At Anna Boutique Villas, we are committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, process, and safeguard your information when you access or use our booking platform.
By visiting our website or providing your personal information, you acknowledge that you have read and understood this Privacy Policy.
Anna Boutique Villas
Agia Pelagia
740 53, Rethymno
Crete, Greece
For the purposes of the General Data Protection Regulation (GDPR), we act as the Data Controller of the personal data processed through our booking system.
We use Bookedin to operate our online booking engine on our behalf.
Bookedin.nl
Stroovledder 10,
7991SB Dwingeloo
Bookedin acts as our Data Processor under a strict contractual agreement and processes personal data only according to our instructions.
Data Protection Officer (Bookedin):
info@bookedin.nl
Terms like “booking engine,” “platform,” “system,” “website,” “app,” “services” refer to all pages and features under:
https://app.bookedin.nl/calendar/01k9fbyza2faqbh5j1jkn3fea9/book
https://app.bookedin.nl/calendar/01k68awy97cqhrj4qpsg79gmqx/book
unless stated otherwise.
We may collect and process the following personal data:
Full name
Address
Email address
Phone number
Booking details
Guest preferences
Payment information (when prepayment is required)
IP address
Browser type
Device information
Usage data relating to the booking process
If you provide information about someone else (e.g., booking on behalf of another guest), you confirm that you are authorized to share their details.
If you sign in using a social media account, we may access certain profile information strictly for authentication and administrative purposes.
We do not request or process sensitive data (such as health, religion, biometric data, etc.). Please do not submit such information.
Our services are not intended for individuals under 16 years of age. We ask minors not to provide personal data through our website.
We process your information for the following purposes:
Managing and completing your booking
Processing payments (when applicable)
Responding to your inquiries
Providing accommodation and related services
Sending booking confirmations and service-related messages
Managing loyalty or membership programs
Conducting quality surveys and service evaluations
Sending personalized marketing communications only when you explicitly consent
We process your data based on:
Your consent
The performance of a contract (e.g., completing your booking)
Legal obligations (e.g., financial or tax regulations)
Our legitimate interest (e.g., service improvement, security)
Withdrawal of consent does not affect data processed before the withdrawal.
We only retain your personal data for as long as necessary to meet the purposes listed above, or as long as required by law.
Retention periods depend on:
The duration of our business relationship
Legal requirements (e.g., tax laws)
The need to protect our legal interests
Your data may be disclosed when necessary to:
Complete your booking
Process payments
Comply with legal obligations
Respond to lawful government or law enforcement requests
Protect our rights, property, and guests
Prevent fraud or security incidents
We may transfer your personal information to:
Our data processor (WebHotelier)
Payment gateways and credit card companies
IT service providers
We never sell your data.
Some data may be stored or processed outside the EEA.
Bookedin uses Hostinger servers located in:
Amsterdam
Frankfurt
When data is transferred outside the EEA, appropriate safeguards are applied, such as:
Standard Contractual Clauses (SCCs)
Approved international data protection frameworks
You confirm that the information you provide:
Is accurate, complete, and up-to-date
Has the consent of any third party whose data you submit
Will be updated if changes occur
You are responsible for any damages caused by inaccurate or unauthorized data submission.
You may contact us at any time to exercise the following rights:
Access your data
Rectify inaccurate or incomplete information
Request deletion of your personal data
Withdraw consent
Limit processing in specific circumstances
Data portability (receive your data in a structured format)
You may also lodge a complaint with your local Data Protection Authority.
We use appropriate technical and organizational measures to protect your data, including:
Encryption
Secure servers
Access control
Monitoring and auditing systems
Both we and our data processor maintain strict confidentiality and comply with GDPR requirements.
We may update this Privacy Policy from time to time. The latest version will always be available on our website. We encourage you to review it periodically.