
Casa Di Giorgio
Privacy Policy
Last updated: 29 May 2026
At Casa Di Giorgio we respect your privacy. This policy explains what personal data we collect, why we collect it, how we use it, and what rights you have under the General Data Protection Regulation (GDPR — EU Regulation 2016/679).
1. Data Controller
The data controller responsible for your personal data is:
Casa Di Giorgio
1 Mitropoleos St., Chora of Mykonos, 84600, Greece
2. Data We Collect
We collect personal data only when you voluntarily provide it to us. Specifically:
- Reservation requests — full name, email address, phone number, party size, preferred date and time, and any special requests you provide.
- Cookie data — anonymised session data and preferences stored locally (see Section 6).
- Contact enquiries — if you contact us directly by email or phone.
We do not collect sensitive personal data (health, religion, ethnicity, etc.) and we do not collect payment card information through this website.
3. Purpose & Legal Basis
We process your personal data for the following purposes and on the following legal bases:
| Purpose | Legal Basis |
|---|---|
| Processing and confirming your table reservation | Your explicit consent (Art. 6(1)(a) GDPR) |
| Responding to direct enquiries | Legitimate interest (Art. 6(1)(f) GDPR) |
| Improving our website (anonymised analytics) | Legitimate interest (Art. 6(1)(f) GDPR) |
| Compliance with legal obligations | Legal obligation (Art. 6(1)(c) GDPR) |
4. Retention Period
We retain your personal data only for as long as necessary for the purpose it was collected:
- Reservation data — retained for up to 12 months after your visit to allow for follow-up and operational purposes, then securely deleted.
- Email correspondence — retained for up to 24 months, then deleted.
- Cookie data — session cookies are deleted when you close your browser; preference cookies expire after 12 months.
You may request earlier deletion at any time (see Section 7).
7. Your Rights
Under the GDPR you have the following rights regarding your personal data:
- Right of access — request a copy of the personal data we hold about you.
- Right to rectification — request correction of inaccurate or incomplete data.
- Right to erasure ('right to be forgotten') — request deletion of your data where there is no compelling reason for us to continue processing it.
- Right to restriction — request that we restrict processing of your data in certain circumstances.
- Right to data portability — receive your data in a structured, machine-readable format.
- Right to object — object to processing based on legitimate interests.
- Right to withdraw consent — where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
- Right to lodge a complaint — you have the right to complain to a supervisory authority. In Greece, this is the Hellenic Data Protection Authority (HDPA): www.dpa.gr.
To exercise any of these rights, please contact us at info@casadigiorgio.gr. We will respond within 30 days.
8. Data Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These include:
- HTTPS encryption for all data transmitted via our website.
- Access controls limiting who within our organisation can access personal data.
- Regular review of data handling practices.
Despite our best efforts, no transmission over the internet is completely secure. If you believe your data has been compromised, please notify us immediately at info@casadigiorgio.gr.
9. Minors
Our website is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.
10. Changes to this Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. The “Last updated” date at the top of this page indicates when the policy was last revised. We encourage you to review this page periodically.
Material changes will be notified via a notice on our website.
11. Contact Us
For any privacy-related questions, requests, or complaints, please contact us:
Casa Di Giorgio — Data Privacy
1 Mitropoleos St., Chora of Mykonos, 84600, Greece
You also have the right to lodge a complaint with the Hellenic Data Protection Authority (HDPA).
We aim to respond to all data subject requests within 30 calendar days.