Privacy Statement

Welcome in our website www.metohi-istoria.com. We provide this Privacy Statement as an explanation of the information we collect, how we use it, and how the use of this information can benefit your experience on our premises (namely our venue and the estate in general) hereinafter collectively referred as ‘’Premises’’) and your digital experience on our website. Our mission is to consistently exceed our guests’ expectations in terms of the products and services we provide to our business and leisure travelers. We strive to create an experience that is responsive to our guests’ needs by using the information you entrust us with responsibly. We are committed to respecting your privacy and adhering to the principles of applicable Greek and European data protection and privacy laws. We wish to help you make informed decisions, so please take a moment to read the sections below.

Who we are
Spyridakis EE is a company in Crete dealing with venue rental, sustainable tourism experiences, agrotourism & events organization within its premises. Please find below our contact details:
66, Agiou Eleftheriou Street
73100 Nerokourou, CHANIA, GREECE
Tel.: +30 6948500700
Email: [email protected]


Spyridakis EE is the Data Controller of your personal data collected through this website or/and in the cases referred here below, unless an explicit reference to another data controller is made.


Collection of Personal Data:

We collect personal data about our guests and visitors through different collection channels such as our website, social media and of course onsite at our Premises, so that we can provide an experience that is responsive to our guests’ and visitors’ needs. We endeavor to collect your personal data only with your knowledge and with your permission, if necessary. In particular, in each case we collect your data we provide you with a detailed and specific privacy notice. Throughout your experience with us, we collect Personal Data in accordance with law, such as:

      • Identity Data, e.g. name, surname, passport, visa or other government-issued identification data, tax number, membership or loyalty program data
      • Demographic Data: place and date of birth, gender, nationality, language preference
      • Contact Data, e.g. home or work postal address, work and personal e-mail address, telephone (Home/ Work/mobile)
       • Family Data: data about family members and companions, such as names and ages of children
       • Financial and Travel Data: Credit and debit card number or other payment data, Financial information in limited circumstances, Travel itinerary, tour group or activity data
       • Social Media Data: social media account ID, profile photo and other data publicly available, or data made available by linking your social media
       • Lifestyle Data: Guest preferences and personalized data, such as prior guest stays or interactions, goods and services purchased, your interests, activities, hobbies, food and beverage choices, services and amenities of which you advise us or which we learn about during your visit
       • Health Data, e.g. as required for participation in certain activities, use of services and special service and amenity requests.


How we collect Personal Data:

Spyridakis EE collects personal information you provide, through multiple communication channels, such as:

       • Data collection in our Premises: We may collect personal data during your visit in our Premises by asking you to fill in certain documents/forms in relation to your overall experience, activities, equipment rental. We also collect Personal Data when you make a reservation over the phone, communicate with us by email, via online chat services or contact customer service. These communications may be recorded for purposes of quality assurance and training.
       • Online Services/Website: We collect Personal Data when you communicate with us through our website, or otherwise connect with us or post to social media pages, or sign up for a newsletter or participate in a survey, contest or promotional offer.
       • Surveys and questionnaires: We may also collect further demographic data or other personal information via onsite or online surveys and questionnaires.
       • Events: Whether you plan an event with us or you just attend one as a guest, we may collect your personal data about the theme and date of the event, statistics and other personal information of guests attending the event. We may share personal information about you with event planners or third-party service providers or vice versa.
       • Third Parties: We may also collect information about you from third parties (such as wedding planners, travel agents, corporate clients, third party operators and other business partners), as well as from other sources that share your data with us pursuant to legal or contractual obligations. We may also further use and share this information for the same purposes.


Purpose for data processing:

We ask for your personal data only to the extent that we need it or intend to use it for the following purposes:

1. Providing the services you request, based on our contractual relationship. We use Personal Data to provide the services you have requested, including:
       • Communicating with customers about conferences and other event planning; facilitating reservation and bookings of events; engaging in pre event communications (logistics, accommodations, changes, etc.); preparing for and coordinating events in accordance with customer instructions, expectations and preferences; facilitating services with suppliers; communicating about billing and recovering amounts owed; processing payments and security deposits; performing credit checks; handling customer requests, inquiries and complaints; and communicating with participants during events.
       • Facilitating reservations and bookings with regard to activities and experiences including; determining eligibility for services; honoring disability or other health-related restrictions and providing appropriate and safe activities, services and treatments; arranging requested professionals for specific treatments and services

2. Complying with our legal obligations, pursuant to the applicable legal and regulatory framework. We use your Personal Data for the following purposes:
       • Client identification, book keeping and tax obligations,
       • Responding to requests from public and government authorities;
       • Meeting national security or law enforcement requirements;
       • Protecting the rights, privacy, safety, or property of our clients, guests, visitors and other relevant individuals

3. Based on your explicit consent, we process your data
       • For marketing and communication purposes in relation to our products and services, our strategic marketing partners, and other trusted third parties. In this case you may receive tailor made offers & benefits, invitations to events, newsletters and optional participation in surveys, based on your preferences and your interests, whereas we may use the data and preferences you have provided or are stored on other data platforms in one of the data sources mentioned here above (see “How we collect personal data”). In any case, you are entitled to withdraw any time your consent or/and to object to such processing of your personal data, without any negative consequence for you.
4. Based on our business legitimate interest, we process your data for
       • performing market research via surveys to better serve your needs and improve your experience at Metohi Istoria, improve the efficiency of our websites and our various means of communications, facilitate our advertising campaigns, and/or promotional activities
       • administering customer-care services to facilitate and address inquiries, comments and complaints about any of our services (such as in person, through phone lines, email, or on social media)

Transfer of data:

       • We may disclose your Personal Data to third party service providers including, for example, companies that provide website hosting, data analysis, payment processing, order fulfillment, activities and food & beverage booking, information technology and related infrastructure provision, customer service, email delivery, marketing, auditing and other services. We may also disclose your Personal Data to third parties, such as lawyers, consultants and insurance companies in order to defend and exercise our rights.
       • We also may disclose your Personal Data to Third Party Operators within our Premises or in our strategic partners in order to provide you with the requested services
       • We may disclose your data to respond to requests from public and government authorities, including authorities outside your country of residence and to meet national security or law enforcement requirements and to allow us to pursue available remedies or limit the damages that we may sustain.
•       On-line technologies
Spyridakis EE may use cookies, invisible pixels, and web beacons to obtain information about you while visiting our website. Please have a look also at our Cookies Policy.

Links to other websites:

In order to anticipate your needs, Metohi Istoria website provides links to other websites for your convenience and information. Spyridakis EE is not responsible or liable for any content presented by or contained on any independent website, including, but not limited to, any advertising claims or marketing practices. Please note that while Spyridakis EE will protect your information on owned and operated website, we cannot control and will not be responsible for the privacy policies of third party websites, including websites owned or controlled by client, operators, owners of hotels, suppliers that we cooperate with, or agents that may use the name of a Metohi Istoria brand, or websites not controlled or authorized by Spyridakis EE. Third party websites that are accessed through links on our website have separate privacy and data collection practices, and security measures. Please note that the online booking process is managed sometimes by a third party through their websites. We have no responsibility or liability for the practices, policies and security measures implemented by third parties on their websites. We encourage you to contact them to ask questions about their privacy practices, policies and security measures before disclosing any personal data. We recommend that you review the privacy policies of linked websites to understand how those websites collect, use and store information.

Minors: 

Spyridakis EE does not seek to obtain nor does it wish to receive personal data directly from minors (i.e. under the age of 15) without their parental or legal guardian’s consent; however, we cannot always determine the age of persons who access and use our websites. If a minor (as defined by applicable law) provides us with his/her data without parental or guardian consent, we will not proceed with any data processing, unless the parent or guardian contact us having this information removed.

Your Rights:

Under the current privacy protection legislation, you have the following rights: (i) You may ask to know if your personal data is being collected and to what extent; (ii) You may request a copy thereof; (iii) You may request that this data be corrected or completed if you believe it is incorrect or incomplete; (iv) You may request that your personal data be deleted. In this case, Spyridakis EE S.A will delete them unless it decides to retain them for one of the legitimate reasons under which it is entitled to refuse; (v) You may object to any of the processing purposes or you may request that their processing be limited;

In these cases, Spyridakis EE will respond in writing within 30 days of receipt and identification of the request.

In addition, in the event of exercising one or more of the above-mentioned rights of correction, deletion and restriction of your data, these requests shall also be forwarded to any third-party recipient to whom the personal information may have been disclosed in the scope of pursuance of the afore-mentioned processing purposes.

In case you consider your personal data affected in any way, you may contact the Greek national Data Protection Authority, as follows:

Website: www.dpa.gr


Postal Address: 1-3 Kifissias Avenue, PC 115 23, Athens

Call Center: +30 210 6475600

Fax: +30 210 6475628

E-mail: [email protected]


Retention Period of Personal Data:

We will retain your Personal Data for the period necessary to fulfill the purposes outlined in this Privacy Statement unless a longer retention period is required or permitted by law.
The criteria used to determine our retention periods include:
The length of time we have an ongoing relationship with you and provide the Services to you (for example, for as long as you have an account with us or keep using the Services).
Whether there is a legal obligation to which we are subject (for example, certain laws require us to keep records of your transactions for a certain period of time before we can delete them).
Whether retention is advisable considering our legal position (such as, for statutes of limitations, litigation or regulatory investigations).

Information Security:

Spyridakis EE has already applied the necessary technical and organizational measures and if needed we are willing to take any further reasonable measure to: (i) protect personal information from unauthorized access, disclosure, alteration or destruction, and (ii) keep personal information accurate and up-to-date, as appropriate. Although “guaranteed security” does not exist either on or off the Internet, we safeguard your information using both procedural and technical safeguards, including password controls and “firewalls”.
Please, notice that Spyridakis EE will never contact you by mobile or email to ask for your confidential personal data or payment card details. We may only ask for payment card details by telephone when you are booking a venue reservation or promotional package.

Updates to the Privacy Statement:

Spyridakis EE may amend this Privacy Statement from time to time in order to meet changes in the regulatory environment, business needs, or to satisfy the needs of our guests, property, strategic marketing partners, and service providers. Updated versions will be posted to our website and date stamped so that you are always aware of when the Privacy Statement was last updated.