Privacy Policy

Casa Di Giorgio

Privacy Policy

Last updated: 29 May 2026

At Casa Di Giorgio we respect your privacy. This policy explains what personal data we collect, why we collect it, how we use it, and what rights you have under the General Data Protection Regulation (GDPR — EU Regulation 2016/679).

1. Data Controller

The data controller responsible for your personal data is:

Casa Di Giorgio

1 Mitropoleos St., Chora of Mykonos, 84600, Greece

+30 2289 300440

info@casadigiorgio.gr

2. Data We Collect

We collect personal data only when you voluntarily provide it to us. Specifically:

  • Reservation requests — full name, email address, phone number, party size, preferred date and time, and any special requests you provide.
  • Cookie data — anonymised session data and preferences stored locally (see Section 6).
  • Contact enquiries — if you contact us directly by email or phone.

We do not collect sensitive personal data (health, religion, ethnicity, etc.) and we do not collect payment card information through this website.

3. Purpose & Legal Basis

We process your personal data for the following purposes and on the following legal bases:

PurposeLegal Basis
Processing and confirming your table reservationYour explicit consent (Art. 6(1)(a) GDPR)
Responding to direct enquiriesLegitimate interest (Art. 6(1)(f) GDPR)
Improving our website (anonymised analytics)Legitimate interest (Art. 6(1)(f) GDPR)
Compliance with legal obligationsLegal obligation (Art. 6(1)(c) GDPR)

4. Retention Period

We retain your personal data only for as long as necessary for the purpose it was collected:

  • Reservation data — retained for up to 12 months after your visit to allow for follow-up and operational purposes, then securely deleted.
  • Email correspondence — retained for up to 24 months, then deleted.
  • Cookie data — session cookies are deleted when you close your browser; preference cookies expire after 12 months.

You may request earlier deletion at any time (see Section 7).

5. Data Sharing

We do not sell, rent, or trade your personal data to third parties. We may share data in the following limited circumstances:

  • Service providers — we may use trusted third-party tools (e.g. email delivery) who process data strictly on our behalf under a data processing agreement.
  • Legal requirements — if required to disclose data to comply with applicable law, court order, or government authority.
  • Business transfers — in the event of a merger or acquisition, data may be transferred to the successor entity under equivalent protections.

Where we share data with processors, we ensure they are GDPR-compliant and bound by appropriate data protection agreements.

6. Cookies

Our website uses the following types of cookies:

  • Strictly necessary cookies — essential for the website to function (e.g. remembering your cookie consent preference). These cannot be declined.
  • Functional cookies — remember your preferences to improve your experience. Only placed with your consent.
  • Analytics cookies — anonymised data to understand how visitors use our site. Only placed with your consent.

You can manage or withdraw your cookie consent at any time by clearing your browser's local storage or using your browser's cookie settings. Declining optional cookies will not affect your ability to use the site.

7. Your Rights

Under the GDPR you have the following rights regarding your personal data:

  • Right of access — request a copy of the personal data we hold about you.
  • Right to rectification — request correction of inaccurate or incomplete data.
  • Right to erasure ('right to be forgotten') — request deletion of your data where there is no compelling reason for us to continue processing it.
  • Right to restriction — request that we restrict processing of your data in certain circumstances.
  • Right to data portability — receive your data in a structured, machine-readable format.
  • Right to object — object to processing based on legitimate interests.
  • Right to withdraw consent — where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
  • Right to lodge a complaint — you have the right to complain to a supervisory authority. In Greece, this is the Hellenic Data Protection Authority (HDPA): www.dpa.gr.

To exercise any of these rights, please contact us at info@casadigiorgio.gr. We will respond within 30 days.

8. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These include:

  • HTTPS encryption for all data transmitted via our website.
  • Access controls limiting who within our organisation can access personal data.
  • Regular review of data handling practices.

Despite our best efforts, no transmission over the internet is completely secure. If you believe your data has been compromised, please notify us immediately at info@casadigiorgio.gr.

9. Minors

Our website is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

10. Changes to this Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. The “Last updated” date at the top of this page indicates when the policy was last revised. We encourage you to review this page periodically.

Material changes will be notified via a notice on our website.

11. Contact Us

For any privacy-related questions, requests, or complaints, please contact us:

Casa Di Giorgio — Data Privacy

1 Mitropoleos St., Chora of Mykonos, 84600, Greece

info@casadigiorgio.gr

You also have the right to lodge a complaint with the Hellenic Data Protection Authority (HDPA).

We aim to respond to all data subject requests within 30 calendar days.