Privacy policy.

1. Introduction
Villa Ilisio (“we,” “our,” or “us”) is committed to safeguarding your privacy in compliance with the General Data Protection Regulation (GDPR) (EU) 2016/679. This Privacy Policy explains how we collect, use, and protect your personal data when you interact with our services, including through our website and booking system.

2. Data Controller
Villa Ilisio acts as the Data Controller for the personal data collected through our services. If you have any questions or concerns about the processing of your personal data, you can contact us at: contact@villailisio.com

3. Personal Data We Collect
We may collect the following types of personal data:

  • Identity Data: Full name, title, date of birth, and nationality.

  • Contact Data: Email address, phone number, and physical address.

  • Booking Data: Reservation details, payment information, and preferences related to your stay.

  • Technical Data: IP address, browser type, and operating system, collected via cookies when using our website.

  • Special Categories of Data: We do not intentionally collect sensitive personal data (e.g., health information) unless it is necessary to accommodate your specific needs and you have explicitly consented.

4. Legal Basis for Processing
We process your personal data in compliance with the GDPR, relying on the following legal bases:

  • Performance of a Contract: To process bookings and provide the services you have requested.

  • Legal Obligations: To comply with applicable laws, such as tax and tourism regulations.

  • Consent: For sending marketing communications, where you have explicitly opted in.

  • Legitimate Interests: To improve our services, manage our operations, and ensure the security of our systems.

5. How We Use Your Data
We use your personal data for the following purposes:

  • To process and manage your bookings.

  • To communicate with you regarding your stay or inquiry.

  • To send you newsletters and promotional offers, if you have subscribed.

  • To comply with legal and regulatory requirements.

  • To analyze and improve our website and services.

6. Sharing Your Data
We do not sell or rent your personal data to third parties. However, we may share your data with:

  • Service Providers: Such as payment processors, IT support, and marketing platforms, who assist in delivering our services.

  • Authorities: When required by law or to comply with legal obligations.

All third parties with whom we share data are obligated to handle your information in compliance with GDPR requirements.

7. International Transfers
If your data is transferred outside the European Economic Area (EEA), we will ensure it is protected through mechanisms such as:

  • The use of Standard Contractual Clauses approved by the European Commission.

  • Transfers to countries with adequate data protection standards as determined by the European Commission.

8. Data Retention
We will retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy, comply with legal obligations, resolve disputes, and enforce agreements. Specific retention periods are as follows:

  • Booking data: Retained for 3 years after your stay.

  • Marketing data: Retained until you opt out or withdraw your consent.

9. Your Rights Under GDPR
Under the GDPR, you have the following rights:

  • Right to Access: Request a copy of the personal data we hold about you.

  • Right to Rectification: Correct inaccurate or incomplete personal data.

  • Right to Erasure: Request deletion of your personal data, subject to legal or contractual obligations.

  • Right to Restrict Processing: Request the limitation of processing under certain circumstances.

  • Right to Data Portability: Receive your personal data in a structured, machine-readable format.

  • Right to Object: Object to processing based on legitimate interests or direct marketing.

  • Right to Withdraw Consent: Withdraw your consent at any time for data processing based on consent.

To exercise your rights, please contact us at contact@villailisio.com. You also have the right to lodge a complaint with a supervisory authority, such as the Hellenic Data Protection Authority (HDPA), 1-3 Kifisias Avenue, PC 115 23, Athens, Greece Telephone: +30 210 6475600 Email: contact@dpa.gr Website: www.dpa.gr.

10. Security of Your Data
We implement appropriate technical and organizational measures to protect your personal data from unauthorized access, loss, alteration, or disclosure. However, no system is completely secure, and we cannot guarantee absolute security.

11. Cookies
Cookies are small text files stored on your device when you visit a website. They help us improve your browsing experience, understand website usage, and deliver personalized content.

  • Types of Cookies We Use

  • Essential Cookies: These cookies are necessary for the website to function properly, such as enabling navigation and accessing secure areas.

  • Analytics Cookies: These cookies help us analyze how visitors interact with our website to improve functionality. Squarespace uses analytics tools like Squarespace Analytics.

  • Performance Cookies: These cookies collect information about website performance to optimize your experience.

  • Functional Cookies: These cookies enable enhanced functionality and personalization, such as remembering your preferences.

  • Third-Party Cookies
    Our website may use third-party cookies, such as those provided by Squarespace and its integrated tools, to enhance functionality and measure performance.

  • Managing Cookies
    You can control or delete cookies through your browser settings. Please note that disabling cookies may affect the functionality of our website.

12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. The latest version will always be available on our website.

13. Contact Us
If you have any questions about this Privacy Policy or how we handle your personal data, please contact us at: contact@villailisio.com