Privacy Policy

Data protection

Privacy Policy

Fernando Rooms respects the importance of the proper collection, preservation, processing and storage of personal data of customers and visitors/users of its website and expressly states that it guarantees all the guarantees of safe management and protection of individuals against processing. Of personal data, in compliance with what is defined in the European Regulation no. 2016/679 (GDPR) and in national and EU legislation currently in force or in force in the future.

Fernando rooms are committed to keeping personal data safe and secure.

Below you will find information about what personal data we collect, process and store and why.

Only people aged 18 and over can give their consent. If you are under 18 (minor), please do not make any reservations and/or do not post any information on our website.

These terms are subject to change. It is your responsibility to refer to the Terms of Use of the website and our businesses Protection Policy at regular intervals.

For all the services provided by our company, the ‘Responsible Processor’ of your Personal Data is Stavroula Christaki, as legally represented, with Tax Identification Number 150453018 and registered office at Orfaniou Beach, Kavala, 64008.

How we use your personal information (name, address, telephone,

e-mail, your ID or passport details and your debit or credit card details)

We collect, store and use the Personal Data (IP address, cookies, name, contact details, etc.) that concern you, when you visit this website and when you use our services (room reservation). Through our website, or through your physical presence at the reception of our business, or by e-mail (e-mail) or by phone as well as when you contact us by phone, e-mail or through the contact form we maintain on our website or even when you want to send us information by otherwise (e.g. mail) and therefore you forward your data to us for this purpose.

Every transaction with Fernando Rooms requires the collection of personal information. By submitting, sending by e-mail or by mail your personal data, you consent to using this data by our staff and us for the purposes outlined in this Privacy Policy.

The collection, processing and storage of this data are done, as the case may be, in accordance with the current national and EU legislation and this privacy policy and always in accordance with your consent, which you may revoke at any time.

How do we use them? Why;

To provide you with the services you request, e.g. in relation to your reservation whether it is done by phone or via e-mail   

We must know that your data are correct to provide you with the best possible service.

To send messages by e-mail (e-mail) or by personal message (SMS)

So we can contact you in case:

we need to inform you about any changes or questions about your stay

We can inform you about any offers/news about our business if you have explicitly agreed to receive such information.

For your debit/credit card details or other means of payment 

For accounting, billing and auditing purposes, as well as to detect or prevent fraud.

For reasons of safety, health, prevention and detection of criminal acts or to comply with a legal obligation        

To prevent and detect criminal acts either against you or against our business or comply with our statutory obligations to the Authorities (eg Tourist Police).

For administrative and legal purposes For statistical analysis and marketing analysis, systems testing, customer research, maintenance and development, and resolving disputes and/or claims.

We may create data profiles with the data we collect from you for statistical and marketing analysis purposes to remain competitive.

How we further use our customers’ personal data

Categories of personal data Why?

Nationality, date of birth, sex          

For reasons of statistical analysis and marketing analysis in the context of possible profiling

Your contact history with Fernando’s rooms for rent

For example, what we discussed over the phone, via e-mail or Facebook, etc.

For the service of our customers before, during and after the execution of their reservation in our business

 For the correct execution of your reservation and to enjoy the best possible consumer experience

For the training of our staff, so that every time you contact us, you enjoy the best possible service

Information you give us when you browse our website (IP address) and data related to your location, in case you wish to share it with us.

To improve our website and offer you personalized options (such as language selection).

To enjoy the best possible shopping experience

To protect our website

To prevent and detect criminal acts either against you or against our company & to comply with our obligation to collect safely, process and maintain your data

You are not required to provide us with any personal data – information from the above. But do not, to the extent that this is necessary. It will not be possible to provide you with the services you desire and enjoy the best possible consumer experience that our business can offer you. However, if you choose it, we will respect it completely.

Transfer of personal data to third parties

Our company expressly states that it will not make any illegal or improper use of your data and does not transfer in any way and for any reason to any third party personal data and information of users/visitors/customers.

However, we may share your data, which you have given us with your express consent, with the third parties exclusively for the purposes set out below, always provided that your personal information is not subject to any unlawful processing:

Third parties to whom data may be transmitted    

Banking and financial institutions

To facilitate and adequately execute your payments to us.

For the security of your transactions

To prevent, detect and monitor any criminal activity

Professional lawyers and consultants and law enforcement agencies        

To exercise our legal rights arising from the improper execution of the relationship and/or contract between us

Government Authorities      

For the compliance of our business with legal requirements

Promotional / advertising messages

Provided that we have received your prior consent and if you have not revoked it, we have the right to send you, promotional/promotional content messages, either by e-mail (e-mail) or by personal message (SMS). The reasons to do so are to inform you about our business’s new and time-to-time offers and promotional packages.

How to stop receiving promotional / advertising messages from our business

You can stop receiving promotional / advertising messages at any time, a) either by stating it at the time of your booking, b) or by clicking on the ‘unsubscribe’ link which you will find in every e-mail you receive from our hotel, or c) by contacting us at stating that you no longer wish to receive such messages.

As soon as our business receives your request, it will process it in any of the above ways, and you will stop receiving this kind of electronic mail (e-mail).

Storing your data

Our business states that it retains the personal data that the customers or the users of the website have disclosed, for as long as necessary to offer you our services, taking into account the quantity, nature and sensitivity of personal data, the purposes for which we process them and the ability to achieve those purposes by other means. In any case, we undertake to delete from the online storage sites within ten days of receiving a copy of your legal documents required for the contactless Check-in process.

To the extent deemed reasonably necessary, the business has the right to keep your data stored, even if it is no longer required to provide our services. This happens due to our legal compliance, or for the future resolution of disputes or to prevent prevention and detect criminal acts,

In particular, we retain a part of data necessary for our compliance with our legal obligations. The retaining period’s duration is at least for ten (10) years after the end of the services we offered to you in our business or for as long as defined by legislation changes. Once we have received your request to delete your data and if one of the reasons given below and described only (in the ‘your rights’ section) applies, we will delete it securely as soon as possible to not be restored or reconstruct the deleted data.

Over time, we look at whether we can keep them anonymous so that they can no longer relate to you and/or identify you. In this case, we may use your data without further notice.

 Your rights

You have several rights over your data, which you have disclosed to us. Analytically:

  • The right to be informed about how our company collects, processes, maintains and stores your data (see above!)
  • The right to access at any time the personal data, data and information that you yourself have disclosed to our company
  • The right to ask us to correct – in case it is not accurate – the data that our company maintains for you and the right to modify any information regarding your data
  • The right to ask us to delete the personal data that our company holds about you. In this case, our company is obliged to delete your data, without undue delay, and will do so if one of the following reasons applies only:

(a) personal data are no longer necessary in connection with the purposes for which they were collected by our company or otherwise processed;

  1. b) revoke your consent for the collection, processing and storage of your data by our company, and there is no other legal basis for the processing and to the extent that there is no such lawful basis;
  2. c) you oppose the processing of your data, and there are no compelling and legitimate reasons for the processing

(d) personal data have been processed unlawfully;

  1. e) personal data must be deleted to comply with a legal obligation under national and EU law to which our business is subject
  2. f) personal data have been collected to provide information services directly to a child, as mentioned explicitly in no. 8§1 of the GCPD (greek αρ. 8§1 του ΓΚΠΔ)
  • The right to stop receiving promotional / advertising messages from our company, either through your account or through the ‘unsubscribe’ link, which is in every relevant e-mail you receive from our company
  • The right to receive the personal data you have provided to our company, in a structured, commonly used and machine-readable format, and the right to transfer this data to another processor (portability right).

Suppose you wish to exercise any of the above rights. In that case, we will need specific information about you, to confirm your identity, so your data is not disclosed to any person who does not have the right to receive them.

You will not have to pay any fees or commissions to exercise your above rights. We undertake to immediately satisfy your respective request if it is possible and legal.

If you wish to exercise any of these rights, you must submit an electronic request form to our e-mail address or contact us by post.

If you exercise any of the rights mentioned above, we will take every possible measure to satisfy your request within thirty (30) working days of receiving your request. In any case, we will inform you immediately about your request progress or the objective reasons that prevent its competence.

If you feel that your data’s protection is in any way, affected you can approach the Data Protection Authority. But before you do that, try to contact our company by using the contact details listed in this Privacy Policy and the contact details on the page “contact”.  To manage your concerns, you can also appeal to the Personal Data Protection Authority, if you wish, using the following contact details:


Postal Address: 1-3 Kifissias Avenue, PC 115 23, Athens

Call Center: +30 210 6475600

Fax: +30 210 6475628


Security of your data

The data you provide to us is protected by SSL (Secure Socket Layer) technology. SSL technology is the basic method of encryption of personal information and credit card details, to ensure their secure transfer over the Internet. All payment information is transferred via a secure SSL connection to a dedicated network infrastructure (Multiprotocol Label Switching – MPLS) and stored in accordance with the Payment Card Industry Data Security Standards (PCI DSS).

We may disclose your information to trusted third parties for the purposes set out in this Privacy Policy. We require all third parties to have the appropriate technical and operational security measures in place to protect your personal data, in accordance with national and European Privacy Policy, as applicable.

Applicable law – Jurisdiction

In case of any disputes that will arise from the application and/or interpretation of these terms and provided that the amicable/compromise settlement is fruitless are governed by Greek law, and Kavala’s courts are exclusively competent.

Visit us on Facebook