Privacy Policy

Last updated: 16 May 2026

This document describes how Aphrodite Hotel & Apartments handles personal data in line with the EU General Data Protection Regulation (GDPR) and the Greek Law 4624/2019. It is provided in good faith; guests with specific compliance questions should contact us directly before relying on it.

1. Who we are

Aphrodite Hotel & Apartments (“we”, “us”) is a boutique hotel and self-catering apartment property in Chora, Ios Island, Cyclades, Greece. We are the data controller for personal data collected through this website.

Contact: info@aphroditeios.gr · +30 22860 91546 · Chora, Ios Island, Cyclades, Greece.

2. What data we collect

We collect only the data we need to respond to enquiries, deliver your stay, and improve the website:

  • Contact form: your name, email address, subject category and message body. Submitted via our processor, Formspree.
  • Booking data:handled by our booking partner ReserveOnline (WebHotelier) under their own privacy policy. When you click “Book Now” on this site, dates and guest counts are forwarded to their secure booking engine.
  • Cookies and analytics: Google Analytics 4 (anonymised) and RateParity, only when you accept our cookie consent. See section 6.
  • Server logs: standard hosting logs (IP address, browser, referrer) kept temporarily for security and reliability.

3. Why we collect it (lawful basis)

  • To answer your enquiry — your consent when you submit the contact form (Art. 6(1)(a) GDPR).
  • To honour a booking — necessary for performance of the accommodation contract you enter into with us (Art. 6(1)(b) GDPR).
  • Analytics and CRO— your consent given through the cookie banner (Art. 6(1)(a) GDPR). You can decline without affecting the site’s core functionality.
  • Security & fraud prevention — our legitimate interest in keeping the site safe and operational (Art. 6(1)(f) GDPR).

4. Who we share it with

We do not sell your personal data. We share limited data with the processors below, each of whom has its own privacy commitments:

  • Formspree — receives contact-form submissions and forwards them to us by email.
  • ReserveOnline / WebHotelier — our booking partner, processes reservations on our behalf.
  • Google Analytics — aggregated, anonymised website usage data, only with your consent.
  • RateParity — direct-booking parity widget, only with your consent.
  • Vercel — our hosting provider, which processes server logs for site operation.

We may also disclose data when required by Greek or EU law, or to protect our rights or the safety of our guests.

5. How long we keep it

  • Contact-form messages: retained for up to 12 months after our last interaction with you, then deleted.
  • Booking records: retained as required by Greek accounting and tax law (typically 5 to 10 years).
  • Analytics data: Google Analytics retention is set to 14 months; aggregate reports beyond that contain no personal identifiers.
  • Server logs: generally 30 days.

6. Cookies

We use a small number of cookies and similar technologies:

  • Strictly necessary — required for the site to function (no consent required, e.g. remembering your cookie choice).
  • Analytics — Google Analytics 4 (property G-NQ0W7B70CZ), loaded only after you accept the cookie banner.
  • Marketing / CRO — RateParity rate-parity widget, loaded only after you accept the cookie banner.

You can change your mind at any time by clearing your browser’s site data for aphroditeios.gr — the banner will reappear and let you re-choose.

7. Your rights

Under the GDPR you have the right to:

  • access the personal data we hold about you;
  • request correction of inaccurate or incomplete data;
  • request deletion (“right to be forgotten”) where lawful;
  • request restriction of how we process your data;
  • request portability of your data to another provider;
  • object to processing based on legitimate interest;
  • withdraw consent at any time, where consent is the lawful basis.

To exercise any of these rights, email info@aphroditeios.gr and we will respond within 30 days as required by GDPR.

If you believe we have not handled your data correctly, you have the right to complain to the Hellenic Data Protection Authority (Αρχή Προστασίας Δεδομένων Προσωπικού Χαρακτήρα) www.dpa.gr.

8. Security

We use TLS for all traffic to and from the website, restrict access to personal data to staff who need it, and rely on processors who meet recognised security standards. No system is perfectly secure, but we take reasonable measures to protect the data we hold.

9. Changes to this policy

We may update this Privacy Policy from time to time. Significant changes will be highlighted on this page; the “last updated” date at the top will always reflect the current version.

10. Contact

Any questions about this policy or your data? info@aphroditeios.gr or write to us at Aphrodite Hotel & Apartments, Chora, Ios Island, Cyclades, Greece.

See also our Terms of Use.

Book Now