Privacy Policy

Effective Date: May 25, 2026

1. Introduction

Anasa Retreat Crete ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit our website (anasaretreatcrete.com) or book a stay at our villa.

Property Owners: Rebecca & Tommy
Property Managers: Danielle & Harlen
Contact: [email protected] | +1 (215) 850-0898 / +47 9321 2496
Address: Douliana, Apokoronas, Chania, Crete, Greece
Property Registration: AMA 00002791329

2. Information We Collect

2.1 Information You Provide to Us

We collect information that you voluntarily provide when you:

Make a booking: Name, email address, phone number, arrival/departure dates, number of guests, payment information
Contact us: Name, email address, phone number, and any information included in your message
Complete check-in: Passport information (as required by Greek law), emergency contact details
Request services: Dietary requirements, special requests, preferences for additional services (e.g., private chef, transfers)

2.2 Information Collected Automatically

When you visit our website, we may automatically collect certain information about your device and usage of the site. This may include:

IP address and approximate location (e.g., country/region)
Browser type and version
Device type and operating system
Pages visited and time spent on pages
Referring website addresses (e.g., search engine or partner site)
Cookies and similar tracking technologies (see our Cookie Policy)

We use Google Analytics 4 ("GA4") via Google Tag Manager to help us understand how visitors interact with our website, improve content and services, and keep the website secure and reliable. For visitors from the European Economic Area (EEA), United Kingdom and Switzerland, analytics cookies are only set after you provide consent via our cookie banner. You may withdraw consent at any time by clearing your browser's local storage or cookies.

3. How We Use Your Information

3.1 Booking and Stay Management

Process and confirm your booking
Communicate about your stay (check-in details, directions, local recommendations)
Comply with Greek tourism regulations (passport registration)
Arrange additional services you request (transfers, private chef, etc.)
Handle security deposits and payments

3.2 Communication

Respond to your inquiries and requests
Send booking confirmations and important updates
Provide customer support
With your consent, send occasional promotional information about special offers or news

3.3 Legal and Safety

Comply with legal obligations (tax, tourism registration and public safety)
Protect our rights and property
Ensure guest and property safety
Prevent fraud and unauthorized access

3.4 Analytics and Website Improvement

We use analytics data to monitor website performance, understand which pages are most used, improve our content and navigation, and detect technical issues. For EEA/UK/Swiss visitors, we rely on your consent for analytics cookies. In other regions, we may rely on our legitimate interests in running and improving our business.

4. Legal Basis for Processing (GDPR)

Under the EU General Data Protection Regulation (GDPR), we process your personal data based on:

Contract Performance: Processing necessary to fulfill our rental agreement with you (e.g., bookings and stays)
Legal Obligation: Compliance with Greek tourism and tax laws requiring guest registration and record keeping
Legitimate Interests: Managing bookings, preventing fraud, improving our services and securing our website (where these interests are not overridden by your rights)
Consent: Use of analytics and non-essential cookies, and sending marketing communications (you can withdraw consent at any time)

5. How We Share Your Information

5.1 Service Providers

Lodgify: Our booking system provider (subject to their Privacy Policy)
Payment processors: Stripe and other secure payment gateways that process payments on our behalf
Email services: For sending booking confirmations and communications
Analytics & tag providers: Google Analytics 4 and Google Tag Manager (see Google's Privacy Policy)
Third-party service providers: Car rental companies, private chefs, transfer services and other local partners, but only when you request or consent to those services

5.2 Legal Requirements

We may disclose your information if required to comply with Greek law, respond to legal processes or government requests, protect our rights, privacy, safety, or property, or enforce our Terms and Conditions.

5.3 Business Transfers

If the property or our business is sold or transferred, your information may be transferred to the new owners, subject to this Privacy Policy or a substantially similar policy that provides at least the same level of protection.

6. Data Retention

We retain your personal information for as long as necessary to fulfil the purposes outlined in this Privacy Policy, comply with legal obligations (Greek tax law requires records to be kept for a minimum of 5 years), and resolve disputes and enforce our agreements. After the retention period, we will securely delete or anonymise your data.

7. Your Rights Under GDPR

As a data subject in the EU/EEA, you have the following rights:

Right of Access: Request a copy of your personal data that we hold
Right to Rectification: Request correction of inaccurate or incomplete data
Right to Erasure: Request deletion of your data (subject to legal obligations)
Right to Restriction: Request limitation of processing in certain circumstances
Right to Data Portability: Receive your data in a structured, commonly used and machine-readable format
Right to Object: Object to processing based on legitimate interests, including profiling
Right to Withdraw Consent: Withdraw consent at any time for processing that relies on consent (for example, analytics cookies)
Right to Lodge a Complaint: With the Hellenic Data Protection Authority or your local supervisory authority

To exercise any of these rights, please contact us at: [email protected]

8. Data Security

We implement appropriate technical and organisational measures to protect your personal information, including secure hosting and SSL/TLS encryption, secure payment processing through PCI-compliant providers, limited access to personal data on a need-to-know basis, and regular security updates and monitoring. No method of transmission over the internet is 100% secure, but we strive to use commercially acceptable means to protect your data.

9. International Data Transfers

Your information may be transferred to and processed in countries outside the European Economic Area (EEA), including for payment processing, booking system services and analytics (for example, by Lodgify and Google). Where we transfer data outside the EEA/UK, we ensure compliance with GDPR requirements through Standard Contractual Clauses approved by the European Commission, and by working only with service providers that implement appropriate safeguards.

10. Children's Privacy

Our services are not directed to children under 16. We do not knowingly collect personal information from children. If we become aware that a child has provided us with personal information, we will delete it immediately, unless we are legally required to retain it.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The "Effective Date" at the top indicates when it was last updated. Significant changes will be communicated via email (where appropriate) or through a prominent notice on our website.

12. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

Email: [email protected]
Phone: +1 (215) 850-0898 / +47 9321 2496
Address: Douliana, Apokoronas, Chania, Crete, Greece

Data Protection Authority

You have the right to lodge a complaint with the Hellenic Data Protection Authority:
Website: www.dpa.gr
Email: [email protected]
Address: 1-3 Kifisias Ave., 115 23 Athens, Greece