Privacy Policy
1. Introduction
Mount Athos Resort ("we", "us", "our"), located at Limanaki, Ierissos 630 75, Halkidiki, Greece, is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, process, store, and safeguard your personal data when you visit our website www.mountathosresort.com or stay at our resort, in accordance with the EU General Data Protection Regulation (GDPR — Regulation 2016/679) and applicable Greek data protection legislation.
By using our website or services, you acknowledge that you have read and understood this policy.
2. Data Controller
The data controller responsible for your personal data is:
Mount Athos Resort
Limanaki, Ierissos 630 75, Halkidiki, Greece
Email: [email protected]
Telephone: +30 2377 024017
3. What Personal Data We Collect
We may collect and process the following categories of personal data:
Identity Data: First name, last name, title, date of birth, nationality
Contact Data: Email address, telephone number, postal address
Booking Data: Check-in/check-out dates, room preferences, special requests, number of guests
Financial Data: Payment card details (processed securely by our PCI-compliant payment provider — we do not store full card numbers)
Technical Data: IP address, browser type, device information, operating system, referring URL, pages visited, and cookies (see Section 8)
Communication Data: Correspondence via email, contact forms, or social media
Loyalty Programme Data: Membership details, point balances, and redemption history
4. How We Use Your Data
We process your personal data for the following purposes and legal bases:
Performance of Contract: To process reservations, manage your stay, and deliver requested services
Legitimate Interest: To improve our services, personalise your experience, ensure security, and communicate relevant offers
Legal Obligation: To comply with Greek hospitality regulations, tax law, and law enforcement requirements
Consent: To send marketing communications (you may withdraw consent at any time)
5. Data Sharing
We do not sell your personal data. We may share your data with:
Service Providers: Payment processors, booking platforms, email delivery services, and IT support providers who act as data processors under written agreements
Legal Authorities: Greek police, tax authorities, or other public bodies where required by law (e.g., guest registration under Greek hospitality legislation)
Analytics Partners: Google Analytics and similar services to understand website usage (data is anonymised where possible)
All third-party processors are bound by data processing agreements that ensure GDPR-compliant safeguards.
6. International Transfers
Your data is primarily stored within the European Economic Area (EEA). Where data is transferred outside the EEA (e.g., to cloud service providers), we ensure appropriate safeguards are in place, including EU Standard Contractual Clauses or adequacy decisions by the European Commission.
7. Data Retention
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected:
Booking records: Up to 5 years after your last stay (for accounting and legal obligations)
Marketing data: Until you withdraw consent or unsubscribe
Website analytics: Anonymised data retained for up to 26 months
Loyalty programme: Duration of membership plus 2 years
8. Cookies
Our website uses cookies — small text files placed on your device — to enhance functionality and analyse traffic. We categorise cookies as follows:
Essential Cookies: Required for the website to function (session management, security). These cannot be disabled.
Analytics Cookies: Help us understand how visitors interact with our site (e.g., Google Analytics). Collected only with your consent.
Marketing Cookies: Used to deliver relevant advertisements and measure campaign effectiveness. Collected only with your consent.
You can manage your cookie preferences at any time via the cookie banner or by adjusting your browser settings. Please note that disabling certain cookies may affect website functionality.
9. Your Rights Under GDPR
As a data subject, you have the following rights:
Right of Access (Art. 15): Request a copy of your personal data
Right to Rectification (Art. 16): Correct inaccurate or incomplete data
Right to Erasure (Art. 17): Request deletion of your data ("right to be forgotten")
Right to Restriction (Art. 18): Limit how we process your data
Right to Data Portability (Art. 20): Receive your data in a structured, machine-readable format
Right to Object (Art. 21): Object to processing based on legitimate interest or direct marketing
Right to Withdraw Consent (Art. 7): Withdraw consent at any time without affecting prior processing
To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.
10. Data Security
We implement appropriate technical and organisational measures to protect your personal data, including:
SSL/TLS encryption for all data transmitted via our website
Secure, access-controlled servers within the EEA
Regular security audits and vulnerability assessments
Staff training on data protection and confidentiality
11. Children's Privacy
Our website is not directed at children under 16. We do not knowingly collect personal data from children without verified parental consent. If you believe a child has provided us with personal data, please contact us immediately.
12. Complaints
If you believe your data protection rights have been violated, you have the right to lodge a complaint with:
Hellenic Data Protection Authority (HDPA)
Kifissias 1-3, 115 23, Athens, Greece
Website: www.dpa.gr
Telephone: +30 210 6475600
13. Changes to This Policy
We may update this Privacy Policy from time to time. The latest version will always be available on this page. Material changes will be communicated via email or a prominent notice on our website.
14. Contact Us
For any questions regarding this Privacy Policy or your personal data, please contact:
Mount Athos Resort — Data Protection
Email: [email protected]
Telephone: +30 2377 024017
Address: Limanaki, Ierissos 630 75, Halkidiki, Greece
Last updated: March 2026