PRIVACY POLICY

This Privacy Policy describes how Family Bikakis Rooms & Apartments, through the website familybikakis.com, collects, uses, stores and protects the personal data of visitors, guests and users of the website.

The protection of your personal data is important to us. All personal data is processed in accordance with the General Data Protection Regulation (EU) 2016/679 – GDPR and the applicable Greek legislation on personal data protection.

1. Data Controller

The data controller responsible for the processing of personal data is:

Family Bikakis Rooms & Apartments
Efedron Polemiston 1941, No. 21-31
73400, Kissamos, Chania, Crete, Greece
Phone: (+30) 6955 803 441
Phone: (+30) 28220 22 105
Email: [email protected]

2. What Personal Data We Collect

When you contact us, submit a booking request or use our website, we may collect the following personal data:

full name,
email address,
telephone number,
country or place of residence, if provided,
arrival and departure dates,
number of guests, adults or children,
preferences or special requests regarding your stay,
message content submitted through a contact form or by email,
information required to complete or manage a booking,
billing or invoicing details, where required by tax legislation.

We do not request sensitive personal data through the website, such as health information, religious beliefs or other special categories of data. If such information is voluntarily provided by a visitor as part of a special request, it will be used only for the purpose of handling that specific request.

3. Booking Data

When you submit a booking request or when we manage your stay, we may process personal data necessary for:

checking availability,
communicating with you,
confirming, modifying or cancelling a booking,
providing information about your stay,
issuing legal receipts, invoices or other documents, where required,
complying with obligations required by applicable law.

The information submitted by guests must be accurate and truthful, so that proper communication and service can be provided.

4. Purposes of Processing

Your personal data may be used for the following purposes:

to respond to communication requests,
to manage booking and availability requests,
to provide accommodation services,
to communicate before, during or after your stay,
to handle special guest requests,
to issue receipts, invoices or other legal documents,
to comply with tax, accounting or other legal obligations,
to protect the rights and legitimate interests of the business,
to improve our services and guest experience.

5. Legal Basis for Processing

Depending on the case, the processing of personal data is based on the following legal grounds:

Performance of a contract or pre-contractual steps: for managing booking requests, availability enquiries and the provision of accommodation services.
Legal obligation: for complying with tax, accounting or other obligations required by law.
Legitimate interest: for website security, communication management and the protection of the business from malicious or abusive use.
Consent: where required, for example for optional cookies, newsletters or other optional processing activities.

6. Contact Forms and Email Communication

When you complete a contact form or send an email to [email protected], the information you provide is used only to respond to your request and assist you.

Messages may be retained for a reasonable period of time so that we can follow up on communication, respond to future enquiries and protect the legitimate interests of the business.

7. Sharing Personal Data with Third Parties

Your personal data is not sold, rented or shared with third parties for commercial purposes.

However, your data may be shared with partners or service providers only where necessary for the operation of the business or the website, such as:

website hosting and technical support providers,
email and communication service providers,
accountants or tax consultants, where required,
booking system providers, if used,
public authorities, where required by law.

Our partners process personal data only to the extent necessary to provide their services and are required to apply appropriate security and confidentiality measures.

8. International Data Transfers

Some third-party services, such as email services, analytics tools, maps or technical tools, may process data outside the European Economic Area.

In such cases, we take appropriate measures to ensure that the processing is carried out in accordance with GDPR requirements and that suitable safeguards are applied where required.

9. Data Retention Period

Personal data is kept only for as long as necessary for the purposes for which it was collected, unless a longer retention period is required by law.

Contact requests are kept for a reasonable period of time.
Booking details are kept for as long as necessary to manage the booking and serve the guest.
Tax and accounting records are kept for the period required by applicable legislation.
Cookie consent data is retained according to the settings of the cookie consent mechanism.

10. Security of Personal Data

We take appropriate technical and organisational measures to protect personal data from unauthorised access, loss, alteration, disclosure or destruction.

These measures may include secure SSL connection, restricted access to data, technical website protection and the use of reliable hosting and communication providers.

11. Cookies and Similar Technologies

The website uses cookies and similar technologies for its proper operation, to improve user experience and, where consent is provided, for analytics or other optional purposes.

For more information about the use of cookies, please refer to the website’s Cookies Policy.

12. User Rights

Under the GDPR, you have the following rights regarding your personal data:

the right to access your personal data,
the right to correct inaccurate or incomplete data,
the right to request deletion, where permitted by law,
the right to restrict processing,
the right to object to processing,
the right to data portability, where applicable,
the right to withdraw consent, where processing is based on consent.

To exercise your rights, you may contact us at [email protected].

13. Right to Lodge a Complaint

If you believe that the processing of your personal data violates applicable data protection legislation, you have the right to lodge a complaint with the competent supervisory authority.

In Greece, the competent authority is the Hellenic Data Protection Authority.

14. Links to Third-Party Websites

The website may include links to third-party websites, such as social media platforms, maps or external services. We are not responsible for the privacy policies, content or practices of these third-party websites.

15. Changes to This Privacy Policy

This Privacy Policy may be updated from time to time in order to reflect changes in the operation of the website, the services of the business or applicable legal requirements.

We recommend that you review this page periodically for any updates.

16. Contact

For any questions regarding this Privacy Policy or the processing of personal data, you may contact us:

Last updated: April 2026