Privacy Policy

Τhe societe anonyme under the corporate name “KLC III HELLAS HOTEL TOURISM DEVELOPMENT CONSTRUCTION COMMERCIAL TRADE SOCIETE ANONYME” and the distinctive title “KLC III HELLAS S.A.”, organized under the laws of Greece, having its registered offices at 20, Vassileos Konstantinou Avenue, Athens, Greece, with Tax Registration Number 998939697 (Tax Office FAE Athens) (hereinafter the “Company” or “we” or “our” or “us”), is the exclusive owner and possessor of the hotel complex “Angsana Corfu Resort & Spa”, (hereinafter referred to as “Angsana Corfu” or the “Hotel”), situated in the island of Corfu, Greece (Epar. Od. Vrionis-Aghiou Nikolaou, Benitses 490 84). Its telephone number is +30 2661 022900 and its email address is [email protected].

We are committed to respect your privacy and comply with applicable laws on data protection. The personal data that you need to provide when you enter our website ( or register for various applications related with services and products provided by us, and any additional personal data that will be requested in later stages, are collected, processed, transferred, stored and used under the capacity of the Company as Data Controller.

Please dedicate some of your time to carefully read the terms of the current Privacy Policy that refers to our website. You can also use the electronic forms of our website to get in direct contact with us and ask for any further information or clarification in relation to this Privacy Policy.

What kind of personal data do we process?

We obtain the information you provide:

a) when filling in the online booking form (“Book Now” form), where you will be asked to provide your name, your contact details (telephone number and e-mail address), booking information (e.g., dates of arrival and departure), stay preferences, your economic data (e.g., payment method), travelling data (e.g. number of your arrival flight), as well as health data and any other information necessary to fulfill special requests (e.g. allergies or health conditions that require specific accommodation).

b) when filling in the website’s contact form, you will be asked to provide your name, your e-mail address, your telephone number, as well as your inquiries.

c) when filling in the respective Newsletter Registration Form, as provided hereinbelow, we will process your e-mail address in order to send you newsletters and provide you with important information, required notices and marketing promotions under the condition that you give us your explicit consent with a direct opt-in to a relevant specific request of ours. You may opt-out of receiving our newsletter at any time, i.e. withdraw your consent via MailChimp.

During your visit on our website, we will process data through the strictly necessary technical cookies that are installed on our website, as well as the cookies for the use of which you have provided us with your explicit consent. Learn more about the Cookies Policy of our website here.

Purposes of processing your personal data

We, and/or those acting under our instructions and on our behalf (Data Processors), collect, process, use, and store your personal data solely for the following purposes:

a) to provide our services to you;

b) to process and accommodate your booking requests;

c) to administer your inquiries though the website’s contact form;

d) to keep you updated with our latest news through newsletters;

e) to support IT purposes; and

f) to support operational procedures.

Your personal data is being processed solely for the abovementioned purposes or in certain occasions to comply with applicable law, for the purposes of the legal/regulatory compliance of our Company, or for supporting our legal claims.

Legal basis for the processing

Regarding your personal data received by us when you fill in the online booking form, the legal basis for the processing is that it is necessary for the performance of a contract (e.g., to take steps towards processing and accepting your booking request).

Regarding the health data that you may provide to us for the purpose of satisfying your specific requests during your accommodation at the Hotel, the legal basis for processing is your consent.

Regarding the personal data we process when you fill in the website’s contact form and the Newsletter Registration Form, the legal basis for the processing is your explicit consent.

Regarding the personal data we collect via cookies installed on our website, the processing is based on your explicit consent, except for the use of cookies that are strictly necessary for the operation of the website, which we process based on our legitimate interest, and specifically to be in a position to provide our website to the public and to ensure our website’s security. You can find out more about the Cookies Policy of our website here.

Do we use automated individual decision-making, including profiling?

We do not make decisions, including profiling, based on automated processing of your data.

Do we process minors’ data?

The use of the website and/or our contact forms is not intended for minors. We do not knowingly collect personal information from minors. If you are under the legal age requirement, please do not visit our website, do not make any use of the above or send any information about yourself to us, including your name, address, telephone number or e-mail address.

In case that we find out that we have collected personal information from a minor or upon the minor’s parent or guardian notification, his/her personal data will be deleted immediately.

To the maximum extent permitted by applicable law and without limiting any other provision of this Privacy Policy, we disclaim any liability for any personal data submitted in contravention of this clause.

Who has access to your personal data?

The strictly necessary, in each case, properly authorized personnel of the Company has access to your personal data, which is committed to confidentiality and has received the required information regarding the safe processing of your personal data.

Moreover, by accepting the terms of this Privacy Policy, you give us your explicit consent to share your information with third parties, i.e., with third natural or legal entities who provide you with services in combination or in addition to our services (e.g.  for transport services, internal or external activities, visits to places) and for reasons connected with the better provision of our services to you. All services provided by third parties are not related to our own services. Therefore, we encourage you to read the privacy policies and rules of all third-party service providers whose products or services you acquire through this website or through any of our employees. Keep in mind that these third parties may also contact you if they need to ask for additional information about you for providing their services or responding to a request you have submitted.  We are not responsible for any communication that will be directly between them and you.

We may also disclose your personal information:

a) with government or law enforcement authorities, where required by applicable law in order to comply with any court order or other legal obligation, or respond to a government request;

b) when we consider in good faith that disclosure is necessary to protect our rights or property, protect your safety or the safety of others or to investigate theft or fraud; and

c) for the purposes of special programs, according to the more specific terms and conditions if/when you choose to participate.

Do we transfer your personal data to third countries?

Your personal data is processed only within the European Economic Area (EEA). Only for the purposes of marketing, we may transfer your personal data to a non-EEA country, after having taken all the necessary measures (i.e., with the conclusion of standard contractual clauses). If, in the future, it is required to make a transfer to a third country or international organization, the transfer will be carried out under the conditions of legal and secure transmission provided by the General Data Protection Regulation (EU) 679/2016 (GDPR) and the applicable national legislation.

Which is the retention period for your personal data?

Retention periods can vary significantly based on the type of personal data and how it is used. Our retention periods are based on criteria that include legally mandated retention periods, pending or potential litigation, our intellectual property or ownership rights, contract requirements, operational directives or needs, and historical archiving. In any case, your personal data is kept only for the reasonable period of time required by the nature of the processing and only for as long as it is required to achieve the purpose of processing, unless a longer retention period is required by law.

Furthermore, we delete your personal data collected by cookies in accordance with the Cookies Policy. You can find out more about our Cookies Policy here .

Connection with other websites

The potential interconnection of our website with other third parties’ websites through links, hyperlinks and banners, does not entail any liability for us in relation to the content of those websites, the quality of the products and services they might promote, or the policy they might use concerning the protection and the processing of your personal data. Please pay the necessary attention and be informed concerning the protection and processing of your personal data from the any third parties’ websites by reading their respective privacy policies.

Is your data safe and secure?

We commit to safeguard your personal data by taking all the appropriate organizational and technical measures to secure and protect them from any form of accidental or fraudulent processing.

In addition, we use Transport Layer Security (“TLS”) software in order to encrypt the personal data that you provide to us. When using TLS, the transmission of your personal data to us will be encrypted. You can verify whether your personal data is transmitted using TLS encryption by confirming the symbol of a closed lock or solid key inside your browser address bar. You can also verify that your personal data will be encrypted using TLS encryption by making sure that the prefix for the web address listed for that page has changed from “http” to “https”. If you do not see the appropriate symbol and/or the “https” prefix, you should not assume that the personal data that you are being asked to provide will be encrypted prior to transmission.

These organizational and technical measures are reviewed and amended at the discretion of the Company, when deemed necessary.

What are your rights?

  • You have the right to access your personal data.

This means you have the right to be informed about whether we process your personal data. If so, you can request to be informed about the purpose of processing, the type of information that we keep, the recipients, the retention periods, and whether we perform automated decision making.

  • You have the right to rectify your inaccurate personal data.

You can request the rectification of your inaccurate personal data (correct a wrong or previous phone number/address etc.). Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

  • You have the right to erase your personal data / right to be forgotten.

You can request to delete your personal data if it is not necessary for the above-mentioned purposes or if you wish to withdraw your consent in case this is the only legal basis for the processing.

  • You have the right to data portability.

You can request to receive in a readable format your personal data that you have provided or request to transfer your personal data to another Data Controller, provided that this is in line with the applicable EU and national legal and regulatory framework on the protection of personal data.

  • You have the right to restrict the processing of your personal data.

You can request to restrict the processing of your personal data for as long as the examination of your objections is pending.

  • You have the right to object to the processing of your personal data.

You can object to the processing of your personal data in case we process it solely on the legal basis of our legitimate interest. In this case, we shall no longer process your personal data, unless there are compelling legitimate grounds for the processing which override your rights.

  • You have the right to withdraw your consent.

You have the right to withdraw your consent at any time, in the event that processing is based on this legal basis. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

How can you exercise your rights?

If you wish to receive further information or exercise your rights concerning the processing of your personal data, you can contact us via e-mail at the e-mail address:  [email protected] , stating as subject “Exercise of the right of access / rectification / erasure / portability / restriction / objection / withdrawal of consent”, and including a description of your request.

We will make sure to examine and respond to your request without delay within one (1) month after receiving it and without any cost for you. The above time-period might be extended for another two (2) months due to the complexity or the number of the requests. In such a case, you will be informed for the time extension and the reasons for it as soon as possible, and in any case within one (1) month since receiving your request. In case your request is considered obviously unfounded or excessive, we may impose a reasonable fee, taking into account the administrative costs for providing information or performing the requested action, or refuse to respond to the request and provide you with the justification of its refusal.

In case: a) you consider that your request was not sufficiently and legally satisfied; or b) you consider that the right to protection of your personal data is violated by any processing we carry out, you have the right to file a complaint through a special portal to the Hellenic Data Protection Authority (postal address Kifissias 1-3, PC 115 23, Athens, tel. 210. 6475600). The website of the Authority ( provides detailed instructions for submitting a complaint.


It is explicitly agreed that this Privacy Policy is construed by and interpreted according to the laws of Greece. The Courts of Athens, Greece shall be exclusively competent for the resolution of any dispute, claim, interpretation or controversy arising out of or relating to the Privacy Policy.

Changes to the Company’s Privacy Policy

The Company may update this Privacy Policy whenever deemed to be necessary. If there are any significant changes to the Privacy Policy or the way that we process your personal data, we will notify you either by posting those changes on a visible place to our website, before the changes come into force, or in any other appropriate manner. We encourage you to read this Privacy Policy on a regular basis in order for you to be aware on the way your personal data is protected. Τhe last change to our Privacy policy was made on 14/10/2021.

Your Consents

By accepting this Privacy Policy, you grant your explicit consent and you accept the collection, processing and use of your personal data, as set forth and for the purposes described in this Privacy Policy.

Newsletter Registration Form

We would like to keep you updated. To this end, we would like to collect your e-mail address based on your explicit consent in order to send you newsletters. Please, dedicate some of your time to carefully read the terms of the website’s Privacy Policy, which explains how we collect, process, use, and store your personal data.

You can revoke your consent to receive newsletters at any time, i.e., withdraw your consent via MailChimp.