Privacy Policy
Last updated: April 2025 · Under legal review before publication
1. Data Controller
Seaside FC Villa, Nea Styra, Euboea, Greece.
Email: seasidefcvilla@gmail.com
2. Data We Collect
- Booking data: Full name, email address, phone number, country of residence, number of guests, check-in and check-out dates.
- Payment: We do not store card details. All payment processing is handled exclusively by Stripe.
- Communications: Messages you send us via the contact form.
- Technical: Session cookies for admin login only — no tracking cookies on the public site.
3. Legal Basis for Processing (GDPR)
- Contract performance (Art. 6(1)(b) GDPR): We process your data to confirm and manage your booking.
- Legitimate interest (Art. 6(1)(f) GDPR): Sending arrival information and booking-related communications.
- Legal obligation: Retaining records in accordance with Greek accounting and tax law.
4. Retention Periods
- Booking data: 7 years (Greek tax and accounting law)
- Contact form messages (no resulting booking): 12 months
5. Third-Party Processors
- Stripe: Payment processing (Stripe Inc., USA — Standard Contractual Clauses)
- Resend: Transactional email delivery (EU)
- Supabase / Vercel: Data hosting (EU region)
We do not sell or share your data with third parties for marketing purposes.
6. Your Rights
Under the GDPR you have the right to access, rectify, erase, port, and object to the processing of your personal data. To exercise any of these rights:
You may also lodge a complaint with the Hellenic Data Protection Authority (HDPA): www.dpa.gr
7. Cookies
This site uses session cookies solely for admin login. No tracking or advertising cookies are used on the public-facing site.
8. Changes
We may update this policy from time to time. Material changes will be announced on this page.