Privacy Policy

Effective date: January 29, 2026

1. Overview

At hotelinning, the protection of personal information is taken seriously. This Privacy Policy outlines what data we collect, why it is collected, how it is used and stored, and the rights of individuals whose information is processed.

2. Data Controller

The entity responsible for handling personal data is hotelinning, operating in Greece and complying with all applicable European Union data protection regulations.

Contact email: contact@hotelinning.com

3. Categories of Data We Process

Depending on how you interact with our website or services, we may collect and process the following types of personal data:

  • Personal identification details (such as name and surname)
  • Contact information (email address, phone number)
  • Details related to bookings, event enquiries, or service requests
  • Any information voluntarily submitted via forms, messages, or correspondence
  • Technical and usage information (including IP address and cookie-related data — see our Cookie Policy for more information)

4. Purpose and Legal Grounds for Processing

Personal data is processed only for defined purposes and in line with Article 6 of the GDPR:

  • Service delivery and reservation management — legal basis: contract performance (Art. 6(1)(b) GDPR)
  • Handling enquiries and customer support — legal basis: legitimate interest (Art. 6(1)(f) GDPR)
  • Providing information about services and offers — legal basis: legitimate interest (Art. 6(1)(f) GDPR)
  • Compliance with legal and regulatory requirements — legal basis: legal obligation (Art. 6(1)(c) GDPR)
  • Newsletters and informational messages — legal basis: consent (Art. 6(1)(a) GDPR)

5. Data Retention

Personal data is kept only for as long as necessary to achieve the purposes for which it was collected:

  • For the time required to deliver services and resolve potential disputes
  • For statutory retention periods (such as accounting or tax requirements, typically up to five years)
  • Until consent is withdrawn, where processing is based on consent
  • Until an objection is submitted, in cases involving direct marketing

6. Data Disclosure

Personal data may be shared solely with reliable third parties involved in service provision, including:

  • Hosting and IT infrastructure providers
  • Accounting and legal advisors
  • Payment processing providers
  • Public authorities, where disclosure is legally required

Personal data is not transferred outside the European Economic Area (EEA).

7. Your Rights

Under the GDPR, you are entitled to the following rights:

  • Access to your personal data
  • Rectification of inaccurate or incomplete data
  • Deletion of personal data (“right to be forgotten”)
  • Limitation of data processing
  • Data portability
  • Objection to processing
  • Withdrawal of consent at any time
  • Submission of a complaint to a relevant supervisory authority

8. Data Protection Measures

We apply suitable technical and organisational safeguards to protect personal data. These include SSL encryption, secure server environments, and restricted access protocols designed to prevent unauthorised access, loss, or modification of information.

9. Privacy Contact

For any questions related to data protection or this Privacy Policy, please contact:

Email: privacy@hotelinning.com

10. Policy Revisions

This Privacy Policy may be revised to reflect legal, technical, or operational changes. Any updated version will be published on this page. Users are encouraged to review this policy periodically.