Skip to main content
Sarti Thea Logo

Privacy Policy

1. Introduction

Sarti Thea Boutique Hotel ("we", "us", or "our") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, make a reservation, or stay at our hotel.

This policy complies with the General Data Protection Regulation (GDPR) (EU) 2016/679 and Greek Law 4624/2019 on personal data protection.

2. Data Controller

The data controller responsible for your personal data is:

Sarti Thea Boutique Hotel
Sarti, Halkidiki, 63072, Greece
Email: info@sartithea.gr
Phone: +30 2375 094 065

3. Personal Data We Collect

We may collect the following categories of personal data:

3.1 Information You Provide Directly

  • Contact information (name, email address, phone number, postal address)
  • Identification data (passport or ID card details as required by Greek law)
  • Payment information (credit card details, billing address)
  • Reservation details (check-in/check-out dates, room preferences, special requests)
  • Communication records (emails, phone calls, messages)
  • Feedback and reviews

3.2 Information Collected Automatically

  • Device information (IP address, browser type, operating system)
  • Website usage data (pages visited, time spent, referral source)
  • Cookies and similar technologies (see our Cookie Policy)

4. Legal Basis for Processing

We process your personal data based on the following legal grounds:

  • Contract Performance: To fulfill our contractual obligations when you make a reservation or stay at our hotel
  • Legal Obligation: To comply with legal requirements, including Greek tourism regulations requiring guest registration
  • Legitimate Interests: For business operations, security, fraud prevention, and improving our services
  • Consent: For marketing communications and non-essential cookies (where applicable)

5. How We Use Your Data

We use your personal data for the following purposes:

  • Processing and managing your reservations
  • Providing accommodation and related services
  • Communicating with you about your booking
  • Processing payments and preventing fraud
  • Complying with legal obligations (guest registration, tax reporting)
  • Sending promotional offers and newsletters (with your consent)
  • Improving our website and services
  • Responding to your inquiries and requests
  • Ensuring the safety and security of our guests and property

6. Data Sharing

We may share your personal data with:

  • Service Providers: Payment processors, booking platforms, IT service providers
  • Legal Authorities: Greek police and tourism authorities as required by law
  • Professional Advisors: Lawyers, accountants, auditors when necessary
  • Business Partners: Online travel agencies through which you may have booked

We do not sell your personal data to third parties.

7. International Data Transfers

Your data is primarily processed within the European Economic Area (EEA). If we transfer data outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.

8. Data Retention

We retain your personal data for:

  • Guest records: 5 years from the date of stay (as required by Greek tax law)
  • Marketing data: Until you withdraw consent or 3 years from last interaction
  • Website analytics: 26 months
  • Communication records: 3 years

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including encryption, secure servers, access controls, and staff training. However, no method of transmission over the Internet is 100% secure.

10. Your Rights

Under GDPR, you have the following rights:

  • Right of Access: Request a copy of your personal data
  • Right to Rectification: Request correction of inaccurate data
  • Right to Erasure: Request deletion of your data (subject to legal retention requirements)
  • Right to Restrict Processing: Request limitation of data processing
  • Right to Data Portability: Receive your data in a structured format
  • Right to Object: Object to processing based on legitimate interests or for marketing
  • Right to Withdraw Consent: Withdraw consent at any time

To exercise these rights, please contact us at info@sartithea.gr. We will respond within one month.

11. Complaints

If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Hellenic Data Protection Authority (www.dpa.gr).

12. Updates to This Policy

We may update this Privacy Policy from time to time. The latest version will always be available on our website with the effective date noted.

Last updated: February 2026

Home