Privacy and Cookies Policy
Below we inform you how the service provider Santorini Paradise (registered seat: Oia, Santorini, 84702, Greece) handles your personal data and for what purposes.
During data processing, we act in accordance with relevant legislation, particularly Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR).
This Privacy Policy covers the following website: https://santoriniparadise.com.
We reserve the right to modify this Privacy Policy at any time. Any changes become effective upon publication.
Data Controller
- Name: Santorini Paradise
- Registered seat: Oia, Santorini, 84702, Greece
- Email: [email protected]
- Phone: +306977645575
Legal bases for data processing
- Performance of a contract (GDPR Article 6(1)(b))
- Compliance with a legal obligation (GDPR Article 6(1)(c))
- Legitimate interests of the controller or a third party (GDPR Article 6(1)(f))
- Consent of the data subject (GDPR Article 6(1)(a))
- Public interest or exercise of official authority (GDPR Article 6(1)(e))
- Fulfillment of accounting and tax obligations (GDPR Article 6(1)(c) and relevant national legislation)
- Enforcement of legal claims (GDPR Article 6(1)(f))
Hosting provider
The data is processed and stored by the following hosting provider for the operation of our service.
- Provider name: Chemicloud
- Address: 145 Broadway, 249 Arch St
- Email: moc.duolcimehc@pleh
- Website: chemicloud.com
Cookies
When you browse the website, cookies may be placed on your device. These cookies contain technical information, and their primary purpose is to ensure convenient, personalized browsing. The site may also use cookies for analytics, remarketing, or media elements.
-
Essential
Essential cookies enable basic functions and are necessary for the website to work properly. These cookies do not require user consent under GDPR.
-
Required
These cookies are necessary for the proper functioning of the website, but their use requires user consent. Examples include payment gateways, captcha services, and embedded booking services.
-
Analytics
Analytics cookies collect usage information, enabling us to understand how visitors interact with our website.
-
Marketing
Marketing cookies are used by third-party advertisers or publishers to display personalized ads. They work by tracking visitors across websites.
-
Media
These cookies are necessary to display certain media elements, such as embedded videos, maps, and social media posts.
-
Other services
This category includes all cookies, domains, and services that do not fall into the other specified categories.
Cookies used on this website
| Cookie Name | Purpose |
|---|---|
| _lscache_vary | Essential |
| asenha_tab | Essential |
| PHPSESSID | Essential |
| ucp_tabs | Other services |
| mhcookie | Essential |
| wordpress_test_cookie | Essential |
| wp_lang | Essential |
| wordpress_logged_in_* | Essential |
| wp-settings-* | Essential |
| wp-settings-time-* | Essential |
You can regulate or disable cookies in your browser settings; however, this may affect certain functions of the site.
Data of minors
Our service is not specifically directed at minors under the age of 16. If we collect and process data of minors, we do so only where the law requires consent or parental/guardian authorization.
Parents and guardians may request the modification or deletion of any recorded data about themselves or the minors under their supervision at any time.
Data retention periods
We store data only for the necessary period or for the deadlines prescribed by relevant legislation. After that, the data is deleted or anonymized.
Data transfer to third parties
We transfer your data to third parties only if you have explicitly consented, or if it is required by law or a regulatory authority order.
Data security measures
During data processing, both the data controller and the data processor employ organizational and technical protection measures that take into account current technological possibilities and the nature of data processing (purpose, scope, circumstances), as well as the varying degrees of risk faced by natural persons. These safeguards aim to maintain data protection proportionate to the risks.
These measures include data encryption, maintaining the availability, confidentiality, and integrity of systems and services, and ensuring sufficient resilience. We pay particular attention to restoring the availability of and access to data as soon as possible in the event of any physical or technical incident.
By regularly reviewing and testing security measures, we ensure that the guarantees provided are not merely theoretical but actually provide an adequate level of protection in practice. We store data so that unauthorized persons cannot access it. Paper-based documents are kept in a closed, secure environment, while electronic data is accessible only to persons with properly regulated access rights.
We also ensure that data can be deleted in a way that makes it impossible to restore once the retention period has ended or for any other reason that makes deletion necessary. Paper-based documents are destroyed using a specialized shredder or by an external partner specializing in this. When decommissioning or scrapping electronic media, we ensure that data is irretrievably removed.
Protection of paper-based documents
We provide physical protection for printed data to ensure secure, dry storage in adequately lockable rooms. Only authorized personnel have access to these documents. If paper-based documents are also digitized, the rules for digital processing apply to them. Anyone handling data must not leave the work area without ensuring that the materials entrusted to them are locked and protected from unauthorized access.
The building and rooms where paper-based records are located have adequate fire and property protection systems, reducing the possibility of physical damage.
IT protection
The computers and mobile devices involved in data processing are equipped with appropriate antivirus protection and access control. To secure electronically stored information, we apply up-to-date backups and archiving solutions, ensuring these backups are accessible if needed.
Only authorized individuals with defined authorization levels can connect to the central server. Computers used for work and the data stored on them are protected by passwords and other access-protection measures against unauthorized access.
Management and reporting of data protection incidents
If an event occurs that threatens personal data with unauthorized access, damage, or loss, we immediately take steps to further protect the affected data and mitigate damages. If the situation suggests that the incident poses a significant risk to individuals’ rights or freedoms, we notify the affected individuals without undue delay, explaining the nature of the incident in understandable terms, as well as the measures we have taken or plan to take to address it.
We may omit notifying affected individuals if we have previously implemented security solutions (e.g., encryption) that render the personal data unintelligible to unauthorized persons, or if further measures significantly reduce the probability of risk. In some cases, public disclosure may suffice instead of direct notification if individual notification would involve disproportionate effort.
In accordance with applicable regulations, if a data protection incident occurs that is likely to result in a risk to the rights and freedoms of natural persons, the data controller reports it to the competent supervisory authority within 72 hours of becoming aware of it. If the notification is made beyond this period, the reasons for the delay must also be provided.
User rights
As a data subject (user), you have the following rights regarding the processing of your personal data:
-
Right of access (GDPR Article 15)
You can find out whether we store information about you, and if so, what details. You can also request information about the purpose, legal basis, and other relevant circumstances of data processing. -
Right to rectification (GDPR Article 16)
You have the right to request the correction or completion of inaccurate or incomplete data. -
Right to erasure (“right to be forgotten”) (GDPR Article 17)
If the data is no longer needed or if the legal conditions for erasure are met, you can request that it be deleted as soon as possible. -
Right to restriction of processing (GDPR Article 18)
In certain cases, you can request that we only store the data and not use it otherwise (for example, if you dispute the accuracy of the data but do not want it to be deleted immediately). -
Right to data portability (GDPR Article 20)
You have the right to receive the data we hold about you in a machine-readable format, or to request that we transfer it to another service provider if technically feasible. -
Right to object (GDPR Article 21)
You may object to the further processing of your personal data if you believe that our legitimate interests (or any other legal basis) do not sufficiently justify such processing.
To exercise these rights, please contact us (email: [email protected]). We strive to respond to requests as quickly as possible. Typically, we will respond within one month of receiving your request, but if necessary (e.g., if the request is complex), this period may be extended by a further two months. We will inform you of the reasons for the extension within that initial one-month period.
If we cannot fulfill your request, we will inform you of this and the reasons within the above deadline. In this case, you have the right to lodge a complaint with the supervisory authority or seek a judicial remedy.
Complaints and remedies
If you believe there has been an abuse of your personal data, you can make an official report using the following contact details:
- Email: [email protected]
- By post: Santorini Paradise, Oia, Santorini, 84702, Greece
We thoroughly investigate incoming complaints and inform you about the results of our investigation and any measures taken. If there is no specific time period prescribed by law for handling complaints, we review how the investigation of complaints and our process meet the purpose of data processing and applicable legal requirements at least once every three years.
Date of last update: 17/05/2026