Terms & Policies
For Xenodocheio Milos

Last update: 15.9.2021

Data Protection Officer:

Milos Hotel
Kolokotroni St. 3-5, 105 62, Athens
+30 2166003300

We, in Hotel Milos, are dedicated to protecting your personal data. Our main goal is to exceed the expectations of our visitors regarding the products and services we provide, while we constantly strive to create experiences that meet the needs of our visitors by responsibly using the information you trust us with. We commit ourselves to respect your personal data and abide with the principles of the current Greek and European legislation concerning the protection of your personal data.

The present Privacy Policy reflects how we treat your personal data. During our business activity and the operation of our business, we collect and process your personal data which we extract from our website, booking forms, our telephone communication, social networking pages etc. Our goal is to process as little personal data as possible in as little time as possible. We implement policies that require minimal use of personal data and create a secure environment for processing them. The Privacy Policy lists the purposes for which we process personal data, the legal basis of the processing, the recipients of the data and their retention time. It also makes extensive reference to your rights in relation to personal data and provides you with full details of those in charge so that you can exercise them.

The structure of the Privacy Policy follows the requirements of the General Data Protection Regulation (GDPR) but it is adapted to a user-friendly format, so that you can easily identify the area of your ​​interest.


Personal data we collect

At various points in your stay, we collect some of your personal data in accordance with applicable laws and regulations. Personal data is considered any information by which the identity of an identified or identifiable natural person can be verified. The personal data we collect are the following:

- Your name and surname          

- Your sex          

- Your age         

- Your country         

- Your nationality          

- The date of your arrival         

- The date of your departure         

- The type of accommodation         

- Your language preference         

- Your phone number

- Your address         

- The date and place of your birth         

- The number of your identity and/or passport and/or Visa         

- Your e-mail address         

- Details of your credit card, such as the cardholder name, credit/debit card number, security number (CVV), expiration date         

- Data related to membership or reward programs         

- Data about your job         

- Your travel itinerary, tour group or activity data         

- Any previous stay, information about goods and services you preferred, special services and amenities you used         

- Your social media accounts, profile photos and other public data         

- Other special prerequisites         


In limited cases, we may collect:         

- Data about your family members, names and ages of children         

- Biometric data         

- Financial information          

- Video and audio data through: a) security cameras located in public places, such as corridors and waiting rooms and b) cameras carried on their bodies by persons belonging to the security personnel of our space.         

We may also collect information about your personal preferences/specific information about you, which we use to make your future stay and experience with us more enjoyable. Such information includes your interests, what you liked or did not like about our services, activities you enjoyed during your stay, your hobbies, special dietary preferences, dietary or health restrictions in general, special dates or anniversaries (such as birthdays or wedding anniversaries), details about whom you travel often with, their relationship with you and your marital status.

If you provide us with personal data involving third parties other than you (e.g. if you make a reservation for another person), you are presumed to have the required permission to do so and you give us permission to use the data in accordance with the terms hereof.


Cookies and other electronic data

When you open our website on a device (such as a laptop or a desktop, smartphone or tablet), this device will automatically record some data, which, to the extent that they reveal your identity or are related to a person, we treat as personal data. Automatically recorded data includes:

- The IP address of your device. We collect your IP address, a number that is automatically assigned to the computer you use by your Internet Service Provider (ISP). An IP address is determined and automatically recorded in our server when a user accesses our online services, along with the time of the visit and the pages they visited. We use IP addresses to calculate usage levels, diagnose server problems and manage web services. We can also derive your approximate location from your IP address.         

- The date and time of your visit to our website.         

- The type of your browser.         

- The name and address of the internet service provider.         

- Data related to the browser and the device.         

- Demographic data and other data provided by you .         

- Clustered data. We may gather data that we have collected, and this aggregated data will not personally identify you or any other user.         

- Data collected through cookies, pixel tags and other technologies. More specifically: Cookies are small text files that are stored on the hard drive of computers or smart devices until the expiration date specified in the cookie and are activated each time the webpage is opened in a browser on a device. The sites uses cookies to collect information on the use of the Site (pages visited, time spent on pages, browser information, disconnections, etc.) and personal settings - but this data cannot be associated with the identity of the visitor. The cookies allow sites’ administrators to have friendly user sites and improve the user experience they offer to their visitors. If you prefer not to have the benefits of cookies, your web browser can be customized to handle cookies in different ways. Depending on the type of browser you use, you may be able to configure your browser to: (i) be asked to accept or decline cookies on an individual basis, or (ii) to prevent acceptance of cookies by the program at all. You should contact your browser vendor or manufacturer for specific cookie security details. However, you should also understand that rejecting cookies may affect your ability to make specific transactions on our sites and our ability to recognize your browser from one visit to the next.         

The above data are automatically recorded by the web server of the site without your consent or any specific activity required of you. Please note, however, that you have the option to set certain options (e.g. disable the ability to derive your approximate location via your IP address or set cookie usage) via a pop-up window on our site . The system records and uses the data for the automatic production of statistical measures. This data cannot be related to other personal data, unless this association is provided by law. This data will be used only for the correction of errors and the improvement of the quality of our services and for statistical purposes.

The purpose of the processing of the above data is the technical development of the computer system, the monitoring of the service and the production of statistics. In the case of criminal activity, this data may be used - in cooperation with the user's internet provider and the competent authorities - to identify the source of such criminal activity.

We may also use third-party advertising companies to display ads about goods and services that may be of interest to you when you access and use our website. To display such ads, these companies place or recognize a unique cookie in your browser (including the use of pixel tags).

The data processing period is 30 days from the opening of our website, while the legal basis for processing them is the preservation of your vital interest or that of a third party in case the subject needs to be identified by the prosecuting authorities in cooperation with the internet service provider.


Why we collect your data / Lawfulness of processing / Data retention period


This section of the Privacy Policy describes the purposes of processing your personal data and the legal bases of that processing, based on national and European legal standards. Each subsection corresponds to a theme/activity, for which the purposes and legal bases of processing your data are listed in detail.


Regarding the retention period of the data, it depends on both their nature and the purpose of their processing, while the general rule is that the data is retained for the absolutely necessary time required to achieve each purpose. The data may be retained for up to twenty years after its sharing to support any of our legal claims. For data whose processing is based on your consent, their processing may stop if you withdraw it. You will find more information on how long your data retains in some of the following topics/activities.


  1. Reservations


Activities during which personal data are processed

- Making reservations for the hotel and other facilities         

- Contacting you and other guests prior to your arrival (logistics, changes, special preferences etc.)         

- Processing of payments and security deposits         


Legal bases of processing

- Execution of the contract between us (the hotel and the visitor/client)         

- Protection of the legal interests of the person making the reservation and his guests (e.g. for the following of their preferences)         

- Compliance with our legal obligations regarding financial transactions, such as our obligation to keep financial books         


  1. Reception and accommodation


Activities during which personal data are processed

- Making the reception (check-in) and departure (check-out)         

- Making payments         

- Providing personalized services and advice (based on your past actions or preferences)         

- Providing concierge service, luggage storage and valet parking         

- Making arrangements-appointments for customers with service providers with whom we work (e.g. taxi)

- Provision of food services in the room         

- Room and laundry services (e.g. special pillow preferences)         

- Handling of requests, questions and complaints of customers         

- Determining the permissible or not provision of goods and services only for adults         


Legal bases for processing

- Execution of a contract, e.g. for processing payments         

- Protection of the legitimate interests of customers, e.g. to support customer preferences (e.g. providing a room on a specific floor or next to the elevator)         

- Your consent, in case of collection of information about dietary preferences that the client chooses to provide         

- Compliance with legal obligations, such as the collection of identity documents, where legally required         


  1. Conferences and other events


Activities during which personal data are processed

- Communication with visitors about conferences and other events         

- Making reservations for events         

- Communication before the event (logistics , accommodation, changes, etc.)         

- Preparation of the event based on the instructions, expectations and preferences of the client,         

- Organization of catering         

- Contact regarding charges         

- Processing of payments and security deposits         

- Carrying out credit checks         

- Handling requests, questions and complaints of customers         

- Communication with the participants in the event         


Legal bases for processing

- Execution of the contract, e.g. gathering information about the planned event         

- Protection of the legitimate interests of customers, e.g. responding to customer complaints or concerns about the event         

- Compliance with our legal obligations regarding financial transactions, such as our obligation to keep financial books         


  1. Security


Activities during which personal data are processed

- Ensuring security in all our areas         

- Handling and recording of all accidents, medical and other emergencies         

- Monitoring of properties in order to adequately prevent the possibility of an incident and to have an immediate response and recording (including the existence of a closed circuit television system)         

- Request for assistance to a third party provider of such services in emergency situations         

- Send notifications in case of incidents or emergency situations (via SMS, e-mail, call etc.)         


Legal bases for processing

- Execution of a contract, e.g. ensuring the safety of visitors and staff through interaction with security staff         

- Protection of the legal interests of visitors and staff in order to ensure their safety, e.g. through the monitoring of the premises with a closed circuit television system         

- Compliance with legal obligations, such as the registration of accidents that take place on our premises         

- Defending the vital interests of visitors, e.g. through contact with clinics or urgent management services for someone sick         


Regarding the data resulting from the operation of the closed circuit television, the retention period is seven (7) days, after which they are automatically deleted. In the event that during this period we find an incident, we isolate part of the video and keep it for another (1) month, in order to investigate the incident and initiate legal proceedings to defend our legal interests. If the incident concerns a third person, we will keep the video for up to three (3) more months.


Notice of CCTV Surveillance

We would like to inform you that we have installed a video surveillance system inside and outside our hotel unit. The recording of the material and the operation of the system are carried out in compliance with the legislative and regulatory framework. The material collected is solely used for the security of the company's facilities and premises and to protect the health of the employees and the visitors during their stay. In cases where a natural person is identified, the images are treated as personal data.

Recordings from the video surveillance system are stored safely. The storage of the recorded material is carried out in such a way that the integrity of the information is maintained. The company informs its personnel and other natural persons visiting its premises by means of a signage that the premises are monitored by a video surveillance system. Disclosure of the material recorded by the cameras of the video-surveillance system shall be affected when required and in accordance with the purposes for which the system was put into operation. The operation and monitoring of the video surveillance system is affected by authorized personnel of the company (Facility Security Officers) and by the security service provider.

Our company preserves the recorded material for the necessary period of time required to fulfil the purposes of the recording. More specifically, the recorded material is preserved for up to fifteen (15) days.

Natural persons have the right to request a copy of any material in the video surveillance system in which they are located and clearly identifiable. If the request is valid, the Company shall, in accordance with the Data Subject Information Procedure, send the recorded material to the applicant, within 30 days from the receipt of the request, provided that the personal data have not been deleted.

You may also object at any time to the processing of your personal data and request in writing the rectification, temporary non-use, blocking, non-transmission or deletion of your data. If you object, we must stop processing unless we can either demonstrate α compelling legitimate interest for processing that overrides your interests, rights and freedoms or where we need to process the data to establish, exercise or defend legal claims.

To exercise the above rights or for any queries you may have in relation to the processing of your personal data in this context, you may contact our company by email at:

You have the right to file a complaint at the Personal Data Protection Authority for matters relating to the processing of your personal data. For the competence of the Authority and how to file a complaint, you can visit its website ( - My rights - File a complaint), where detailed information is available.

  1. Legal & Compliance


Activities during which personal data are processed

- Compliance with applicable laws         

- Compliance with legal procedures         

- Responding to requests from public and governmental authorities         

- Compliance with national security or law enforcement         

- The imposition of our terms and conditions         

- The protection of our business         

- The protection of the rights, privacy, security and property of our business, customers, visitors and others         

- Our facilitation to find the appropriate available legal remedy in order to seek any of our damages or to limit any of our damages         



Legal bases for processing

- Compliance with legal obligations, such as compliance with legal procedures         

- The protection of legal interests, such as the imposition of terms and conditions for the protection of trademarks         

- Defending the vital interests of individuals, e.g. through contact with emergency management services in the event of a disturbance or accident involving guests         


  1. Restaurant and other services


Activities during which personal data are processed

- Making reservations (and checking availability)         

- The support of dietary preferences         

- Supporting people with disabilities or other health-related disabilities and providing appropriate and safe activities and services         

- The provision of personalized services based on past choices and preferences by the visitor         

- Payment processing         

- The settlement of services by professionals for specific services         

- The management of customer requests, questions and complaints         


Legal bases for processing

- The execution of a contract, e.g. the processing of payments         

- Your consent, e.g. to collect information on dietary restrictions or health restrictions in general when you are going to use our restaurant, to collect information on health problems when you are going to be provided with a massage service         

- The protection of legal interests, such as the provision of personalized services based on past activity or choices (e.g. the provision of a particular wine to a customer based on his previous habits)         

- Compliance with our legal obligations regarding financial transactions, such as our obligation to keep financial books         

- Defending the vital interests of individuals, e.g. avoiding side effects on allergies, helping a customer who eats at the restaurant or uses the gym equipment         


  1. Loyalty and VIP rewards programs


Activities during which personal data are processed

- Registration of users in loyalty/reward programs, VIP user programs and special payment programs and organizing the management of these programs         

- The provision of personalized services based on past choices and preferences by the visitor         

- Processing of payments         

- Informing members about any changes in programs, terms and conditions         

- The management of members' requests, questions and complaints         


Legal bases for processing

- The execution of a contract, such as the evaluation of data and the distribution of privileges         

- Your consent, as in the case of choosing how to communicate with you (email, SMS, etc.)         

- Protecting your legal interests, as in the case of managing members' choices about how they want to earn, monitor and use their points         

- Compliance with our legal obligations regarding financial transactions, such as our obligation to keep financial books         


The above data are kept as long as you are a member of a reward program or VIP of our hotel and for as long as they are required to support any of our legal claims.


  1. Marketing and promotion


Activities during which personal data is processed

- The promotion of our products and services         

- The provision of personalized ads for products and services on specific websites         

- The organization of competitions and other promotions, e.g. lotteries         

- The management of requests, questions and complaints of customers         


Legal bases for processing

- The execution of a contract, as in the case of fulfilling obligations related to a competition         

- Your consent, as in the case of choosing how to communicate with you (email, SMS, etc.)         

- The protection of your legal interests, as in the case of providing advertisements for similar products and services         

- Compliance with our legal obligations, such as the management of information based on the rules governing competitions / lotteries         


Specific data / information         

This information includes: anniversaries, activities and hobbies, your relationships with the people you visit with us (if you are a spouse, your child, etc.), your preferences regarding the activities and general facilities of our hotel, your dietary and nutritional preferences. The purpose of collecting the above information is to provide to you and those who visit our sites with you a personalized and complete experience, e.g. by offering you a gift on your anniversary, organizing the activities you usually enjoy , placing you in the right room for your child or preparing the right dinner for you according to your preferences. The legal basis for processing the above information/data is your consent to it.


Your rights

In this section of the Privacy Policy, you can find out about the rights you have against us since we process your personal data.

It is clear that, in the context of our obligation to answer any of your questions and our desire for a speedy resolution of the issues that concern you, you can expect our response within a month, except in complex cases, to which our answer can be expected within three months. First, we will reply to you electronically or in any way you have asked us. However, we reserve the right to seek compensation for processing an allegation that is unjustifiably repeated or that is obviously unfounded or excessive, and that we are required to confirm your identity in order to respond to your request. If we believe that we should not respond to your request, we will inform you of the reason for our decision and of your legal options.

If you believe that our hotel has processed your personal data incorrectly, please contact us so that we can rectify and thus improve our services to all our guests. You can send us a formal complaint by e-mail or mail or letter to the address above.

During the entire processing of your personal data by us, you have, under European and national law, the following rights:

1. Right to receive transparent information

We will inform you of anything required by European and national legislation in a short, transparent, comprehensible and easily accessible way, using clear and simple language, especially with regard to information concerning children. We will inform you in writing or electronically. If requested, we can inform you orally.

2. Right to access your own data

You have the right to receive from us the confirmation of the processing or not of your personal data and, if this happens, to access your data and the following information:

- the purpose of the processing

- the relevant categories of your personal data

- third parties/recipients to whom we have disclosed or will disclose your personal information, especially third parties outside the EU. If we transfer your personal data to non-EU country or an international organization, we will check for safety valves provided by European legislation

- the retention period of your personal data or the criteria for determining this period

- the existence of your right to ask us to correct or delete your data or to restrict their processing or to oppose the processing

- your right to submit a complaint with a supervisory authority

- when your personal data is not collected directly from you, we will give you any available information about their source

- if there is an automated decision system that includes profiling, important information about the rationale and the significance and intended consequences of this processing for you

3. Right to Rectify inaccurate data

If we process inaccurate or incomplete personal data, you have the right to ask us to rectify it without undue delay.

4. Right to Erasure ("Right to be Forgotten")

You have the right to ask us to delete your personal data and to respond to your specific request without delay, when one of the following occurs:

- Your data is no longer necessary in relation to the purpose for which it was originally collected,

- You withdraw your consent and we have no other legal basis for processing your data,

- The data have been processed illegally,

- Data must be deleted by law,

- The legal basis of data processing is the consent of a legal guardian for a child and either i. you are the guardian and the child is still below the age limit of consent either ii .you are now this child and you are older than the age of consent.

Please note that we cannot delete your data to the extent that it is required to process it:

- in order to comply with a legal obligation requiring treatment,

- for reasons of public interest in the field of public health,

- for the purposes of archiving for reasons of general interest, scientific or historical research or for statistical purposes, where / where application may make it impossible or seriously detrimental to achieve the objectives of such processing, or

- for the establishment, exercise or support of legal claims.

5. Right to withdraw your consent 

Wherever you have given your consent to any processing, you have the right to revoke it at any time. You can do this by sending a request to the email address listed here.

Please note that revoking your consent does not affect any processing that has already taken place.

6. Right to Limit processing 

You can ask us to restrict the processing of your personal data when:

- You question the accuracy of personal data

- We no longer have the legal basis for the processing, but you oppose the deletion of the data and ask that we restrict their use

- We no longer need the data for the original purpose, but you need it to establish, exercise or support legal claims

- You object to the processing of data in accordance with Article 2 of the GDPR and request the restriction until the reason for your objection is verified

- When the processing is limited to the above, in addition to the continued storage of data, we process them only with your consent/permission or a. to establish, exercise or support legal claims, b. to protect the rights of another person or c. for reasons of public interest of the EU or a Member State.

When we restrict editing, we will notify you before we remove the restriction.

7. Right to data portability

You have the right to receive your personal data, which you have provided to us, in a structured, standard and automated (computer-readable) format, as well as the right to transfer this data to another processor without objection from us when: the processing is based on your consent or contract and processing takes place by automated means and only if technically possible. This right does not apply to processing necessary for the performance of a duty for the public interest and may not adversely affect the rights and freedoms of others.

8. Right of Objection

You have the right to object at any time and for reasons relating to your specific situation to the processing of your personal data, which is based either on the legal basis of Article 6.1.f. of GDPR or are necessary for the performance of a duty due to public interest according to article 6.1.e. of the GDPR. Next, we will not process your personal data unless we show subversive and legitimate reasons for processing that outweigh your interests, rights and freedoms or for establishing, exercising or upholding legal claims.

9. Right to submit a complaint to the supervisory authority

In any case, for any issue, you can contact the competent supervisory authority , where you can submit a report or complaint. The competent supervisory authority for Greece is the Hellenic Data Protection Authority, Kifissias 1-3, 11523, Athens,, tel . 2106475600.

We encourage you to contact us first for any issues you may have regarding your personal data in connection with our services. 


Our Environmental Policy is to portray responsible corporate citizenship in protecting the environment. We are dedicated to complying with widely accepted environmental practices, including a commitment to applicable legal and other requirements compliance, to strive for continuoaus improvement of the environmental management and quality system, to minimize the generation of waste and pollution and to continuously improve the services provided on all levels. Therefore, our processes, materials and our people will be managed accordingly in order to reduce the environmental impact associated with our work. Our Environmental Policy provides the framework for setting and reviewing environmental goals and objectives. Our Environmental Policy is documented, implemented and maintained, as well as communicated to all employees. Our company is committed to implementing and operating the Environmental Management System and the ISO-14001:2015 and ISO-9001:2015 Quality Management System in order to further improve environmental performance and quality of the services provided.

Our main goals and commitments are:

This policy will be communicated to all parties interested in the performance of our environmental management system, including the public.