Privacy Notice

Last Updated: August 16th, 2025

At THE ROCHARI HOTEL, we are committed to protecting and respecting your privacy. This notice contains important information about how we collect, use, and protect personal data that you provide to us or that we collect from you.

This Privacy Notice explains how we collect, use, process, and disclose your personal information (hereinafter, the “User”) in connection with your use of our booking system and related online services.

By reading this Privacy Notice, you are informed about how we collect, process, and protect personal data submitted through the website. This notice is written clearly and simply to help you make an informed, voluntary decision about whether to provide your personal data or that of third parties to THE ROCHARI HOTEL.

When this notice mentions “system,” “website,” “platform,” “services,” or “online services,” it refers to all pages and functions under https://rochari.com/ unless specified otherwise.

By accessing our website or providing your information, you agree to the privacy practices described in this notice. We may update this Privacy Notice from time to time, and you should review it regularly for the latest version.

2. Identity of the Data Controller

When this notice mentions “we,” “us,” or “our,” it refers to THE ROCHARI HOTEL, which operates this website and determines how and why your personal data is processed.

Data Controller: Rochari Hotel Mykonos (“THE ROCHARI HOTEL”) Rochari, 846 00, Mykonos, GR Email: reservations@rochari.com

3. Obligation to Provide Data

The information requested in our online forms is generally required (unless indicated otherwise) to fulfill the stated purposes. If you do not provide the required information or provide it inaccurately, we may be unable to process your request.

4. Personal Data We Collect

We may collect the following information:

  • Name, address, email address, and other contact details you provide when making a booking or check-in through the website.
  • Information necessary to fulfill your reservation or other services at THE ROCHARI HOTEL.
  • Marketing preferences (where you have explicitly agreed).

5. Third-Party Data (e.g., booking for a friend)

If you provide personal data about another person, you confirm that you have their consent to do so and that you have informed them of this Privacy Notice. You release us from any liability arising from the provision of such data without proper consent. We may take steps to verify this where appropriate.

6. Sensitive Data

We do not require and request that you do not send us any Sensitive Personal Data (e.g., national identification numbers, health data, religious beliefs, political opinions, biometric data, criminal history) unless specifically requested for a lawful purpose.

7. Use of Services by Minors

Our services are not directed at individuals under the age of sixteen (16). We request that minors do not provide personal data through our website.

8. Purposes of Processing Personal Data

We process your personal data for the following purposes:

  1. To manage bookings, including payment (where applicable) and your requests/preferences.
  2. To respond to contact requests via the channels we provide.
  3. To send personalised commercial communications, when you have expressly consented.
  4. To provide contracted accommodation and additional services.
  5. To conduct surveys and/or evaluations to measure service quality and guest satisfaction.

9. Lawful Bases for Processing

We process your data under the following legal grounds:

  • Contract: To provide accommodation and related services you have booked.
  • Consent: For marketing communications or other processing you have agreed to.
  • Legal Obligation: Where processing is required by applicable law (e.g., record-keeping for tax purposes).
  • Legitimate Interest: To improve our services and ensure the security of our operations, provided your rights are not overridden.

10. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes described above, unless a longer retention period is required or permitted by law. Criteria for retention include:

  • The duration of our ongoing relationship (e.g., until your stay is complete).
  • Legal obligations (e.g., maintaining transaction records for a statutory period).
  • Legal considerations (e.g., statutes of limitations, litigation, or regulatory requirements).

11. Data Disclosure

We may disclose your personal data:

  • To comply with applicable laws and legal processes.
  • In response to lawful requests from public or government authorities.
  • To enforce our terms and conditions.
  • To protect our rights, privacy, safety, property, or that of others.
  • To pursue available legal remedies or limit potential damages.

12. International Transfers

If we transfer your personal data outside the European Economic Area (EEA), we will ensure that it is protected by appropriate safeguards in line with GDPR, such as:

  • Standard Contractual Clauses approved by the European Commission.
  • Adequacy decisions for countries deemed to provide adequate protection.

13. User Responsibilities

You guarantee that:

  • You are of legal age and capable of providing personal data.
  • The data you provide is accurate, complete, and up to date.
  • You have informed any third party whose data you provide and have obtained their consent.

You are responsible for any false or inaccurate information and any damages this may cause.

14. Your Rights

You may contact us at reservations@rochari.com at any time to:

  • Confirm whether we are processing your personal data.
  • Access your personal data.
  • Correct inaccurate or incomplete data.
  • Request deletion of your personal data.
  • Withdraw consent at any time (without affecting prior processing).
  • Request restriction of processing.
  • Request data portability.

You may also lodge a complaint with the Hellenic Data Protection Authority (www.dpa.gr) or your local authority.

15. Security Measures

We process your data confidentially and apply appropriate technical and organisational measures to protect it against alteration, loss, unauthorised access, or unlawful processing, taking into account the state of technology, the nature of the data, and the risks involved.

bookCHECK-IN