding your personal data. This page explains these rights and how you can exercise them at Sarti Thea Boutique Hotel.

1. Right of Access (Article 15)

You have the right to:

  • Know whether we are processing your personal data
  • Receive a copy of your personal data we hold
  • Know the purposes of processing
  • Know the categories of data being processed
  • Know the recipients or categories of recipients
  • Know the retention period or criteria used to determine it
  • Know the source of data if not collected directly from you

2. Right to Rectification (Article 16)

You have the right to:

  • Have inaccurate personal data corrected without undue delay
  • Have incomplete personal data completed, including by providing a supplementary statement

3. Right to Erasure / "Right to be Forgotten" (Article 17)

You may request deletion of your personal data when:

  • The data is no longer necessary for its original purpose
  • You withdraw consent (if processing was based on consent)
  • You object to processing and there are no overriding legitimate grounds
  • The data has been unlawfully processed
  • The data must be erased for legal compliance

Note: This right is not absolute. We may retain data when required by law (e.g., tax records must be kept for 5 years under Greek law).

4. Right to Restriction of Processing (Article 18)

You can request restriction of processing when:

  • You contest the accuracy of the data (restriction during verification)
  • Processing is unlawful but you prefer restriction over erasure
  • We no longer need the data but you need it for legal claims
  • You have objected to processing (pending verification of legitimate grounds)

5. Right to Data Portability (Article 20)

You have the right to:

  • Receive your personal data in a structured, commonly used, machine-readable format
  • Transmit that data to another controller without hindrance
  • Have data transmitted directly between controllers where technically feasible

This applies when processing is based on consent or contract and is carried out by automated means.

6. Right to Object (Article 21)

You have the right to object to:

  • Processing based on legitimate interests or public interest
  • Processing for direct marketing purposes (absolute right)
  • Processing for scientific/historical research or statistical purposes

When you object to marketing, we will stop processing your data for that purpose immediately.

7. Rights Related to Automated Decision-Making (Article 22)

You have the right not to be subject to decisions based solely on automated processing that produce legal or significant effects. We do not currently use automated decision-making at Sarti Thea Boutique Hotel.

8. Right to Withdraw Consent (Article 7)

Where processing is based on your consent, you have the right to withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.

How to Exercise Your Rights

To exercise any of these rights, you can:

  • Email: info@sartithea.gr
  • Phone: +30 2375 094 065
  • Post: Sarti Thea Boutique Hotel, Sarti, Halkidiki, 63072, Greece

What We Need From You

To process your request, we may need:

  • Proof of identity (to ensure we are responding to the right person)
  • Specific details about your request
  • Information to help us locate your data (e.g., booking reference, dates of stay)

Response Time

We will respond to your request within one month. This period may be extended by two further months for complex requests, in which case we will inform you within the first month.

Complaints

If you are not satisfied with how we handle your request or believe your data protection rights have been violated, you have the right to lodge a complaint with:

Hellenic Data Protection Authority
Kifisias 1-3, 115 23, Athens, Greece
Phone: +30 210 6475600
Website: www.dpa.gr

Last updated: February 2026

Home