Privacy Policy

Privacy Policy

1. Who is responsible for your data – Where are you going to exercise your rights?

1.1. Responsible for your Data Processing is “MPYRAKIS IKE – MOSSA WELL BEING HOTEL”, based in Drakonianou, Agioi Apostoloi – Chania Crete, PC 73100 and legally represented, by phone center +30282132142 and e-mail contact info@mossahotel.gr (“The company”).

1.2. The above Responsible Processing Company has appointed a Personal Data Protection Officer by contact email: info@mossahotel.gr. To the email address of the Data Protection Officer, you can address all the requests for exercising the following rights (under 3.1- 3.7.).

2. General principles adhered to by the Company regarding transparent information

2.1. Any information we give you in this document and any information you may request in the futureis provided free of charge, provided that the request is not repeated, exaggerated or manifestly unjustified (see more in 2.3.)

2.2. For each of the above rights exercised by the Company will respond to you within one (1) month of receipt of the request or in case of objective difficulty, complexity of the request or the number of requests, the Company will respond to the maximum in a period total three (3) months regarding either the termination of your application or the justified refusal to execute what you requested for legal reasons explicitly specified in General Regulation 679/2016.

2.3. In case the Company deems that any of the above rights are exercised manifestly unfounded or the request is excessive or (much more) has a recurring nature, it is entitled on the one hand to impose your charge with a reasonable fee on the provision of further information (which is in principle free of charge) and on the other hand to refuse to comply with the request.

2.4. In the event that the Company has reasonable doubts about your identity when you request the exercise of any of the above rights, it may request the provision of additional information necessary to confirm your identity before processing the request.

2.5. In case the Company delays beyond the justified respond to your request as well as in any case where you consider that your rights are violated or the Company is not consistent with your data protection obligations you have the right to file a complaint to the supervisory authority. (Greek Personal Data Authority, Athens Kifissias 1-3, PC 115 23, Athens, contact@dpa.gr, + 30-210 6475600).

2.6. You reserve the right to revoke your (any) consent at any time by submitting your relevant request document to the e-mail address of the Personal Data Protection Officer info@mossahotel.gr (see 1.2.)

3. What are your Rights in relation to the Personal Data you provided to us?

3.1. Right to Information
You reserve the right to request information about the personal data we receive from you and hold for one or more purposes as described below under A to D. This text is in its entirety a handbook of basic information and understanding of the regulatory philosophy governing the protection of your personal data. Updates, deepening and clarifications in this text can be given to you upon request for exercise of the right to information. (see how in 1.2)

3.2. Right of Access
You reserve the right to request from our Company access to your data which we maintain and confirmation in relation to whether they are processed and more specifically information about the
purposes of processing, the categories of personal data, the recipients or the categories of recipients, the time their retention and processing period, the existence of a right of complaint to the Personal Data Protection Authority, any available information on the origin of the data when it has not been made available to you, the existence or non-automation of decision making including profiling and related methodology, guarantees about the policy we follow when transmitting to third countries, a copy of the personal data kept and processed. (see how in 1.2.)

3.3. Right of Correction
You reserve the right to request from our Company correction of your data in case any of the items for which we have the right to edit has changed or has been entered incorrectly. (see how in 1.2.)

3.4. Right of Deletion
You reserve the right to request from our Company complete or partial deletion of your data in which we have the right to keep and process either because they are no longer necessary to fulfill the purposes for which they were collected, or because you withdraw your consent, or because the data was collected for a purpose you deem illegal. The company within a reasonable time (not more than one month and under conditions if there is a difficulty of not more than three months in total) will respond by confirming the total or partial deletion of your data or the impossibility of deleting specific data if a law or fulfillment of a duty in the public interest, whether the right to freedom of expression and information or the exercise or support of a legal claim requires their maintenance. In this case, on the one hand, you have the possibility to complain to the supervisory authority, and on the other hand, to file a court appeal. (see how in 1.2.)

3.5. Right of Restriction
You reserve the right to request from our Company a restriction on the processing of your data, quantitatively, temporally or in relation to the purpose of their processing and more specifically (a) either because you question the accuracy of your data and for how long the Company needs to confirm their accuracy, (b) either because you consider the processing illegal but instead of deleting you choose a restriction(c) either because it is no longer necessary for the Company to use them but you do not wish to delete them as retaining them will serve as a legal claim, (d) or in the event that you have objections to the processing of the data and until it is verified whether your rights as a Subject prevail over the legal processing grounds of the Company. (see how in 1.2.)

3.6. Right to Portability
You reserve the right to receive the personal data you have provided to us in a structured commonly used and machine-readable format as well as the right to transmit it further without objection, as your data is processed on the basis of consent. In the context of the exercise of this right, you also have the opportunity to request immediate transfer from the Company to third party without your mediation.
This right is exercised without prejudice to the restrictions of the right of deletion (see above under 3.4.) And its exercise may not adversely affect the rights and freedoms of others. (see how in 1.2.)

3.7. Right of Objection
3.7.1. You reserve the right to object to the use of your personal data for the purpose of direct marketing and in particular to create a profile related to this direct marketing. (see how in 1.2.)
3.7.2. There is no relevant right in the case of Employees / Prospective Employees and visitors of the company’s facilities as this data is not transmitted to the Marketing department and is not treated as such.

4. Can your data be transmitted elsewhere?
Your data is not intended to be transmitted to any organization outside the Company and (b) the competent tax authorities in the context of our mandatory compliance with tax legislation and to the extent (and provided) required.

5. Guarantees
We assure you that the Company will exhaust all technical and organizational measures of Data protection and will make the optimal, minimum and absolutely necessary use and processing of the Data as defined by law and strictly and exclusively for the purpose for which you have provided it to us.
Special provisions for the individual categories of Personal Data Subjects that cumulatively meet the above general provisions of the Policy


A.1. Purpose: The receipt, processing and retention of your data provided exclusively in the context of communication is done to satisfy the sole purpose of informing you about the products and actions of the Company. All your data is kept only for this purpose and is processed only by the marketing department of the Company.

Α.2. Legal basis for processing: The legal basis for the processing of your data is your consent to it for the fulfillment of the respective above purposes, according to article 6 par. 1 item a of the Regulation on protection of personal data A.3. Data Retention Time: For the fulfillment of the above processing purpose, i.e., your information about our products and actions, we consider a reasonable and necessary retention time of your relevant data for a period of three (3) years. After the expiration of three years from the time of obtaining your consent, the relevant data will be deleted unless your consent is provided again under the above conditions.


B.1. Purpose – Legal basis:

(a) during the pre-contractual stage, namely in case of completing an electronic communication form on our website or sending an email or telephone communication or filling in a printed form, (in which case you provide us with name / email address and / or telephone and / or Address and / or status and / or our products that interest you), the purpose is to investigate the possibility of a transaction with the Company and the legal basis is the service of the legal interest of the Company to pursue its commercial purposes responding to the requested communication to investigate the possibility of a transaction with you.

(b) In the event of a transaction with the Company, your Data that you have provided to us precontractually (as well as what you will provide to us in the context of our transaction) will be processed for the purpose of implementing the contract between us and our compliance with tax legislation. In this case, the legal basis of the processing is the execution of the contract between us as well as our compliance with the legislation (art. 6 par. 1b and 1c of the Regulation on Personal Data Protection.

B 2. Data Retention Time:
We will keep the above data under B.1. (A) for five (5) years and then we will delete the above data under B.1. (B) for as long as necessary by the tax legislation

B.3. Especially for the personal data of the subjects that we receive during trade exhibitions, the Privacy Policy applies, which is an integral part of the company that has undertaken the implementation of each exhibition and that the interested parties are invited to complete.


C.1. Purpose: The receipt, processing and retention of your data concerning the identification of your identity and the time of your stay at the company’s premises is done to meet the sole purpose of security and protection of both persons at the company’s premises (e.g., x. employees, visitors) as well as the general equipment of the company (indicatively building, electronic, etc.).

C.2. Legal basis for processing: The legal basis for the processing of your data is your consent to it for the fulfillment of the aforementioned purpose, according to article 6 par. 1 item a of the Regulation on protection of personal data.

C.3 Data Retention Time: For the fulfillment of the purpose, processing that concerns the safety and protection of both the persons who are in the company’s premises (e.g. employees, visitors) and the general equipment of the company (indicatively building, electronic etc.) we consider a reasonable and necessary retention time of your relevant data the period of fifteen (15) days. After the lapse of fifteen 15) days from the time of your entry into the company’s premises, the relevant file with all your details will be deleted.


Personal information is information about an identifiable person as defined by applicable law, such as name, email address and telephone number, etc.

D.1. Information we may collect:

D.1.1 We may collect personal information about you when you use our site and others who interact with us. The information we collect falls into three categories:
a) the information you provide to us, and (b) the information we collect through automated methods, and (c) the information we collect from other sources.

D.1.2 We can combine the information you provide us with information collected through automated methods and with information we receive from other sources.

D.1.3 We collect the information you provide to us. You can give us information in the following ways:
a) personal information, such as your name, postal and electronic addresses, telephone number, date of birth and other details communication, when you register on our website and / or in our application for mobile, connect to Wi-Fi, enter one of our contests, or contact us by phone or through our online services.
b) transactions and information, including information about the services you provide, prices, payment methods and Payment details.
c) Account information, such as your username or password (or anything else recognizes you) used to access our services online or to purchase or use our products and services.
d) Profile information, including products and services provided to you like or times you prefer to visit us.
e) Other personal information you choose to give us when you interact with us.

D.1.4 We collect information through automated methods:
We can use automated technology to collect information from your computer system or mobile device when you visit our restaurants, use our internet services or in-house technology. Automated
technology can include cookies, local shared items and web beacons. There is more information about cookies and other technologies.

D.1.5 We can collect information about:
a) Internet Protocol (IP) address
b) computer and mobile phone operating system and program type browsing
c) the type of mobile device and its settings
d) unique device ID (UDID) or mobile device ID (MEID) for your mobile device
e) the serial numbers of devices and components
f) advertising IDs (for example, IDFA and IFA) or the like IDs
g) the site that referred you to our site or application
h) online activity on other websites, applications or social media
i) communications with us or about us on social media
j) activity related to how you use your online services, such as the pages you visit on our websites or mobile applications

D.1.6 Our website may collect information about the exact location of your mobile device or computer using geolocation and technology such as GPS, Wi-Fi, Bluetooth or a vicinity of a cell tower. For most mobile devices and computer systems, you can withdraw your permission to collect this information using your device or web browser settings. If you have any questions about how we are unable to obtain accurate information about your location, we encourage you to contact your mobile service provider, the device manufacturer or web browser provider. Our site may not function properly without information about your location. If you would like to delete the information, we have collected that could locate your location, please contact us at the email address or phone number listed in 1.1 and 1.2.

D.1.7 We may collect information about:
a) We may collect information about you from other companies and organizations. We may also collect information that is available to the public. For example, we may collect information about you when you interact with us through social media.

D.2. Cookies
We may receive information about the general use of the Internet using a cookie stored in the browser or on the hard drive of your computer. Cookies contain information that is transferred to your computer’s hard drive. They help us to improve our website and provide a better and more personalized service. Some of the cookies we use are necessary for the operation of the website. Please note that advertisers may also use cookies, over which we have no control. For more information about how we use cookies, see the Cookies Policy

D.3. Uses applied by the information

D.3.1. We use the information we hold about you in the following ways:
a) To ensure that content from our site is presented in the most efficient way for you and your computer.
b) To provide you with the information or services you requested and for internal customer management and business purposes.
c) To be able to participate in interactive functions of our Website, when you choose to do so.
d) Notify you of changes to our website.
e) If you consent to receive marketing material from us, we may use your data to send you promotional material and other materials related to our hotels.

D.3.2. We may also use your data or allow selected third parties to use your data to provide you with information about goods and services that may be of interest to you and we may contact you. We do not disclose personally identifiable information to our advertisers, but we can provide aggregate information about our users. We may use the personal data we collect from you to enable us to comply with the wishes of our advertisers by displaying their advertisement to this target audience.

D.4. Data storage
a) The data we collect from you is not transferred and stored in destination within the European Economic Area (EEA).
b) All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted.
c) If we have given you (or where you chose) a password that allows you to access specific parts of our site, you are responsible for the confidentiality of this password. We ask you to do not share a password with anyone.

D.5. Information security
a) Unfortunately, the transmission of information via the internet is not at all safe. Although we will do our best to protect them your personal data, we cannot guarantee the security of the data transmitted on our site. Any transmission is at your own risk. Once we receive your information, we will use strict security procedures and features to try to prevent unauthorized access.

D.6. Links to other websites and social media
a) Our website may from time to time contain links to and from the websites of our affiliate networks and advertisers. If you follow a link to any of these sites, please note that these sites have their own privacy policies and that we assume no responsibility or liability for these policies. Check these policies before submitting any personal information to these sites.

b) We may also have providers of other applications, tools, graphics items and additions to our online services, such as the “Like” buttons Facebook, which can also use automated methods for collecting information on how to use them functions. These organizations can use your information according to their own policies.

Espa Image