This Privacy Policy is effective and applies to the operation of the Company under the name ECONOMOU S.A. The Company manages and operates Galaxy Hotel in Heraklion Creta (License Number 1039Κ015Α0002000 of the Registry of the Greek Tourism Organization) and Galaxy Villas in Koutouloufari Chersonissos (License Number 1039Κ034Α0033900 of the Registry of the Greek Tourism Organization).

Privacy Policy

The company is based in Heraklion, Dimokratias Av. 75- P.C. 71306 Greece and its web site is

Information and Consent

This Privacy Policy describes how we collect, use, process, and disclose your information, including personal information about you (hereinafter, the “User” or “data subject”), in conjunction with your access to and use of our booking system and site: (“booking system”) and while you stay in the premises of our hotels. It also describes the rights and options you have regarding the use of your personal data and the way you may review and update/amend those data.

By reading this Privacy Policy, the “user” is hereby informed on how we collect, process and protect personal data furnished through the “booking system”.

The “User” must carefully read this Privacy Policy, which has been written clearly and simply, to facilitate its understanding, and to freely and voluntarily determine whether they wish to provide their personal data, or those of third parties, to ECONOMOU S.A.

By accessing the platform or providing personal information, you agree to our privacy practice and policy as set out in this privacy statement. We may revise, update and change this policy from time to time in order to ensure you are aware of the most recent version.

Data Controller

ECONOMOU S.A. operates this booking system by its web site, through a data processor, as explained below. For the purposes of the General Data Protection Regulation (“GDPR”) (EU) 2016/679, our company is the Data Controller. There is a strict contractual framework between the data controller and the data processor for the protection of your personal information, described below.

Data Processor

The Data Controller has been contracted with the company under the name “WebHotelier Technologies”, based in Nicosia Cyprus, which provides software support, computer data services and direct “on line” electronic documentation while operating the booking system of the Data Controller on the site

For the purposes of the General Data Protection Regulation (“GDPR”) (EU) 2016/679, where “WebHotelier Technologies Limited” processes your personal data on behalf of ECONOMOU S.A., WebHotelier is the “Data Processor”. For information on the Privacy Policy of “WebHotelier Technologies Limited” you may visit the site:

Data Collection

The types of personal data that we collect include:

  • Your first name, last name, email address, phone number and home address;
  • Credit card details (type of card, credit card number, name on card, expiration date and security code);
  • Guest stay data, including date of arrival and departure, special requests made, observations about your service preferences (including room preferences, facilities or any other services used, nutrition preferences );
  • Data you provide regarding your marketing preferences or in the course of participating in surveys, contests or promotional offers;
  • The Data Controller may collect and process only the data given by the data subject at the reservation and according to our guidelines. Those data Webhotelier is not allowed to process in any other way or for any other scope.

You may always choose what personal data (if any) you wish to provide to us. If you choose not to provide certain details, however, some of your transactions with us may be impacted.

Data we collect automatically

When using our website, we also collect information automatically, some of which may be personal data. This includes data such as language settings, IP address, location, device settings, device OS, log information, time of usage, URL requested, status report, user agent (information about the browser version), operating system, result (viewer or booker), browsing history, user Booking ID or in other organization used for booking, and type of data viewed. We may also collect data automatically through cookies. For information on how we use cookies, click here. All data controllers and third parties processing your personal data are contractually subject to data procession and non disclosure agreements.

Processing Purposes

We may use your personal data for the following purposes:

  • a. Reservations: We use your personal data to complete and administer your online reservation or reservations made at the front office or telephonically
  • b. Customer service: We use your personal data to provide customer service and to improve our services to you during your stay with us.
  • c. Guest reviews: We may use your contact data to invite you by email to write a guest review after your stay. This can help other travellers to choose the accommodation that suits them best. If you submit a guest review, your review may be published on our website.
  • d. Marketing activities: We also use your data for marketing activities, as permitted by law. Where we use your personal data for direct marketing purposes, such as commercial newsletters and marketing communications on new products and services or other offers which we think may be of interest to you, we include an unsubscribe link that you can use if you do not want us to send messages in the future.
  • e. Other communications: There may be other times when we get in touch by email, by post, by phone or by texting you, depending on the contact data you share with us. There could be a number of reasons for this:

1. We may need to respond to and handle requests you have made.
2. If you have not finalised a reservation online, we may email you a reminder to continue with your reservation. We believe that this additional service is useful to you because it allows you to carry on with a reservation without having to search for the accommodation again or fill in all the reservation details from scratch.

3. When you use our services, we may send you a questionnaire or invite you to provide a review about your experience with our website. We believe that this additional service is useful to you and to us as we will be able to improve our website based on your feedback.

  • f. Analytics, improvements and research: We use personal data to conduct research and analysis. We may involve a third party to do this on our behalf. We may share or disclose the results of such research, including to third-parties, in anonymous, aggregated form. We use your personal data for analytical purposes, to improve our services, to enhance the user experience, and to improve the functionality and quality of our online travel services.
  • g. Security, fraud detection and prevention: We use the information, which may include personal data, in order to prevent fraud and other illegal or infringing activities. We also use this information to investigate and detect fraud. We can use personal data for risk assessment and security purposes, including the authentication of users. For these purposes, personal data may be shared with third parties, such as law enforcement authorities as permitted by applicable law and external advisors. In that case processing of your data is lawful in order to comply with our legal obligations
  • h. Legal and compliance: In certain cases, we need to use the information provided, which may include personal data, to handle and resolve legal disputes or complaints, for regulatory investigations and compliance, or to enforce agreement(s) or to comply with lawful requests from law enforcement insofar as it is required by law.

If we use automated means to process personal data which produces legal effects or significantly affects you, we will implement suitable measures to safeguard your rights and freedoms, including the right to obtain human intervention.

Lawfulness of Processing Personal Data

  • In view of purposes a and b we rely on the performance of a contract: The use of your data may be necessary to perform the contract that you have with us. For example, if you use our services to make an online reservation, we will use your data to carry out our obligation to complete and administer that reservation under the contract that we have with you.
  • In view of purposes c-h, we rely on its legitimate interests: We use your data for our legitimate interests, such as providing you with the best appropriate content for the website, emails and newsletters, to improve and promote our products and services and the content on our website, and for administrative, fraud detection and legal purposes. When using personal data to serve our legitimate interests, we will always balance your rights and interests in the protection of your information against our rights and interests.
  • In respect of purpose h, we also rely, where applicable, on our obligation to comply with applicable law.
  • Where needed under applicable law, we will obtain your consent prior to processing your personal data for direct marketing purposes.
  • If needed in accordance with applicable law, we will ask your consent. You can withdraw your consent anytime by contacting us at any of the addresses at the end of this Privacy Statement.

In cases a to f above we shall always ask for your explicit and unambiguous consent to process your personal data, in a lawful, fare and transparent way. We inform you that we collect data only for the above purposes. In the case we shall collect or process data for another purpose beyond the above, we shall inform you in detail before processing your data, in order to receive your prior consent. The data we process are absolutely necessary for your service and the improvement of the quality of services we offer you. At your reservation we will ask you to update the data we store and to give your consent for their retention and processing. The time period for the retention and processing of data is set out in the national legislation, the E.U. treaties and the purpose of processing.

You may withdraw your consent at any point by communicating with us at the e mail: [email protected]

Data Sharing

  • Our Staff: Some of your data may be processed by authorized people, which are appointed to that purpose. Our Company retains an organizational structure and technical means that prevent the access to your data from third non authorized parties.
  • Third-party service providers: We use service providers to process your personal data strictly on our behalf. This processing would be for purposes as included in this Privacy Statement such as facilitating reservation payments, wi-fi offering, the sending out marketing material or for analytical support services, your security while staying in our premises, improving the services we offer you and fulfilling your requests (e.g. transfer, sightseeing etc). These service providers are bound by confidentiality clauses and are not allowed to use your personal data for their own purposes or any other purpose.
  • On Line Reservation Systems (e.g. booking etc): Our Company uses on line reservation systems. Although we submit the content on those web sites and you reserve directly at us, the processing of your data is executed by those providers. Therefore the data you provide with, on those websites (platforms) are also communicated to the providers. Those data may include personal data such us your name, communication data, payment details, names of co travelers and preferences you may have submitted when completing the reservation. For further information you may visit the website of the provider you have chosen to complete your reservation and be informed on Privacy Policy of those Organizations. Our Company has signed data processing and non disclosure agreements with all third party providers through which you may execute a reservation at our hotels.
  • Competent authorities: We disclose personal data to law enforcement and other governmental authorities insofar as it is required by law and the EU treaties (e.g. Schengen Treaty) or is strictly necessary for the prevention, detection or prosecution of criminal acts and fraud.

Minor Data Protection:

Our Company does not process minor’s personal data that lead to identification of the subject. At check in we might collect only the ages of minors. In the case we are obliged to comply with a legal obligation that includes the processing of minor s data, we shall request the consent of one of the parents.

The services on our website are addressed to people above the age of 18. We are not in place to have knowledge and we bear no responsibility if the data processed on the website of our company are placed there by a person below the age of 18. If such an event comes into our knowledge we shall proceed to their erasure immediately.

If you are under the age of 18, we kindly request not to proceed with an online reservation and to communicate with the person who has your parental responsibility or is your guardian.

Data Transfers to non E.U. Countries

The transmission of personal data as described in this Privacy Policy does not include transmission to non E.U. Countries. If in the future, we are obliged to transfer personal data to organizations based in on EU Countries, we shall proceed to the necessary contractual arrangements to ensure that your personal data is still protected in line with European standards and the General Data Protection Regulation.

Security Measures against the unlawful processing of your data.

For the secure processing of personal data we implement appropriate technical and organizational measures to ensure the protection of data. Those include:

  • Physical Security and Access Control in every part of our Company where data is stored
  • Our Company demonstrates every possible effort to use products and services (electronic or not) that by design create friendly conditions for the protection of subject’s data. We also demonstrate a continuous and systematic effort to use appropriate technical and organizational measures which ensure that by default, only those data are processed that are necessary for the purposes of the process.
  • Software and hardware access is possible only by passwords from authorized persons and we use updated firewall and antivirus systems. Additionally, information back up is done with encryption codes. All information stored by cloud systems is encrypted.
  • It is of our concern to frequently update the software we use, in order to retain the highest possible information security.
  • Frequent education and training of our staff regarding the secure data processing.
  • We have security cameras for monitoring the storage rooms of our files.
  • While payment we use secure protocols that have information encryption.
  • We take any possible measure so the data we transfer to third parties, necessary for the operation of our company, are the minimum required and do not lead to the identification of their subject.
  • Our telecommunication network, our software network systems and platforms, the data bases we use, are chosen based on their ability to ensure an ongoing authenticity, integrity and confidentiality. Although we make every possible effort to ensure the protection of data at their transmission by third party providers (telecommunication systems providers), we do not guarantee the security of data proceeded in that way. Third parties websites, accessible by links and other means of electronic connection from our website, are subject to different Privacy Policy Practices and Information Collection Practices, as well as from the use of different security measures. We do not have access to the websites of third parties and bear no responsibility or obligation regarding practices, policies and security measures implemented by those third parties on their websites. Those websites include content, advertisements, associates and connection links we do not control and for which we bear no responsibility. We advise you, prior to placing any personal data on those websites, to contact them in order to be informed on the terms of use of their websites, platforms of security policy and measures. We do not support neither approve the content, terms of use, privacy policy, advertisements or sponsors of any linked website.

Data Retention

We will retain your information, which may include personal data for as long as we deem it necessary to comply with applicable national and community laws. Additionally for as long as we deem necessary to provide services to you, resolve disputes with any parties and otherwise as necessary to allow us to conduct our business including to detect and prevent fraud or other illegal activities. All personal data we retain will be subject to this Privacy Policy. If you have a question about a specific retention period for certain types of personal data we process about you, please contact us at the e mail e mail [email protected] .

Your choices and rights

The data subject has the following rights according to the processing of its data, which we communicate to you:

  • We understand that you may request to have knowledge of the personal data we process on your behalf. In order to comply with such a request and to protect your personal data, you should submit, along with your request (either electronically at the e mail [email protected], or personally at reception, or telephonically at 2810 238812) a photocopy of your id card or other official document that proves your identity and put your signature on your request form. Our Company reserved the right to decline your request, if it is not possible to verify the identity of the requesting party from the submitted documents.
  • If you wish to correct, erase, restrict the processing of your personal data, to object to the processing of your data or to request to have knowledge of your personal data or to transmit to another controller, you should submit a written request either electronically at [email protected] or personally at reception, or telephonically at 2810 238812. In every case you should submit adequate data for your identification, in order to be able to assist you at your request without delay and to ensure that your personal data will be processed solely by their subject and not by non authorized people.

We rely on you to ensure that your personal data is complete, accurate and current. Please do inform us promptly of any changes to or inaccuracies of your personal data by contacting our Privacy Department at [email protected]. We will handle your request in accordance with the applicable law.

Cookies Policy

We use cookies at our web site as a means of facilitating the use of our website and the services provided. Cookies are small text files which are sent and stored in the user’s computer, allowing WebPages such as to operate smoothly, to collect users’ choices, to identify frequent users, to facilitate their access to the website, to collect data and improve the content of the web page. Cookies do not cause damage to the users’ computers, nor to the files kept in them. We use cookies to provide you information and to process your requests. You should be aware that cookies are absolutely necessary in order for the website to operate and function properly and smoothly. You may delete cookies stored in your computer following the instructions of your browser.

Questions or Complaints

If you have questions or concerns about our processing of your personal data, or if you wish to exercise any of the rights you have under this notice, you are welcome to contact us via [email protected] . You may also contact your local data protection authority with questions and complaints.

Changes to the Notice

Just as our business changes constantly, this Privacy Policy may also change from time to time. If you wish to see changes made to this Privacy Policy and the use of Cookies, we suggest accessing this Privacy Policy frequently. If we make material changes or changes that will have an impact on you (e.g. when we start processing your personal data for other purposes than set out above), we will contact you prior to commencing that processing.

Applicable Law

Our Company is subject to Greek Law. Any disputes arising under or in relation to this Policy and the Services provided there under shall be resolved exclusively by the Courts of Heraklion Creta.

Last Reviewed: 24.05.2018

Spoon sweet and vanilla submarine afternoon treats for our guests can enjoy by the pool during their stay at Galaxy Villas' apartments in Hersonissos
Spoon sweet and vanilla submarine afternoon treats for our guests can enjoy by the pool during their stay at Galaxy Villas' apartments in Hersonissos
The sensational lunch set up by the pool at Galaxy Villas resort, yours to enjoy by getting one of our Hersonissos holiday deals
The sensational lunch set up by the pool at Galaxy Villas resort, yours to enjoy by getting one of our Hersonissos holiday deals

Visit 5* sister hotel Galaxy Hotel

Member of Economou Hotels

follow us

Powered by Hotel Cube