Privacy

Privacy Policy

Last updated May 2026

Ammosphere (“we”, “us”, “our”) respects your privacy. This policy explains what personal information we collect when you visit ammosphere.gr or stay with us, how we use it, who we share it with, and the rights you have under the EU General Data Protection Regulation (Regulation 2016/679, “GDPR”) and Greek law (Law 4624/2019).

1. Who we are

Ammosphere operates four self-catering houses at Ammolofoi, Nea Peramos, Kavala 64007, Greece. For any privacy-related question or to exercise your rights, please contact our data controller at hello@ammosphere.gr.

2. Information we collect

  • Booking & stay data — name, email, phone, postal address, payment data, ID/passport details (where required by Greek law), arrival/departure dates, party composition, accessibility needs, special requests.
  • Contact form data — anything you submit via the website contact form, delivered via the Brevo transactional email service.
  • Newsletter data — name and email if you opt in.
  • Browser data — IP, device, OS, browser, pages visited, time spent. Collected via privacy-respecting analytics.
  • Cookies — see section 7.

3. Why we process your data

  • To fulfil your booking and stay (Art. 6(1)(b) GDPR — performance of contract).
  • To meet legal obligations, including guest registration with Greek authorities and tax records (Art. 6(1)(c) GDPR).
  • To answer your enquiries via the contact form (Art. 6(1)(b) GDPR).
  • To send you our newsletter, only with your explicit consent (Art. 6(1)(a) GDPR). Withdraw any time via the unsubscribe link.
  • To improve the website via aggregated analytics (Art. 6(1)(f) GDPR — legitimate interest).

4. Who we share data with

We do not sell your data. We share it only with carefully selected processors, all bound by data-processing agreements:

  • Booking engine — for online reservations.
  • Brevo (Sendinblue SAS, France) — transactional and marketing email.
  • Google Maps (Google Ireland Ltd.) — embedded map.
  • Google Fonts (Google Ireland Ltd.) — typography.
  • Hosting provider — site & database, located within the EU.
  • Greek authorities — guest registration data as required by law.
  • Booking partners (where applicable) — only the data needed to fulfil reservations.

5. International transfers

Some processors (notably Google) may transfer data outside the European Economic Area. Such transfers are governed by Standard Contractual Clauses approved by the European Commission, supplemented by additional safeguards where needed.

6. How long we keep your data

Data Retention
Booking & stay records 10 years (Greek tax requirement)
Contact form messages 2 years from last contact
Newsletter subscription Until you unsubscribe
Web analytics 14 months
Server / security logs 30 days

7. Cookies

  • Strictly necessary — for the site to function (session, language, WPML switcher). No consent required.
  • Functional — remember non-essential preferences. Set only with consent.
  • Analytics — aggregate visitor traffic. Set only with consent. We do not use cookies for advertising.

8. Your rights

Under GDPR you can, free of charge: access, rectify, erase, restrict or object to processing, request portability, or withdraw consent. To exercise any right, write to hello@ammosphere.gr. We respond within 30 days. If unsatisfied, you may complain to the Hellenic Data Protection Authority — www.dpa.gr.

9. Security

HTTPS encryption across the site, secure password hashing, access limited to staff who need it. Payment data handled by PCI-DSS-compliant processors; we never store full card details.

10. Children

Our services are not directed at minors. We do not knowingly collect data from anyone under 16 without verifiable parental consent.

11. Updates to this policy

We may revise this policy from time to time. The “Last updated” date at the top reflects the most recent revision.

12. Contact

For any privacy-related question, write to hello@ammosphere.gr.