Last updated: 28 January 2026

This Privacy Policy explains how The Core Serifos (“we”, “us”, “our”) collects, uses, and protects
your personal data when you visit core-serifos.com (the “Website”) or contact us through our forms.
This text is provided as a placeholder and should be reviewed by a legal professional before launch.

1. Who We Are

Data Controller: The Core Serifos 
Location: Serifos, Greece
Email: [info@core-serifos.com]

2. Personal Data We Collect

Depending on how you use the Website, we may collect:

• Contact details (e.g., name, email, phone number)
• Booking/request details (e.g., arrival/departure dates, number of guests, preferences you share)
• Message content you submit through forms or email
• Technical data (e.g., IP address, device/browser data, pages viewed) via cookies/analytics

We do not intentionally collect special categories of personal data (e.g., health, religion). Please do not submit
sensitive information through the Website forms.

3. How We Use Your Data

• To respond to your inquiries and provide information about availability and offers
• To communicate with you about your request and potential stay
• To manage reservations and guest services (where applicable)
• To maintain Website security and improve performance
• To comply with legal obligations

4. Legal Bases for Processing (GDPR)

We process your data based on one or more of the following legal bases:

• Consent (e.g., when you submit a form)
• Contract / pre-contract steps (e.g., to prepare an offer or booking response)
• Legitimate interests (e.g., Website security, basic analytics where permitted)
• Legal obligation (e.g., accounting or regulatory requirements)

5. Cookies & Analytics

We may use cookies and similar technologies to operate the Website and understand how visitors use it.
You can manage your preferences through our cookie banner and learn more in our Cookies Policy.

6. Sharing Your Data

We do not sell your personal data. We may share limited information with trusted service providers who help us
operate the Website and deliver services (e.g., hosting, email, analytics), under appropriate confidentiality and
data protection obligations.

7. International Transfers

Some service providers may process data outside the European Economic Area (EEA). Where this occurs, we ensure
appropriate safeguards are in place (such as Standard Contractual Clauses) as required by applicable law.

8. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes described in this Policy, or as
required by law. When no longer needed, data is securely deleted or anonymized.

9. Your Rights

Under the GDPR, you may have the right to request access, correction, deletion, restriction, or portability of
your personal data, and to object to certain processing. Where processing is based on consent, you may withdraw
consent at any time.

To exercise your rights, contact us at:
[info@core-serifos.com].

10. Security

We implement reasonable technical and organizational measures to protect your personal data. No method of
transmission or storage is 100% secure, but we work to protect your information against unauthorized access,
loss, misuse, or alteration.

11. Third-Party Links

The Website may include links to third-party websites (e.g., maps, social platforms). We are not responsible for
their content or privacy practices. Please review their privacy policies separately.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with a revised
“Last updated” date.

13. Contact & Complaints

If you have questions about this Privacy Policy, contact us at [info@core-serifos.com].
You may also lodge a complaint with your local data protection authority.