Chat with us, powered by LiveChat

Privacy Policy

Preface

Domes Operator GP operates www.domesresorts.com. Domes Operator GP is established at Tsifliki Region, Elounda, Agios Nikolaos, Lasithi, Crete, Greece (Registration Number 133802441000) and is the Controller of your personal data in respect of the main www.domesresorts.com website, in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR) and Greek Law 4624/2019 (Government Gazette 137/A/2019).

Domes Operator GP also hosts the websites of the individual hotel establishments of Domes Resorts Group, acting as processor of personal data in respect of each hotel’s subpage, while each hotel company acts as the controller of personal data processed through its own subpage. The table below sets out the controller and processor for each URL:

 

URL Controller Processor
www.domesresorts.com Domes Operator GP
domesresorts.com/domesofelounda/ Touristikai Epiheiriseis Driros S.A. Domes Operator GP
domesresorts.com/domesnoruzchania/ Domes of Chania S.A. Domes Operator GP
domesresorts.com/domeszeenchania/ Domes of Attica S.A. Domes Operator GP
domesresorts.com/domesmiramare/ Domes of Corfu S.A. Domes Operator GP
domesresorts.com/domesnovossantorini/ Domes Santorinis S.M.S.A. Domes Operator GP
domesresorts.com/neemamaisonsantorini/ Domes Santorinis 2 S.M.S.A. Domes Operator GP
domesresorts.com/91athensdomes/ Domes Voulas S.M.S.A. Domes Operator GP
domesresorts.com/domesauluselounda/ Domes of Attica S.A. Domes Operator GP
domesresorts.com/domesofcorfu/ Domes of Attica S.A. Domes Operator GP
domesresorts.com/domesauluszante/ Domes of Attica S.A. Domes Operator GP
domesresorts.com/domesnoruzkassandra/ Domes of Attica S.A. Domes Operator GP
domesresorts.com/domeslakealgarve/ Domes of Attica S.A. Domes Operator GP
domesresorts.com/domeswhitecoastmilos/ Domes of Attica S.A. Domes Operator GP
domesresorts.com/auluschania/ Domes Akrotiriou S.M.S.A. Domes Operator GP
domesresorts.com/auluslindosrhodes/ Lindos Olympia Village S.M.S.A. Domes Operator GP
domesresorts.com/agalihotelpaxos/ Domes Paxon Single Member S.A. Domes Operator GP
domesresorts.com/domesbaobabsuites/ Rent2andhomeTenerife S.L. Domes Operator GP
domesresorts.com/pleiadesblossomhillhouses/ Pleiades Luxury Villas S.M.S.A. Domes Operator GP

 

For information on how each hotel company processes your personal data, please refer to the privacy policy available at the bottom of each hotel’s webpage. For any queries, please contact our Data Protection Officer at [email protected].

1. Definitions

“Personal data” means any information relating to an identified or identifiable natural person (data subject), including by reference to an identifier such as name, gender, postal and email address, telephone number, language preference, date and place of birth, nationality, passport or other government-issued identification data, important dates such as birthdays and anniversaries, membership or loyalty programme data, prior guest stays or interactions, goods and services purchased, special service and amenity requests, geolocation information, and social media account data.

“Other data” means data that generally do not reveal your specific identity or do not directly relate to you as an individual. Where other data reveal your specific identity or relate to you as an individual, we will treat them as personal data. Other data include browser and device data, app usage data, data collected through cookies, pixel tags and other technologies, demographic data, and aggregated data.

“Processing” means any operation or set of operations performed on personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation, retrieval, consultation, use, disclosure, dissemination, alignment, restriction, erasure, or destruction.

“Profiling” means any form of automated processing of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that person’s performance, economic situation, health, personal preferences, interests, reliability, behaviour, location, or movements.

“Pseudonymisation” means the processing of personal data in such a manner that the data can no longer be attributed to a specific data subject without the use of additional information kept separately and subject to appropriate technical and organisational measures.

2. Collection of Personal Data

We collect personal data from the following sources:

 

2.1  Online Services

We collect personal data when you visit our website, make an online reservation, purchase goods or services, communicate with us, post to our social media pages, sign up for our newsletter or the Master Key Community, or participate in a survey, contest, or promotional offer.

 

2.2  Customer Care Centres

We collect personal data when you make a reservation by telephone, communicate with us by email, fax, or online chat, or contact customer service. These communications may be recorded for quality assurance and training purposes.

 

2.3  Your Browser or Device

We collect certain data automatically through your browser or device, such as computer type, operating system, internet browser type and version, and the name and version of the online services you are using. We use this data to assess levels of usage and improve our services.

 

2.4  Cookies and Similar Technologies

Our website uses cookies and similar tracking technologies to provide you with the best possible online experience. For full information, please read our Cookies Policy.

 

2.5  Analytics

We may collect data through Google Analytics and similar tools, which use cookies and technologies to collect and analyse data about the use of our services. For further information, please read our Cookies Policy.

 

2.6  IP Address

We collect your IP address, which is automatically assigned to your device by your Internet Service Provider. IP addresses are logged automatically when a user accesses our online services. We use IP addresses to calculate usage levels, diagnose server problems, administer the online services, and derive your approximate location.

 

2.7  Aggregated Data

We may aggregate data we collect. Aggregated data will not personally identify you or any other user.

3. Purposes of Processing

We use personal data and other data to provide our services, develop new offerings, and protect the legal rights of Domes Operator GP. Unless you provide the data we request, or prohibit us from collecting it, we may not be able to provide the requested services. We process personal data for the following purposes:

 

3.1  Provision of Requested Services

We use personal data to manage our relationship with you, upon your consent, and/or to comply with a legal obligation. This includes providing you with access to and use of our online services and website.

 

3.2  Personalisation of Services

We use personal data to provide personalised services in accordance with your preferences, either with your consent or on the basis of our legitimate interest in improving your experience. This includes customising your experience when you contact our call centre or use our online services.

 

3.3  Marketing Communications

With your consent, we use personal data to send you marketing communications, promotional offers, and periodic surveys relating to our goods and services. You may withdraw your consent to marketing communications at any time as described in Section 6.2.

 

3.4  Loyalty Programmes

We use personal data to offer and administer loyalty programmes, including the Master Key Community (see Section 3.5 below), as well as programmes specific to certain properties or tailored to your interests. This processing is carried out with your consent and/or on the basis of our contractual relationship with you.

 

3.5  Master Key Community

When you register for the Master Key Community at www.domesresorts.com/join/, we collect your email address for the purpose of enrolling you in our loyalty and marketing programme and sending you personalised communications, exclusive offers, and promotional news relating to the properties and services of the Domes Resorts Group.

The legal basis for this processing is your freely given, specific, informed, and unambiguous consent (Article 6(1)(a) GDPR). Your email address will be shared with the hotel companies of the Domes Resorts Group listed in the Preface table, each of which is an independent data controller that may use your data to send you marketing communications relating to its respective properties. Where a hotel company acts as operator on behalf of a property owner, your data will be retained exclusively by the hotel operator and will not be transmitted to the property owner.

You may withdraw your consent at any time by clicking the ‘unsubscribe’ link in any marketing email or by contacting our DPO at [email protected]. Withdrawal of consent will not affect the lawfulness of processing carried out prior to withdrawal. Upon withdrawal, your data will be deleted within 30 days, subject to any applicable legal retention obligations.

 

3.6  Sweepstakes, Events, and Promotions

We use personal data to allow you to participate in sweepstakes, contests, and other promotional activities. Some activities have additional rules which may contain additional information about how we use your personal data. We use personal data in this way with your consent, to manage our contractual relationship with you, and/or on the basis of our legitimate interests.

3.7  Business Purposes

We use personal data for data analysis, security and fraud monitoring and prevention, developing new goods and services, improving or modifying our services, identifying usage trends, and determining the effectiveness of our promotional campaigns. This processing is carried out to manage our contractual relationship with you, to comply with a legal obligation, and/or on the basis of our legitimate interests.

4. Sharing of Personal Data

We share personal data and other data with the following categories of recipients:

4.1  Domes Resorts Hotel Group

We disclose personal data to the hotel companies forming the Domes Resorts Group, each of which is an independent legal entity acting as a separate data controller for its own operations. These companies are listed in the Preface table above. Data is shared for the purposes described in this Privacy Policy, including the provision and personalisation of services, marketing communications (including the Master Key Community programme), and the administration of loyalty programmes. For information on how each hotel company processes your personal data, please refer to the privacy policy on each hotel’s webpage.

4.2  Owners of Individual Properties

Domes of Attica S.A. acts as hotel operator on behalf of the owners of certain properties within the Domes Resorts Group. Personal data collected in connection with reservations and hotel operations may be disclosed to the relevant property owner, acting as a separate data controller, to the extent necessary for the management and operation of the property. This disclosure does not extend to personal data collected through the Master Key Community, which is retained exclusively by Domes of Attica S.A. as hotel operator and is not transmitted to property owners. For full information on the identity of the property owner and how your personal data is processed in connection with each specific property, please refer to the privacy policy of the relevant hotel.

4.3  Service Providers

We disclose personal data to third-party service providers for the purposes described in this Privacy Policy. These include companies providing website hosting, data analysis, payment processing, order fulfilment, IT infrastructure, customer service, email delivery, marketing, auditing, and other services. All service providers are required to process personal data only on our instructions and in accordance with this Privacy Policy.

4.4  Legal and Regulatory Disclosures

We will disclose personal data where necessary or appropriate to: (a) comply with applicable law, including laws outside your country of residence; (b) comply with legal process; (c) respond to requests from public and government authorities, including for national security or law enforcement purposes; (d) enforce our terms and conditions; (e) protect our operations; (f) protect the rights, privacy, and safety of Domes Operator GP, you, or others; and (g) pursue available remedies or limit damages.

5. Data Protection Principles

Your personal data is:

  • Processed lawfully, fairly, and in a transparent manner (Article 5(1)(a) GDPR).
  • Collected for specified, explicit, and legitimate purposes and not further processed in a manner incompatible with those purposes (Article 5(1)(b) GDPR).
  • Adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed (Article 5(1)(c) GDPR).
  • Accurate and, where necessary, kept up to date (Article 5(1)(d) GDPR).
  • Kept in a form which permits identification of data subjects for no longer than necessary for the purposes of processing (Article 5(1)(e) GDPR).
  • Processed in a manner that ensures appropriate security, including protection against unauthorised or unlawful processing and against accidental loss, destruction, or damage (Article 5(1)(f) GDPR).

6. Consent

6.1  General

Where we rely on consent as the legal basis for processing, we process your personal data only after obtaining your freely given, specific, informed, and unambiguous consent, expressed by a clear affirmative action.

6.2  Withdrawal of Consent

You have the right to withdraw your consent at any time. Withdrawal of consent shall not affect the lawfulness of processing carried out prior to withdrawal and shall not result in any detriment to the provision of our services.

In the specific case of the Master Key Community, you may withdraw your consent at any time by: (a) clicking the ‘unsubscribe’ link in any marketing email you receive from us; or (b) submitting a written request to our DPO at [email protected]. Upon withdrawal, your data will be deleted within 30 days, subject to any applicable legal retention obligation.

7. Retention

We will retain your personal data for the period necessary to fulfil the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. The criteria used to determine our retention periods include:

  • The length of time we have an ongoing relationship with you and provide services to you.
  • Whether there is a legal obligation to which we are subject requiring retention for a specified period.
  • Whether retention is advisable in light of our legal position, including applicable statutes of limitations, litigation, or regulatory investigations.

 

In relation to the Master Key Community specifically: your email address will be retained for as long as your membership is active. Upon withdrawal of consent or unsubscription, your data will be deleted within 30 days, subject to any overriding legal retention obligation.

8. Security

We implement appropriate organisational, technical, and administrative measures to protect your personal data against unauthorised or unlawful processing and against accidental loss, destruction, or damage. No data transmission or storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure, please notify us immediately using the contact details in Section 11.

9. Your Rights

As a data subject, you have the following rights, which you may exercise at any time:

  • Right of access: you may obtain confirmation of whether we process personal data about you, and request a copy of that data.
  • Right to rectification: you may obtain rectification of inaccurate personal data and completion of incomplete personal data.
  • Right to erasure: you may request the deletion of your personal data, subject to our legal obligations and rights regarding retention.
  • Right to restriction: you may request that we restrict the processing of your personal data in certain circumstances.
  • Right to object: you may object at any time to the processing of your personal data carried out on the basis of our legitimate interests, on grounds relating to your particular situation.
  • Right to data portability: you may receive your personal data in a structured, commonly used, and machine-readable format, or request its transmission to another controller, where processing is carried out by automated means on the basis of your consent or a contract.
  • Right to withdraw consent: where processing is based on consent, you may withdraw your consent at any time as described in Section 6.2.

10. How to Exercise Your Rights — Right to Lodge a Complaint

To exercise any of the rights described above, please contact us by telephone at +30 2310 810624, or by email at [email protected]. Please state clearly which right you wish to exercise and which personal data your request concerns. For your protection, we will only fulfil requests relating to the personal data associated with the email address you use to send your request, and we may need to verify your identity before fulfilling your request. We will endeavour to respond as soon as reasonably practicable and in accordance with applicable law.

Please note that we may need to retain certain data for record-keeping purposes or in connection with transactions initiated prior to your request. There may also be residual data remaining within our databases which cannot be removed, and certain data which we are not able to allow you to review for legal, security, or other reasons.

If we unduly refuse or delay compliance with your request, or if you consider that your personal data are being processed in contravention of the law, you have the right to lodge a complaint with the Hellenic Data Protection Authority (Kifisias 1–3, 115 23 Athens; tel. +30 210 6475600; https://www.dpa.gr/el/polites/katagelia_stin_arxi). Where you reside in another EU Member State, you may also lodge a complaint with the supervisory authority of your country of residence.

 

11. Data Protection Officer

In accordance with Articles 37 and 38 GDPR, Domes Operator GP has designated a Data Protection Officer responsible for overseeing compliance with EU data protection law. If you have any concerns about the way your personal data is processed, or if you wish to exercise your rights, please contact the DPO at: [email protected].

 

12. Updates to this Privacy Policy

Domes Operator GP values you as our guest and recognize that privacy is important to you. We revise and update this Privacy Statement when any changes become effective. Its former versions are at your disposal upon request. In any case, your use of the Services following these changes means that you accept the revised Privacy Statement. We remain at your disposal for any addition information using the above contact.

 

Last updated: June 2026