Privacy Policy

Effective Date: September 2018 · Last Updated: June 2026

At VIP Santorini, your privacy is of utmost importance to us. This Privacy Policy explains how we collect, use, and safeguard your personal data in compliance with Greek and EU data-protection regulations, including the GDPR. We encourage you to read it carefully.

→ View our Cancellation Policy & Terms

Information We Collect

We collect and process personal data through our website vacationintopremium.com for the following purposes:

Responding to your inquiries or information requests
Managing your registration on our website or newsletter
Delivering the services offered via our website

While you may browse our website without disclosing personal data, engaging with our services or making a request will require sharing certain information. Protecting this information is a priority, and we adhere to applicable data-protection laws.

What is personal data?

Personal data refers to any information that can identify you, such as your name, contact details, IP address, and browsing activities.

Data we may collect

Newsletter signup — email address.
Career applications — name, email address, and any information provided in your CV or cover letter.
Website usage — data regarding how you interact with our website (pages visited, time spent, browser type, IP address).
Communication records — emails, phone calls, letters, or social-media interactions with our team.
Booking information — name, contact details, travel dates, special requests, and payment information for service bookings.

How We Use Your Data

We process your personal data for specific, legitimate purposes, including:

1. Marketing communications

Sending occasional emails about our services and special offers — only if you actively tick the optional "keep me updated" box on our quote or contact form. This box is never pre-ticked, and submitting a booking or enquiry without ticking it does not sign you up for marketing.
We keep a dated record of that opt-in (your email, name and the time you consented) as proof of consent, and you can withdraw it at any time.
Providing a working unsubscribe link in every marketing email.
Audience matching for advertising. Where you have consented, we may securely share a hashed (scrambled) version of your email address with Google to show you, or people similar to you, our adverts through Google Ads "Customer Match". Google cannot read the original email, and you can opt out at any time (see Analytics & Advertising).

2. Career applications

Evaluating your suitability for current or future roles
Retaining your data for up to three years for follow-up opportunities (with your consent)

3. Customer relationship management

Managing inquiries and service requests
Processing bookings and payments
Providing customer support and follow-up
Storing and processing data securely to improve our offerings

Data-sharing policy

We only share data internally within our customer-relations, marketing, and communications teams or with trusted data processors for hosting and maintenance. Personal data is shared with third parties only with your explicit consent or as required by law.

Your Data-Protection Rights

Under the GDPR and applicable data-protection laws, you have the following rights:

Right to AccessRequest details about the data we hold about you.

Right to RectificationCorrect inaccurate or incomplete information.

Right to ErasureAsk us to delete your data where it is no longer required or legally necessary.

Right to RestrictionLimit how we process your data under certain circumstances.

Right to ObjectOpt out of data processing for direct marketing or other purposes.

Right to Data PortabilityRequest your data in a structured electronic format for transfer to another party.

Right to Withdraw ConsentRevoke any previously granted consent for data processing at any time.

How to exercise your rights

To exercise any of these rights or for questions about this policy, contact us at operations@vipsantorini.gr. If you unsubscribe from marketing communications, please allow up to 10 business days to process your request.

File a complaint

You may also lodge a complaint with the Hellenic Data Protection Authority at www.dpa.gr.

Data Retention

Your personal data is stored securely on encrypted servers, accessible only by authorized personnel.

Without a contract — data is stored for five (5) years from the date of collection.
With a contract — data is retained for the duration of the contract and any applicable warranty or statutory limitation period thereafter.
Marketing opt-in records — kept until you unsubscribe or withdraw consent, after which we retain only a minimal record of the withdrawal as proof we honoured it.

Once your data is deleted from our systems, we cannot guarantee you won't be contacted again if your information is publicly available elsewhere or if you provide it to us again through our website.

Security Measures

We implement robust technical and organizational measures to safeguard your personal data against unauthorized access, loss, or misuse:

End-to-end SSL encryption — all data transmitted between your browser and our servers is encrypted using industry-standard SSL/TLS protocols.
Server and application firewalls — multi-layered firewall protection prevents unauthorized access to our systems and databases.
Strict access controls — only authorized personnel with a legitimate business need can access personal data, and all access is logged and monitored.
Regular security audits — we conduct periodic security assessments and updates to maintain the highest level of data protection.

Cookies & Consent

When you browse our website, we may store small files called "cookies" on your device. These cookies enhance your browsing experience and help us analyze website usage.

Your consent choice

When you first visit, a banner lets you Accept or Reject non-essential cookies. We use Google's Consent Mode so that analytics and advertising cookies are blocked by default and are only ever set after you click "Accept". If you click "Reject", no analytics or advertising cookies are placed — we keep only a small technical record of your choice so we don't ask you again. You can change your mind at any time by clearing this site's data in your browser, which makes the banner reappear.

Types of cookies we use

Essential cookies — ensure the website functions correctly (e.g. maintaining your session, remembering your preferences). Cannot be disabled.
Functional cookies — customize display settings such as language preferences and layout options. Can be disabled, but may affect your experience.
Analytical cookies — collect data for improving website performance (e.g. Google Analytics 4). Loaded only after you click "Accept". See Analytics & Advertising.
Social-media cookies — facilitate interactions with social platforms (e.g. sharing on Facebook, Instagram). Can be disabled, but social features won't work.
Retargeting / marketing cookies — used by Google Ads to deliver relevant advertising and measure conversions. Loaded only after you click "Accept"; you can opt out of personalised ads at any time.

Managing cookies

You can manage or block cookies through your browser settings. Disabling certain cookies may affect website functionality and your experience.

Chrome: Settings → Privacy and Security → Cookies and other site data
Firefox: Settings → Privacy & Security → Cookies and Site Data
Safari: Preferences → Privacy → Manage Website Data
Edge: Settings → Cookies and site permissions

Analytics, Advertising & Google Services

Subject to your consent (see Cookies & Consent), we use the following Google services to understand how our website is used and to promote our services. These tools only run after you click "Accept" on our cookie banner.

Google Tag Manager — a tool that loads the tags below. It does not itself store personal data, but it governs when the other tools run, in line with your consent choice.
Google Analytics 4 — measures how visitors use our website (pages viewed, time on site, approximate location, device and browser type, and a randomised identifier). We use this to improve the site. IP addresses are handled by Google in a shortened/anonymised form.
Google Ads — conversion tracking — when you arrive from one of our adverts and then make a booking or enquiry, this records that the advert led to a result, so we can measure which campaigns work. It may process your advertising identifiers and the value of your booking.
Google Ads — remarketing & Customer Match — lets us show our adverts to people who have visited our site, or (where you opted in) to a hashed version of your email address and to audiences who resemble our customers. You can stop seeing personalised Google ads at any time via myadcenter.google.com.
Google Search Console — shows us, in aggregate, the search terms people use to find us. It does not identify individual visitors.

Legal basis

We rely on your consent for all analytics and advertising cookies and for Customer Match (Articles 6(1)(a) GDPR and the ePrivacy rules). You can withdraw this consent at any time without affecting any booking you have already made.

International data transfers

Google is a US-based provider, so using these services may involve transferring some data outside the European Economic Area. Google states that such transfers are protected by the EU–US Data Privacy Framework and the European Commission's Standard Contractual Clauses.

More information from Google

See Google's Privacy Policy and how Google uses data from sites that use its services.

Updates to This Policy

This Privacy Policy is effective as of September 2018 and was last updated in June 2026. We may update it periodically to reflect changes in legal requirements, services, or business practices. Any updates will be posted on this page with a revised "Last Updated" date.

Questions or concerns?
If you have any questions about this Privacy Policy or how we handle your data, please contact us at operations@vipsantorini.gr.

Cancellation Policy & Terms