Privacy Policy

At KALAMAKI TRAVEL, hereinafter referred to as “Travel Agency”, we are committed to protecting and respecting your privacy. The observance of the Privacy Policy (“policy”) of Personal Data (“PD”) determines the basis on which PDs are collected for you. The Policy has been developed based on the Impact Assessment for the protection of PD (DPIA – Data Protection Impact Assessment), which is provided by the GDPR and the National law 4624/2019. PD are either provided to us by you, with your free consent directly or are provided to us through third parties, who have already secured your free consent and are always processed in accordance with GDPR. Please read the following carefully to understand the use of PD.

Information and PD that we collect on you:

We collect information and PD from you, which you provide with your free consent either directly or through third party services with which you interact and have already asked for your free consent.

We may collect and process data, including the following during the provision of hosting and use of our facilities by you, which could contain PD or be considered as PD:

  • Name and surname, residential or/and work address, e-mail address, telephone numbers (landline or mobile), ID or passport number, nationality, date of birth. In case that you are accompanying minors (under 16 years old) you will be asked to declare their details as an official guardian or escort. Note here that all the above informations are required by Greek law for the provision of hospitality services in tourist accommodation establishments.
  • Financial information regarding you, including your bank account details, credit or debit card details, or other payment details.
    Information about your profession, or your participation in professional or other organizations.
  • Medical data (for the provision of accommodation services or for the treatment of emergency health needs), dietary habits and possible allergies.
  • Concluding, any other information which you request us to process on your behalf or which are necessary in order to be able to offer you the best possible accommodation, fitness, entertainment, conferences and banquet services.

In addition we inform you that:

  • In the Travel Agency there is a video surveillance system (CCTV) in areas which are specified by respective Greek legislation and the Hellenic Data Protection Authority. The CCTV system operates for reasons of protection of the health and safety of our employees and customers, as well as for reasons of protection of property.
  • When you visit our Travel Agency’s website, your device browser provides us with information such as your current IP address, browser type, access time and pages of our website that you visit, which are collected and used in order to compile statistical data. This information can be used to help us improve our website, the services we offer and to design new services for you.
  • We may use cookies and similar technologies to help provide the data of our website and to offer you a personalized user experience in accordance with your needs and requirements. In this case you have the option to not accept the suggested cookies.

Purposes of processing
We process PD for the following purposes:

  • In order to offer you the hospitality and leisure services in the accommodations that cooperate with our Travel Agency, which you have requested through your reservation.
  • In order to inform you on all our services and possible offers (e-mail marketing / sms marketing) as long as we have your respective consent.
  • In order to inform you of changes in our policy.

Legal basis of the processing
The legal bases of the processing are, as the case may be:

  • the legal interest of our company
  • our compliance with obligations arising from the law
  • the execution (preparation, operation, dissolution) of the contract between us
    your consent.

PD Security
The Travel Agency is committed to take all measures possible in order to protect your PD. For this reason we use a variety of security technologies and procedures for the protection of PD from unauthorized access and use. Please take into account, however, that no physical or electronic security system is completely safe. We cannot guarantee the complete security of our databases, nor can we guarantee that the information you provide to us via the Internet may not be intercepted. However, we are committed to continuing to review and improve our security policies and implement additional technical and organizational security measures, when such new technologies become available.
The transmission of information via the Internet is not completely secure and may include the transmission of data to countries outside the European Union. This is due to the use of cloud solutions for web hosting, email hosting or exclusive software solutions which have been delivered to us via the Cloud. However, in any case we do not allow third parties to use your PD for their own purposes. While we will take all possible measures to protect your personal data, we cannot guarantee the security of your personal data which are transmitted to us. Consequently, any transfer of PD is at your own risk. Once PD are obtained, we take the necessary security measures in order to avoid unauthorized access.

Retention Period of PD:
The period of time which PD is retained at the Travel Agency is specified by the provisions of Greek legislation on the protection of the state’s interests and the Travel Agency’s maintenance policy on the protection of the legal interests of the company.
PD that are necessary for the conclusion or execution of the contract between us are kept throughout the duration of the contract and 5 years after its expiration. In case of claims, these data are kept until an irrevocable court decision is issued.

Transfer of PD:
We ensure that your PD is processed legally, which is restricted within the Travel Agency, while ensuring their confidentiality and we are committed to non-transfer your PD to third parties other than those to whom you have already given your consent, without our intervention. However, we may disclose your information to business associates, who act as processors on our behalf, to the extent that the aforementioned processing purposes are served and provided that, under our contractual commitments, confidentiality is maintained to protect PD, the service of the legal interests of our company and with the right to control them.

Your rights:

  • To know what personal data we hold and process, their origin, the purposes of their processing, as well as the time of keeping them (“right to access”).
  • To request the correction and /or completion of your personal data so that it is complete and accurate (“right to correct”). You must provide any necessary documentation from which the need for correction or completion arises.
  • To request a restriction on the processing of your data (“right to restrict”).
  • To refuse and / or object to any further processing of your personal data that we hold ((“right to object”).
  • To request that we transfer your personal data that we hold to any other processor of your choice (“right to transfer data”)
  • Submit a complaint to the Hellenic Data Protection Authority (, if you consider that your rights are violated in any way (“right to complain to the Authority”).
  • Request the deletion of your personal data from the files we keep (“right to be forgotten”).

In connection with the exercise of your above rights, the following are noted:

  • The company has in any case the right to refuse the satisfaction of your requests for restriction of the processing or deletion of your personal data or your opposition to the processing, if the processing or keeping of the data is necessary for the establishment, exercise or support of legal rights of our company or the fulfillment of our obligations.
  • The exercise of the right to transfer data does not imply the deletion of your data from our files, which is under the terms of the immediately preceding paragraph and the conditions of the Regulation.
  • The exercise of the above rights is valid for the future and does not concern data processing already performed.

For the exercise of your above rights in accordance with European and Greek legislation and the restrictions defined in them, you can contact in writing at the address of the Company (Kalamaki Travel Agency, 365 Agiou Fanouriou Str., Chania, PC 73100), or electronically at e -mail:

Services which are covered by this policy:

  • Accommodation
  • Leisure
  • Conferences / seminars / social events
  • Food & Drink related services.

If you do not wish to receive marketing and promotional emails from the Travel Agency, you can click on the unsubscribe link in the email to revoke your registration and cancel the email and marketing communications. You can also declare in the relevant Travel Agency’s registration form that you do not give your consent to receive promotional emails, so you may choose not to be included in the Travel Agency email lists. Please note that even if you opt out of receiving marketing messages from us, we may need to send you communications related to services, such as confirmations of any future reservations you may make.

WiFi service
For the WiFi service inside the Travel Agency please see the relevant policy (WiFi disclaimer).

Data Controller
Data Controller is the company with the name “KALAMAKI TRAVEL AGENCY I.K.E.” as it is legally represented, with which you can contact for GDPR issues at the e-mail address:
The legal representative of KEDRISSOS S.A. is the Data Controller, whom you may contact in respect of GDPR matters at the following e-mail address:

Policy changes
We reserve the right to change this policy by applying newer provisions of European and Greek legislation and at our discretion. If we make any changes, we will record these changes here so that you can have immediate access.