This Privacy Policy applies to, owned and operated by Batis Beach Hotel. This Privacy Policy describes how we collect and process our guests’ information, which may include personal information provided to our website It also describes the choices available to our guests regarding the use of personal data and how they access and update them.

Data Collection

The type of personal data that we collect may include:

  • First name, last name, email address, phone number and home address.
  • Guest’s stay data, such as date of arrival, date of departure, special requests made, observations about service preferences (including room preferences, facilities or any other service used).
  • Credit card details, such as type of credit card, credit card number, name on card, expiration date and security code.
  • Data provided regarding  marketing preferences, while participating in surveys, contests or promotional offers.

Guests may always choose what personal data (if any) they wish to provide us with. However if they  choose not to provide certain details, some  transactions with us may be impacted.


When using our website, we may collect information automatically through cookies, some of which may be personal data. These data include language settings, IP address, location, device settings, device OS, log information, time of usage, URL requested, status report, user agent (information about the browser version), operating system, browsing history, and type of data viewed. For information on how we use cookies, please refer to our Cookies Policy section.

Processing Purposes

We use guests’ personal data for the following purposes:

  1. Reservations: We use guests’ personal data to complete and administer your reservation.
  2. Customer service: We use guests’ personal data to provide customer service.
  3. Marketing activities: With our guests’ permission, we may use their data for marketing activities, as permitted by the law. When using their personal data for direct marketing purposes, such as commercial newsletters and marketing communications on new products and services or other offers, we include an unsubscribe link that they can use if they do not wish to receive any  messages in the future.
  4. Other ways of communication: It is possible that we get in touch with our guests by email, post, by phone or by text message, depending on the contact data that they have shared with us. There might be plenty of reasons, such as responding and handling requests.
  5. Analytics, improvements and research: We use personal data to conduct research and analysis. We may involve a third party to do this on our behalf.
  6. Security, fraud detection and prevention: We use information, which may include personal data, in order to prevent fraud and other illegal or infringing activities. We also use these information to investigate and detect fraud. We may use personal data for risk assessment and security purposes, including the authentication of users. For these purposes, personal data may be shared with third parties, such as law enforcement authorities as permitted by applicable law.
  7. Legal compliance: In certain cases, we may need to use the information provided, which may include personal data, for legitimate purposes for conventional and / or legal authorities concerning in particular the conduct of bookkeeping and accounts clearance, to handle and resolve legal disputes or complaints, for regulatory investigations and compliance, or to enforce agreement(s) or to comply with lawful requests from law enforcement insofar as it is required by law.

Legal Bases

  • In view of purpose 1 we rely on the performance of a contract: The use of our guests’ data may be necessary to perform the contract that they have with us. For example, if they use our services to make a reservation, we will use their data to carry out our obligation to complete and administer that reservation under the contract that we have with them.
  • In view of purposes 2-6, we use guests’ data for our legitimate interests, such as providing them with the best appropriate content for the website, emails and newsletters, to improve and promote our products and services and the content on our website, but also for administrative purposes, fraud detection and legal purposes.
  • Regarding purpose7, we also rely, where applicable, on our obligation to comply with applicable law.
  • Where needed under applicable law, we will obtain our guests’ consent prior to processing their personal data for direct marketing purposes.

If needed in accordance with applicable law, we will ask our guests for their consent. They can withdraw their consent anytime by contacting us at our email. If they wish to object to some of the processing set out above, we kindly ask to contact us at

Data Sharing

  • WebHotelier: Our guests personal data may be shared with WebHotelier Technologies Limited, located at Mnasiadou 9, 1065, Nicosia, Cyprus, the company which operates WebHotelier Booking Engine.
  • Third-party service providers: We may use service providers to process our guests’ personal data strictly on our behalf. This processing will be for purposes as included in this Privacy Policy such as facilitating reservation payments, sending out marketing material or for analytical support services. These service providers are bound by confidentiality clauses and are not allowed to use personal data for their own purpose or any other purpose. We do not sell or rent our guests’ personal data.
  • Competent authorities: We may disclose personal data to law enforcement and other governmental authorities insofar as it is required by law and it is strictly necessary for the prevention, detection or prosecution of criminal acts and fraud.

International Data Transfers

We avoid transfers of personal data to countries outside the European Union, whose data protection laws are not as comprehensive as those of the countries within the European Union. However, we have to do so,  as required by European law  we shall only transfer personal data to recipients offering an adequate level of data protection. In these situations, we make contractual arrangements to ensure that your personal data is still protected in line with European standards.


We observe reasonable procedures to prevent unauthorised access to, and the misuse of, information including personal data. We use appropriate business systems and procedures to protect and safeguard information including personal data. We also use security procedures, technical and physical restrictions to access and use  personal data on our servers. Only authorised personnel is permitted to access personal data in the course of their work.

For maximum security, the information you send us online, including personal data, is transferred through a Secure Sockets Layer (SSL) line which confirms the encryption of the data when transferred over the internet, so that they cannot be read.

Please note that, despite the strict data protection measures we take, no data transfer method over the internet or data storage method  is 100% secure.

Data Retention

We will retain your information, which may include personal data, for as long as we deem it necessary to provide services to you, comply with applicable laws, resolve disputes with any parties and otherwise as necessary, to allow us to conduct our business including to detect and prevent fraud or other illegal activities. All personal data that we retain , are  subject to this Privacy Policy. If you have any questions about a specific retention period of certain types of personal data of yours that we process, please contact us.

Your choices and rights

We want you to be in control of how your personal data is used by us. You can do this in the following ways:

  • You can ask us for a copy of the personal data of yours that we maintain.
  • You can inform us of any changes to your personal data, or you can ask us to correct any of the personal data of yours that we keep.
  • In certain situations, you can ask us to erase or block or restrict the processing of the personal data we have kept, or object to particular ways that we are using your personal data. Please note that we cannot delete the data that are necessary to conventional and / or legal authorities concerning in particular the conduct of bookkeeping and accounts clearance.
  • In certain situations, you can also ask us to send the personal data you have given us to a third party.

While we are using your personal data on the basis of your consent, you are entitled to withdraw that consent at any time subject to applicable law. Moreover, where we process your personal data based on legitimate interest or the public interest, you have the right to object at any time to that use of your personal data subject to applicable law.

We rely on you to ensure that your personal data is complete, accurate and up to date. Please inform us promptly of any changes or inaccuracies of your personal data by contacting us at We will handle your request in accordance with the applicable law.


Our website may provide links to a number of websites that we believe that might be useful to οur guests. Those external websites belong to third parties and they may not follow the same privacy policy that we follow. We encourage our guests to read also their privacy policy before submitting any personal data.

Relevant Legislation

Click here for more information on the European Union General Data Protection Regulation 2018 (GDPR)

Questions or Complaints

If you have questions or concerns about the processing of  personal data, or if you wish to claim any  rights of yours under this policy, you can always contact us at

Changes to the Policy

Due to constant evolvement of our business, this Privacy Policy may be subject to  changes in the future. If you would like check on possible changes of our Privacy Policy from time to time, we invite you to access our Privacy Policy section. If there might be material changes or changes that will have an impact on your booking (e.g. when we start processing your personal data for other purposes than set out above), we will contact you prior to commencing that processing.