Privacy policy

Introduction


Welcome to Milesian Suites. We are committed to protecting and respecting your privacy. Please read this notice carefully, as it contains important information about how we collect, use, process, and safeguard personal data that you provide to us or that we collect when you visit our website or make a booking with us.


This Privacy Policy applies to all pages and services accessible through www.milesiansuites.com, as well as through our booking platform at booking.smoobu.com/MilesianSuites. When this notice refers to "booking system," "booking engine," "website," "platform," or "services," it covers all of the above.


We operate in accordance with the General Data Protection Regulation (GDPR) (EU) 2016/679 and applicable Greek data protection law. By accessing our website or providing us with your information, you agree to the practices described in this Privacy Policy. We may update this notice from time to time — the current version will always be available on our website with the date of the last update.


2. Identity — Data Controller


When this notice refers to "we," "us," "our," "data controller," or "controller," it refers to Milesian Suites. We are the Data Controller for all personal data collected through our website and booking services. We are:

Milesian Suites

Milos Island, 84800 Greece

Email: milesiansuites@gmail.com

Phone: +30 6983771842

Website: www.milesiansuites.com


3. Data Processor


Milesian Suites uses Smoobu as its booking and property management platform. Smoobu processes personal data on our behalf as our Data Processor, in strict accordance with our instructions and in compliance with applicable data protection law. There is a contractual framework in place between us and Smoobu to protect your personal information. Smoobu is:


Smoobu GmbH

Greifswalder Str. 212

10405 Berlin Germany

Website: www.smoobu.com


Our data processor may only collect and process personal data on our behalf and in accordance with our instructions. Smoobu cannot process your data in any other way or for any other purpose.


We grant permission to our data processor to:


● Use your personal information for reserving suites and/or other services for you at Milesian Suites.

● Pass on your financial details to Milesian Suites and/or an appropriate third party (for example, a payment processor) for the purpose of confirming or processing a booking.

● Use your information for marketing purposes where you have explicitly agreed to this.

● Pre-complete forms and booking details to make your next visit to our booking engine easier (e.g. when amending or cancelling a booking).


4. Personal Data We Collect and Process


Depending on how you interact with our website and services, we may collect the following types of personal data:


Booking & Reservation Data


● Full name, email address, phone number, and postal address.

● Check-in and check-out dates, suite preferences, number of guests, and special requests.

● Nationality (where required for legal or immigration purposes).


Payment Information


● Financial details required to process pre-payment or full payment for a booking. Payment transactions are handled securely by our booking platform and its integrated payment providers. We do not store full card details on our own systems.


Communication Data


● Messages, enquiries, and requests you send us via email, phone, or the contact form on our website.


Website Usage Data


● IP address, browser type, device information, pages visited, referring URL, and time spent on our site — collected via cookies and analytics tools for website improvement and security purposes.


Marketing Preferences


● Whether you have opted in or out of receiving promotional communications from us.


Third-Party Data (e.g. booking for a friend)


If you provide personal data relating to a third party (e.g. you make a booking on behalf of someone else), you confirm that you have that person's consent to share their data with us and that you have informed them of the contents of this Privacy Policy. Milesian Suites and its data processor are duly exonerated from any liability in this regard.


Sensitive Data


Unless specifically requested by us, please do not send us, and do not disclose through our services, any Sensitive Personal Data (e.g. social security numbers, national identification numbers, data related to racial or ethnic origin, political opinions, religious beliefs, health data, biometrics or genetic characteristics, criminal background, or trade union membership).


Use of Services by Minors


Our services are not directed to individuals under the age of sixteen (16), and we request that minors do not provide personal data through our website or booking platform.


Mandatory Nature of Providing Data


The data requested in our booking forms are, in general, mandatory in order to process your reservation. If the required information is not provided, or is provided incorrectly, we will be unable to complete your booking.


5. Purpose of Processing Personal Data


We use your personal data for the following purposes:


● To manage bookings and reservations, including payment processing and the management of your preferences and special requests.

● To provide accommodation and any associated services during your stay.

● To communicate with you regarding booking confirmations, pre-arrival information, updates, and any changes to your reservation.

● To respond to your enquiries and contact requests submitted through our website or by phone or email.

● To send personalised promotional communications and offers by electronic or conventional means — only where you have expressly consented.

● To manage guest satisfaction surveys and quality feedback.

● To improve our website, services, and overall guest experience;

● To comply with our legal obligations and to ensure the safety and security of our property and guests.


6. Legal Basis for Processing


We process your personal data on the following legal grounds under the GDPR:


● Contract performance: processing is necessary to fulfil your booking and provide the services you have requested.

● Legal obligation: processing is required to comply with applicable Greek and EU law (e.g. tax and accounting requirements).

● Legitimate interests: processing is necessary for our legitimate interests, such as improving our website, ensuring security, and conducting direct marketing to previous guests — provided these interests are not overridden by your rights.

● Consent: for direct marketing and non-essential cookies, where you have given your explicit consent. You may withdraw consent at any time without affecting the lawfulness of processing carried out prior to withdrawal.


7. Data Retention


We retain your personal data only for as long as necessary to fulfil the purposes set out in this Privacy Policy, unless a longer retention period is required or permitted by law. The criteria we use to determine retention periods include:


● The duration of our ongoing relationship with you and the provision of services (e.g. for as long as your booking remains active or you continue to use our services).

● Legal obligations to which we are subject (for example, Greek and EU tax laws require that financial records be retained for a minimum of five years).

● Whether retention is advisable in light of our legal position (e.g. applicable statutes of limitations, ongoing litigation, or regulatory investigations).

Once data is no longer required, it will be securely deleted or anonymised.


8. Sharing and Disclosure of Your Information


We do not sell, rent, or trade your personal data. We may share your data only in the following circumstances: Service Providers and Data Processors

● Our booking and property management platform (Smoobu), which processes reservation and payment data on our behalf.

● Secure third-party payment processors for the purpose of completing financial transactions.

● Analytics and marketing service providers, where you have consented to such processing.


Legal Authorities


● We may disclose personal data where required to do so by applicable law, court order, or regulation.

● To respond to requests from competent public or government authorities, including those outside your country of residence, for national security or law enforcement purposes.

● To protect our legal rights, the safety of our guests and property, or to enforce our terms and conditions.


Where we combine data that would otherwise be classified as "other data" with personal data (such as linking your name to your location), we will treat the combined information as personal data and protect it accordingly.


9. International Transfers of Personal Data


We may transfer your personal data to our data processor(s) or sub-processor(s) who may be based outside the European Economic Area (EEA). Where such transfers occur, we ensure your personal data remains protected by one or more appropriate safeguards in accordance with the GDPR. These safeguards may include standard contractual clauses approved by the European Commission, or the processor's adherence to a recognised independent privacy certification scheme.

Smoobu, as our data processor, stores data on servers located within the EU (Germany). If any sub-processors operate outside the EEA, Smoobu ensures appropriate transfer mechanisms are in place.


10. User Responsibilities


By providing personal data to us, the User:


● Guarantees that they are of legal age or legally emancipated, where applicable, and that all information provided is true, accurate, complete, and up-to-date.

● Is responsible for the accuracy of all data communicated and for keeping it updated so that it reflects their actual situation.

● Guarantees that, where they have provided third-party data, they have that third party's consent and have informed them of the contents of this Privacy Notice.

● Will be responsible for any false or inaccurate information provided, and for any direct or indirect damages this may cause to Milesian Suites or third parties.


11. Your Rights Under the GDPR


As a data subject under EU law, you have the following rights, which you may exercise at any time free of charge by contacting us using the details in Section 14:


● Right of access: to obtain confirmation of whether we are processing personal data about you, and to receive a copy of that data.

● Right to rectification: to request the correction of inaccurate or incomplete personal data.

● Right to erasure ("right to be forgotten"): to request the deletion of your personal data, where it is no longer necessary for the purposes for which it was collected, subject to legal retention obligations.

● Right to restriction of processing: to request that we limit how we use your data in certain circumstances.

● Right to data portability: to receive your personal data in a structured, commonly used, and machine-readable format.

● Right to object: to object to processing based on legitimate interests or for direct marketing purposes.

● Right to withdraw consent: where processing is based on consent, to withdraw that consent at any time without affecting prior processing.


You also have the right to lodge a complaint with the competent supervisory authority. In Greece, this is:


Hellenic Data Protection Authority (HDPA)

Kifissias 1-3, 115 23 Athens

Tel: +30 210 6475600

www.dpa.gr


12. Cookies & Tracking Technologies


Our website uses cookies and similar tracking technologies to enhance your browsing experience and to analyse site traffic.These may include:


● Essential cookies: strictly necessary for the website to function properly (e.g. session management).

● Analytics cookies: to help us understand how visitors interact with our site so we can improve it.

● Marketing cookies: to deliver relevant promotional content, only where you have given your consent.

You can manage or disable cookies at any time through your browser settings. Please note that disabling certain cookies may affect the functionality of our website. For detailed cookie information, please refer to our Cookie Policy [where applicable].


13. Security Measures


We process your personal data at all times in strict confidence and in accordance with our duty of secrecy under applicable data protection law. We adopt appropriate technical and organisational security measures designed to protect your data against unauthorised access, accidental loss, alteration, disclosure, or destruction.

These measures are regularly reviewed and updated in line with the current state of technology and the nature of the data held. Our data processor, Smoobu, maintains its own security standards and infrastructure protections for data processed on our behalf.


14. Third-Party Links


Our website may contain links to third-party websites (such as our online booking engine, Google Maps, or vehicle rental partners). We are not responsible for the content or privacy practices of those external sites. We encourage you to review their privacy policies separately before providing any personal data.


15. Contact


Us If you have any questions, concerns, or requests relating to this Privacy Policy or the processing of your personal data, please contact us:

Milesian Suites

Milos Island, 84800

Greece


Email: milesiansuites@gmail.com

Phone: +30 6983771842

Website: www.milesiansuites.com


We will respond to all legitimate requests within 30 days. If your request is complex or involves a large volume of data, we may extend this period by a further two months, in which case we will notify you of the extension and the reasons for it.