Website Privacy Policy

Each time you use you are bound by the applicable Privacy Policy, therefore, you should read this text carefully each time you use this website and make sure that you accept it. If you do not agree to the terms you may not use our website.

We attach great importance and fully respect the confidentiality and confidentiality of your personal data. For this reason, we have invested time and resources in full compliance with the current national, European and international legal framework and in particular with the General Data Protection Regulation 679/2016 of the European Union, which entered into force in May 2018.

If you have any questions or concerns about the handling of your personal information you can contact us at or by phone at the landline +30 23743 00713.


  1. Introduction.
  • Protection of private life. This Privacy Policy explains how and why the Kappa Resort collects, processes, discloses and protects the information it obtains when you visit the Website, the reasons for keeping the data, the type of data it processes, the length of time it stores data and the appropriate technical and organizational protection measures it adopts to protect them.
  • Implementation of the Privacy Policy. The Privacy Policy applies to all individuals from whom or for whose benefit information is obtained.
  • Website not intended for minors. Our website is not intended for children or minors. If the personal data of persons under the age of 18 are processed without the valid consent of their parents or legal guardian, we reserve the right to delete the data we have acquired.
  1. Editor .

Responsible for the processing of personal data is the limited liability company with the name «CONSTRUCTION COMPANY OF THESSALONIKI EE», which is based in Thessaloniki, 20 M. Botsari Street, PC 54643, with TIN. 084276844 — Δ.Ο.Υ. Thessaloniki, with no. Γ.Ε.ΜΗ. 41979806000, tel. +30 2310 825385, email., and is legally represented (hereinafter «Company»). The Company maintains the hotel «Kappa Resort» in Paliouri, Halkidiki, PC 63085, tel. +30 23743 00713, email.

  1. Privacy.
  • Concept .
  • Personal data means any information concerning an identified or identifiable natural person. An identifiable natural person is one whose identity can be ascertained directly or indirectly, in particular by reference to an identifier such as name, address, identification number, credit card number, bank account information, social security number or driving license number; location data, an online ID such as an IP address (Internet Protocol), or one or more factors that characterize the physical, physiological, genetic, psychological, economic, cultural, or social identity of that individual.
  • Personal data does not include any information that, by itself, cannot identify you as a specific person or entity (eg anonymous information), as well as data collected for statistical purposes.
  • Basic processing principles.

The Company adheres to the following fundamental principles of personal data protection, the observance of which is required by the GCP:

  • Legality, objectivity and transparency — Personal data is processed lawfully and transparently in a transparent manner in relation to the data subject.
  • Restriction of purpose — Personal data are collected for specified, express and lawful purposes and are not further processed in a manner incompatible with those purposes; further processing for scientific research or statistical purposes is not considered incompatible with the original purposes under Article 89 paragraph 1 of the GCC.
  • Data minimization — Personal data is appropriate, relevant and limited to what is necessary for the purposes for which it is processed.
  • Data accuracy — Personal data is accurate and, when necessary, updated; all reasonable steps are taken to promptly delete or correct personal data which is inaccurate, in relation to the purposes of the processing.
  • Limitation of the storage period — Personal data is kept in a form that allows the identification of data subjects only for the period required for the purposes of their processing; personal data can be stored for longer periods, as long as they are processed only for for scientific research purposes or for statistical purposes, in accordance with Article 89 (1) and provided that the appropriate technical and organizational measures required by the GCC are taken to safeguard the data subject ‘s rights and freedoms.
  • Integrity and confidentiality — Personal data is processed in a way that guarantees its appropriate security, including protection against unauthorized or illegal processing and accidental loss, destruction or deterioration, using appropriate technical or organizational measures.
  • Accountability — The controller is responsible and able to demonstrate compliance with the above principles.
  • The processing of personal data, including the transfer to third parties, is carried out only in accordance with the legal bases of Article 6 and Article 9 of the GIP.
  • The collection and processing of data is carried out with respect to the rights of information, access and opposition of the subjects.
  • The processing of personal data is confidential and is carried out by persons who are committed to maintaining confidentiality.


  • Processing.
  • The personal data that you may declare anywhere on the pages of our website, are subject to processing and are kept in a file under the responsibility of the Company, solely for reasons concerning: a) development, execution and implementation of the website, or the fulfillment obligations arising from any agreements entered into between you and the controller, b) processing your requests, c) processing bookings, d) providing, with your consent, information regarding the services of the controller, in which the provision of information includes the sending of correspondence by e-mail or other equivalent electronic means (such as SMS), and e) in general the improvement of the services provided by the controller.Your personal data may not be used by any third party, except as provided by law and this.
  • The Company collects and processes information that is considered personal data and other information that is not considered. Information that cannot identify you as a specific person is used without restriction and may be provided to third parties at its discretion.
  • When booking through our website, you use the WebHotelier online booking platform , which acts as the executor of the processing. Contact information (eg name, address, telephone number, email), nationality, police ID or passport number, date of arrival and departure, as well as number of visitors are collected for the reservation. Payment processing information (eg bank account or credit card) is also collected.
  • When you browse the website, the Company does not collect or process sensitive personal data e.g. health data, genetic or biometric data, data revealing sexual life, sexual orientation, racial or ethnic origin, political beliefs, religious or philosophical views or membership in a trade union.
  • The IP (Internet Protocol) address is being collected. An IP address is a number given to your computer when you use the Internet.
  • Unless required by law, the Company will not obtain your consent before collecting your personal data from third parties. Instead, you will assume that you have previously provided such consent to any third party from whom it obtains such information.
  • Reasonable efforts are made to process your personal data in accordance with the terms of this Privacy Policy and the Terms of Use.
  • Sharing.


  • The Company does not share, disclose or sell your personal data to others, except as described in this Privacy Policy and Terms of Use.
  • The Company may provide personal data to other persons in cases where: a) you have given your explicit consent by clicking on the relevant box «I accept», b) the notification is necessary to complete a requested service / transaction, c) has received information from third parties (provided that you have previously provided such consent to any third party from whom the controller obtains such information), d) required by law, by court order or at the request of any other competent government, judicial, police, administrative or regulatory authority, upon lawful request and in accordance with the relevant laws, (e) is necessary to protect its rights;f) the website is used in a way that violates the Terms of Use or for purposes other than those for which it was specifically intended; or g) the terms of this Privacy Policy and / or the Terms of Use allow and / or provide for such disclosure.
  • Services of third parties (Third services party).In order to offer, improve, promote and protect our services, we may need to use third party services. These third parties may access, process or store information to perform tasks solely for the purpose for which we have authorized them, and we require them to provide at least the same level of security for your data as described in the Policy Privacy. Personal data may be disclosed to third party service providers who assist in our business operations, however, provided that your personal information is not subject to any unlawful processing. Indicatively, we share data with:
  • Mailchimp : To send technical emails or newsletters we use the mail services provided by Mailchimp. You can revoke your consent by unsubscribing from the newsletter. An unsubscribe link is found in every email — newsletter. For Mailchimp’s Privacy Policy see: .
  • Purposes.


The personal data we process will only be used for the specified, express, specific and lawful purposes explained above and not in a manner incompatible with it. In addition, the collection of data is limited to those that are appropriate, relevant and necessary for these purposes.


  • Retention period.


  • We hold your personal data and other information for a period of five (5) years from the completion of each transaction through our website. The data of the detentions are kept for a period of 10 years, unless legal actions are in progress, in which case the time of their keeping is extended until the issuance of an irrevocable court decision.
  • When we no longer need your personal information we will destroy, delete or anonymize the information without prior notice to you.
  • Especially for the data that we process based on the consent of the subject (eg for marketing purposes), these are kept from obtaining the relevant consent and until it is revoked.
  1. Security.
  • We take the issue of the protection of anonymity and your personal information very seriously. Your personal data and in general the information received about you are protected by appropriate, commercially reasonable safeguards and security measures in accordance with the most modern and advanced technological methods. These measures include commercially reasonable technical and procedural steps to protect your data from misuse, unauthorized access or disclosure, loss, alteration or destruction.
  • To prevent unauthorized access, to promote data security and to encourage the proper use of information, the Company and its providers use various tools (eg encryption technologies, passwords, physical and electronic security). However, «absolute security» does not exist on the Internet or in data transmission, so no guarantees are provided. Third parties may illegally monitor or access broadcasts or private communications, and you should not expect your personal information to remain private.
  • The website uses HTTPS protocol.
  • Your personal data is stored on encrypted and with server security protocols (server) and is accessible only by the controller, and only when necessary, e.g. to manage your requests.
  • For security reasons, we do not disclose all of our security measures. Be assured that we use commercially reasonable industry standards to protect your information.
  • For your own safety, you should also treat all information you provide to us as confidential and personal and not disclose it to third parties. In addition, it is your sole responsibility to restrict or block access to your computer and browser.


  • Cookies are used to collect information, exclusively for the purposes described in this Policy.


  • What are cookies? Cookies are pieces of information, which in the form of a very small alphanumeric text, are stored on your computer, after your approval, helping the most efficient operation of our website. Cookies in no case cause damage to users’ computers or to the files stored on them.
  • Possibility to opt — out .
  • Most web browsers automatically accept and collect cookies. However, you can make the appropriate settings so that the web browser accepts all cookies or rejects all cookies or notifies you when a cookie has been set. Depending on the security settings of your web browser, you may be able to reject all cookies. If you reject all cookies, you may not be able to use the website.
  • More information on how to modify your browser settings or how to block or manage cookies can be found at
  • Which cookies are used and why?
  • For statistical purposes we use Google Analytics cookies, in order to understand how users visit and browse our website and to identify areas where improvement is required e.g. navigation. The collected data is processed in a way that the user cannot be identified (anonymized IP address). Google Inc. discloses this information to third parties only to the extent required by law. To opt-out of Google Analytics, visit the Google Analytics Opt-out Browser Add-on .

You can find more information about the cookies we use and the purposes for which we use them in the table below:

Cookie Publisher Purpose More information
_ga Google Analytics Analysis / Performance Google Analytics
_gid Google Analytics Analysis / Performance Google Analytics
_fbp Facebook Pixel Marketing / Tracking Saves and tracks visits between web pages.
_hjid Hotjar Statistics
CultureLanguage = en-Us Reservations
HotelManager_Plugin_ Reservations
  • For the safe navigation of the website, we comply with the European Directive 2002/58 / EC on the protection of personal data and privacy in the field of electronic communications, as amended by the European Directive 2009/136 / EC.
  • Your prior consent is required for the use of cookies. Exceptions to this rule will be only cookies that serve the functional needs of the website (functional cookies) and are necessary for the appearance and effective operation of the website on your computer. By accepting the Terms of Use and this Policy you are deemed to have consented to the use of cookies as above.
  1. Consent.
  • The Company can obtain personal information about you from different sources or by different methods. For each source or method, the method of consent may differ.
  • The Company assumes that by using our services and / or accessing our website you have read the Terms of Use as well as the Privacy Policy. In addition, by providing the information, whether it is personal data or not, you declare that it is true and accurate and you have expressly given your consent by clicking on the relevant «I accept» box to disclose and process them for the stated purposes, unless you inform the controller explicitly that you no longer wish to use your information. Your consent to this access / disclosure includes those cases where, for the effectiveness of the services, the providers may be established in the United States of America or in other countries or regions outside the European Economic Area.
  • In the event that you transfer personal information to a third party, you have the responsibility to inform that person of the use of their information and to obtain their express consent that this information is provided for the purposes set out above. In any case, the Privacy Policy applies to any information obtained from a third party.
  • You can revoke your consent at any time by sending an email to, without prejudice to the legality of the processing based on the consent prior to its revocation.
  1. Rights of data subjects.

In accordance with the GCC, each data subject has the following rights regarding his personal data:

  • Right to information.In the event that the Company intends to transmit data of the data subject to a third country or international organization, it must inform the subject accordingly. In case the data is not provided by the data subject, the Company must inform the source of its data.


  • Right of access.You have the right to receive confirmation from us as to whether or not your personal data is being processed and, if so, you have the right to access your personal data, and (a) the purposes of the processing, (b) the relevant categories of personnel data recipients or any categories of recipients to whom personal data have been disclosed or will be disclosed; (c) if possible, the period for which the personal data will be stored or, where impossible, the criteria for determining that period; (d) the existence of a right of request to the controller for the correction or deletion of personal data or a restriction on the processing of personal data or a right of objection to such processing;(f) the right to lodge a complaint with a supervisory authority; (g) when personal data are not collected from you, any available information about their origin; (h) the existence of automated decision-making, including profiling and important information as well as the significance and intended consequences of this treatment for you.

You can ask us to provide you with a copy of your personal data being processed. For additional copies that may be requested, a fee of fifteen (15) Euros is provided.

Any request for access to information should be directed to us at

We will respond to your request within a period of one (1) month.

  • Right of correction. You have the right to request from us the correction, without undue delay, of inaccurate personal data concerning you. For the purposes of the processing, you have the right to request the completion of incomplete personal data, including through a supplementary declaration.
  • Right to delete. (f) personal data has been collected in connection with the provision of information society services. Requests for deletion of personal data are processed within a period of one (1) month. In case of disclosure of personal data, the Company, taking into account the available technology and implementation costs, takes reasonable measures, including technical measures, to inform the processors who process personal data, that the data subject has requested the deletion by those responsible for processing any links to such data or copies or reproductions of such personal data. Note that,
  • Right to restrict processing.(d) the data subject has objections to the processing in accordance with Article 21 (1) of the GIP, pending verification as to whether the legitimate reason of the controller overrides the data subject’s reason. When processing is restricted, such personal data, other than storage, shall be processed only with the consent of the data subject or for the establishment, exercise or support of legal claims or for the protection of the rights of another natural or legal person or for reasons in the public interest of the Union or a Member State.
  • Right to portability. You have the right to receive the personal data concerning you, which you have provided to a controller, in a structured, commonly used and machine-readable format, as well as the right to transfer such data to another controller without objection from the controller to whom the personal data were provided, where: 1 item b ‘GKPD and b) the processing is carried out by automated means.
  • Right of objection. You have the right to object, at any time and for reasons related to your particular situation, to the processing of personal data concerning you, which is based on Article 6 (1) (e) or the GCC, including profile-based of those provisions. The controller shall no longer process personal data unless the controller demonstrates compelling and lawful reasons for processing which outweigh the interests, rights and freedoms of the data subject or to the establishment, exercise or legal support of the data controller. claims.
  • You have the right to lodge a complaint with a supervisory authority, in particular in the Member State in which you have your habitual residence or place of work or place of alleged infringement, if you consider that the processing of your personal data is in breach of Regulation 679 / 2016 (GDPR). In Greece, the competent supervisory authority is the Personal Data Protection Authority (Kifissias 1-3, PC 115 23, Athens, tel. +30 2106475600, fax +30 2106475628, email:
  • We are committed to ensuring the confidentiality of your personal data and to ensuring that you exercise your rights of access, correction, deletion, restriction, portability and objection by sending an email to Each request submitted must be accompanied by the identity of the data subject and contain the necessary information. The Company may request the provision of additional methods to confirm the identity of the data subject.
  • The Company will examine your request without delay and will respond to you within one (1) month of receipt of the request. This time limit may be extended by a further two months, if necessary, taking into account the complexity of the request and the number of requests. The subject will be informed of this extension within one month of receipt of the request, as well as of the reasons for the delay. If the subject submits the request by electronic means, the information is provided, if possible, by electronic means, unless the subject requests otherwise. If the Company does not act on the request of the subject, the latter will be informed, without delay and no later than one month from the receipt of the request,
  1. Disclaimer for third party websites.
  • Links to third party websites. When you visit the website, you may be redirected to third party websites that are not under the control of the Company. These links make it easy to use the internet. The Company assumes absolutely no responsibility for the privacy policies and practices or the content of these websites and expressly disclaims any responsibility for any loss or damage that may arise from the use of these links. The Company encourages you to be careful when you leave its website and to read the privacy policies of any website that processes personal data.
  • Social networking platforms and widgets. The Company also maintains a presence on social networking platforms such as Facebook, Instagram, Google+ and Youtube. Any information, communications or data you submit to the Company through a social networking platform is at your own risk. The Company may not control the actions of other users of these platforms or the actions of the platforms themselves. Your interactions with these features and platforms are governed by the privacy policies of the companies that provide them.
  • You are alerted when you leave this website and visit another website that processes your personal data. Please read the privacy policy of the other website carefully.
  1. Obligations of users.

The user of the website guarantees that the information provided is correct and accurate and undertakes to notify any change or modification thereof. For any loss or damage caused to the site or any third party responsible for the site due to the provision of incorrect, inaccurate or incomplete information in the registration fields, the user will be solely responsible.

  1. Contact.


The Company uses third party service providers to assist it in managing the communications and emails you send through the Website. Any personal information disclosed through such communications will be governed by the privacy policy of third party providers.

  1. Additional information.

When you post content on this website, it may contain your personal information. You are solely responsible for the information that: a) you post on the internet, b) you post through this website and / or c) you share with another site to which you link from this site.

  1. Review / Modification of the Privacy Policy.
  • We reserve the right to revise or modify this Privacy Policy, Terms of Use as well as other online policies and agreements at any time and in any way.
  • We will notify you of such changes by posting the revised policies on our website.
  • It is your responsibility to read the Terms and the Privacy Policy at regular intervals, as the Terms and the Policy that are in force at the time you use the website are also applicable.
  1. Final provisions.

If you have any questions about our privacy practices or wish to modify, delete or correct your personal data which is being processed, you may contact us by email at or by mail at Paliouri, PC. 63085, Halkidiki, Greece.