Hotel Privacy Policy

Welcome to the website of SOPHID Hotels (hereinafter “the Company”).

The Company recognizes the importance which you attach to your privacy during your visits to our website ( ) Hereinafter the «site»). With this update, we want to ensure that you understand the policies and procedures we follow for the personal data you may provide to us while surfing the site and, ultimately, how we use your data.


The Company is in full compliance with the provisions of the national and European legislation on personal data protection -Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016- hereinafter referred to as “the Regulation” (as in force, and the relevant Greek law 4624/2019)

This Privacy Policy (hereinafter referred to as the “Policy”) is intended to provide you with general information regarding the processing of your personal data by the “Company”.


Some of the terms used in this Policy are legal ones and are set out in the applicable legislation. More specifically:

  • Personal Data Processing” meansany operation or sequence of operations performed with or without the use of automated means in personal data, such as the collection, registration, organization of personal data etc.
  • “Processing” means any operation or sequence of operations performed with or without the use of automated means in personal data. Indicatively, it includes the collection, registration and organization of personal data. 
  • “Personal data” means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

Principles governing the collection and processing of your data

The collection and processing of personal data by the Company is governed by the following principles, as they are further specified in the Regulation (article 5):

  • Lawfulness, fairness, transparency
  • Limitation of purpose
  • Data minimization
  • Accuracy
  • Limitation of the storage period
  • Integrity and confidentiality

Data we collect

The personal data, which the Company collects and processes as Data Controller, are those absolutely necessary and appropriate for the achievement of our intended purposes and the provision of services to you. More specifically, the Company currently collects and processes on its behalf personal data of:

  • Employees 
  • Customers, partners and suppliers

It also processes:

  • the Internet Protocol (IP) address of your device as you surf the site: The Company use cookies for the collection of traffic statistics (see relevant Policies)
  • data on requests that you have made in order to exercise your rights or complaints

How we collect your data

  • The Company collects and processes your personal data through its authorized employees and associates. The collection of personal data is carried out both by physical and electronic means, as the case may be, from the data subject himself /herself and in general as described in each individual process of the Company. We also collect personal data when:
  • You fill out forms and hand them or send them to us
  • you have made a reservation at our hotel (via third parties or directly)
  • you use the call centre
  • you fill in the contact form on our website

What are our purposes for collecting your personal data?

The personal data collected by the Company are used for the following purposes: 

  1. For the Company’s activities and especially for the provision of services as described in its Articles of Association.
  2. For the compliance of the Company with its legal obligations, e.g. for compliance with tax legislation, Greek and international law, etc. 
  3. For the legal conclusion of contracts with third parties.
  4. In order for the Company to manage the employment contracts with its staff
  5. For communicating with you and for handling your requests either related to personal data protection issues or to the quality of the services provided to you.

Legal basis for personal data processing

The Sophid Hotels processes your personal data in a transparent manner, in accordance with the principles of lawfulness, proportionality, confidentiality, integrity, accuracy, storage time limitation and data minimization.

The legal basis for processing your personal data on a case by case basis may be:

  1. your consent, i.e. any act establishing a freely given, specific, informed and unambiguous indication of the data subject’s agreement to the processing of personal data relating to him or her.
  2. The need to enter into or perform a contract with you, the data subject.

c) The need to process your data in the context of safeguarding our legitimate interests

d) The need to process your data in the context of compliance with our legal obligations

e) The need to process your data in order to fulfil our obligations and the exercise of specific rights- ours or yours- in the field of labour law and social security and social protection law or to fulfil a duty performed in the public interest

Information Security

The processing of personal data by the Company is carried out based on their security. More specifically, it is carried out exclusively by members of the Company staff authorized for this purpose, while all appropriate organizational and technical measures are taken to protect the personal data of the subjects from accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access to them.

Indicatively, we mention that all the members of the Company staff are bound by confidentiality and personal data protection obligations, while third parties, to whom personal data are transmitted, are contractually bound by a contract with the Company that they will use the personal data only for the specific and contractually defined purposes and will not transmit or disclose them to any third parties, unless required by law.

Transfer of personal data

The Company transfers –where appropriate- the personal data it processed to Public Bodies, as part of its duties.

Transfers to third countries and / or international organizations

The Sophid Hotel does not forward your personal data to third countries.

Personal Data Storage Period

The period for which the personal data will be stored is indicated in the Chapter PERSONAL DATA PROTECTION POLICY-Storage period. 

Your rights

Please see the Document “EXERCISE OF RIGHTS”

What should you do if we violate the applicable law on Personal Data protection?

You have the right to lodge a complaint with the Personal Data Protection Authority (postal address: 1-3 Kifissias Ave., PC 115 23, Athens, tel. 210. 6475600, email:, if you think that the processing of your Personal Data violates the applicable national and regulatory framework on the protection of personal data. 

Contact Information of the Data Controller

For any request concerning the processing of your personal data, please contact the Data Controller of Sophid Hotels

Phone +30 224 5440 900, +30 224 5440 909

Email address:

Postal Address: Karpathos 85700 Greece.

Changes to this Personal Data Protection Policy

The Company unilaterally and periodically revises and updates this policy so that it reflects its current state of personal data processing. It is recommended that you refer to this Policy from time to time in order to be informed about the way we handle and process your personal data.