top of page

Privacy Notice

Last Updated: Jan 26th, 2026

At AVS GROUP E.E (Myconian Theros Luxury Suites), we are committed to protecting and respecting your privacy. Please read this notice as it contains important information about how we use personal data that we collect from you or that you provide to us.

Information & Consent

This Privacy Notice describes how we collect, use, process, and disclose your information, including personal information, in conjunction with your access to and use of our booking system.

By reading this Privacy Notice, you are hereby informed on how we collect, process and protect personal data furnished through our booking engine. You must carefully read this Privacy Notice to freely and voluntarily determine whether you wish to provide your personal data to us.

When this notice mentions "booking system," "booking engine," "website," or "services," it refers to all pages and functions under https://myconiantheros.reserve-online.net/ unless specified otherwise.

By accessing the platform or providing information, you agree to our privacy practices as set out in this privacy statement. We may change this notice from time to time, so please check this page frequently to ensure you are aware of the most recent version.

Data Controller

Myconian Theros Luxury Suites "AVS GROUP E.E"

Ano Mera
84600, Mykonos
Greece

For the purposes of the General Data Protection Regulation ("GDPR") (EU) 2016/679, we are the Data Controller. There is a strict contractual framework between the data controller and the data processor for the protection of your personal information.

Data Processor

WebHotelier operates our booking system on behalf of AVS GROUP E.E and is committed to protecting the privacy of users of this system.

Revplus Hellas S.A.

5th Km Rhodou-Lindou Ave.
851 00, Rhodes
Greece

For the purposes of the GDPR, where WebHotelier processes your personal data on our behalf, WebHotelier is the Data Processor. WebHotelier is a certified PCI-DSS Level 2 Service Provider audited monthly by Trustwave.

Data Protection Officer: dpo@webhotelier.net

Personal Data We Collect and Process

The data requested in the forms accessible from our booking engine are generally mandatory (unless specified otherwise) to meet the stated purposes. If not provided or provided incorrectly, we will be unable to process your request.

This will include:

  • Personal information which we ask you for (e.g. your name, address, and email address) when you make a booking

  • Financial details in order to process your booking when we require pre-payment

  • Details of transactions you carry out through our booking engine and details of the fulfilment of your orders

Our data processor may only collect and process personal data on our behalf in accordance with our instructions, and cannot process it in any other way or for any other purpose.

 

We grant permission to our data processor to:

  • Use your personal information for reserving rooms and/or other services for you at Myconian Theros

  • Pass on your financial details to us and/or appropriate third parties (for example, credit card companies) for the purpose of confirming or paying for a booking

  • Use your information for marketing purposes (where you explicitly agree to this)

  • Pre-complete forms and other details on our website to make your next visit easier

Social Login

In the event of registration and/or access through a third-party account, we may collect and access certain information from your profile from the corresponding social network, solely for internal administrative purposes.

Third-Party Data (e.g. book for a friend)

If you provide third-party data, you declare that you have the third party's consent and undertake to provide them with the information contained in this Privacy Notice.

Sensitive Data

Unless specifically requested, we ask that you not send us any Sensitive Personal Data (e.g., social security numbers, national identification number, data related to racial or ethnic origin, political opinions, religion, health, biometrics, criminal background, or trade union membership).

Use of Services by Minors

The Services are not directed to individuals under the age of sixteen (16), and we request that they not provide Personal Data through the Services.

Purpose of Processing Personal Data

Depending on your requests, your personal data will be processed for the following purposes:

  • To manage the bookings made, including payment management and the management of your requests and preferences

  • To manage registration in loyalty or membership programs

  • To manage your contact requests with us

  • To manage the sending of personalized commercial communications (where you expressly consent)

  • To manage the provision of the contracted accommodation service and additional services

  • To manage surveys and/or evaluations regarding the quality of our services

 

Data Retention

We will retain your Personal Data for the period necessary to fulfill the purposes outlined in this Privacy Notice unless a longer retention period is required or permitted by law, or if you request withdrawal, oppose, or revoke your consent.

The criteria used to determine our retention periods include:

  • The length of time we have an ongoing relationship with you and provide services to you

  • Whether there is a legal obligation to which we are subject

  • Whether retention is advisable considering our legal position

 

Data Disclosure

We will use and disclose Personal Data as we believe to be necessary or appropriate:

  • To comply with applicable law

  • To comply with legal process

  • To respond to requests from public and government authorities

  • To enforce our terms and conditions

  • To protect our operations and the rights, privacy, safety or property of ourselves, you, or others

  • To allow us to pursue available remedies or limit damages

 

International Transfers of Personal Data

We may transfer your personal information to our data processor(s) or sub-processor(s) based outside of the EEA. If we do this, your personal information will continue to be subject to appropriate safeguards set out in the law, such as model contracts approved by regulators or independent privacy schemes like the US Privacy Shield.

Our data is stored in the cloud using Amazon Web Services in N. Virginia, USA and in Frankfurt, Germany. If you are accessing our systems from outside the USA, you acknowledge that your personal information may be transferred to the USA, a jurisdiction which may have different privacy and data security protections from those of your own jurisdiction.

Your Responsibilities

You guarantee that:

  • You are of legal age or legally emancipated

  • The information furnished to us is true, accurate, complete and up-to-date

  • You have informed third parties on whose behalf you have provided data of the aspects contained in this document

  • You have obtained third party authorization to provide their data to us

You will be responsible for false or inaccurate information provided and for any damages this may cause.

Exercise of Your Rights

You may contact us at any time free of charge to:

  • Obtain confirmation about whether or not personal data concerning you are being processed

  • Access your personal details

  • Rectify any inaccurate or incomplete data

  • Request the deletion of your personal data

  • Confirm revocation of consent

  • Obtain limitation of data processing

  • Request the portability of your data

You may file a complaint regarding the protection of your personal data at any time before the competent Data Protection Authority.

Security Measures

We will process your data at all times in absolute confidence and maintain the mandatory duty of secrecy with regard to your data, in accordance with applicable regulations. We adopt technical and organizational measures required to guarantee the security of your data and prevent them from being altered, lost, processed or accessed illegally.

bottom of page