The Wave

Privacy Policy

Privacy Policy

At The Wave we respect your privacy. This page explains which data we collect when you contact us, why we collect it, how long we keep it, and the rights you have, in line with the EU General Data Protection Regulation (EU 2016/679) and Greek law 4624/2019.

Last updated: 01/05/2026

01. Who we are

The Wave is a hotel operating in Limenaria, Thassos. The data controller of your personal data is the business that runs the hotel.

For any question about your personal data you can reach us at the contact email shown in the website footer.

02. What data we collect

When you fill in the enquiry form on our Contact page, we collect:

  • Your full name
  • Your email address
  • Your phone number (optional)
  • Your preferred arrival and departure dates
  • The number of adults and children
  • A room preference (optional)
  • A free-text message (optional)

We do not collect navigation data automatically, we do not use analytics or marketing tools, and we do not place advertising cookies in your browser.

03. Purpose of processing

The data you provide is used solely for:

  • Replying to your enquiry with availability, rates and practical information
  • Organising a possible future stay
  • Communicating with you before, during, or after your stay

We will not send you marketing material unless you have given us separate explicit consent.

04. Legal basis

The legal basis for processing is your explicit consent (Article 6 (1) (a) GDPR), which you give by ticking the relevant checkbox on the form.

If a stay is then booked, further processing relies on the performance of the accommodation contract (Article 6 (1) (b) GDPR) and the hotel's legal obligations (Article 6 (1) (c) GDPR).

05. Retention period

If no booking results from your enquiry, we keep your data for up to 12 months so that we can answer any follow-up questions you may have.

If a stay does take place, we keep tax and legal records for the period required by Greek tax and hotel legislation.

06. Sharing with third parties

We do not transfer your personal data to third parties for commercial purposes. We do not use third-party tools for automated processing or profiling.

In limited cases we may share data with: (a) our email service provider, (b) our accountant for tax records, (c) public authorities when required by law.

07. Your rights

Under the GDPR you have the right to:

  • Access the data we hold about you
  • Correct inaccurate data
  • Erase your data (the "right to be forgotten")
  • Restrict processing
  • Portability of your data
  • Object to processing
  • Withdraw consent at any time

To exercise any of these rights, please contact us at the hotel's email. We will reply within 30 days.

08. Complaints to the authority

If you believe your rights are being violated, you have the right to lodge a complaint with the Greek Data Protection Authority:

Hellenic Data Protection Authority
1-3 Kifisias Avenue, 115 23 Athens, Greece
Tel. +30 210 6475600
www.dpa.gr

09. Cookies

The website uses only the cookies strictly necessary for it to operate. See the full list in the Cookie Policy.

10. Changes to this Policy

This Privacy Policy may be updated from time to time. The current version always shows a "last updated" date at the top. We recommend you check this page periodically.