BOOK NOW

Privacy Statement

Introduction – Data Controller

Welcome to SUNROCKS SANTORINI 's Privacy Policy (hereafter "Policy").

The website located at www.sunrockssantorini.com (hereafter the "Website") is owned and operated by THE SUITE HOTEL GROUP SINGLE MEMBER P.C. (Firostefani Thira Cyclades| Contact Telephone: (+30) 30.22860 23991,| info@sunrockssantorini.com.), (hereinafter “ SUNROCKS SANTORINI” "Company", "we", "us").

The purpose of this Policy is to explain to you:

 

  • What data belonging to you do we collect and process;

  • What are the purposes for which we process them, and which is the legal base for the processing;

  • Who are the recipients of your data;

  • How long do we keep your data; and

  • What are your rights regarding your data and how you can exercise them.

SUNROCKS SANTORINI respects the privacy of its website visitors but also those who want to communicate via this Website and/or through email or telephone and complies with all the requirements of the European Regulation EU 679/2016 (hereinafter referred to as "GDPR") and of the applicable national legislative framework regarding Data Protection.

The term "personal data", as used in this Policy and in accordance with the applicable legislative framework, refers to natural person's information, such as full name, telephone number and e-mail address, which directly or indirectly identify you (hereinafter referred to as "Personal Data" or "Data").

You, as visitors, users, customers, prospective clients are called "data subjects" while SUNROCKS SANTORINI is the "controller" of your Personal Data.

“Processing of Personal Data” means any operation or set of operations which is performed upon personal data or sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.


 

Basic principles for processing of your Data

We undertake to process your data in a fair and transparent manner, in accordance with the applicable legislative framework and in particular the General Data Protection Regulation. What does this mean in practice:

- We collect and process your Data only for specified, explicit, and legitimate purposes. - We collect and process only the Data that is necessary for the purposes we set.

- We make every effort to ensure that your data is accurate, providing you, where appropriate, the opportunity for correction and/or deletion.

- We retain your Data for a limited time, which is considered as necessary either by law or by our corporate policy for the fulfillment of the processing purposes.

- We make every effort to ensure the security of your data from unauthorized or unlawful processing as well as from accidental loss, destruction or deterioration.

 

 

Categories & Purpose of Personal Data Processing (Data Processor)

Our online platform constitutes an "electronic space" where we present our corporate activity, our provided services and our high-quality products and services. Our goal is to make our products and services known through this Website and to establish an easier way to communicate with our customers and prospective customers over the internet.

The current legislative framework requires that we have a legal basis for processing your Personal Data. In general, this will be one or a combination of the following:

- processing is subject to your consent;

- processing is necessary to carry out a contract with you;

- processing is necessary to perform a legal obligation to which our company is subject; and

- to pursue the legitimate interest of the company unless such interests violate any of your interests or your fundamental rights and freedoms.

You can visit and browse our Website without disclosing any of your Personal Data. However, if you would like to contact us via the contact form of this Website, you will be asked for personal information such as your name, your e-mail address, your phone number.

The data requested in the forms accessible from the booking engine are, in general, mandatory (unless specified otherwise in the required field) to meet the stated purposes. Accordingly, if they are not provided or are not provided correctly, we will be unable to process the request.

Additionally, in order to book accommodation through our website, we may collect and process the following data:

  • personal information about you which we ask you for(e.g. your name, address, and email address) when you make a booking from our booking engine;

  • financial details in order to process your booking when we require pre-payment;

  • details of transactions you carry out through our booking engine and details of the fulfilment of your orders.

  • our data processor may only collect and process personal data collected and/or processed on behalf of us in accordance with our instructions. WebHotelier cannot process it in any other way or for any other purpose.

DATA PROCESSOR:

Our booking platform is powered by https://www.webhotelier.net/ .

WebHotelier operates this booking system on behalf of ΤΗΕ SUITE HOTEL GROUP SINGLE P.C.. and is committed to protecting the privacy of the users of this system. WebHotelier details:

Revplus Hellas S.A., 5TH km Rhodou-Lindou Ave, 85100 Rhodes, Greece

For the purposes of the GDPR, where WebHotelier processes your personal data on behalf of ΤΗΕ SUITE HOTEL GROUP SINGLE P.C. WebHotelier is the the Data Processor. When this notice mentions “data processor,” “processor,” “WebHotelier,” it refers to WebHotelier Technologies Ltd.

WebHotelier is a certified PCI-DSS Level 2 Service Provider audited monthly by Trustwave.

The User may read the Privacy Policy of webhotelier or contact WebHotelier's Data Protection Officer: dpo@webotelier.net

We grant permission to our data processor:

  • to use your personal information for reserving rooms and/or other services for you at ΤΗΕ SUITE HOTEL GROUP SINGLE P.C..;

  • to pass on your financial details to ΤΗΕ SUITE HOTEL GROUP SINGLE P.C.. and/or appropriate third party (for example, credit card company) for the purpose of confirming or paying for a booking;

  • to use your information for marketing purposes (where you explicitly agree to this); and

  • to pre-complete forms and other details on our website to make your next visit to our booking engine easier (e.g. when amending or cancelling a booking).

Social Login:

In the event of registration and/or access through a third-party account, we may collect and access certain information of the User’s profile from the corresponding social network, solely for internal administrative purposes and/or for the purposes indicated above.

Third-party data (e.g. book for a friend)

In the event that the User provides third-party data, they declare that they have the third party’s consent and undertake to provide the interested party -the data holder- with the information contained in this Privacy Notice, duly exonerating us and our data processor from any liability in this regard. However, we may carry out the necessary verifications to verify this fact, adopting the corresponding due diligence measures, in accordance with the data protection regulations.

Sensitive Data

Unless specifically requested, we ask that you not send us, and you not disclose, on or through the Services or otherwise to us, any Sensitive Personal Data (e.g., social security numbers, national identification number, data related to racial or ethnic origin, political opinions, religion, ideological or other beliefs, health, biometrics or genetic characteristics, criminal background, trade union membership, or administrative or criminal proceedings and sanctions).

 

Furthermore, certain areas in our Website may provide connection to social media platforms by using the appropriate social media plug in (e.g. Facebook, LinkedIn, Instagram, You Tube). During the access in our page via a social media account, SUNROCKS SANTORINI can (based on the current privacy settings of the users) automatically have access to the information provided by you on the relevant social media platforms. SUNROCKS SANTORINI can use this information as part of its corporate activity, and more specifically to provide information about products and services and to communicate with you by responding to the messages you send us. Your consent constitutes the legal basis for the processing whereof. You provide your consent by pressing like/follow on our page and you can withdraw it just as easily, in exactly the same way by clicking unlike/unfollow. SUNROCKS SANTORINI is not responsible for the way or means in which the social media platforms process your data. You can read the Privacy Policy for LinkedIn, Instagram, Facebook and You Tube for more information.

 

SUNROCKS SANTORINI processes your Personal Data for the following purposes:

  • in order to serve your requests (e.g. to provide you with information about our products and services) and to communicate with you;

  • to serve our contractual relationship;

  • to communicate with you for the purpose of planning a face to face meeting;

  • to comply with legal and regulatory obligations.

  • To manage the bookings made, including payment management (where applicable) and the management of the user’s requests and preferences.

  • To manage registration in loyalty or membership programs, as well as obtaining and redeeming points.

  • To manage the User’s contact requests with us through the channels provided to this end.

  • To manage the sending of personalised commercial communications from us, by electronic and/or conventional means, in cases in which the User expressly consents.

  • To manage the provision of the contracted accommodation service, as well as additional services.

  • To manage surveys and/or evaluations regarding the quality of the services provided by us and/or the perception of its image as a company.


 

Recipients of your Data

Your Personal Data will be disclosed to third parties acting on our behalf for the purpose of further processing according to the purpose(s) for which they were originally collected or may be lawfully processed, such as the provision of services, the evaluation of this Website’s utility, marketing, data management or technical support. Examples of recipients: SUNROCKS SANTORINI’s subsidiaries worldwide, authorized staff of SUNROCKS SANTORINI within its duties and under confidentiality obligations, our external partners, our suppliers and any third-party service provider.

The aforementioned third parties have agreed and committed contractually with us and have undertaken the obligation of confidentiality and lawful processing in order to process your Personal Data only for the agreed purpose and in accordance with applicable laws on the Protection of Personal Data.

Additionally, we may disclose your Personal Data to the competent Supervisory and Independent Administrative Authorities in case there is a request or a need to do so in accordance with the applicable law. Your Personal Data collected by us will not be disclosed to third parties for marketing and advertising purposes.

 

 

Transfer of data abroad

The Personal Data collected by SUNROCKS SANTORINI is processed and stored in countries within and outside the European Union. Your Personal Data may be accessible both within the  THE SUITE HOTEL Group and to third parties providing services to us which are located in countries outside the EU. In these countries, the same data protection framework may not apply in the country of origin of your Personal Data. If we transfer your Personal Data to these third countries, we guarantee that we will take appropriate measures to protect your personal data in accordance with this Policy and the applicable data protection laws.

 

 

Time limit for the retention of your Personal Data

We retain your data for as long as it is required for providing services to you and for the fulfillment of obligations arising from the applicable tax, community and other applicable laws, including the legislation regarding Data Protection. After the fulfillment of these obligations, your Data is permanently deleted in a secure manner without the possibility of retrieval.

The criteria used to determine our retention periods include:

  • The length of time we have an ongoing relationship with you and provide the Services to you (for example, for as long as you have an account with us or keep using the Services or if you have a booking that has not yet been fulfilled)

  • Whether there is a legal obligation to which we are subject (for example, certain laws require us to keep records of your transactions for a certain period of time before we can delete them)

  • Whether retention is advisable considering our legal position (such as, for statutes of limitations, litigation or regulatory investigations)

 

 

Cookies

Periodically, some pages in this site may use cookies, which are text files that contain information stored on your device (such as a hard drive, browser, etc.) when you visit a site. Cookies make it easy for you to browse the various websites, remember your preferences and generally improve the experience of the user. For more information on the cookies of this Website, you can see the relevant policy here. https://www.sunrockssantorini.com/cookie-statement/

 

Security of your Data

SUNROCKS SANTORINI has implemented the necessary and appropriate organizational and technical measures in order to secure and protect your Data from any form of accidental or fraudulent processing, loss or unauthorized use, both at level of physical and reasonable security.

However, confidentiality of personal information transmitted over the Internet is not guaranteed. SUNROCKS SANTORINI urges you to pay special attention when disclosing personal information over the Internet, as we cannot absolutely guarantee that unauthorized third parties will not gain access to your personal information.

Our Website may contain links to other third party websites that may have privacy policies and terms of use different than those of SUNROCKS SANTORINI. SUNROCKS SANTORINI does not control third-party sites or their content, and this Policy does not apply to other websites. We do not take responsibility for the policies or processing of your Personal Data from sites linked to or from our site as we do not control their privacy practices. We recommend you on reviewing third-party privacy practices before using them.

 

 

Your rights regarding your Personal Data

Based on the General Data Protection Regulation, you have a series of rights in relation to the processing of your data on behalf of SUNROCKS SANTORINI .

In particular, you have the following rights:

  • Right to access, i.e. by submitting your request to be informed if we are processing Data and, if so, what kind are they, and to some other information, such as the purpose of processing, the recipients etc.,

  • Right to rectification, i.e. to request the correction or completion of your data;

  • Right to deletion, i.e. to request, on certain conditions, the deletion of your Data;

  • Right to restrict the processing, which means, to ensure, on certain conditions, the limitation of the processing of your Data on our behalf;

  • Right to objection/withdrawal of your consent, i.e. to oppose at any time to the processing of your Data,

  • Right to Data portability, i.e. to request the data you provided to us in a structured, commonly used and machine-readable format, if this is technically feasible under the provisions of the GDPR.

 

For any request and exercise of a right, in relation to your Personal Data, you can email us at: info@sunrockssantorini.com,

We will work towards this to provide the requested information or make the necessary changes to the extent permitted by the applicable laws regarding Data Protection. In any case, we will respond within thirty (30) days in order to inform you about the outcome of your application. If your request is complex or there is a large number of requests, we will notify you within one month if we need to take an additional two (2) months extension within which we will respond to you.

If we do not reply in time to your request or if your request is rejected in whole or in part and/or you believe that your rights and freedoms are being violated with respect to the processing of your Personal Data, you have the right to submit a complaint to the competent Supervisory Authority (Hellenic Data Protection Authority | 1-3 Kifissias Str.| P. O. 115 23 | Athens | Tel. +30 210 6475600 | email: contact@dpa.gr).

 

Our policy for children

We are committed to protect children's Personal Data. You should be aware that the Website's content and services are not intended or designed to attract children under the age of 18. Personal data should not be submitted to SUNROCKS SANTORINI through the Website by guests under the age of 18. In case we notice that a user under the age of 18 has voluntarily provided Personal Data or that a person has voluntarily provided Personal Data regarding a child identified as being under 18 without the expressed or approved consent of his guardian we will proceed immediately , with a relevant notice or request, to the deletion of these Data in accordance with the policy of deletion.

 

Applicable law

We process your Data in accordance with the General Data Protection Regulation 2016/679/EU and generally in accordance with the current national and European legislative and regulatory framework for the Protection of Personal Data. The Courts of Naxos island of Greece are competent for any disputes that may arise from issues concerning your Personal Data.

 

Modification of this Policy

We update this Policy if and when necessary. If there are any significant changes in the Policy or in the way we use your Personal Data, we will post on our Website the update of this Policy, before the changes come into force and we will notify you in any appropriate manner. We recommend you to read this Policy on regular basis in order to stay informed about the way your Data is protected.

 

Further information

If you have any questions or queries about this Policy or any claim regarding the protection of your Personal Data in general, please email us at info@sunrockssantorini.com. You can also contact us: Firostefani Thira Cyclades| Contact Telephone: (+30) 30.22860 23991

Sun Rocks Boutique Hotel
84 700, Firostefani,
Santorini, Greece
T: +30.22860 23991,
& +30.22860 23241
e-mail: info@sunrockssantorini.com
FOLLOW US

© 2026 Sun Rocks Boutique Hotel. All rights reserved. | Privacy Policy