Privacy Policy

Effective Date: 17 April 2026

This Privacy Policy explains how ΣΠΥΡΙΔΩΝ ΝΙΚΟΛΑΟΥ & ΣIΑ Ο.Ε., operating the website thelia.gr for Thelia Mare, collects, uses, stores, and protects personal data.

1. Data Controller

The data controller for the processing of personal data through this Website is:

ΣΠΥΡΙΔΩΝ ΝΙΚΟΛΑΟΥ & ΣΦΑ Ο.Ε.
Legal form: General Partnership (O.E.)
VAT Number (ΑΦΜ): 801218850
Tax Office: Igoumenitsa Tax Office
GEMI Number: 152012928000
Registered Address: 7th km Igoumenitsa – Preveza, Greece
Email: spinikolaou@hotmail.com
Telephone: +30 697 4959839

2. What Personal Data We Collect

a. Booking Inquiry Form

When you submit a booking inquiry, we may collect:

  • full name;
  • email address;
  • mobile phone number;
  • selected villa;
  • number of adults;
  • number of children;
  • any additional information you choose to include in your message.

b. Contact Form

When you use the contact form, we may collect:

  • full name;
  • email address;
  • the content of your message.

c. Technical and Usage Data

When you visit the Website, certain technical data may be collected through cookies and analytics technologies, such as:

  • IP address;
  • browser type and device information;
  • approximate geolocation derived from IP;
  • pages visited, session information, and interaction data;
  • referring source and general usage metrics.

3. How We Collect Your Data

We collect personal data:

  • directly from you when you submit a form on the Website;
  • automatically through cookies and similar technologies, subject to applicable consent requirements;
  • through embedded or third-party services used on the Website, such as analytics or maps.

4. Purposes of Processing

We process your personal data for the following purposes:

  • to respond to booking inquiries and contact requests;
  • to communicate with you regarding requested information or availability;
  • to manage and store submitted inquiries within our email systems and website database;
  • to operate, secure, maintain, and improve the Website;
  • to understand Website usage and performance through analytics;
  • to comply with legal obligations or to establish, exercise, or defend legal claims.

5. Legal Bases for Processing

We process your personal data on the following legal bases, as applicable:

  • Pre-contractual steps at your request: when you submit a booking inquiry or request information about villa availability or services.
  • Legitimate interests: for managing communications, ensuring website security, maintaining records of inquiries, and improving our services, provided such interests are not overridden by your rights and freedoms.
  • Consent: where required, particularly for non-essential cookies, analytics cookies, or similar technologies.
  • Legal obligation: where processing is necessary to comply with applicable law.

6. Cookies and Analytics

The Website uses cookies and similar technologies. Some cookies are strictly necessary for the Website to function, while others, such as analytics cookies, may require your prior consent depending on how they are configured and used.

The Website currently uses a cookie consent management tool and may use Google Analytics (GA4) as described in our Cookies Policy.

7. Recipients of Personal Data

Your personal data may be accessed by or disclosed to:

  • the owners/authorized personnel of ΣΠΥΡΙΔΩΝ ΝΙΚΟΛΑΟΥ & ΣΙΑ Ο.Ε.
  • website administrators or technical service providers assisting with hosting, maintenance, and support;
  • the Website platform/database environment, including form submission storage within Elementor;
  • email service providers used to receive and store inquiry communications;
  • analytics or cookie-management providers, where applicable and lawfully enabled;
  • competent public authorities, courts, regulators, or legal advisors where required by law or necessary for legal claims.

We do not sell your personal data.

8. International Transfers

Some third-party providers used through the Website may process data outside the European Economic Area. Where such transfers take place, we will seek to ensure that they are subject to appropriate safeguards in accordance with applicable data protection law.

9. Data Retention

We retain personal data only for as long as necessary for the purposes described in this Policy.

Unless a longer retention period is required or justified by law, tax/accounting obligations, dispute handling, or legal claims, we generally apply the following approach:

  • booking inquiries and contact form submissions: up to 12 months from the last relevant communication;
  • website database entries related to submitted forms: up to 12 months, unless earlier deletion is appropriate;
  • technical logs, security records, and cookie-related data: for the period necessary for operational, security, and analytics purposes, subject to the settings of the relevant systems and providers.

If further communication leads to a reservation or contractual relationship in the future, relevant data may be retained for a longer period as necessary for that relationship and any legal obligations connected with it.

10. Your Rights

Under applicable data protection law, including the GDPR, you may have the right to:

  • be informed about how your personal data is processed;
  • request access to your personal data;
  • request rectification of inaccurate or incomplete data;
  • request erasure of your personal data in certain circumstances;
  • request restriction of processing in certain circumstances;
  • object to processing based on legitimate interests;
  • request data portability, where applicable;
  • withdraw your consent at any time, where processing is based on consent.

11. How to Exercise Your Rights

To exercise any of your rights or for any privacy-related question, please contact us at:

Email: spinikolaou@hotmail.com
Telephone: +30 697 4959839

We may ask for reasonable proof of identity before responding to your request, where necessary to protect personal data.

12. Right to Lodge a Complaint

If you believe that your personal data has been processed unlawfully, you have the right to lodge a complaint with the competent data protection supervisory authority.

For users in Greece, this is generally the Hellenic Data Protection Authority (HDPA).

13. Data Security

We take reasonable technical and organizational measures to protect personal data against unauthorized access, loss, misuse, alteration, or disclosure. However, no method of internet transmission or electronic storage is completely secure, and absolute security cannot be guaranteed.

14. Children

This Website is not directed to children, and we do not knowingly collect personal data from children through the Website forms as a primary target audience.

15. Third-Party Services

The Website may contain or rely on third-party services, including:

  • Google Analytics (GA4);
  • Google Maps or navigation-related map services;
  • Complianz or a similar consent management platform;
  • hosting, email, and website support services.

Such third parties may process data according to their own privacy notices and terms, where applicable.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with a revised effective date.

17. Contact

For any questions about this Privacy Policy or the processing of personal data, please contact:

ΣΠΥΡΙΔΩΝ ΝΙΚΟΛΑΟΥ & ΣΙΑ Ο.Ε.
Email: spinikolaou@hotmail.com
Telephone: +30 697 4959839

Close