Villa Alexandrou Logo
Villa Alexandrou

Privacy Policy

Last updated: February 2026

1. Data Controller

The data controller for this website is Manolis Michelakakis, operating Villa Alexandrou at Kalamitsi Alexandrou, Apokoronas, Chania, Crete, 73003, Greece.

Contact: info@villa-alexandrou.com

2. What Data We Collect

We collect the following personal data when you interact with us:

  • Booking data: Name, email address, phone number, payment details (processed by Stripe), dates of stay, number of guests, country of residence.
  • Communication data: Email correspondence and enquiry form submissions.
  • Website usage data: Only when you consent to cookies — anonymized page views and interaction data via analytics tools.

3. Legal Basis for Processing

  • Contract performance: Processing booking data to fulfil your reservation (Art. 6(1)(b) GDPR).
  • Legal obligation: Retaining booking records for tax and regulatory compliance (Art. 6(1)(c) GDPR).
  • Consent: Analytics cookies are only activated with your explicit consent (Art. 6(1)(a) GDPR).

4. Data Retention

  • Booking and financial records: Retained for 5 years as required by Greek tax authority (AADE) regulations.
  • Communication records: Retained for up to 2 years after your last stay, then deleted.
  • Analytics data: Anonymized and retained for up to 14 months.

5. Third-Party Processors

We use the following third-party services that may process your data:

  • Stripe (payment processing) — Stripe, Inc., USA. Data processed under EU Standard Contractual Clauses.
  • Vercel (website hosting) — Vercel, Inc., USA. Edge network with EU data regions.
  • Supabase (database and authentication) — Supabase, Inc., USA. EU data region configured.

6. Cookies

This website uses only essential cookies by default (session management, CSRF protection). Analytics or marketing cookies are not loaded until you give explicit consent via our cookie banner.

You can withdraw consent at any time by clearing your browser cookies.

7. Your Rights (GDPR)

Under the GDPR, you have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Erase your data (“right to be forgotten”), subject to legal retention requirements
  • Restrict processing of your data
  • Data portability — receive your data in a structured, machine-readable format
  • Object to processing based on legitimate interests
  • Withdraw consent at any time for consent-based processing

To exercise these rights, contact us at info@villa-alexandrou.com.

8. Supervisory Authority

You have the right to lodge a complaint with the Hellenic Data Protection Authority (HDPA): www.dpa.gr

9. Changes to This Policy

We may update this privacy policy from time to time. Changes will be posted on this page with an updated “Last updated” date.

10. Contact

For privacy-related questions, contact info@villa-alexandrou.com or call +30-693-979-4399.