PRIVACY POLICY at Belvedere Resort


Data Controller

Our Company, “ROYAL & IMPERIAL BELVEDERE HOTELS” (, hereinafter referred to as “Company”, “we”, or “us”, situated in Hersonissos, Crete and specializing in hotel services, in compliance with the EU General Data Protection Regulation 679/2016, Chapter III, Article 13, wishes to inform you of the nature and use of the personal data we collect from you during your visit on our property or in our website.

Principles relating to processing of personal data

Personal data shall be:

1. processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’);
2. collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; (‘purpose limitation’);
3. adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’);
4. accurate and, where necessary, kept up to date (‘accuracy’);
5. kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods subject to implementation of the appropriate technical and organisational measures required by this Regulation in order to safeguard the rights and freedoms of the data subject (‘storage limitation’);
6. processed in a manner that ensures appropriate security of the personal data (‘integrity and confidentiality’).

Personal data processed

The term “Personal data” refers to all information pertaining to any individual directly or indirectly identifiable. Such information includes:

• Identity data: first name, surname, VAT number, Personal ID and Passport number, nationality, date of birth, citizenship.
• Contact details: residential address, personal email, home phone number.
• Personal means of payment: debit/credit card numbers.
• Booking and reservation details: arriving and departing dates and times, personal preferences (i.e. kid’s menu, child care, personal diet and eating habits etc.), use of facilities (water sports, spa) and any other information regarding one’s personal needs and wants.
• Itinerary: schedule of events (i.e., birthday parties, weddings, corporate meetings or other gatherings), number of guests, organizers etc.
• Sensitive information: such as personal health (pathological conditions, disability needs, allergies) or other.
• Employment applications: full name, personal email, home phone number, education and work history details featured in the curriculum vitae.

Personal data collection

In addition to our clients’ registration application, we collect data via the Contact Form found in our web page, where you enter your name, email, and personal message, or by other means of correspondence such as emails, phone bookings, and collaborating tour guides or concierge services.

When you apply for a position with us in our website or by email, your CV remains in our database for one year, and revisited periodically throughout this time for subsequent job openings.

Furthermore, we have installed cameras outside and inside our facilities to protect you and your belongings from any intrusion. These cameras observe our grounds only. CCTV warning signs are visible at all entrances of both buildings. Surveillance footage remains stored for up to 8 days, unless earlier obtained by you or any Authority for investigation purposes.

Why maintain and process personal data?

ROYAL & IMPERIAL BELVEDERE HOTELS and / or third parties acting on our behalf do so for the sole purpose of personalizing our hospitality to your needs and wants, so that you enjoy the accommodation and service best suited to you during your stay.

With your permission only, we will use your personal data to provide you with carefully planned offers for upcoming events and promotions that may appeal to you.

The personal data you enter in the Contact Form facilitate our communication and our response to your message. We hereby guarantee that this information shall not be used for any purposes other than the ones outlined in this Policy without your prior notice or approval.

Legal grounds for personal rights processing

In processing your personal data, we are constrained by the following legal restrictions:

• Contractual: your personal data are processed per your request within the scope of our agreement and for the sole purpose of personalizing our service for you.
• Consensual: processing of your personal data requires your willing, explicit and written consent and only to the extent necessary in the context and the timeframe of the occasion.
• Legal: our duty is to comply with ours and other editors’ legal obligations and interests, unless there exist preceding interests and fundamental rights and freedoms that impose the protection of your personal rights.

Personal data recipients

The Company ensures lawful and appropriate use of personal data and prevents any unauthorized access.

In the course of providing the requested service and always within the limits set forth by law, we share your personal data with:

1. a) Our personnel, who are bound by strict confidentiality agreements.
2. b) Vendors contracted to manage, maintain, and upgrade our computers and security cameras for safer and more effective operations, who are contractually committed for the safekeeping and the confidentiality of the data.
3. c) Public authorities, in situations prescribed by law, court rulings, and dictates for compliance.
4. d) Financial institutions or other payment facilitators, in cases you are using them to make payments to us. We may also exchange information with financial intermediaries in case we deem it necessary to prevent fraud.
5. e) Business affiliates who may provide you with hotel services on our demand, and who are contractually obligated to keep your personal data safe and secret.
6. f) Tourist agencies, if they are authorized by you to book, mediate, and oversee the entire service (concierge).

Your legal rights

If not prevented by preceding legal or regulatory mandates or issued court rulings, we are obligated to submit to you, and you are entitled to:

1. a) Acquire a copy of your data which we have collected and processed.
2. b) Demand the amendment of any incorrect data.
3. c) Deny the processing of your data or restrict their use.
4. d) Demand deletion of the data.
5. e) Rescind your consent for processing.
6. f) Require that we transfer or transmit the data to a third party of your choice.

To exercise your individual rights and to request information relevant to personal data protection, you may contact our Data Protection Officer at:

Royal & Imperial Belvedere Hotels
Hersonissos, Crete, P.C. 70014 Greece
Tel.: +30 2897022371
Mob: +30 695 6333245
Fax +30 2897024388

If you realize or suspect that your personal data protection is compromised in any way, or the response by our Hotel regarding your rights as an individual you may contact the Hellenic Data Protection Authority (Kifissias 1-3, 11523 Athens) Telephone: +30 (210) 6475600 Fax: +30 (210) 6475628 Email:

How long do we keep your personal data for?

Your personal data are physically stored in a secured space with controlled access for the time of your stay, unless legal issues demand that we maintain the data for a specific period before destroying them or if the Company retains the data for its own rights of advocacy in judicial or regulatory matters according the Data Retention and Disposal Schedule.

Transfer to third countries

In the event of your personal data transference to a third country, the Company will take all appropriate measures of protection to ensure that your data is being transferred to countries that offer adequate protection by EU standards.


Our website’s contents, featuring trademarks, pictures, graphics, photographs, text, etc., constitute property on which we have full and exclusive ownership, except for those that belong to third parties, and are protected by national, European, and international laws. Their appearance on our web page does not constitute allowance to use and does not relinquish our rights in any way. The publication, reproduction, transfer, transmittance, distribution, presentation, and any other misappropriation of the contents of this site as well as the use of any service or part of our services anywhere and anyway for commercial exploitation or other purposes without our expressed consent is strictly forbidden.


Our web pages allow you to access other websites via electronic links. These links have been properly placed for the sole purpose of facilitating ease of use. The pages you are redirected to may be subject to different terms of use. We deny all responsibility for their truth of content and protection of privacy. The user entering these sites assumes full responsibility.

Amending our Privacy Protection Policy

If we must alter or augment our privacy protection policy, we shall do so each time in accordance with all applicable laws.

Data Protection Officer Details
Royal & Imperial Belvedere Hotels
Hersonissos, Crete, P.C. 70014 Greece
Tel.: +30 2897022371
Mob: +30 695 6333245
Fax +30 2897024388