Privacy Policy

Theros Poros operates accommodation services in Poros, Greece. We are committed to protecting your privacy and handling your personal data in accordance with the General Data Protection Regulation (GDPR) and Greek data protection laws. This Privacy Policy explains how we collect, use, share, and protect your personal information when you make a reservation, stay at our property, or interact with our services.

We collect the following types of personal information: • Reservation Information: Name, contact details (email, phone), arrival and departure dates, number of guests, special requests • Identification Information: Passport or ID details as required by Greek law for guest registration • Payment Information: Credit card details, billing address (processed securely through payment providers) • Communication Data: Records of correspondence via email, phone, or messaging platforms • Property Usage: Information about your stay preferences and any incidents during your visit • Marketing Preferences: Your consent for receiving promotional communications

We use your personal information for the following purposes: • Processing and managing your reservations • Complying with legal obligations, including guest registration requirements under Greek tourism law • Providing customer service and responding to your inquiries • Improving our services and facilities • Sending booking confirmations and important updates about your stay • With your consent, sending promotional offers and newsletters about our properties • Preventing fraud and ensuring the security of our guests and property

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, destruction, or alteration. These measures include: • Secure storage of physical documents in locked facilities • Encrypted transmission of sensitive data • Access controls limiting staff access to personal information on a need-to-know basis • Regular security assessments and updates to our systems • Secure payment processing through certified third-party payment providers

We retain your personal information only for as long as necessary: • Guest registration data: Retained for 10 years as required by Greek tourism legislation • Financial records: Retained for the period required by Greek tax law • Marketing data: Retained until you withdraw your consent • Other personal data: Retained for a reasonable period to fulfill the purposes outlined in this policy After the retention period, we securely delete or anonymize your personal information.

Under GDPR, you have the following rights: • Right to Access: Request a copy of the personal data we hold about you • Right to Rectification: Request correction of inaccurate or incomplete data • Right to Erasure: Request deletion of your data (subject to legal retention requirements) • Right to Restrict Processing: Request limitation of how we use your data • Right to Data Portability: Receive your data in a structured, commonly used format • Right to Object: Object to processing based on legitimate interests • Right to Withdraw Consent: Withdraw consent for marketing communications at any time To exercise any of these rights, please contact us using the details below.