Book Now
A collection of hotels and resorts across Greece’s most stunning destinations. Explore our Hotels & Resorts
AppAppApp

ENLanguages Dropdown

GR

ENLanguages Dropdown

GR
Book Now

SOKIO Hotels & Resorts considers the personal data protection as a matter of outmost seriousness and great importance. Respecting the personal data we collect and manage and ensuring their proper processing is one of our hotels' top priorities.

This is the reason why we take all appropriate technical and organizational measures in order to protect the personal data we process and to ensure that this processing will always meet the requirements of the current national and European legal framework and in particular the General Data Protection Regulation (EU) 2016/679 (GDPR), Greek Law 4624/2019, Guidelines, Decisions and Acts of the Hellenic Data Protection Authority and the European Data Protection Board etc.).

1. DATA CONTROLLER - CONTACT DETAILS - DATA PROTECTION OFFICER (DPO)

SOKIO Hotels & Resorts is the Data Controller for all the personal data that collects, processes and stores.

DATA CONTROLLER INFORMATION

OIKOS HOSPITALITY I.K.E. (Trade Name: SOKIO Hotels & Resorts)

Address: 247 Syggrou Avenue, P.C. 17122, Nea Smyrni, Greece.

Phone: +30 210 9430790

Email: welcome@sokiohotels.com

For the matters concerning the processing of personal data you can contact the company's Data Protection Officer (DPO) at dpo@oikosdevelopments.com.


2. CATEGORIES OF PERSONAL DATA COLLECTED AND PROCESSED AND PURPOSES OF THE PROCESSING

SOKIO Hotels & Resorts collect and process personal data for carrying out our business activities and with the main purpose of the optimum personalized provision of hotel and leisure services.

More specifically, the individual processing purposes and the data we process for each one of them are:

Full name, phone number, email, address, number of guests (adults and minors), reservation date and reference number, booking method (e.g., travel agent, booking platform, phone reservation, etc.), arrival and departure dates, signature, room type and cost per night, payment details and any comments provided by our guests.

Full name, phone number, email, full address details, date of birth, ID or passport number, number of guests (adults and minors), reservation date and reference number, booking method (e.g., travel agent, booking platform, phone reservation, etc.), arrival and departure dates, signature, room type and cost per night, information of the person responsible for the payment, additional consumption charges, total cost of the provided services.

Full name, reservation date and time, number of persons, reason for the reservation (if you wish to let us know).

Full name, email, date, content of the request or complaint, contact phone number.

Reservation and accommodation details (e.g., full name), Tax ID (TIN) and Tax Office, room number, number of guests, additional charges/consumptions, discounts, payable costs, payment method (bank transfer, card, cash), details included in the receipt/invoiced issued, deposits and outstanding balances.

Image data collected through the closed video-surveillance circuit (CCTV) system operating in our hotels, that records images of guests, visitors, and employees in the public areas of our premises. The recording is done in compliance with the relevant applicable legislation. You can find detailed information regarding the processing of the image data through the CCTV operating in the hotels in the CCTV Policy, which is available on the SOKIO Hotels & Resorts website (www.sokiohotels.com).

In the event of a security incident or report (e.g., theft or accident), the full name of the person filing the report or those involved in the incident, the duration of stay and room number, as well as a description of the incident/accident, etc., are recorded.

Optionally and only if voluntarily disclosed by you, we collect health-related data such as illnesses, disabilities, allergies, special dietary requirements, and other preferences. Our goal is to provide you with the best possible service.

Full name and email address

Optionally and if you wish, you can fill out a satisfaction survey via an online platform provided by an external partner. The platform collects and shares with us the following data: reservation ID, full name, arrival and departure dates, room number, number of guests, email, language, nationality, and the responses to the survey questions.

Minor's Data and Sensitive Personal Data

The company does not collect personal data of minors (under 18 years of age). If it is necessary for the processing purposes, data is collected from the parents or legal guardians of minors, after informing them accordingly.

The company does not collect special categories of personal data (sensitive data). However, it may process sensitive data that customers provide voluntarily (e.g., allergy issues, disability, etc.).

3. LEGAL BASIS OF THE PROCESSING

Legal basis of the data processing may be:

  1. The performance of the contract between the hotel and its guests (according to the article 6§1-b of the General Data Protection Regulation). Without collecting and using the necessary information it will not be possible to complete your reservation nor to enjoy our services.

  2. The compliance of SOKIO Hotels & Resorts with its legal and regulatory obligations, arising by the current national and European legal framework regarding the hotels' business activities (according to the article 6§1-c of the General Data Protection Regulation).

  3. The promotion, preservation and protection of the legitimate interests of both SOKIO Hotels & Resorts and its customers (according to the article 6§1-f of the General Data Protection Regulation), if necessary. Legitimate interests include also among others the support of legitimate claims, the defense of the rights and interests of the hotels and the Company before courts, the development and improvement of the services provided by the hotels as well as their uninterrupted and continuously improving operation.

  4. The explicit consent (according to the article 6§1-a and 9§2-a of the General Data Protection Regulation) that may be provided freely by our customers (existing or potential) for specific processing purposes (e.g., disclosure of allergies and other health issues, subscription to newsletters, completion of satisfaction surveys, etc.).

4. RECIPIENT OF PERSONAL DATA

First, access to your data has the authorized personnel of SOKIO Hotels & Resorts, as part of their duties, according to their job description.

Your personal data may be shared with third-party partners of the Company, who process personal data on its behalf (such as in reservation management systems, website hosting, hotel management services, etc.).

After your departure from the hotel, the company may share your personal information (such as your full name and email address) with an external partner to send you a satisfaction survey and collect your responses. Completing the survey is optional.

Furthermore, the data may be disclosed - as required and/or permitted by applicable laws - to public authorities or bodies or parties entrusted with the control and monitoring of the Company's activities, within the framework of their responsibilities.

The disclosure occurs only when necessary to achieve the data processing purposes or to ensure that SOKIO Hotels & Resorts complies with its legal or contractual obligations, always subject to confidentiality.


5. RETENTION PERIOD OF DATA

In the first place, we store your data at least for as long as it is necessary to fulfill the processing purposes for which they were collected.

Personal data that serve the performance of a contract are stored for as long as necessary for the execution of the contract and the establishment, exercise and/or support of legal claims that may arise from this contract.

We keep customer records for 2 years after their last visit to our hotels.

When the processing of data is based on the promotion and preservation of the legitimate interests of the Company or a third party, the data are stored for as long as necessary to satisfy such legitimate interests.

If the processing of your data is based on your consent, your personal data will be kept until you withdraw your consent. It should be clarified that the withdrawal of the consent does not affect the lawfulness of the processing based on the consent while it was in force.

Finally, we maintain the data for the overall time required by the legal framework applied to the Company's business operations.


6. DATA SUBJECTS' RIGHTS IN RELATION TO THE PERSONAL DATA

You can exercise the following rights regarding the processing of your personal data:

You have the right to know what categories of personal data of yours we keep and process, for what processing purposes and other additional relevant information. You also have the right to request a copy of your personal data undergoing processing.

You have the right to request the rectification, modification and completion of your personal data.

You have the right to request the erasure of your personal data when they are processed based on your specific consent. In cases where the processing is based on another legal basis (such as performance of a contract, legal obligation or protection of legitimate interests of the Company etc.), this right of yours may be subject to restrictions or not be exercised.

You have the right to request the restriction of processing of your personal data

You have the right to object to the processing of your personal data when it is based on a legitimate interest, as well as for direct marketing and profiling purposes

You have the right to request and receive your personal data in a format that allows you to access them, use them and process them with the commonly used editing methods. In addition, you have the right to request us to transmit your personal data to another controller where we process them by automated means and based on your consent or for the performance of a contract and if this is technically feasible.

If the processing of your personal data is based on your consent, you have the right to withdraw it at any time. The withdrawal of your consent does not affect the lawfulness of the processing based on the consent before its withdrawal.

You may exercise your above-mentioned rights as well as pose any question, complaint or ask other information regarding the processing of your personal data, by contacting dpo@oikosdevelopments.gr.

7. RIGHT TO LODGE A COMPLAINT WITH THE SUPERVISORY AUTHORITY

You have the right to lodge a complaint with the Hellenic Data Protection Authority (www.dpa.gr) on matters concerning the processing of your personal data.

8.PROTECTION OF PERSONAL DATA

SOKIO Hotels & Resorts διασφαλίζει τη νόμιμη συλλογή και επεξεργασία των προσωπικών δεδομένων. Η Εταιρία έχει λάβει και εφαρμόζει όλα τα κατάλληλα τεχνικά και οργανωτικά μέτρα για την ασφαλή επεξεργασία των δεδομένων και μεριμνά συνεχώς προκειμένου να εξασφαλίσει την προστασία των προσωπικών δεδομένων που επεξεργάζεται από τυχαία ή αθέμιτη απώλεια, καταστροφή, παραποίηση, απαγορευμένη διάδοση ή μη εξουσιοδοτημένη πρόσβαση σε αυτά.

SOKIO Hotels & Resorts ensures the lawful collection and processing of personal data. The company has implemented all appropriate technical and organizational measures for the secure processing of data and continuously takes care to ensure the protection of the personal data it processes from accidental or unlawful loss, destruction, alteration, unauthorized disclosure, or access.

9. LAST UPDATE OF THE POLICY

This policy may be periodically updated.

This current version is effective since 01.03.2025