Privacy Policy

Responsible Entity

Villa Faros - Infinity Hellas IKE
Address: Byzantiou 10, GR-57004 Aggelochori, Greece
Email: info@infinity-hellas.com; info@villa-faros.com
VAT ID: EL 802975311
Commercial Register: GE.MI. Thessaloniki No. 186567204000

Data Protection Officer

We have appointed a data protection officer:
Abraam Kosmidis
Contact: info@villa-faros.com

Categories of Personal Data Processed and Sources

We process personal data received from you (e.g., via contact form, newsletter registration, contract conclusion) or obtained for legitimate reasons and with your consent or based on legal permissions. Typically processed data includes:

• Contact data (name, surname, salutation, email address, phone number)
• Contract and billing data (contract subject, contract number, payment data, customer number)
• Usage and connection data (IP address, date/time, website accesses, devices used, browser and language)
• Marketing and communication data (posts, newsletter subscriptions, consents)
• Other data you voluntarily provide (e.g., in the contact form)

Purposes of Processing and Legal Bases

• Establishment, execution, and billing of contractual relationships: Art. 6(1)(b) GDPR
• Responding to inquiries and customer service: Art. 6(1)(f) GDPR; possibly Art. 6(1)(a) GDPR for consents
• Fulfillment of legal obligations (e.g., tax retention): Art. 6(1)(c) GDPR
• Legitimate interest in website security and service improvement: Art. 6(1)(f) GDPR
• Marketing, if you have consented or a legitimate interest exists (e.g., newsletter): Art. 6(1)(a) GDPR; possibly Art. 6(1)(f) GDPR

Recipients of Your Data (Processors and Third Parties)

• Processors (e.g., hosting, IT services, newsletter delivery, payment processing) for contract fulfillment or our legitimate interests. We conclude contracts with these parties to ensure GDPR-compliant processing.
• Third parties, as required by law or with your consent (e.g., payment service providers, shipping providers, suppliers).
• Disclosure to authorities or courts as required by law.

Data Transfer to Third Countries

Transfer of personal data to countries outside the European Economic Area occurs only if necessary and secured by appropriate guarantees (e.g., standard contractual clauses, European contract protection). If specific services are used (e.g., newsletter providers or analytics services), please refer to their own information on data transfers to third countries.

Storage Duration

• Contract data: legal retention periods (e.g., tax periods; typically up to 10 years)
• Contact data and inquiries: as long as the purpose exists or until you withdraw consent or the purpose ceases
• Usage data (e.g., website statistics): as long as necessary for security and functionality or anonymized/deleted when no longer required

Your Rights as a Data Subject

• Right of access: confirmation of processing and copy of processed data
• Right to rectification: correct inaccurate data
• Right to erasure ("right to be forgotten"): under certain conditions
• Right to restriction of processing
• Right to data portability: receive data in a structured, commonly used format or request transfer to another controller
• Right to object: to processing based on Art. 6(1)(e) or (f) GDPR
• Right to withdraw consent: with effect for the future
• Right to lodge a complaint with a supervisory authority: contact your national authority (in Germany: your federal state; in Greece: Hellenic Data Protection Authority)

Data Security

We take appropriate technical and organizational measures to protect your data against loss, destruction, access, alteration, or dissemination by unauthorized persons. This includes access and entry controls, encryption (TLS for transmission, possibly encryption of stored data), regular staff training, and regular security checks.

Cookies and Similar Technologies

We process cookies for the following purposes: website operation, usage analysis, content personalization, marketing.

• Categories: (1) necessary cookies, (2) functional cookies, (3) analytics/performance cookies, (4) marketing/targeting cookies
• Legal basis: necessary cookies may be used without your consent; other cookies only with your consent
• Consent: On your first visit, you will be asked for consent, which you can withdraw at any time. We may use a cookie consent tool; you can manage your preferences there. For a detailed list of cookies used, including purpose, duration, and provider, please refer to the cookie declaration or banner.

Specific Services on the Website (Examples – please check and adapt)

• Hosting/provider: We use hosting services from [hosting provider], based in the EU, guaranteeing GDPR-compliant processing.
• Contact form: Data submitted via the contact form (name, email, message) is stored for the purpose of processing your inquiry. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in responding to inquiries) or Art. 6(1)(a) GDPR for consent.
• Newsletter: For newsletter delivery, we use [service provider]. Legal basis: Art. 6(1)(a) GDPR. Unsubscribe option available at any time.
• Analytics/tracking: We may use tools such as [tool name] to understand user behavior and improve our website. Legal basis depending on tool: Art. 6(1)(a) or (f) GDPR. Opt-out options available.
• Payment providers: We use payment service providers [provider names] to process payments. Processing includes payment status, transaction data, billing information, etc. Legal basis: Art. 6(1)(b) (contract) or Art. 6(1)(a)/(f) (depending on service).
• Social media plugins: If you use plugins (e.g., Facebook, Instagram), their own privacy information applies. Plugins may transfer data directly to providers, even if you do not actively use them.
• Other services: Please add according to your specific services (e.g., applications, loyalty programs, appointment scheduling) with appropriate legal bases.

Profiling and Automated Decision-Making

We do not currently engage in profiling or make automated decisions with legal effects for you. If automated decisions occur in individual cases, we will inform you separately and explain their logic, scope, and consequences.

Updates and Changes to this Privacy Policy

This privacy policy is currently valid as of October 7, 2025. We reserve the right to update this policy occasionally, e.g., when introducing new services or to comply with legal requirements. The new privacy policy will take effect upon publication on the website.