Privacy Policy

according to Art. 13 GDPR

Thank you for your interest in our web site. The trust of all visitors and customers, the security of your data and the protection of your privacy are of central importance to us.

Your personal data will therefore be treated by us in accordance with the applicable statutory data protection regulations and this data protection declaration. Personal data is information that can be used to determine your identity. Typical personal information includes your last name, first name, address, telephone number, IP address, cookies and email address.

When you visit and use our website or otherwise explicitly provide us with information, we process the data that your browser automatically transmits to us with each request (see section “Log data”). If you voluntarily provide us with personal data, the data will only be processed for the purpose of your inquiry or order. We would like to point out that data transmission on the Internet can never be completely protected against access by third parties.

In the following sections, we would like to explain in more detail which data we process when and for what purpose. We will also explain how the services we offer work and how we ensure the protection of your personal data.

Name and Address of the controller

The responsible person within the meaning of the EU General Data Protection Regulation and other data protection regulations is:

Allure Accommodation Services A.E. Dafnes Heraklion.
70011 Crete.
Greece.

Legal basis for processing personal data

As a provider, we may process the personal data of website visitors only if one of the following conditions is met as a legal basis, as explained below: If we obtain the consent of the data subject for the processing of personal data, Art. 6, (1) a) GDPR serves as the legal basis.

The processing of personal data necessary for the performance of a contract to which the data subject is a party is based on Art. 6 (1) (b) GDPR as the legal basis. This also applies to processing necessary for the implementation of pre-contractual measures.

If the processing of personal data is necessary for the fulfillment of a legal obligation to which our company is subject, Art. 6 (1) (c) GDPR serves as the legal basis.

If the processing of personal data is necessary to protect the vital interests of the data subject or another natural person, Art. 6 (1) (d) GDPR serves as the legal basis.

If the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 (1) (f) GDPR serves as the legal basis for data processing.

Data deletion and Retention period

The personal data of the data subject will be deleted as soon as the purpose of storage no longer applies.
A storage can also take place if this is due to European or national laws or other regulations to which the controller is subject has been provided.

The data will also be blocked or deleted if one of these is prescribed by the aforementioned regulations. The storage period expires, unless there is a need to continue storing the data for a contract or for the fulfillment of the contract.

Contact

If you contact us (e.g. by contact form, e-mail, telephone or via social media), your data will be processed for the purpose of handling the contact request and its processing in accordance with Art. 6 (1) (b) GDPR (so-called pre-contractual measure).

We delete the requests when they are no longer necessary. We review this need every two years. In addition, the legal archiving obligations apply.

Legal basis

The legal basis for the processing of this data are the so-called pre-contractual measures according to Art. 6 (1) (b) GDPR.

Protocol data

The provider of the Internet services (provider) automatically collects “log data” in server log files. The log data includes the following information:

Date and time of the respective request
Internet address (URL) that was requested
URL that the visitor visited immediately before (referrer) Browser and language used
Operating system used
IP address and host name of the visitor
Access status / http status code
Amount of data transferred in each case

The transmission of this data to us takes place automatically and this data cannot be assigned to your person without a reasonable amount of effort.

Legal basis

The legal basis for the processing of this data is our legitimate interest pursuant to Art. 6 (1) (1) (f) GDPR.

Logging is used for access control and monitoring of technical processes and their optimisation.

The data will not passed on to third parties, except to law enforcement authorities following a court order in the event of an incident.

The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected, or after Achievement of the legally prescribed deletion period. Consequently, the user has no right of objection.

Your Rights

You have a right to free information about the data we have stored about you and, where applicable, a right to correction, restriction of processing or deletion of this data. You also have the right to data portability. Finally, you also have the right to inform yourself about the processing of your personal data by us to complain to the data protection supervisory authority.

Right of objection

We would also like to point out that you have the right to object to future processing of your personal data in accordance with the legal requirements pursuant to Art. 21 GDPR at any time. The objection can be made in particular against processing for the purpose of direct advertising.

Right to information

If you have any questions regarding the collection, processing or use of your personal data, for information, for the correction, blocking or deletion of data, as well as to revoke any consent you may have given or to object to a particular use of your data, please contact us using the following e-mail address:

moc.e1716543273rulla1716543273-alli1716543273v@ofn1716543273i1716543273

SSL / TLS Encryption

For security reasons, our website uses SSL or TLS encryption. This protects transmitted data and prevents it from being read by third parties.
You can recognize successful encryption by the fact that the protocol name in the status bar of the browser changes from “http://” to “https://” and a closed lock symbol is visible there.

Links

This website may contain links to websites operated by other companies, including social media sites such as YouTube, Vimeo, Google, Instagram or Facebook.

If you follow such links, you may encounter cookies over which we have no control. We are not responsible for these cookies and refer you to the privacy policies or cookie policies of those sites.

Web hosting through Google

We use the services of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”) to host our website.

Please note that there is a possibility that data may be transferred to the USA and processed by US authorities. Under current law, the U.S. is considered an unsafe third country with an inadequate level of data protection.

Google is certified under the Trans Atlantic Data Privacy Framework (TADPF), which guarantees compliance with European privacy laws https://www.dataprivacyframework.gov/list.
For more information, please visit https://ec.europa.eu/commission/presscorner/detail/en/ip_23_3721 and https://www.dataprivacyframework.gov/s/.

In the event that the TADPF is no longer applicable, the Standard Contractual Clauses (SCC) for the transfer of personal data to third countries under Directive 2016/679 will apply, and Google has committed to abide by them.

You can find more information about the Standard Contractual Clauses at https://ec.europa.eu/info/law/law-topic/data-protection/international- dimension-data-protection/standard-contractual-clauses-scc_en and https://policies.google.com/privacy/frameworks?hl=en.

In order to protect your personal data, we have entered into a contract for data processing services pursuant to Art. 28 GDPR and a special supplementary agreement on data processing with Google and have accepted the amendment to Google’s General Terms and Conditions and the amended contractual data processing conditions with regard to the use of the standard contractual clauses.

More information is available at https://privacy.google.com/businesses/processorterms/
Privacy Overview: https://policies.google.com/?hl=en and the Privacy Policy: https://www.google.de/intl/de/policies/privacy.

Legal basis

The legal basis for processing this data is our legitimate interest in operating and maintaining the operational security of this website pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR.

Google Web Fonts

We use Google Web Fonts. All fonts are loaded locally. No personal information is shared with third parties when using these fonts.

WebHotelier Booking

To make the enquiry and booking process as convenient and efficient as possible, we use products from WebHotelier Technologies Ltd, Mnasiadou 9, Demokritos Building, Office 16, 1065 Nicosia, Cyprus.

Once you click on the “Book Online” button, you will leave our website and be redirected to our individual booking page at WebHotelier. All functions on WebHotelier as well as the entire downstream sales process take place via WebHotelier.

When you make a booking request or an online booking via WebHotelier, the following personal data will be transmitted

  • Room request
  • Number of adults
  • Number of children
  • Arrival and departure
  • dates Alternative travel
  • dates, if applicable First
  • name, last name
  • Telephone Number
  • Your e-mail address
  • Your Postal Address
  • Payment information

In order to protect your personal data, we have signed a contract with WebHotelier for data processing according to Art. 28 GDPR. Further information can be found at https://villa-allure.reserve-online.net/privacy-policy, https://www.webhotelier.net/gdpr and https://www.webhotelier.net/privacy.

Legal basis

The processing of your data for the online booking and the online booking request is based on Art. 6 para. 1 lit. b GDPR and serves the fulfillment of a contract or the implementation of pre-contractual measures.

About cookies

In order to make your visit to our website more attractive and to enable the use of certain functions, we use so-called cookies. These are small text files that are stored on your device and that store certain information for exchange with our system.

Types of Cookies

First-Party Cookies – Required Cookies

These are generated by our website and are necessary for the application to function properly. These cookies are also known as session cookies or transient cookies and are automatically deleted at the end of the browser session, i.e. when the browser is closed.

Without these cookies, the correct operation of the website cannot be guaranteed.

Legal basis

The legal basis for the processing of this data is art. 6 par. 1 sentence 1 lit. f GDPR.

Cookies from third parties

These are set by various services (e.g. analytics services or Facebook) and store a unique identifier that recognizes your device on your next visit (persistent cookies).
These cookies remain on your device for a set period of time. This duration is variable.

Legal basis

The legal basis for the processing of this data is Art. 6 par. 1 sentence 1 lit. a GDPR.

We would like to point out that with some providers, in particular providers from the USA, there is the possibility that data is transferred to the USA and processed by US authorities.

There is currently an adequacy decision for the USA in the form of the Trans Atlantic Data Privacy Framework (TADPF). Many companies have been certified under the TADPF to ensure compliance with European data protection law https://www.dataprivacyframework.gov/list.

More information is available at https://ec.europa.eu/commission/presscorner/detail/en/ip_23_3721.
Should the TADPF no longer apply, the Standard Contractual Clauses (SCC) for the transfer of personal data to third countries in accordance with

Directive 2016/679 will apply.
More information on the Standard Contractual Clauses can be found at commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en?prefLang=en.

Please note that many companies are neither TADPF certified nor have they committed to comply with the SCC.

These companies will have to provide appropriate guarantees in accordance with Art. 46 GDPR.

We would like to point out that in case of non-compliance with the above mentioned standard contractual clauses for unsafe third countries, the legal basis is your express consent according to Art. 49 para. 1 lit. a GDPR.

Deactivation of cookies

Please note that certain cookies are already set when you enter our website.

You can set your browser so that you are informed about the setting of cookies and can decide individually whether to accept them or to exclude the acceptance of cookies in certain cases, in particular cookies from third parties (third-party cookies) or in general.

If you do not accept cookies, the functionality of our website may be limited for you.

Pixelmate

In order to optimize the services we use and to respect your choices in accordance with legal requirements, we use GDPR Pixelmate, developed by Christian Wedel ( https://wp-dsgvo-plugin.com ) and Sabrina Keese-Haufs ( https://lawlikes.de/ ).

When you visit our website, you can use Pixelmate to control which of our services you want to consent to. Your choice will be stored separately for each service we use. You can change this setting at any time by using the “Cookies” link at the bottom left of the website.

Pixelmate does not store any personal information.

Google Maps

In order to provide you with an attractive Internet presence, our website has an interface to Google Maps. To use Google Maps, your IP address must be stored on a Google server in the USA.

When you use Google Maps, Google Maps loads Google web fonts to display the location in a consistent manner.

The recipient of the data is Google Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. This service is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Please note that data may be transferred to the United States and processed by US authorities. Under current law, the U.S. is considered an unsafe third country with an inadequate level of data protection.

Google is certified under the Trans Atlantic Data Privacy Framework (TADPF), which guarantees compliance with European privacy laws https://www.dataprivacyframework.gov/list.

For more information, please visit https://ec.europa.eu/commission/presscorner/detail/en/ip_23_3721 and https://www.dataprivacyframework.gov/s/. In the event that the TADPF is no longer applicable, the Standard Contractual Clauses (SCC) for the transfer of personal data to third countries under

Directive 2016/679 will apply, and Google has committed to abide by them.
You can find more information about the Standard Contractual Clauses at https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_de and https://policies.google.com/privacy/frameworks?hl=en.

In order to protect your personal data, we have entered into a contract for data processing services pursuant to Art. 28 GDPR and a special supplementary agreement on data processing with Google and have accepted the amendment to Google’s General Terms and Conditions and the amended contractual data processing conditions with regard to the use of the standard contractual clauses.

Further information can be found at https://privacy.google.com/businesses/processorterms/

Users’ personal data will be deleted or anonymized after 14 months.

More information about Google can be found here:
Terms of Use https://www.google.com/analytics/terms/en.
Overview of data protection https://policies.google.com/?hl=en, as well as the privacy policy: https://www.google.de/intl/de/policies/privacy.

In order to protect your personal data, we have concluded a contract for data processing in accordance with Art. 28 GDPR and a special supplementary data processing addendum with Google, as well as accepting the amendment to Google’s terms and conditions and the amended terms and conditions for data processing on behalf of Google regarding the use of the standard contractual clauses.

Legal basis

The legal basis for this data processing is your consent pursuant to Art. 6 para. 1 lit. a GDPR.

Special Offers!
Contact us for further details & offers!