Introduction
Welcome to VillaCrew Mykonos (« VillaCrew, » « we, » « us, » or « our »). At VillaCrew, we value your privacy and are committed to protecting your personal information. This Privacy Policy explains our practices regarding the collection, use, disclosure, and protection of information that is collected through our website (www.villacrew.com) and our villa rental services in Mykonos, Greece.
This policy outlines your privacy rights and how applicable privacy laws protect you. Please read this Privacy Policy carefully to understand our policies and practices regarding your information. By using our services or providing your personal information to us, you consent to the data practices described in this Privacy Policy.
Information We Collect
Personal Information
We collect several types of information from and about users of our website and services, including:
Identity Information:
* Full name
* Date of birth
* Nationality
* Passport or ID card details
* Photographs (when necessary for verification)
* Signature (for agreements and contracts)
Contact Information:
* Email address
* Telephone numbers (mobile and landline)
* Postal address
* Billing address
* Emergency contact details
Financial Information:
* Payment card details (card number, expiration date, security code)
* Bank account information
* Billing history
* Transaction records
Booking Information:
* Dates of stay
* Number of guests
* Special requirements and preferences
* Purpose of stay
* Previous booking history
Communication Records:
* Email correspondence
* Telephone conversations
* Live chat sessions
* Feedback and reviews
* Inquiries and complaints
Preference Information:
* Accommodation preferences
* Dietary restrictions or preferences
* Special occasions (birthdays, anniversaries)
* Interests and lifestyle choices
* Service preferences
Technical Information:
* Internet Protocol (IP) address
* Browser type and version
* Operating system and platform
* Device information
* Connection information (including mobile network)
* Location data
* Website navigation and interaction patterns
Information About Other Individuals
If you provide information about other individuals (such as family members or friends who will be staying with you), you confirm that you have informed them about the use of their information and obtained their consent, where necessary.
How We Collect Your Information
We use different methods to collect information from and about you, including:
Direct Interactions
You may provide us with your personal information when you:
* Book a villa or accommodation
* Create an account on our website
* Fill out forms or surveys
* Subscribe to newsletters or promotional materials
* Request information about our services
* Communicate with our customer service team
* Leave reviews or feedback
* Participate in promotions or contests
Automated Technologies
When you interact with our website, we may automatically collect technical information using cookies, server logs, and similar technologies. For more information about our use of cookies, please see our Cookie Policy section below.
Third Parties and Public Sources
We may receive personal information about you from various third parties and public sources, such as:
* Business partners (e.g., booking platforms, travel agencies)
* Payment service providers
* Analytics providers
* Advertising networks
* Search information providers
* Public databases
* Social media platforms (if you choose to link your account or interact with us through them)
How We Use Your Information
We use your personal information for the following purposes:
Providing and Managing Our Services
* Processing and confirming your villa reservations
* Managing your account and maintaining our relationship with you
* Providing customer support and responding to inquiries
* Facilitating payment processing and billing
* Arranging additional services you request (e.g., airport transfers, private chef, excursions)
* Personalizing your stay based on your preferences and requirements
* Managing check-in and check-out procedures
* Resolving disputes and troubleshooting problems
Business Operations and Improvements
* Administering and protecting our business and website
* Conducting data analysis and testing
* Maintaining and improving our website and services
* Training our staff and monitoring quality of service
* Managing relationships with property owners and service providers
* Conducting business planning and development
* Generating internal reports and analytics
Marketing and Communications
* Sending relevant marketing communications (where permitted)
* Keeping you informed about special offers, promotions, and new services
* Conducting surveys and collecting feedback
* Measuring the effectiveness of our marketing campaigns
* Delivering personalized content and recommendations
* Managing your marketing preferences
Legal and Regulatory Compliance
* Verifying your identity as required by law
* Complying with legal and regulatory obligations
* Detecting and preventing fraud and other illegal activities
* Enforcing our terms and conditions
* Establishing, exercising, or defending legal claims
* Ensuring the security of our properties and the safety of our guests
Legal Basis for Processing
Under data protection law, we must have a legal basis for processing your personal information. Our legal bases include:
Contract Performance
Processing necessary for the performance of our contract with you (e.g., to provide the villa rental services you have requested).
Legitimate Interests
Processing necessary for our legitimate interests, provided these interests do not override your fundamental rights and freedoms. Our legitimate interests include:
* Operating and improving our business
* Providing secure and efficient services
* Marketing our properties and services
* Preventing fraud and managing risk
* Ensuring administrative and IT security
Legal Obligation
Processing necessary to comply with our legal obligations (e.g., keeping records for tax purposes, providing information to regulatory authorities).
Consent
Processing based on your specific consent. Where we rely on consent, you have the right to withdraw your consent at any time.
Disclosure of Your Information
We may share your personal information with the following categories of recipients:
Service Providers
Third-party service providers who perform services on our behalf, including:
* Property management companies
* Cleaning and maintenance services
* Reservation and booking system providers
* Payment processing services
* IT and system administration services
* Email and customer relationship management providers
* Marketing and analytics services
* Professional advisers (lawyers, bankers, accountants, insurers)
Business Partners
Third parties who provide complementary services to enhance your villa experience:
* Transportation providers
* Private chefs and catering services
* Wellness and spa services
* Excursion and tour operators
* Yacht and boat charter companies
* Event planning services
Regulatory Authorities and Law Enforcement
We may disclose your information to regulatory authorities, law enforcement agencies, or other third parties where:
* We are required to do so by law
* Disclosure is necessary to comply with a legal obligation
* Disclosure is necessary to protect our rights, property, or safety
* Disclosure is necessary to prevent fraud or illegal activity
Business Transfers
In the event of a merger, acquisition, or sale of all or a portion of our assets, your personal information may be transferred as part of the transaction. We will notify you of any such change in ownership or control of your personal information.
International Transfers
VillaCrew is based in Greece, within the European Economic Area (EEA). However, we may transfer your personal information to countries outside the EEA for processing. When we do, we ensure that appropriate safeguards are in place to protect your information and to ensure that it is treated in accordance with this Privacy Policy.
These safeguards include:
* Transfer to countries that have been deemed to provide an adequate level of protection by the European Commission
* Use of specific contracts approved by the European Commission (Standard Contractual Clauses)
* Implementation of Binding Corporate Rules for transfers within our corporate group
* Obtaining your explicit consent for certain transfers
Data Security
We have implemented appropriate security measures to prevent your personal information from being accidentally lost, used, or accessed in an unauthorized way, altered, or disclosed. These measures include:
* Encryption of sensitive personal information
* Firewalls, intrusion detection, and prevention systems
* Regular security assessments and penetration testing
* Secure physical storage and restricted access to paper records
* Employee training on data protection and security
* Access controls and authentication procedures
* Data backup and recovery procedures
We limit access to your personal information to those employees, agents, contractors, and other third parties who have a business need to know. They are subject to a duty of confidentiality and will only process your personal information on our instructions.
We have procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Data Retention
We will retain your personal information only for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period, we consider:
* The amount, nature, and sensitivity of the personal information
* The potential risk of harm from unauthorized use or disclosure
* The purposes for which we process the information
* Whether we can achieve those purposes through other means
* Applicable legal requirements
In general, we keep different types of information for the following periods:
* Booking information: 7 years after your last stay (for tax and accounting purposes)
* Financial information: 7 years (for tax and accounting purposes)
* Communication records: 3 years from last communication
* Technical information: 2 years
When your personal information is no longer needed, we will securely delete or anonymize it.
Your Data Protection Rights
Under certain circumstances, you have rights under data protection laws in relation to your personal information:
* **Right to Access**: You have the right to request a copy of the personal information we hold about you.
* **Right to Rectification**: You have the right to request that we correct any incomplete or inaccurate information we hold about you.
* **Right to Erasure**: You have the right to request that we delete your personal information in certain circumstances.
* **Right to Restrict Processing**: You have the right to request that we suspend the processing of your personal information in certain circumstances.
* **Right to Data Portability**: You have the right to request the transfer of your personal information to you or to a third party in certain circumstances.
* **Right to Object**: You have the right to object to the processing of your personal information in certain circumstances, particularly for direct marketing purposes.
* **Right to Withdraw Consent**: Where we rely on your consent to process your personal information, you have the right to withdraw that consent at any time.
If you wish to exercise any of these rights, please contact us using the details provided in the « Contact Us » section. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal information.
Cookies and Similar Technologies
What Are Cookies?
Cookies are small text files that are placed on your device when you visit a website. They are widely used to make websites work more efficiently and provide information to the website owners.
Types of Cookies We Use
Essential Cookies: Necessary for the website to function properly. These cookies enable core functionality such as security, network management, and account access.
Analytical/Performance Cookies: Allow us to recognize and count the number of visitors and see how visitors move around our website. This helps us improve the way our website works.
Functionality Cookies: Used to recognize you when you return to our website. This enables us to personalize our content for you and remember your preferences.
Targeting Cookies: Record your visit to our website, the pages you have visited, and the links you have followed. We use this information to make our website and the advertising displayed on it more relevant to your interests.
Managing Cookies
Most web browsers allow you to control cookies through their settings. You can:
* Block all cookies
* Allow only « trusted » sites to set cookies
* Set your browser to delete cookies when you close it
* Browse in « private » or « incognito » mode
Please note that if you choose to block cookies, some features of our website may not function properly.
Web Beacons and Similar Technologies
In addition to cookies, we may use web beacons, pixels, and other similar technologies to help deliver cookies on our website, count users who have visited certain pages, and deliver co-branded services.
Marketing Communications
We may use your personal information to send you marketing communications about our properties, services, and promotions that we think may be of interest to you. You can opt out of receiving marketing communications from us at any time by:
* Clicking the « unsubscribe » link in any marketing email
* Contacting us directly using the details in the « Contact Us » section
* Updating your preferences in your account settings (if applicable)
If you opt out of marketing communications, we will still send you service-related communications, such as booking confirmations and important updates about your stay.
Children’s Privacy
Our services are not intended for children under the age of 16, and we do not knowingly collect personal information from children under 16. If you are a parent or guardian and you believe your child has provided us with personal information, please contact us. If we become aware that we have collected personal information from a child under 16 without verification of parental consent, we will take steps to remove that information from our servers.
Third-Party Links
Our website may include links to third-party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. We encourage you to read the privacy policy of every website you visit.
Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will post the revised Privacy Policy on our website with an updated effective date. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information.
If we make material changes to this Privacy Policy, we will notify you by email or through a notice on our website before the changes take effect.
Contact Us
If you have any questions about this Privacy Policy, including any requests to exercise your legal rights, please contact us at:
VillaCrew Mykonos
Email: [email protected]
Complaints
If you have a complaint about our use of your personal information, please contact us first, and we will do our best to resolve the issue. If you are not satisfied with our response, you have the right to lodge a complaint with the data protection authority in Greece:
Hellenic Data Protection Authority (HDPA)
Kifisias Avenue 1-3
115 23 Athens, Greece
Website: www.dpa.gr
Acknowledgment
By using our services, you acknowledge that you have read and understood this Privacy Policy and agree to the collection, use, and disclosure of your information as described herein.
Last Updated: March 11, 2025