Kavala black

Hotel Customer Privacy Policy

At Kavala Resort & Spa we collect and process the personal data of the hotel guests with absolute respect and a high degree of protection.

This policy analyses the personal data we collect about you, the hotel’s customers, i.e. all the information that identifies you or may identify you directly or indirectly, the way we collect and protect it, the way and purpose of its processing, as well as your rights, in accordance with the applicable data protection legislation, the General Data Protection Regulation (EU) 2016/679 (hereinafter “GDPR”), as well as other European and national legislation.

This policy is strictly adhered to and please visit our website regularly in order to be aware of how we process and protect your personal data.

Details of our Company

Responsible for the processing of Personal Data is the company called “KAVALA RESORT & SPA”, located in Nea Karvali, Kavala (Sismanoglou, P.C. 64006, Greece), which operates the hotel.

This policy applies to the customers of the hotel.

Information about the type of personal data we collect

When you contact the hotel, we collect data necessary for booking or renting a room by filling in an online form or room rental card.

In addition, in order to improve our hotel services and adapt them to your requirements, as well as to manage our communication after your stay, we collect and process additional contact information with your explicit consent.

In particular, we collect and process the following personal information about you:

Mandatory Data

Personal data: name, type and number of identification document (e.g. passport, identity card), telephone number, home address, e-mail (if the reservation is made electronically), date of birth, nationality, etc.

Invoicing details: credit card number and, if an invoice is requested, indicative VAT number and tax office.

Date of arrival and departure, type and number of accommodation room.

Optional items & preferences

Your preferences: such as non-smoking room, preferred floor, bed type, or religious and other specifics, flight number.

Medical data related to your health: including but not limited to food and other allergies, mobility problems, which are collected and recorded at your request for your convenience.

e-mail: if the reservation is not made electronically and you wish to communicate with us by e-mail.

We also process the following data

Called telephone numbers via call centre, information/images obtained through the use of closed-circuit television, which operate legally in our premises for security reasons and protection of persons and property, of which you are informed as soon as you enter them through posted signs.

When you visit our website, our webserver automatically records information about your visit (including but not limited to your IP address, the type of browser you use, the pages of the website you visit, the date and duration of your visit, location information) and cookies may be placed on your computer or smart device each time you visit us online. (see below)

The information we collect about people under the age of 16 is disclosed to us by a parent/guardian.

Statement on how hotel guests' personal data is collected

We collect the above personal data directly from you during the room reservation process, arrival, departure, payment, during the use of hotel services (restaurants, services, entertainment), during your registration in loyalty programs, your participation in surveys, contests and games, during your subscription to the hotel’s digital newsletter, as well as during the submission of any kind of written or electronic registration, etc. (either in the context of the room rental agreement concluded between us or in the context of the hotel’s hotel services).

Finally, we also collect information from third parties, i.e. travel agencies, tour operators, electronic and online reservation systems.

We declare that your personal data within a strictly controlled and secure process, is fully secured and is not exploited or sold to third parties. This data is collected and used exclusively for the purposes described in this statement below.

Statement on the purpose of processing personal data of hotel guests

Your personal data, as collected as described above, is used:

For the provision of accommodation, catering and catering services, as well as for the handling of events by the hotel.

For the processing of financial transactions between us.

To comply with our obligations imposed by applicable legislation and our tax obligations (e.g. issuing an invoice or receipt).

To create and register you in the loyalty program, so that with your consent and agreement, it is possible to create a profile and further to provide you with the possibility to be contacted and informed about current commercial activities (marketing and promotional), for the possibility to participate in competitions, sweepstakes, entertainment events and free benefits or offers. The method of communication depends on your specific choice as indicated by your written consent.

To create statistical tracking records and draw conclusions for the purpose of selecting best commercial practices for customer satisfaction and reward.

Declaration of lawfulness of processing of personal data

The collection and processing of mandatory personal data that takes place during your stay at the hotel, as well as the provision of any kind of services to you, is based on the relationship between the customer and the hotel, in accordance with the applicable laws and regulations, as well as the room rental and service contract concluded between us.

The collection and processing of optional personal data carried out for commercial purposes is based on your written consent for the aforementioned purposes and thereafter, similarly, there is no question of legality for their processing, since every customer has already been adequately informed.

Furthermore, the collection and processing of personal data is lawful if it is required for purposes of general legal interest or for the purpose of harmonising our operation with national and/or Community legislation.

Declaration of the retention period of personal data

We will retain and process your Personal Data for the purposes listed above only for as long as necessary for the purpose for which it was collected or as long as required by contract or applicable law. In determining the appropriate retention period, we will also take into account the quantity, nature and sensitivity of the Personal Data, as well as the periods of time for which we may need to retain it in order to respond to any requests / challenges / audits and to protect our legal rights in the event of any claims being made.

Personal data protection and security guarantee statement

The personal data provided by customers to the hotel are recorded in computerised systems, which provide adequate security and are used by specially trained and authorised employees (users), in order to achieve the maximum possible protection of the data recorded in the modern digital environment.

The security and protection of all data is enhanced by the use and coexistence of additional security programmes for such data.

Furthermore, we apply strict organizational measures and procedures to protect personal data from possible alteration, loss, unintended or illegal processing, on the one hand by installing the servers in building premises, where limited and controlled access is allowed, and on the other hand by granting limited user rights to the absolutely minimum necessary level of access.


To ensure the proper functioning of the website, we sometimes place small data files on your computer, so-called “cookies”. Most major websites do the same.

What are cookies?

Cookies are small text files that a website stores on your computer or mobile device when you visit that website. This way, the website remembers your actions and preferences (such as your password, language, font size and other display preferences) for a period of time, so you don’t have to enter these preferences every time you visit the website or browse its pages.

How we use cookies?

The Cookies used by our website are:
-Firstpartycookies, so that the site recognizes the user’s preferences, so that the user does not have to enter the same options (e.g. language selection) on each visit.
-ThirdPartyCookies, to analyse the performance of our pages, so that we know which areas of our site are popular or useful (GoogleAnalytics).
-ThirdPartyCookies, for analysing behaviours to display ads relevant to the user’s interests (GoogleAds, FacebookPixel).

How to control cookies

You can control and/or delete cookies according to your wishes. More information regarding the use of cookies can be found here. To delete performance analysis: If you wish to delete such cookies, see here tools.google.com/dlpage/gaoptout. you can also configure most browsers in a way that does not allow cookies to be installed. However, in this case, you may have to adjust certain preferences yourself each time you visit a website, and some services may also not work.

To opt out of the use of your data for advertising purposes, please use the interest base here www.youronlinechoices.com/gr/your-choices and here www.facebook.com/help/568137493302217.

Google Analytics

We use GoogleAnalytics to obtain data about our advertisements (e.g. demographics) and we adhere to the specifications of Google’s policy “Policy requirements for the advertising features of Google Analytics”.

Transfer of personal data to third parties

It is possible, in the context of our business activities, that it may become necessary to provide limited personal data to third parties for a strictly defined and exclusive purpose. These are cases where third parties provide specialized services to the hotel and specifically for the implementation of mass communication of our promotional activities to you – our customers – via sms and e-mails. To inform you of any offers, etc., you will have granted your express consent, as described above. Therefore, it does not apply in the case of granting all personal data and even those that are not necessary for the provision of the above service that we request to be provided by these third parties. The provision of the data is governed by a prior written contract between the hotel and the third party partner, subject to its commitment to the implementation of a personal data protection policy and the assumption of the responsibilities arising from our legislation.
Furthermore, the hotel, like any other type of business, may be required to provide personal data to the relevant Public, Judicial, Police Authorities, etc., in cases of subpoena, search warrant, other judicial proceedings, compliance with judicial, regulatory or administrative decisions, in cases of protection and defence of the business itself, its supervisors, managers and employees, as well as to its associate lawyers when lawsuits, claims or disputes are raised. We also cooperate with third-party partners (providers of services for the management of our website, maintenance of our call centre, control and management of our information systems, etc.), all of whom ensure the confidentiality of the data and provide us with the relevant guarantees for their protection and security by means of written contracts between us.
Transmission of information concerning you to third parties and/or exchange of information is possible within the framework of the management of your reservation, in cases where travel agencies, tour operators or online booking service providers are intermediaries in accommodation through which you make an online/internet room reservation.

Customer rights / Procedure for exercising them

The applicable Personal Data Protection Legislation provides for the rights you can exercise with regard to your personal data. These rights include the right to be informed, the right to request access to the personal data held, the right to rectify or erase it, the right to restrict the way it is processed or to object to such processing in general, and the right to request that your personal data be transferred to another party (known as the right to “data portability”).

It also provides for the possibility to withdraw your consent at any time, in cases where it (consent) is a prerequisite for the specific purpose of processing your data. Such withdrawal does not affect the lawfulness of the processing for the period of time that has elapsed prior to the withdrawal of consent.

The exercise of your rights can be made in writing through the Subject Request Form which you can find at the Hotel Reception and submit in person, or send it by post to the above address or by email to info@kavala-resort-spa.com always with your authentic signature. The exercise of rights is free of charge, unless the request is manifestly unfounded or excessive.

You may also submit to the Data Protection Officer any other query in relation to your personal data, as above.
In order to implement a request to exercise a right, a procedure is followed which necessarily includes an identity check.
Similarly, our legislation provides for a right to lodge a complaint with the competent Personal Data Protection Authority, www.dpa.gr.

Skip to content