KOPELULA GRAND ISLE RESORT

Villas & Apartments
in Corfu

Privacy Policy

Kopelula Resort owned by Corfu Management Toursit IKE, (hereinafter referred to as “Resort”, “We”), collects and processes your personal data in accordance with the applicable EU and national data protection legislation.
By the present Privacy Policy We wish to inform you on the personal data We collect and process, whether you visit our Resort as a guest, as well as when you cooperate with us or you visit our digital environments.
Our Website https://www.kopelulacorfu.com contain links to third party websites which are not subject to this Privacy Policy. We are not responsible for their content, use of personal information, or security practices.

Definitions

‘Personal data’: any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

‘Special categories of personal data’: personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation;

‘Processing’: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

‘Anonymization’: the processing of personal data in such a way that data can no longer be attributed to a particular data subject;

‘Pseudonymization’: the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person;

‘Controller’: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;

‘Processor’: a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;

‘Consent’: of the data subject: any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;

‘Personal data breach’: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed;

‘Existing legislation’: The provisions of the existing Greek, EU or other legislation which is applicable to Kopelula Resort which regulates matters of data protection, such as: Regulation (EU) 2016/679 (GDPR), Greek Law 4624/2019, Greek Law 3471/2006, Directive 2002/58/EC, as well as any other Decisions, Opinions, Directives, Guidelines and Recommendations issued by the European Data Protection Board, the European Data Protection Supervisor, the Hellenic Data Protection Authority (HDPA) and any other competent supervisory authority, as in force from time.

Data Protection Officer

We have appointed a Data Protection Officer to oversee compliance with this privacy policy. If you have any questions about this Privacy Policy or how We handle your personal information, please contact our Data Protection Officer at

We welcome questions, comments, and concerns about our cookies policy and privacy practices. If you contact us with a privacy complaint it will be assessed with the aim of resolving the issue in a timely and effective manner.

Information We collect- Purpose of processing- Legal Basis
We ensure that we collect, store and process only the necessary information in order to provide you high quality services. More specifically, we collect:

A. Guests

When you wish to make a booking at Kopelula Resort or make an inquiry.

When you wish to make a booking reservation at Kopelula Resort, either through our Website or by contacting us by email/ through a travel agent, We may ask you to provide certain personal information including your full name, email address, contact number, postal address, payment details, such as your bank account and payment card information (i.e. credit card type and number, credit card holder name, expiration date). This information is required to process and complete your reservation (including the sending of a confirmation email of the booking to you). We may also collect and store to our systems our communication and relevant documentation you send to us prior to your visit, in order to organize your stay and provide you the services agreed.

We collect the above information in order to arrange your booking reservation at Kopelula Resort, as well as to process and perform the relevant payment for the purchased services. The legal basis of processing is the performance of the contract with you, as well as our legitimate interest to recover any issued claims in case of disputes.

When your Stay with us at Kopelula Resort

During your stay at Kopelula Resort We collect information including the data provided during the registration process (full name, date of birth, id/ passport number, visa data, nationality home address, e-mail address, phone number, companion full name, postal code, number of children and their ages).

Moreover, We record your itemized spending to properly assemble your folio, which sets out your room rate and other expenses billed to your room. We may also collect allergies and/or special requirement preferences (i.e. mobility requirements, payment difficulties, special requests, service issues, amenities requests, interests, activities, hobbies) but only if you voluntarily provide them to us by signing the relevant forms and providing us your explicit prior consent. Moreover, We may collect information related to accidents that may take place while you visit our Hotel. Finally, Kopelula Resort may collect personal data of its guests in line with the applicable from time to time health protocols, as issued by the competent public authorities (e.g. vaccination certificates etc).

We collect the above information in order to: a. complete the check-in process, serve your stay and offer you our agreed services. Our legal basis of processing is the performance of our contractual obligations, as well as to our legal obligations. b. to offer you personalized services (regarding preferences etc). Our legal basis is your prior consent, c. for communication, promotional, research and marketing purposes. Our legal basis is your consent, d. to assess and investigate an accident/incident in accordance with our internal procedures, for the proper handling of any respective legal issues. Our legal basis is our legitimate interest as a service provider and our defense of any legal claims, e. the protection of the health of our guests and staff. Our legal basis of processing is reasons of protection of public interest in the area of public health.

For online bookings at Kopelula Resort, We use the WebHotelier service. Making an online booking, means that you accept the Privacy Policy of our online booking system.

CCTV Systems

We collect and process CCTV (exterior areas only) images through our video-surveillance systems in order to ensure your safety and security, alongside our premises and staff.
Our legal basis of processing is the legitimate interest to protect the safety of our guests, employees and premises.

B. Information of Minors
We do not seek to collect personal data directly from minors. We do not knowingly collect personal data from anyone under 18 without parental/ legal guardian consent. As it is impossible to determine the age of persons you use our Websites, If you are a parent and you have a concern about information that may have been provided by your child to us, please contact us at
C. Employees
1. If you are a job applicant

We may apply for one of our vacancies which are published either to our Websites, or third- party platforms. We may collect and process only the necessary personal information in order for Us to assess your suitability for a job opening (e.g. full name, contact details, working experience and CV details). Our legal basis of processing is our legitimate interest to assess your suitability for our vacancies, as well as to comply with our pre-contractual obligations. Should you provide us with your consent, We may keep your CV for future openings.

2. If you are an employee

We may collect and process only the necessary information to manage our employment relationship, either at the pre-contractual stage (eg full name, Social Security Numbers, Bank details, contact details, working permit, information on education and training, family status etc), or during the performance of the contract (e.g. evaluations, trainings, leaves etc). We always ensure to provide our employees with a relevant privacy notice as an annex to the employment agreement.
We collect such data in order to comply with our contractual obligations and fulfill our legal obligations as an employer. Our legal basis is the need to process your data in the context of our contractual obligation or during the pre-contractual stage, as well as to comply with our legal obligations.

D. If you are a business partner or supplier/contractor
We may collect and process personal information from our vendors, only as necessary to fulfill our contractual and/ or legal obligations (e.g. full name, TIN number, Bank account details, full address and contact details). Our legal basis of processing is the performance of our contractual agreement and our compliance with our tax obligations.
E. If you visit the Websites and digital environments
We use browser cookies and similar technologies (collectively, “cookies”) to collect and store certain information when you use, access, or interact with us via our Websites. We may, for example, collect information about the type of device you use to access our Websites, the operating system and version, your IP address. For information about how We use cookies and the choices you may have, please read further below.
Who do We share your information with?

We keep your personal data secure and safeguarded. Only authorized employees and/or external partners will have access and process your personal data according to the purpose of their processing.
More specifically, your personal data may be shared with: 

Third party service providers (eg. Legal consultants, it & information security services, technical support, insurers and/or professional advisors insofar as reasonably necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, marketing agencies, our payment services provider, companies and organizations for the purposes of fraud protection and credit risk reduction). We endeavor to ensure by relevant data processing agreements that any personal data processing is made in full compliance with the data protection legislation.

Competent Public Services (Police, prosecuting authorities, tax authorities etc.) in the context of performing their duties, or upon relevant request.
In any case of data transfers, We ensure to limit the extent of information that is being disclosed, to the strictly necessary for the performance of the specific purpose of the transfer.

Third-Parties’ websites

We may allow third-party ad servers or ad networks to serve advertisements and/or collect information on the service. These third-party ad servers or ad networks use technology to send, directly to your browser, the advertisements and links that appear on our Websites. They automatically receive your IP address when this happens. They may also use other technologies (such as cookies, JavaScript, or web beacons) to measure the effectiveness of their advertisements and to personalize the advertising content.

The Kopelula Resort Privacy Policy does not apply to, and We cannot control the activities of, third-party advertisers. Please consult the respective privacy policies of such advertisers for more information.

International Data Transfers

We may transfer your personal data outside the European Economic Area (“EEA”), such as to Switzerland, or another country. Such transfer is considered as international data transfer for the lawful performance of which, there are special legal requirements. Before any international data transfer, We will ensure that an adequate level of protection is provided by confirm that one of the following requirements is met: 

Personal data will be transferred to organizations that participate in data transfer mechanisms for transfers from the EEA or Switzerland to the U.S.
Personal data will be transferred to countries that have privacy laws that have been recognized as providing adequate protection for the data.
Personal data will be transferred to countries that are subject to an adequacy decision by the European Commission,
Personal data is adequately protected by appropriate safeguards, such as by standard contractual clauses signed with the third parties to which the data will be transferred.

Data Retention

We will keep your personal data for as long as needed to fulfil the purposes for which it is collected unless We are required or permitted by law to keep the personal data for a longer period of time. 
Deletions of data, pursuant to properly addressed, valid, and verified GDPR-related requests, will occur without undue delay and in any event within one month of receipt of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests.
Our retention periods are based on legal provisions and your information that is no longer needed is either irreversibly anonymized or destroyed securely. Where We don’t need to keep all of your information in full, We will obfuscate or aggregate it, for example, web activity logs and survey responses. This is to ensure that We do not retain your information for longer than necessary.

Data Security
We take appropriate technical and organizational security measures to keep your personal data safe and accurate as well as to protect them against any loss, misuse, or unauthorized access, alteration, disclosure or destruction. We also have implemented measures to maintain the ongoing confidentiality, integrity and availability of the systems and services that process personal data so that We be able to restore the availability and access to your data in a timely manner in the event of a physical or technical incident.
Your Rights

We respect your rights as set forth by the applicable privacy and data protection laws. Especially, you enjoy the following rights related to the data We collect and process about you, and more specifically you may:

  1. request access to the personal information We process about you and request to receive a copy thereof;
  2. request that We correct inaccurate or incomplete personal information about you;
  3. request deletion of personal information about you, unless special legal provisions require their retention
  4. request restrictions, temporarily or permanently, on our processing of some or all personal information about you;
  5. request transfer of personal information to you or a third party where We process the data based on your consent or a contract with you, and where our processing is automated;
  6. object to our further processing of personal information about you; and
  7. request to withdraw your consent when processing is based on your consent, bearing in mind that such processing will not affect the lawfulness of the processing before the withdrawal.

You do not have to pay a fee, and We will aim to respond to your request within 30 days upon receipt and identification of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests We handle. We will honor the requests you make related to your rights as the law allows, which means in some cases there may be lawful reasons that will may not enable us to satisfy the specific request you make related to your rights.
In case of exercising one or more of the above-mentioned rights of correction, deletion and restriction of your data, these requests shall also be forwarded to any third-party recipient with whom your personal data may have been shared in the context of the pursuance of the aforementioned processing purposes.
In case you consider that We have not handled with your request properly, you can always refer to the competent Hellenic Data Protection Authority at www.dpa.gr/index.php/en/individuals/complaint-to-the-hellenic-dpa. 

To make enquires and/or to exercise any of the abovementioned rights, please fill in this form and send it to our Data Protection Officer at

Cookies Policy

We collect information, which may include personal data, from your browser when you use our Websites by a variety of methods, such as cookies and pixel tags. We use browser session cookies, which are temporary cookies that are erased from your device’s memory when you close your Internet browser or turn your computer off, and persistent cookies, which are stored on your device until they expire, unless you delete them before that time. 

The personal data collected may include your (i) IP-address; (ii) unique cookie identifier, cookie information and information on whether your device has software to access certain features; (iii) unique device identifier and device type; (iv) domain, browser type and language, (v) operating system and system settings; (vi) country and time zone; (vii) previously visited websites; (viii) information about your interaction with our websites such as click behavior; and (ix) access times and referring URLs.

For example, We use cookies and pixel tags to track usage of the Websites and to understand our customers’ preferences (such as country and language choices). This enables us to provide services to our customers and improve their online experience. We also use cookies and pixel tags to obtain aggregate data about site traffic and site interaction, to identify trends and obtain statistics so that We can improve our Websites.

We may use on our Websites cookies that do not require approval (necessary cookies) or cookies that require approval (non-essential cookies)
Cookies that are essential, also known as ‘strictly necessary’ cookies enable features without which you would not be able to use the Website as intended. These cookies are used exclusively by our Website and are therefore known as first-party cookies.
They are only saved on your computer while you are actually browsing the Website. These cookies do not identify you. These cookies are necessary for the Website’s functionality and without them the use of the Website would be unavailable. Your consent is not required for the use of strictly necessary cookies.

We use cookies that require your prior consent

These cookies can be:
Statistic cookies: Statistic cookies help us to understand how visitors interact with our Website by collecting and reporting information anonymously. 
Marketing cookies: Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.

Managing your Cookie Settings

If you do not want to accept cookies, you can block them by adjusting the settings on your internet browser. Please note that because this is a setting on your browser, this adjustment may also block cookies for any website you visit. You can visit www.aboutcookies.org, which provides detailed information on managing cookies in popular browsers. 
You can completely disable cookies in your browser at any time. Blocking cookies may affect your ability to benefit from the conveniences afforded by the use of cookies, may affect your ability to use certain customization features associated with creating a user profile, and, in the case of cookies that are strictly necessary for the Website to operate properly, may affect your experience of the Website.
Videos and other features on our site use Flash cookies to collect and store your preferences, such as volume. Flash cookies are different from browser cookies because of the amount of, type of, and way that data is stored. Cookie management tools provided by your browser will not remove Flash cookies. Some cookies may be placed by third party service providers who perform some of these functions for us.

Changes to this Privacy Policy

We may make changes to this Policy from time to time based on changes to applicable laws and regulations or other requirements applicable to us, changes in technology, or changes to our business. Any changes We make to the Policy in the future will be posted on this page, and where We change this Policy in ways that also affect how We process personal information about you, where appropriate, We will notify you directly via email or other direct contact with you, and We also will post a notice on our home page that this Policy has changed. If We materially change the way in which We process your personal data, We will provide you with prior notice, or where legally required, request your consent prior to implementing such changes. We strongly encourage you to read our privacy policy and keep yourself informed of our practices. 

This Privacy Policy was updated on March 2024

Close