Privacy Policy

Your Privacy Matters

The Panhellenic Federation of Holiday Rooms and Apartments in Halkidiki and Eastern Thessaloniki ‘Aristoteles’ respects the privacy of visitors, accommodation businesses, member associations and all users of this website.

1. Introduction

This Privacy Policy explains how the Panhellenic Federation of Holiday Rooms and Apartments in Halkidiki and Eastern Thessaloniki collects, uses, stores and protects personal data through this website.

The website is designed to promote the Federation, its member associations, local accommodation businesses, destinations and tourism-related information. It is intended for visitors, travellers, professionals, accommodation businesses, associations and the wider public.

The Federation respects privacy and is committed to processing personal data lawfully, fairly, transparently and in accordance with the General Data Protection Regulation — Regulation (EU) 2016/679 — and applicable Greek data protection legislation.

2. Data Controller

For the purposes of data protection legislation, the Data Controller is:

Federation Name: [Insert official Federation name]
Address: [Insert official address]
Email: [Insert official email]
Telephone: [Insert telephone number]

The Data Controller determines the purposes and means of processing personal data collected or published through this website.

3. Scope of this Policy

This Privacy Policy applies to personal data processed through:

  • website browsing;
  • contact forms;
  • email communication;
  • business or association listing submissions;
  • membership-related information submitted for publication;
  • newsletter forms, if used;
  • cookies and analytics tools, if enabled;
  • embedded third-party services, such as maps, videos or social media elements.

This Privacy Policy does not apply to third-party websites or external platforms linked from this website.

4. Types of Data We May Process

Depending on how the website is used, the Federation may process the following categories of data.

4.1 Data provided by visitors

When a visitor contacts the Federation through a form or email, the following data may be collected:

  • full name;
  • email address;
  • telephone number, if provided;
  • message content;
  • subject of communication;
  • any additional information voluntarily submitted by the user.

4.2 Data provided by businesses or associations

Businesses, member associations or authorized representatives may voluntarily provide information for listings or presentation pages, such as:

  • business or association name;
  • responsible person or contact person;
  • business address;
  • telephone number;
  • email address;
  • website URL;
  • social media links;
  • location/map details;
  • business category;
  • accommodation type;
  • facilities, amenities and services;
  • accessibility information;
  • images, logos and descriptions;
  • association membership or professional details.

Most listing data concerns business or professional information. However, some fields may include personal data when they identify a natural person, such as a contact person, personal email address, phone number or representative name.

4.3 Technical data

When users browse the website, certain technical data may be processed automatically, such as:

  • IP address;
  • browser type and version;
  • device type;
  • operating system;
  • pages visited;
  • date and time of visit;
  • referring website;
  • general website usage data;
  • cookie identifiers, where applicable.

This data is usually collected for technical operation, security, statistics and website improvement.

5. How We Collect Data

The Federation may collect data:

  • directly from users who fill in contact forms;
  • directly from businesses or associations submitting listing information;
  • through email communication;
  • through website cookies and similar technologies;
  • through analytics or security tools, if enabled;
  • through authorized Federation representatives or member associations providing listing data.

The Federation does not collect financial data, payment card data or e-shop customer data through this website, unless a separate service is introduced and clearly described.

6. Purposes of Processing

Personal data may be processed for the following purposes:

  • to respond to messages and requests;
  • to manage communication with visitors, professionals and associations;
  • to publish and maintain business or association listings;
  • to present tourism-related information and regional accommodation options;
  • to verify, update or correct submitted listing information;
  • to support the institutional and promotional role of the Federation;
  • to improve website structure, content and user experience;
  • to maintain website security and prevent misuse;
  • to comply with legal obligations;
  • to manage consent preferences, where applicable.

7. Legal Bases for Processing

The Federation processes personal data only when there is a lawful basis under GDPR.

Depending on the case, the legal basis may be:

7.1 Consent

Consent may apply when a user voluntarily submits information through a form, accepts non-essential cookies or agrees to receive communication such as newsletters.

7.2 Legitimate Interest

The Federation may process data based on legitimate interest for purposes such as:

  • operating and securing the website;
  • presenting member associations and accommodation businesses;
  • managing professional listings;
  • responding to professional or visitor enquiries;
  • promoting the tourism identity of the region;
  • maintaining accurate and useful website content.

7.3 Contractual or Pre-contractual Communication

Where communication relates to cooperation, membership, listing management or professional arrangements, processing may be necessary for pre-contractual or contractual purposes.

7.4 Legal Obligation

The Federation may process or retain certain data where required by law, public authorities or applicable legal obligations.

8. Business Listings and Published Data

Business listings are published to promote accommodation businesses, member associations and tourism-related entities.

The information included in listings is provided voluntarily by the business, association, authorized representative or relevant source. The Federation does not require businesses to submit unnecessary personal data.

Businesses and associations are responsible for ensuring that the information they provide is accurate, updated and lawful.

Where a listing includes personal contact details, such as the name, phone number or email address of a natural person, the submitting party must ensure that the person concerned has been informed and, where necessary, has consented to the publication of that information.

The Federation may edit the structure, formatting, translation or presentation of listing content without altering its essential meaning.

9. Data Sharing

The Federation does not sell personal data.

Personal data may be shared only when necessary with:

  • website administrators or technical support providers;
  • hosting providers;
  • email service providers;
  • analytics or security service providers, if used;
  • professional partners assisting with website operation;
  • public authorities, where legally required.

All third-party service providers are expected to process data in accordance with applicable data protection rules and only for the purposes for which they are engaged.

10. International Data Transfers

Some third-party tools, such as analytics, maps, embedded videos, social media plugins or cloud-based services, may process data outside the European Economic Area.

Where such transfers occur, the Federation seeks to rely on appropriate safeguards under GDPR, such as adequacy decisions, standard contractual clauses or equivalent protection mechanisms, where applicable.

Users should also review the privacy policies of third-party platforms when interacting with embedded content or external links.

11. Cookies and Similar Technologies

The website may use cookies or similar technologies to support:

  • basic website functionality;
  • security;
  • language preferences;
  • analytics;
  • performance monitoring;
  • embedded content;
  • social media or map integrations.

Cookies may be classified as:

Necessary Cookies

These are required for the website to function properly and cannot usually be disabled through the website.

Analytics Cookies

These help understand how visitors use the website, such as which pages are visited and how the website performs.

Third-Party Cookies

These may be placed by external services, such as maps, videos, social media platforms or analytics providers.

Where required, non-essential cookies will be used only after the user has provided consent through the cookie banner or cookie settings tool.

12. Data Retention

Personal data is kept only for as long as necessary for the purposes described in this Privacy Policy.

Indicatively:

  • contact form messages may be retained for as long as needed to respond and manage communication;
  • listing information may remain published for as long as the business or association is included on the website;
  • technical logs may be retained for security and maintenance purposes for a limited period;
  • data required for legal compliance may be retained for the period required by law.

When data is no longer necessary, it will be deleted, anonymized or securely archived, unless further retention is legally required.

13. Data Security

The Federation applies reasonable technical and organizational measures to protect personal data from unauthorized access, alteration, disclosure, loss or misuse.

Such measures may include:

  • secure hosting environment;
  • access control;
  • website updates;
  • security monitoring;
  • limited administrative access;
  • use of reputable technical service providers;
  • backup and maintenance procedures.

However, no website or online transmission can be guaranteed to be completely secure. Users should avoid sending sensitive information through general contact forms unless necessary.

14. User Rights under GDPR

Under GDPR, individuals have specific rights regarding their personal data.

Subject to legal conditions, users may request:

  • access to their personal data;
  • correction of inaccurate or incomplete data;
  • deletion of personal data;
  • restriction of processing;
  • objection to processing;
  • withdrawal of consent, where processing is based on consent;
  • data portability, where applicable;
  • information about how their data is processed.

Requests may be submitted through the contact details provided in this Privacy Policy.

The Federation may need to verify the identity of the person submitting the request before responding.

15. Right to Lodge a Complaint

If a user believes that their personal data is not being processed lawfully, they have the right to lodge a complaint with the competent data protection authority.

In Greece, the competent authority is the Hellenic Data Protection Authority.

Users are encouraged to contact the Federation first, so that any issue may be reviewed and addressed directly where possible.

16. Children’s Data

This website is not directed to children and does not knowingly collect personal data from minors.

If the Federation becomes aware that personal data of a minor has been submitted without appropriate consent or legal basis, the data will be deleted or handled according to applicable law.

17. Newsletter or Informational Communication

If the website offers newsletter registration or similar communication services, users may subscribe voluntarily.

Users may unsubscribe at any time by using the unsubscribe link, where available, or by contacting the Federation.

The Federation will not use newsletter subscription data for unrelated purposes without appropriate legal basis.

18. Embedded Content and External Services

Pages may include embedded content such as maps, videos, social media feeds or third-party widgets.

Embedded content from third-party websites behaves in the same way as if the user visited the third-party website directly. These third parties may collect data, use cookies, monitor interactions or apply their own privacy policies.

The Federation is not responsible for the data processing practices of third-party platforms.

19. Updates to this Privacy Policy

The Federation may update this Privacy Policy from time to time to reflect legal, technical or operational changes.

The latest version will always be available on this page. Users are encouraged to review this Privacy Policy periodically.

20. Contact

For questions, requests or concerns regarding this Privacy Policy or the processing of personal data, users may contact:

Federation Name: Panhellenic Federation of Holiday Rooms and Apartments in Halkidiki ‘Aristoteles’
Address: 22nd April St. Polygyros Halkidiki 63100, Greece
Email: info@halkidiki-holidays.gr
Telephone: +30 237 102 4992