Privacy policy.

1. Who we are

This website (gs-vibes.gr) is operated by Nikos Giannios (the "data controller"), the owner and host of the GS Vibes holiday villa. Contact for any privacy matter:

• Email: info@gs-vibes.gr
• Phone / WhatsApp: +30 697 092 2128
• Postal address: Ethnarchou Makariou 20, Porto Rafti 19003, Attica, Greece

We are based in Greece and process personal data in accordance with the EU General Data Protection Regulation (GDPR, Regulation 2016/679) and Greek Law 4624/2019.

2. What information we collect

Depending on how you use the site, we may collect:

Information you give us

• Enquiry form: name, email address, requested check-in / check-out dates, number of guests, message content.
• Direct contact: if you email us, message us on WhatsApp, or call us, we keep that correspondence and any details you share (name, contact info, travel plans, special requirements such as bringing a pet or a baby).
• Booking details: if you book through a third-party platform (Airbnb, Room2Let), that platform shares your name, email, phone and reservation dates with us so we can host you.

Information collected automatically

• Server logs — IP address, browser type, pages visited, timestamps. Retained for up to 30 days for security and operations.
• Cookies and similar technologies — see our Cookie policy for the details.

Information we do not collect

We do not collect: payment information (handled by the booking platform you use), passport or government ID details (Greek law requires us to register guests' identity numbers locally for stays of 30+ days; we do this on paper at check-in and don't store it digitally), or any "special category" data (health, religion, etc.) unless you volunteer it for a reason that affects your stay (e.g. a severe allergy).

3. Why we use it (and our legal basis)

We process your data only for the following purposes:

To answer your enquiry and offer a booking — contract / pre-contract

When you submit the enquiry form or message us, we use your contact details to reply, send availability and a quote. Legal basis: Article 6(1)(b) GDPR (steps before entering a contract).

To host your stay — contract

If you book the villa, we use your details to send check-in instructions, the welcome email with codes, and to communicate during your stay. Legal basis: Article 6(1)(b) GDPR (performance of the rental contract).

To comply with Greek law — legal obligation

Greek tourism law requires hosts to keep a guest register and to report short-term rentals to AADE (Greek tax authority). We keep the minimum information required (names, ID number for stays of 30+ days, dates of stay). Legal basis: Article 6(1)(c) GDPR.

To run the website — legitimate interest

Basic server logs are kept to detect abuse, debug issues and improve the site. Legal basis: Article 6(1)(f) GDPR (legitimate interest in keeping the site secure and functional).

To send you marketing — we don't

We do not run a newsletter, do not send promotional emails, and do not share your data with marketing partners. If you'd like a reminder when our next-season calendar opens, ask us by email — we'll add you to a small text file we maintain by hand, and remove you whenever you ask.

4. Who we share your data with

We never sell your data. We only share it with:

Third-party booking platforms

If you book through them, they share data with us — and vice versa. Their own privacy policies apply:

• Airbnb Ireland UC — airbnb.com privacy policy
• Room2Let — see room2let.gr privacy policy

Service providers

• Web hosting — the static site is hosted on a European-based provider. They process server logs as a data processor on our behalf.
• Email — info@gs-vibes.gr is hosted with a European email provider. Your messages are stored there until we manually delete them.
• WhatsApp (Meta Platforms Ireland) — if you message us on WhatsApp, that conversation is subject to WhatsApp's EEA privacy policy.
• Google Maps — when you view the embedded map on our location page, Google processes your IP and may set cookies. See Google's privacy policy.
• Google Fonts — our fonts are loaded from Google's CDN. Google may log the request including IP. We use them because they're fast and accessible; you can install a browser extension to block them if you prefer.

Greek authorities

Where required by Greek law (tax filings for short-term rentals via AADE, guest registration, response to a lawful police request), we share the minimum information legally required.

5. International transfers

Most of our processing happens within the EU. Some service providers (Google, WhatsApp) may transfer data to the US. They rely on the EU–US Data Privacy Framework and Standard Contractual Clauses for these transfers, as approved by the European Commission.

6. How long we keep your data

• Enquiries that don't lead to a booking: deleted within 12 months.
• Booking records: kept for as long as Greek tax law requires (currently 5 years) for accounting and tax purposes. After that, they're deleted.
• Server logs: 30 days maximum.
• Email correspondence: kept while there's a reason to keep it; deleted when no longer needed.

7. Your rights under GDPR

You have the right to:

• Access the data we hold about you
• Correct inaccurate or incomplete data
• Delete your data ("right to be forgotten"), subject to legal retention requirements
• Restrict processing in certain circumstances
• Receive your data in a portable format
• Object to processing based on legitimate interests
• Withdraw consent at any time where processing is based on consent
• Not be subject to automated decision-making

To exercise any of these rights, email info@gs-vibes.gr. We'll respond within one month. Identification may be required for security.

8. Right to complain

If you believe we've mishandled your personal data, you can complain to the Greek Data Protection Authority:

• Hellenic Data Protection Authority (Αρχή Προστασίας Δεδομένων Προσωπικού Χαρακτήρα)
• Kifissias 1-3, 11523 Athens, Greece
• Website: www.dpa.gr
• Phone: +30 210 6475600
• Email: contact@dpa.gr

We'd appreciate the chance to address your concern first — please email us before going to the authority if you can.

9. Children

The villa welcomes families with children, but the website is intended for adults making travel decisions. We don't knowingly collect data from children under 16. If you believe a child has submitted information to us, let us know and we'll delete it.

10. How we keep your data safe

The website is served over HTTPS. Our email accounts use two-factor authentication and strong passwords. We don't store credit-card details. We don't share data with third parties beyond what's described above. That said, no system is perfectly secure — so we collect as little as we can in the first place.

11. Changes to this policy

We may update this policy from time to time. The "last updated" date at the top reflects the most recent change. If we make material changes that affect existing guests, we'll email those guests directly.

Questions? Email info@gs-vibes.gr.