Check in
Check out

Privacy protection

GDPR » Personal data privacy protection

Privacy Policy

This Privacy Policy applies to all facilities and digital sites of “HOTEL STANLEY” owned by STANLEY SA, in relation to its activities.

HOTEL STANLEY is responsible for the processing of personal data (with the exception of specific cases expressly mentioned in this Privacy Policy) and its contact address is

At HOTEL STANLEY, we are committed to respecting and protecting your privacy, as well as the protection of your personal data. Our vision and goal are to provide high-quality services, beyond your highest expectations. For this reason, HOTEL STANLEY with respect to the current national and European framework for personal data protection and in particular the new European General Regulation for Data Protection 2016/679 (hereinafter GCC or Regulation) and Law 4624/2019, provides with this Privacy Policy a lawful, fair and transparent policy to inform you about the personal data we collect, how we use it and the added value to enhance your experience when you visit our facilities and/or online platforms (websites ).

In order to achieve transparency in the collection and use of your personal data, this Privacy Policy is intended to inform you about:
- What kind of personal data do we collect and how do we use it,
- The purpose of processing your personal data and the relevant legal basis on which we process this data,
- Your rights regarding your personal data.

Through this Privacy Policy we aim to inform you transparently about the processing of your personal data. However, as our activities and consequently the forms of processing are constantly evolving, not all forms of processing may be included in this policy. In the event that a new form of processing is added, we will update this Privacy Policy and, in any case, provide you with the necessary information prior to the collection of your personal data.
For more information, you can contact Mr Konstantinos Spanos, at the contact details below (Your rights).

What kind of Personal Data do we collect and how do we use it

A. Visitors

A.1. Data collected during booking

Reservations through our website:

If you decide to book through our website, we will collect your name, address, city, country, phone, e-mail address, as well as any special request you may have, your credit card details (card type, card number, security code, expiration date, cardholder details), date of arrival and departure as well as flight details in case of your transfer request to and from the airport.

If you contact us directly to make a reservation, we will send you the booking form to provide us with the necessary information, such as name, address, telephone, e-mail address, credit card details (e.g. card type, card number, date expiration, cardholder details).

Online bookings through third parties and / or travel agents:

In this case, the information we will receive for you is the email confirming your booking and containing information such as your name, country, date of arrival and departure, flight information in case of transfer to and from the airport, members accompanying you, and special requests (e.g., request for transfer to and from the airport, statement of preferences and / or allergies that you wish to know).

A.1.1. Purposes of processing the reservation data
We collect your booking data in order to:

  • To process and fill in your booking details:
  • To process the payment of the relevant services, fees and charges.
  • Collection and recovery of money owed to us.
  • Processing your data in case of need to resolve disputes.
  • To facilitate your reservation and to arrange the transfer from / to the airport, if you request.

A.2. Data Entry - Check-in Procedure

A.2.1. Arrival procedure at HOTEL STANLEY:
Upon arrival at HOTEL STANLEY, you will provide us with all the necessary information to complete the arrival process. More specifically, we will collect your title, your name, the language of communication, the address (street, postal, city, country), your citizenship, your telephone number, your e-mail address

Allergy / Special Preferences Statement:

Your allergies and preferences may in some cases be sensitive personal data. We may collect such data in the event that you disclose it to us of your own free will, or in the event that we request that you provide it to us with your express consent.

If you wish to share with us data such as your allergies or other preferences, in order to enter the relevant information and to inform the relevant sections of the hotel during your stay in our facilities, in this case, we will ask you to give your consent to store this data and to inform our restaurants and / or housekeeping departments about your safety and comfort and the provision of personalized services. In this case, we will collect your name, date of birth, date of arrival and departure and your room number, as well as any allergies or preferences you tell us.

A.2.2. Purposes of processing data upon your arrival

We collect the data you provide to us upon your arrival in order to:

  • Complete the arrival process. Identification data is necessary to comply with our legal obligations
  • To facilitate your stay.
  • In case you wish to provide us with information about your allergies / preferences, we will proceed with the relevant processing if we have your consent.
  • Facilitate administrative procedures.
  • Facilitate the payment process. Payment information is required for the issuance of documents and compliance with tax obligations.
  • Improve our services to provide you with a unique accommodation experience.
  • To provide you with personalized services (regarding your preferences and so on), based on your prior consent, if granted.
  • Promote and contact you.
  • Send you special offers for our services and products, or updates for upcoming events or offers that you may be interested in, based on your prior consent, if granted.

A.3. Personal data collected from visitor questionnaires

Your feedback is important to us as it allows us to improve the services provided to you. You can submit your comments and comments at any time by completing the visitor questionnaire. If you wish to complete it, the provision of personal information (eg name, room number, e-mail address, address, country, occupation, arrival details, length of stay, date of birth) is optional.

A.3.1. Purposes of processing
We collect the data you provide to us in the visitor questionnaires in order to:

  • To evaluate your experience, to improve our services, as well as to contact you to discuss the experience of your stay at our facilities and to evaluate services that we will provide to you in the future. The legal basis for processing is our legal interest.

A.4. Personal data collected for security reasons

Images / video recording

We collect, process and store images and videos through the video surveillance system (closed circuit television, hereinafter CCTV), where it is installed, for security reasons, in accordance with the requirements and standards set by national and European data processing legislation, audio and video.

Security Reports

The security department prepares reports, which contain personal data, for security reasons (e.g., incident reports, lost items report, safe lists, etc.). Such reports may contain personal information, such as name, room number, and are recorded for security reasons.

Accident declaration form

In the event of an accident on our premises, you will be asked to provide information such as your name, date of birth, room number, length of stay, as well as additional information about the accident, such as the location of the incident, date and time of the incident, nature of the incident as well as relevant further information.

A.4.1. Purpose of processing
The security department collects data for the purpose of:
  • The operation of a closed-circuit television system, to guarantee the safety of employees, customers, facilities and equipment.
  • Creating security reports.
  • The assessment and investigation of the accident / incident in accordance with the relevant internal procedures, for the proper handling of any legal issues that may arise in the following: Incident management. Our legal basis is that the processing is necessary to establish, exercise or support legal claims or when the courts are acting in their jurisdiction.
  • Transfer of data to our insurance company. Based on your explicit consent, provided you provide it to us.

A.5. Profile Training

We may use your information to evaluate certain aspects of you as our customers. However, we do not make decisions that affect you, relying entirely on automated processing, including profiling, which could have legal consequences for you or similarly affect you.

When we use profile training to provide personalized offers and services (not a fully automated decision-making process), you always have the right to object to such processing (including profiling) of direct marketing by submitting your request. at any time to the Data Protection Officer, using the contact details below (in the “Your rights” section).

A.5.1. Purposes of processing

We may use your personal data to:
  • Analyze aspects related to your personal travel preferences and interests.
  • To provide personalized services, before, during and after your stay with us.
  • Provide you with direct marketing services. We will proceed with the relevant processing if we have your consent.
B. Data collected from our website or from online platforms

B.1. Personal data collected when you subscribe to the list of updates.

When you register to receive newsletter, we collect and store your email address and if you wish you can enter your name and country.

B.1.1. Purpose of processing
We use the data you provide to us when you subscribe to the Newsletter in order to:
  • Send you information material about our services, products and offers. We will proceed with the relevant processing if we have your prior consent.

B 2. Agent Data

B.2.1. Purposes of processing
We use the data you provide to us through the agent registration system in order to:
  • However, this data is processed only in the context of our partnership. This data is not personal data and, in any case, if personal data are processed.
  • To inform your company about our corporate news in the context of our cooperation.

B.3. Internet technologies

On the HOTEL STANLEY website, we may use cookies, invisible pixels and beacons to collect information about your browsing. For more information about cookies, please read our website policy on cookies.

C. Job Applicants and Employees

C.1. Prospective employees
If you wish to apply for a job, we will collect and then process only the personal information necessary to assess your suitability for the job (e.g. name, contact details, training, previous service, etc.). We collect this data from the applications you submit by any means (e.g. e-mail, online recruitment platforms, Company website), as well as attachments that you attach to your application (e.g. Curriculum Vitae, certificates, certificates, etc.). In addition, during the process of evaluating your application, we may use further questionnaires or personality assessment tests that reveal information about you, in order to further evaluate your suitability for a particular job, ensuring that we have obtained your consent first. When you include in your application the contact details of your previous employers, we may contact them so that they can provide us with information about your job, your collaboration with them and their evaluation.

For more information on the processing of your personal data, you can read the prospective employee privacy statement available on our website at C.1.1.

Purposes of processing - legal basis

We collect your data in order to:
  • Evaluate your application.
  • To keep your CV and evaluate your suitability for relevant jobs at HOTEL STANLEY.
  • Evaluate your personality. We will proceed with the relevant processing if we have your consent.
  • Contact previous employers to provide us with information about your job, how you work with them and how they evaluate you.
  • To contact you for training seminars, programs and activities of HOTEL STANLEY. We will proceed with the relevant processing if we have your consent.

C.2. Employees

For our employees, we collect and process the information necessary to fulfill the contractual relationship. Indicatively, such data may include name, patronymic, patronymic, date of birth, place of birth, sex, nationality, home address, e-mail address, contact telephone numbers, Identity Card Number (ID), Tax Registration Number (TIN), Social Security Registration Number (AMKA) and other insurance fund register numbers, health booklet, criminal record, work permit, bank account number (IBAN), CV, qualifications, health information in your marital status and details of dependent members, in your education and training, in your previous service, as in each case these apply to the exercise of our legal obligations. We always provide you with information about the processing of your personal data, as an annex to your employment contract, respecting your privacy and your rights regarding the protection of your personal data.

C.2.1. Purpose of processing

We collect your data in order to:
  • The management of the contractual relationship. The legal basis is the need to process in the context of the contractual relationship or at the pre-contractual stage.
  • The Fulfillment of our legal obligations as employers. The legal basis is the processing of your data for our compliance with obligations imposed by law.
  • Use your photos to post on the website and in promotional material. We will proceed with the relevant processing if we have your consent

D. Personal Data of associates.

If you cooperate with us, we may process only the necessary data to fulfill our contract and serve our business relationship. We will only collect Company data and / or Company contact details which are not considered personal data or information. We may use the email address you provide voluntarily to inform you of our corporate news as part of our partnership. However, you can always opt out of corporate communication by activating the unsubscribe option available in our mailboxes.

D.1. Purpose of processing

We use the data you provide to us as corporate partners in order to:
  • The management of our business relationship. This data is not personal data, however if we process personal data, the legal basis is our legitimate interest.
  • To inform you and your company about our business news in the context of our cooperation.

E. Special Categories of Personal Data - Sensitive Personal Data

The terms “specific categories of personal data” or “sensitive personal data” refer to personal data which discloses racial or ethnic origin, political views, religious or philosophical beliefs or trade union affiliation, and the processing of genetic data; biometric data for the purpose of unambiguous identification of the natural person, data relating to health or data relating to the sexual life of the natural person or sexual orientation. We may only collect such data if you provide it to us voluntarily or if we request it and we have obtained your prior express consent.

E.1. Juvenile Data

We do not want to collect personal data directly from minors (under 18 years old), instead, if required, we seek to collect minors’ data from their parents or legal guardians and, where necessary, obtain their consent. However, as it is not always possible to determine the age of the people who access and use our websites, we advise parents or legal guardians to contact us if they notice unauthorized access to data by minors so that they can exercise accordingly their rights such as the deletion of their data.

E.2. Transfer of Personal Data

The personal data you provide to us is kept and stored securely. We may share your information with public services for the reasons stated above.
In addition, we may transfer your personal data to third parties (legal or natural persons) who will legally process your personal data in accordance with our written instructions and formalities (Performing the Processing of Personal Data).

We guarantee that these third parties always apply the same measures to protect your personal data and act only in accordance with our written instructions and with respect for the legality and your personal data.

More specifically, in order to achieve the purposes of processing, personal data may be transmitted:
- Third party companies providing related services (eg web site management services, financial, legal or technical support, payroll, etc.). In any case, all these companies undertake contractual commitments to us to guarantee the observance of confidentiality, as well as the commitment to comply with the legislation for the protection of personal data.
- In companies of our group, to the extent that this transfer is necessary for the pursuit of our goals.
- To public authorities (police, law enforcement, tax authorities, etc.) in the context of issuing fines, upon relevant requests or whenever necessary.

When information is transmitted in accordance with the above, we limit the range of information communicated to what is strictly necessary to achieve that purpose. In addition, since some of our activities are handled by third parties, we take care, with contractual guarantees, to ensure that the processing of your personal data is done in a secure and fully compliant manner with this privacy policy and legality.

When the data transmission concerns a third country outside the European Union or the European Economic Area, we always check whether:
- The European Commission has issued an adequacy decision for the third country in which the transmission takes place.

Appropriate guarantees have been put in place for the transmission of this data in accordance with the requirements of the GCC.
In any other case, the transfer to a third country is not allowed and we will not transfer your data unless one of the specific derogations provided by the GCC applies (eg explicit consent of the data subject, after informing him about the risks of the transmission, the transmission is necessary for the execution of the contract requested by the subject, the existence of reasons of public interest, support of the legal claims of the subject, etc.).

E.3. Disclaimer for third party websites

We may provide links to third party websites to facilitate our users. HOTEL STANLEY does not control the websites of third parties and is not responsible for the content or links (hyperlinks) of any of the websites for which it provides a link. We are not responsible for the privacy practices they apply, nor for the content of third-party websites.

G. Your rights

We protect and respect your rights, as defined by the General Data Protection Regulation and Law 4624/2019, including in particular:
  • Your right to be informed about the processing of your personal information (right of access) and to request more information about the processing being performed.
  • Your right to request correction of inaccurate personal data.
  • The right to request the deletion of personal information you have provided, unless this is permitted for legal reasons.
  • Your right to request a processing restriction.
  • Your right to request portability of your personal information
  • Your right to object to further processing.
  • Your right to revoke your consent.
In these cases, HOTEL STANLEY will reply to you in writing within 30 days of receiving the request and identifying the applicant.

In addition, if the exercise of one or more of the above-mentioned rights to correct, delete and restrict your data is lawful, such requests will be forwarded to any third party to whom your data may have been transmitted, in pursuit of processing purposes mentioned above.

H. Information Security

Although no online transmission method or electronic storage method provides absolute security, at HOTEL STANLEY we have taken all reasonable technical and procedural means to maintain the accuracy of your data and to ensure the proper use of the information we collect about you. We also protect and protect your personal information from unauthorized access, while you enjoy the products and services we provide during your stay at our facilities or your browsing our online services.

I. Period of Retention of Personal Data

Your personal data is kept for a predetermined and limited period of time depending on the purpose of processing. At the end of this period, this personal data will be deleted from our records except for any other retention time required or provided for under applicable law. Privacy Policy Update

We may modify this Privacy Policy from time to time to respond to changes in the regulatory framework, business needs or to meet the needs of our customers, our property, our business partners and our service providers. Updates will be posted on our website with the date of last modification, so you are always aware of our most up to date Privacy Policy.

Data Protection Officer

HOTEL STANLEY, in order to ensure the adequate protection of your personal data, has appointed a Data Protection Officer to whom data subjects can address their requests and questions regarding the protection of their personal data and this privacy policy, in following contact details:

Name: Nikos Maratos
Tel: + 30 2119900900
In case you consider that we have not responded properly to your request, you can contact the competent Greek Authority for the Protection of Personal Data (