Villa Kalliroi
Contact Us
+306985658177 | +491742888441
AMA no.: 00003876370
Privacy Policy
Last updated: July 2026
Villa Kalliroi respects your privacy and is committed to protecting your personal data.
This Privacy Policy explains how we collect, use, store, share and protect your personal data when you visit our website, contact us, submit an enquiry, use our booking engine or make a direct booking with us.
This Privacy Policy should be read together with our Booking Terms & Conditions.
​
1. Identity of the Data Controllers
Villa Kalliroi is a privately owned holiday villa located in Makry Gialos, Crete, Greece.
Villa Kalliroi is operated jointly by Edardy Sukayman and Vera Lahme.
For the purposes of the General Data Protection Regulation (EU) 2016/679 (“GDPR”), Edardy Sukayman and Vera Lahme act as joint data controllers for the personal data processed in connection with Villa Kalliroi.
If you have any questions about this Privacy Policy or how your personal data is handled, you can contact us using the details set out in Section 18.
​
2. Definitions
In this Privacy Policy:
“We”, “us” or “our” means Edardy Sukayman and Vera Lahme, operating Villa Kalliroi.
“You” or “your” means any person who visits our website, contacts us, submits an enquiry, uses our booking engine or makes a booking.
“Property” means Villa Kalliroi.
“Website” means www.villakalliroi.com.
“Booking Party” means the persons staying at the Property under a booking.
“Personal Data” means any information relating to an identified or identifiable natural person.
​
3. Personal Data We Collect
We collect only the personal data that is reasonably necessary for the purposes described in this Privacy Policy.
Depending on how you interact with us, we may collect the following categories of personal data.
​
3.1 Information you provide to us
This may include:
-
your name;
-
email address;
-
telephone number;
-
preferred arrival and departure dates;
-
number of guests;
-
booking details;
-
correspondence you send to us;
-
payment confirmation details relating to bank transfers;
-
passport or national identity document details of the person making the booking, where required; and
-
Greek Tax Identification Number (AFM), where applicable for Greek guests.
3.2 Information collected through the website
When you visit our Website, certain technical information may be collected automatically, including:
-
IP address;
-
browser type and version;
-
device information;
-
operating system;
-
pages visited;
-
referring website;
-
date and time of your visit;
-
cookie information; and
-
analytics information, where applicable.
This information does not usually identify you directly but helps us operate, secure and improve the Website.
3.3 Information collected through the booking engine
Where you use the Lodgifybooking engine embedded in or linked from our Website, personal data entered during the booking or enquiry process may be processed through the Lodgify platform.
This may include:
-
name;
-
contact details;
-
travel dates;
-
number of guests;
-
booking preferences;
-
booking value;
-
booking status; and
-
related booking correspondence or notes.
4. Purposes of Processing
We process your Personal Data only for specific and legitimate purposes.
We may process your Personal Data to:
-
respond to enquiries;
-
check availability;
-
prepare quotations;
-
process booking requests;
-
confirm and manage bookings;
-
communicate with you before, during and after your stay;
-
manage payment by bank transfer;
-
prepare booking confirmations and invoices;
-
arrange your arrival and stay with our local property manager;
-
provide guest support during your stay;
-
comply with applicable legal, tax, accounting and regulatory obligations;
-
comply with mandatory reporting requirements relating to short-term accommodation in Greece;
-
administer accommodation-related taxes and charges required under Greek law;
-
prevent fraud, misuse, unauthorised bookings or unlawful activity;
-
protect the safety and security of the Property, our guests and neighbouring properties;
-
manage disputes, complaints or legal claims;
-
operate, maintain and secure the Website;
-
understand how visitors use the Website; and
-
improve our guest experience.
We do not sell your Personal Data.
We do not use your Personal Data to make automated decisions that produce legal or similarly significant effects concerning you.
​
5. Legal Basis for Processing
We process your Personal Data only where we have a lawful basis to do so under the GDPR.
Depending on the circumstances, we process your Personal Data on one or more of the following legal bases:
5.1 Contract
Processing is necessary to take steps at your request before entering into a booking agreement or to perform a booking agreement with you.
This applies, for example, when we respond to enquiries, check availability, prepare quotations, confirm bookings, communicate with you about your stay and manage payment.
5.2 Legal obligation
Processing is necessary for compliance with legal, tax, accounting or regulatory obligations to which we are subject.
This applies, for example, where we process information required for short-term rental declarations, tax reporting, accounting records or accommodation-related taxes and charges required under Greek law.
5.3 Legitimate interests
Processing is necessary for our legitimate interests, provided that your interests and fundamental rights do not override those interests.
Our legitimate interests include operating and securing the Website, preventing fraud, managing enquiries and bookings, protecting the Property, improving our guest experience and establishing, exercising or defending legal claims.
5.4 Consent
Where required by law, we rely on your consent.
This may apply, for example, to the use of non-essential cookies or similar technologies.
Where processing is based on consent, you may withdraw that consent at any time. This will not affect the lawfulness of processing carried out before consent was withdrawn.
​
6. Online Booking Engine
We use the Lodgify booking engine to process online booking enquiries and bookings made through or via our Website.
Where you use the booking engine, Personal Data submitted during the booking process may be processed through Lodgify's platform for the purpose of handling your enquiry or booking.
Lodgify may also process certain technical data necessary for the operation, functionality and security of the booking engine.
Further information about Lodgify's own processing of Personal Data is available in Lodgify’s privacy documentation.
7. Information Required for Greek Short-Term Rental Compliance
After a booking has been confirmed, we may request additional information from the person making the booking where this is required to comply with Greek legal and tax obligations relating to short-term accommodation.
This may include:
-
full name;
-
passport or national identity document details; or
-
Greek Tax Identification Number (AFM), where applicable.
This information is used only where necessary for mandatory guest registration, short-term rental declarations, tax reporting, accounting records and administration of accommodation-related taxes or charges required under Greek law.
8. Sharing of Personal Data
We treat your Personal Data confidentially and only share it where reasonably necessary for the purposes described in this Privacy Policy.
Depending on your enquiry or booking, your Personal Data may be shared with the following categories of recipients.
8.1 Website and booking service providers
We use service providers to operate our Website and booking process, including Wix and Lodgify.
These providers may process Personal Data where necessary to host the Website, operate the booking engine, maintain security, support the booking process and provide related technical services.
8.2 Email and storage providers
We use Gmail and Google services to receive, store and manage booking correspondence, enquiries and related documents.
​
8.3 Local property manager
Once your booking has been confirmed, we may share relevant booking information with Crete Estate, our appointed local property manager, acting on our instructions.
This may include:
-
your name;
-
email address;
-
telephone number;
-
arrival date and time;
-
departure date and time;
-
number of guests;
-
nationality, where relevant;
-
passport or national identity document details, where required; and
-
Greek Tax Identification Number (AFM), where applicable.
This information is shared so that the property manager can prepare for your arrival, support your stay, assist with guest communication and assist with legally required booking administration.
8.4 Accountant and professional advisers
We may share relevant booking information with our accountant or other professional advisers where reasonably necessary to comply with legal, accounting, tax or regulatory obligations.
The accountant may receive:
-
arrival and departure dates;
-
booking platform used;
-
name of the person making the booking;
-
passport or national identity document details, where required; and
-
Greek Tax Identification Number (AFM), where applicable.
This information is used for mandatory short-term rental declarations, accounting, tax reporting and administration of accommodation-related taxes and charges required under Greek law.
​
8.5 Public authorities
Where required by law, we may disclose Personal Data to competent public authorities, including Greek tax or regulatory authorities.
​
8.6 Third-party platforms
Villa Kalliroi may also be listed on third-party booking or review platforms, including Airbnb, Booking.com, Vrbo, Google Maps, Facebook and Instagram.
If you interact with us through those platforms or book through them, the relevant platform may process your Personal Data in accordance with its own privacy policy and terms.
This Privacy Policy applies only to Personal Data processed by us in connection with Villa Kalliroi. It does not replace the privacy policies of third-party platforms.
We do not sell, rent or trade your Personal Data to third parties for marketing purposes.
​
9. Bank Transfer Payments
Direct bookings are currently paid by bank transfer in euros.
We do not collect or process card payment details through our Website.
Where you make payment by bank transfer, we may process limited payment-related information, such as your name, payment reference, amount paid and payment date, in order to verify and manage your booking.
Your bank processes payment information in accordance with its own privacy terms.
​
10. Cookies and Similar Technologies
Our Website and embedded booking tools may use cookies and similar technologies to ensure the Website functions correctly, improve your browsing experience, support the booking process and help us understand how visitors use the Website.
Some cookies are essential for the operation of the Website or booking engine and cannot be disabled through our cookie settings.
Where required by law, we will request your consent before placing non-essential cookies on your device.
You can manage your cookie preferences through our cookie banner or by changing your browser settings. Please note that disabling certain cookies may affect the functionality of the Website or booking engine.
Further information may be provided in a separate Cookie Policy or cookie banner.
​
11. International Data Transfers
Some of the service providers we use may process Personal Data outside the European Economic Area (“EEA”).
Where this occurs, we rely on appropriate safeguards required under the GDPR, such as adequacy decisions, Standard Contractual Clauses approved by the European Commission or another lawful transfer mechanism recognised under the GDPR. The European Commission describes Standard Contractual Clauses as a GDPR transfer mechanism for transfers from EU controllers or processors to recipients outside the EU/EEA.
​
12. Retention of Personal Data
We retain Personal Data only for as long as reasonably necessary to fulfil the purposes described in this Privacy Policy, manage your enquiry or booking, and comply with our legal, regulatory, accounting and tax obligations.
Where required, Personal Data may be retained for the period prescribed by Greek or other applicable laws.
Once Personal Data is no longer required for these purposes, it will be securely deleted or anonymised.
​
13. Data Security
We take appropriate technical and organisational measures to protect Personal Data against accidental loss, unauthorised access, alteration, disclosure or misuse.
Access to Personal Data is limited to those persons and service providers who require access in order to manage your enquiry or booking, support your stay, provide technical services or comply with legal obligations.
While no method of electronic transmission or storage can be guaranteed to be completely secure, we take reasonable steps to safeguard the information entrusted to us.
You are responsible for ensuring that the information you provide is accurate and for keeping your own devices, email accounts and passwords secure.
​
14. Your Rights
Subject to the conditions set out in applicable data protection law, you may have the right to:
-
request access to the Personal Data we hold about you;
-
request correction of inaccurate or incomplete Personal Data;
-
request deletion of your Personal Data where we no longer have a legal reason to retain it;
-
request restriction of the processing of your Personal Data;
-
object to processing based on our legitimate interests;
-
withdraw consent where processing is based on consent;
-
request a copy of your Personal Data in a structured, commonly used and machine-readable format, where applicable; and
-
lodge a complaint with a competent data protection supervisory authority.
If you wish to exercise any of these rights, please contact us using the details in Section 18.
Where required or permitted by law, we may ask you to verify your identity before responding to your request.
​
15. Third-Party Websites and Services
Our Website may contain links to third-party websites, platforms or services.
We have no control over the content, privacy practices or security of those third-party websites, platforms or services and are not responsible for how they collect or process Personal Data.
We encourage you to read the privacy policies of any third-party websites, platforms or services you use.
​
16. Children
Our Website and booking process are not directed at children.
Bookings may only be made by persons who are at least 18 years old.
Where children are members of the Booking Party, their Personal Data will only be processed where necessary in connection with the booking, stay or applicable legal obligations.
​
17. Changes to this Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our legal obligations, business practices, booking process, Website functionality or service providers.
The latest version will always be published on our Website together with the date of the most recent update.
Where required by law, we will notify you of material changes before they take effect.
​
18. Contact Us
If you have any questions about this Privacy Policy, the way we process your Personal Data or if you wish to exercise your privacy rights, please contact us.
Villa Kalliroi
Operated by Edardy Sukayman and Vera Lahme
Makry Gialos
Crete, Greece
Email: welcome@villakalliroi.com
Website: www.villakalliroi.com
AMA Registration Number: 00003876370