MENU
MENU

Privacy Policy

We value your privacy
Home
Privacy Policy

At ASPENGR Monastiraki Hotel Apartments (“we”, “our”, “us”) we respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you visit our website, make a reservation, or stay with us.

We comply with the EU General Data Protection Regulation (GDPR) 2016/679, Greek Law 4624/2019, and all other relevant European data protection laws.

1. Who We Are

ASPENGR Monastiraki Hotel Apartments is an accommodation provider located in the center of Athens offering modern apartment-style hospitality.

We act as the Data Controller when processing your personal data. We may also work with trusted service partners (e.g., transfer providers, tour partners) to deliver services you request.

2. Personal Data We Collect

We only collect personal data that is necessary to manage reservations, provide services, ensure safety, and comply with legal obligations. The information we may collect includes:

Identification and contact details: name, surname, nationality, date of birth, ID/passport number, address, email, phone number.

Booking and stay details: stay dates, number of guests, preferences, arrival information such as flight number (if you request transfers).

Payment information: IBAN (if applicable), and partial card details through secure payment processors (we do not store full credit card numbers).

Website and technical data: IP address, device and browser information, cookie preferences.

Optional details you choose to provide: preferences, special requests, or celebration notes (e.g., birthday, honeymoon).

Minors: Guests must be 18+ to make a reservation. We do not knowingly collect data from minors without parental consent (digital consent age in Greece is 15).

3. How We Collect Personal Data

We collect data in the following ways:

  • Directly from you (during booking, by email or telephone, at check-in)
  • Through our booking engine (WebHotelier)
  • From online booking platforms (OTAs) or travel agents
  • Through our website and cookies
  • When you submit a contact form or request information

We do not sell or trade personal data.

4. Purposes of Processing

We use your personal data for the following purposes:

  • To manage reservations and provide hospitality services
  • To contact you regarding your booking or stay
  • To process payments and issue invoices
  • To manage check-in procedures and identity verification (if required by law)
  • To comply with tax and legal obligations
  • To improve our services and guest experience
  • To ensure security and prevent fraud
  • To send marketing communications only if you provide consent (you may withdraw consent anytime)

5. Legal Basis for Processing

We process your personal data under the following legal grounds:

  • Performance of a contract (e.g., to manage your reservation and stay)
  • Compliance with legal obligations (tax, accounting, police requirements)
  • Legitimate interest (security, service improvement, fraud prevention)
  • Consent (for marketing communication or optional services)

You may withdraw consent at any time.

6. Disclosure of Data

We only share personal data when necessary and lawful, such as:

  • With our booking and reservation partners (e.g., WebHotelier)
  • With payment processors and financial institutions
  • With external service partners only when you request services (e.g., transfer, tours)
  • With IT and hosting providers who support our systems
  • With authorities when required by law or for safety/security reasons

All third-party service providers operate under data-processing agreements compliant with GDPR.

7. Data Retention

We retain personal data only for as long as necessary for the purposes collected, or as long as required by law.

  • Reservation and financial data are stored in accordance with Greek tax and accounting laws (typically 5–10 years)
  • General correspondence is retained until your request or matter is resolved, plus a reasonable period
  • Marketing data is kept until consent is withdrawn
  • CCTV recordings, where applicable, are stored for a maximum of 14 days unless required for investigation

Once retention periods expire, data is securely deleted or anonymized.

8. Your Rights

Under GDPR, you have the right to:

  • Access your personal data
  • Request correction of inaccurate data
  • Request deletion of your data (where allowed by law)
  • Restrict or object to processing
  • Request data portability
  • Withdraw consent at any time (for consent-based processing)
  • File a complaint with the Hellenic Data Protection Authority (www.dpa.gr)

We respond to data requests within 30 days.

9. Security Measures

We apply appropriate technical and organizational security measures, including:

  • Secure hosting and encrypted communications (SSL)
  • Access control and authentication
  • Firewalls and security monitoring
  • Confidentiality agreements with staff and service providers
  • Regular security reviews

We strive to protect your data against unauthorized access, alteration, or misuse.

10. CCTV Monitoring

CCTV is installed only in exterior and common areas for security purposes.
No cameras operate inside accommodation units.

Recordings are retained for up to 14 days, unless required by authorities for investigation purposes.

11. Cookies

Our website uses cookies to ensure proper functionality and improve your browsing experience.

When visiting our website, you are given a choice to:

  • Accept all cookies, or
  • Reject non-essential cookies

If you reject, only essential cookies will be activated.

The booking platform (WebHotelier) may use essential cookies for reservation functionality. For more details, refer to WebHotelier’s privacy and cookie policy.

Our neighborhood shines
with vibrant energy and rich history, blending neoclassical elegance
with the contemporary spirit
of Athens!