Last Updated: 19 November 2019

separator line

At Cori Rigas Suites, we are committed to protecting and respecting your privacy. Please read this policy as it contains important information about how we use and collect personal data that you provide to us, regardless of whether you use a computer, mobile phone, tablet or any other devise to access our Services. Additionally, this privacy policy applies to Services that are provided without the use of electronic means. 

Information & Consent

This privacy policy describes how we collect, use, process & disclose your information including personal information about you [the “Guest”], in conjunction with your stay in our “Hotel”.

When the policy mentions “the Hotel”, “Cori Rigas Suites”, “our”, “us”, it refers to the hotel registered as Cori Rigas Suites Fira 84700, Santorini [Thira], Greece.

The Guest must carefully read this Privacy Policy, which has been written clearly & simply, to facilitate its understanding and to freely & voluntarily determine whether they wish to provide their personal data, or those of third parties, to Cori Rigas Suites. This privacy policy also applies to our website, all websites, online applications & online & offline promotional actions by Cori Rigas Suites as well as any Service provided by us.

By reading this Privacy Policy, the Guest is hereby informed on how we collect, process & protect personal data. The policy may be amended from time to time. To ensure that are aware of any changes, please check this policy on a regular basis, especially before submitting a reservation request. By accessing or using our Services, you agree with the new practices contained in the update. 

Obligatory nature of providing the data

The data requested, are obligatory in order to comply with the Greek Law and allow us to provide with the services requested by the Guest, as well as collect payment for the services provided to the Guest.

Personal Data we collect & process

This will include:

•  Contact Details [e.g. surname, given name, passport / ID number, telephone, home address, e-mail]
    • Personal Data [e.g. date of birth, nationality, place of birth]
    • Billing Details [e.g. credit card number, VATnumber]
    • Date of arrival & departure, arrival/departure details, room number
    • Information provided directly by you
    • Questions & answers submitted during or after your stay in our Hotel

Third party data provided by the Guest

In the event that the Guest provided third-party data, they declare that they have the third party’s consent and undertake to provide the interested party –the date holder- with the information contained in this Privacy Policy, duly exonerating us and our data processor from any liability in this regard. However, we may carry out the necessary verifications to verify this fact, adopting the corresponding due diligence measures, in accordance with the data protection regulations.

Purpose of processing personal data

Depending on the Guests’ requests, the personal data collected will be processed in accordance with the following purposes:

    • To manage reservations & other hospitality services
    • To create & store legal documents in accordance with applicable law
    • To collect data to meet requests relating to your stay
    • To manage customer databases
    • To manage lists with customer’s personal data for operational purposes
    • To monitor the use of services [e.g. mini bar, room telephone, Wi-Fi access etc.]
    • To manage registration in loyalty programs, as well as obtaining special discounts & offers form the Hotel
    • To manage the Guest’s contact requests with the Hotel
    • To comply with the Greek & European law

Data Retention

We will retain your Personal Data for the period necessary to fulfill the purposes outlined in this Privacy Policy unless a longer retention period is required or permitted by law or if the Guest requests their withdrawal from us, opposes or revokes their consent.

The criteria used to determine our retention periods include:

    • The length of time we have an ongoing relationship with the Guest and provide the Services to him/her 
    • Whether there is a legal obligation to which we are subject [e.g. certain laws require us to keep records of your transactions for a certain period of time before we delete them]
    • Whether retention is advisable considering our legal position [such as, for statutes of limitations, litigation or regulatory investigations]

Data Disclosure

We will use the & disclose Personal Data as we believe to be necessary or appropriate:

    • To comply with the applicable law, including laws outside your country or residence
    • To comply with legal process
    • To respond to request from public & government authorities, including authorities outside your country of residence and to meet national security or law enforcement requirements
    • To enforce our terms & conditions as well as our policies
    • To protect our operations
    • To protect the rights, privacy, safety or property of our own, you or others and
    • To allow us to pursue available remedies or limit the damages that we may sustain

Third party access terms to your personal data

Cori Rigas Suites will not disclose your information to third parties for their own business or marketing purposes without your prior consent.

However, we may disclose your information to the following entities:

    • Business associates: We may share your information with trusted business associates after your request and with your prior consent [e.g. transfer service companies, restaurants, tour companies, rent a car companies etc.]
    • Service providers: We may also share your information with companies that provide services to our account or behalf [e.g. IT contractors, banks, credit card institutions, law firms, mail service companies etc.] 
    • Credit approval: Upon submission of a credit card approval claim, personal data are disclosed to designated third parties according to applicable legislation in order to decide on the credit approval and its subsequent level.

To provide you the best possible service, we allow access to your personal data to certain members of our personnel. This includes:

    • Hotel staff
    • Reservations department
    • IT department
    • Legal services department, if & when required
    • Medical services, if and when required

Exercise of rights

The Guest may contact us any time free of charge, to:

    • Obtain confirmation about whether or not personal data concerning the Guest are being processed by us.
    • Access their personal data
    • Rectify any inaccurate or incomplete data
    • Request the deletion of their personal data, when among other reasons, the data are no longer necessary for the purposes for which they are collected and retained
    • To confirm revocation of consent
    • To obtain from us the limitation of data processing when any of the conditions provided in the data protection regulations are met
    • To request the portability of your data

Payment Policy

NREF bookings are paid in full upon booking 

Cancellation Policy
    • If a reservation is cancelled 15 days prior to arrival, no fees will be charged
    • If a reservation is cancelled 14 days prior to arrival, on non-show or shorten of stay, 100% payment will be charged

Please note that NREF bookings are paid in full upon booking and no modification/cancellation is allowed after the day of booking.

Reservations Policy

In order to confirm your reservation, a preauthorization of the 1st night will take place, upon booking. A charge of the total amount will take place 14 days prior to arrival.

Transactions Safety

All payments made using the card are processed through the electronic payment platform of "Alpha e-Commerce" of Alpha Bank and uses TLS 1.2 encryption protocol encryption with 128-bit (Secure Sockets Layer - SSL). Encryption is a way of coding the information until it reaches its recipient, who will be able to decode it using the appropriate key.

Notice: We may refuse to handle requests that are repeated to an unreasonable degree, require disproportional technical effort, jeopardize the privacy protection of others or involve access that is not otherwise required by domestic law.

Go to top