GDPR Compliance

Last updated: November 5, 2025

This page explains how Sample Travel Hospitality IKE ensures compliance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and Greek Law 4624/2019 regarding the collection and processing of personal data.

1. Data Controller

The Data Controller responsible for your personal data is:

Sample Travel Hospitality IKE
10 Example Street, Athens 105 51, Greece
Email: privacy@samplecompany.com

2. Lawful Basis for Data Processing

We process data under the following GDPR legal bases:

• Article 6(1)(b): Processing necessary to provide booking and accommodation services.
• Article 6(1)(a): Consent for newsletters, marketing, and optional features.
• Article 6(1)(c): Compliance with Greek tourism, tax, and financial record laws.
• Article 6(1)(f): Legitimate interest in platform security, analytics, and service improvement.

3. Your Rights Under GDPR

You have the right to request at any time:

• Access to your personal data (Art. 15 GDPR)
• Correction of inaccurate or incomplete data (Art. 16 GDPR)
• Deletion of your data (“Right to be Forgotten”, Art. 17 GDPR)
• Restriction of processing (Art. 18 GDPR)
• Data portability (Art. 20 GDPR)
• Objection to processing (Art. 21 GDPR)
• Withdrawal of consent at any time (Art. 7 GDPR)

To exercise these rights, email us at: privacy@samplecompany.com

4. International Data Transfers

If personal data is transferred outside the EU, it is done using lawful safeguards such as Standard Contractual Clauses or transfers to countries with an adequacy decision by the European Commission.

5. Data Protection Authority (Greece)

If you believe your data rights have been violated, you have the right to file a complaint with the Hellenic Data Protection Authority (HDPA):
https://www.dpa.gr

6. Communication Regarding GDPR

All GDPR-related communication must be submitted in writing and may require identity verification to protect your data privacy.