This privacy policy sets out how the company “WHITE CONCEPT CAVES O.E.’’, with registered office at Fira Santorini Greece and P.C. 84700 owner of the Hotel “WHITE CONCEPT CAVES’’ at Santorini–Greece, collects, uses and process your personal data when you use any of its products or services. Having the highest principle of protection of privacy and personal data, we comply with the requirements of European Regulation EU 2016/679 and current national legislation on the protection of personal data. With this text, our company, as the Data Controller extracted from the website of its Hotel, informs its visitors/users, with all the necessary information regarding the processing of their data and the practice of their rights. The use of the website “”, means that you have read and accept this Privacy Policy of your personal data.


The use of your personal data concerns the offer and processing of the services of our Hotel. Therefore when you directly register to make a reservation or use our services and upon your check-in in to our Hotel we may ask you to provide certain personal information including:

  • Data related to your ID as, name and surname, nationality, date/place of birth, number of ID/passport, communication language,
  • Contact details as contact address, postal address, email address, mobile phone number,
  • Information/Data related to your stay as, duration of stay, departure and arrival information, information on consumption of goods and/or services,
  • Information/Data related to your preferences/desires as special desires for food, allergies and/or other relevant health data,
  • Image data as, photos, video,
  • Technical navigation and interaction data (IP address) and
  • Information/Data regarding payment method as, credit cards and debit cards.

Please note that we do not address minors and do not collect their personal information without the consent of their legal guardians.


We process your personal data for one or more of the following professional or commercial reasons:

  • To verify the identity of the visitors
  • To fulfill the reservation of the customer
  • Supply additional services
  • For purpose of communication
  • To provide you with high quality services and client support
  • Payment processing
  • To improve business operations
  • Promotional actions
  • For personalized offers
  • To send newsletters
  • To prevent illegal actions


The legitimation of data processing is based on the following relevant provisions of the General Data Protection Regulation (GDPR) ΕU 2016/679 and the processing takes place only in case:

  1. a) the data subject has given his/her complicit consent to the processing of his or her personal data and/or
  2. b) processing is necessary for the performance of a contract and/or
  3. c) the processing is necessary for the compliance of the Hotel with one of its legal obligations and/or
  4. d) the processing is necessary for the purposes of the legitimate interests of the Hotel.

The data processing regarding special categories is carried out only in case:

  1. a) the data subject has given his/her complicit consent to the processing of his or her personal data and/or
  2. b) the processing is necessary for the performance of the duty and rights of the Hotel and/or
  3. c) the processing is necessary for reasons of substantial public interest regarding the public health.


Your personal data is not disclosed or transferred in any case to third parties except with your written permission or in case of law enforcement. Exceptions are cases in which, in order to fulfill our contractual and legal obligations, your personal data may be provided to our external partners (eg booking service providers, accounting services, information systems, payment card platforms and suppliers). The above external partners are bound by contractual confidentiality clauses and compliance with processing standards, in order to ensure sufficient assurances for the implementation of appropriate technical and organizational measures to protect your personal data.


Your personal data will be processed and stored as long as is necessary in order to fulfill our contractual and legal obligations. If the data collection was based on your consent it may be deleted at any time upon the revoke of your consent. At the end of the above time periods your personal information is deleted in such a way that it is not possible to restore or reconstruct this information.


According to the General Data Protection Regulation EU 679/2016, you have the following rights in terms of your personal data, which you could practice by contacting the Hotel, through the following contact/correspondence details and request the following:

  1. a) the right to request access to your Personal Data,
  2. b) the right to correct inaccurate data concerning you,
  3. c) the deletion of data concerning you, to the extent that it is no longer necessary in relation to the purposes for which it was collected or when there is no longer any legalization to be processed and if such action is not contrary to legal obligation, for reasons of public interest, or on the basis of legal claims,
  4. d) the limitation of the processing of your data, if it is based either on the questioning of the accuracy of the data, or on the exercise of legal claims, or on objections to the processing,
  5. e) the portability of data concerning you, i.e. the transmission of this data to another Controller. This action may be taken if the processing is based on your consent and is carried out by automated means, without prejudice that the processing is not based on the performance of a duty in the public interest or the exercise of official authority entrusted to the Data Controller,
  6. f) the exercise of the right to object to the processing of your data, which is based on the performance of a duty in the public interest or on a legitimate interest pursued by the Data Controller, unless the latter demonstrates compelling and legitimate reasons to the contrary,
  7. g) the withdrawal your consent, provided that your data is processed on the basis of your explicit consent.

In case it is necessary for your identity to be confirmed for the above requests, you may be asked to provide documentary evidence. Once the legality of the request has been verified, the Hotel shall respond within the period of one month provided by the law, after the receipt of your request and provide you with relevant information. Finally, you reserve the right to file a complaint to the competent Supervisory Authority (Hellenic Data Protection Authority) through the electronic platform:


This website may use cookies in order to facilitate its use and smooth operation. Cookies are small sets of data stored on electronic devices, which have access to the internet, allowing the website to operate smoothly and without technical anomalies, as well as to “remember” browsing actions and offer more convenient use. Cookies in no way can disclosure to us your identity. Once you have agreed to their use, they will analyze your web browsing and let you know about sites you have visited. Cookies help us to analyze data related to website traffic and to improve our website, in order to adapt it to the needs of visitors/users. Always reserve the option not to accept cookies or to make appropriate settings in your browser in order to reject them. However, you should be aware that such an action may prevent you from taking full advantage of the site.

Below are the different types of cookies that can be used on our website.

  • Strictly Necessary Cookies

Strictly Necessary Cookies are essential in order to enable you to move around the website and use its features. We use these Cookies to enable the services which you have specifically asked for.

  • Performance Cookies

Performance Cookies are Cookies which collect information on how visitors use a website, which pages visitors go to most. We use these Cookies to collect information regarding the length of visiting pages.

  • Functional Cookies

Functional Cookies are Cookies which allow the website to remember choices made by the user (name, address, language). We use these Cookies to remember choices made to improve our users experience.

  • Third Party Cookies

We may install third party cookies on our website. Third party cookies are cookies that are set by a domain other than the website that is being visited by the user. If a user visits a website and another entity sets a cookie through that website, this would be a third party cookie which serves most of the time commercial purposes.


Given the risks of varying severity and severity of the rights and freedoms of individuals, we take appropriate technical and organizational protection measures to prevent the unintentional loss, alteration, disclosure and use or access of your personal data in an unauthorized manner. Access to your personal data is restricted to only those employees and/or associates who are required to perform their duties. The above persons process your data exclusively in accordance with the instructions of the Data Controller (our Company) and undertake to comply with the relevant terms of confidentiality. Regarding payments that may be made by credit/debit card, we inform you that all data security standards in the payment card industry (PCI DSS) are met. In addition, procedures are in place to deal with any possible breach of personal data where the individual concerned and/or any competent authority will be notified, when deemed necessary in accordance with the applicable legal and regulatory framework.


Our website may contain links to enable you to visit other websites of interest easily. However, once you have used these links and leave our site, you should note that we do not have any responsibility. Therefore, we cannot be responsible for the protection and confidentiality of any information you provide during your visit to other websites, where you should review their respective Privacy Policy.


This Privacy Policy may be updated from time to time, subject to changes in the applicable legal framework, in order to fully comply with its requirements. It is recommended that you check this Policy frequently, so that you are informed in a timely manner of any changes that will take effect upon their posting on the Hotel website. The use of our website or any of our products and services, after the occurrence of any changes, considered an acceptance of the revised Privacy Policy.


For any clarification regarding this Policy or for the exercise of your rights you can contact us via the e-mail address: ‘’’’ or by sending a letter to the address Fira-Santorini-Greece Post Code 84700.