Privacy Policy

This Privacy Policy explains how Nomāde Kefalonia (“Nomāde”, “we”, “us”) collects, uses, stores, and shares personal data when you visit our website (nomadekefalonia.com), contact us, or make a reservation.

We process personal data in accordance with the EU General Data Protection Regulation (EU) 2016/679 (“GDPR”) and applicable Greek data protection law.

1. Who we are (Data Controller)

Data Controller (legal entity): ΘΕΟΔΩΡΟΣ ΜΑΡΟΥΛΗΣ ΚΑΙ ΣΙΑ Ο.Ε.

VAT number: 802160472

Address: Διγενή 8, Ληξούρι, Κεφαλονία, 282 00, Ελλάδα

Phone: +30 694 853 0117

Privacy contact email: hi@brandmazed.com

If you have any questions or requests regarding privacy, please email us at hi@brandmazed.com with the subject line “Privacy Request”.

2. Personal data we collect

We may collect the following categories of personal data:

  • Reservation and stay details: name, email, phone number, dates of stay, number of guests, accommodation selection, messages/requests, and preferences you choose to share (e.g., arrival time).
  • Identification details (where required): ID/passport details required for check-in and applicable legal obligations. We may receive these via channels you use to contact us (e.g., email, OTA messaging, WhatsApp/Viber).
  • Payments and billing: payment status and transaction references, invoice details, and other information needed for accounting. Card payments made at the property are processed via POS/bank systems. We do not store your full card number.
  • Communications: emails, messages, and other communications you send us (including via WhatsApp/Viber).
  • Website usage data: IP address, browser and device information, pages visited, approximate location (city/region), referring page, and interaction data.
  • Cookies and similar technologies: online identifiers stored on your device, including analytics and advertising cookies (see Cookie Policy).
  • CCTV footage (entrance-only, if implemented in the future): If we install CCTV in the future, it will be limited to the property entrance area and will never be used inside guest rooms or other private areas. Where used, CCTV will be for security and safety purposes.

3. Children’s data

Our website and services are not intended for children under 16 years of age, and we do not knowingly collect personal data from children. If you believe a child has provided personal data to us, please contact us so we can delete it.

4. Purposes and legal bases for processing

We process personal data only where we have a lawful basis under GDPR, including:

Contract (GDPR Art. 6(1)(b))

  • to handle reservation requests and bookings (via email/WhatsApp/Viber, OTAs, and—soon—our booking engine provider Webhotelier),
  • to communicate with you about your stay, and
  • to provide customer support and on-property services.

Legal obligation (GDPR Art. 6(1)(c))

  • to meet tax, accounting, invoicing, and other obligations applicable to accommodation providers, and
  • to collect/verify identification details for check-in where required by law.

Legitimate interests (GDPR Art. 6(1)(f))

  • to operate, secure, and improve our website and services,
  • to prevent fraud/abuse and protect our systems, guests, staff, and property, and
  • to use entrance-only CCTV for security and safety if implemented in the future (where permitted by law).

Consent (GDPR Art. 6(1)(a))

  • to set non-essential cookies and similar technologies where required (e.g., analytics and advertising cookies), and
  • to send marketing communications if we ever offer them in the future (we will request opt-in consent first).

5. How we share your personal data

We do not sell your personal data. We may share personal data with:

Service providers (processors) acting on our instructions

  • website hosting and technical support providers,
  • booking/booking-engine providers (e.g., Webhotelier) and operational tools needed to manage reservations,
  • analytics and advertising technology providers (e.g., Google Analytics, Google Tag Manager, Meta Pixel),
  • email service providers used for responding to inquiries, and
  • professional advisers (accountants, auditors, legal advisers) where necessary.

Independent controllers

  • Online travel agencies (OTAs) such as Booking.com and Airbnb (when you book through them), and
  • banks/payment providers and card networks used for bank transfers and POS transactions.

Authorities

  • public authorities where required by law (e.g., tax authorities or law enforcement).

When third parties act as independent controllers (for example, OTAs and banks), they determine their own purposes and means of processing. Their privacy practices are governed by their own privacy notices.

6. International transfers (outside the EEA)

Some providers (for example, analytics/advertising or cloud service providers) may process data outside the European Economic Area (EEA). Where international transfers occur, we rely on appropriate safeguards such as adequacy decisions and/or Standard Contractual Clauses (SCCs), along with supplementary measures where needed.

7. Data retention

We retain personal data only as long as necessary for the purposes described in this policy:

  • Inquiry communications (email/WhatsApp/Viber): up to 12 months from the last interaction.
  • Booking-related records and guest communications: up to 2 years after the stay, unless a longer period is required to comply with legal obligations or to handle disputes.
  • Identification details for check-in: kept only as needed for the current year for check-in and stay-related communications, unless we must keep certain information longer under applicable law.
  • Accounting/invoicing records: kept for as long as required by Greek tax and accounting law.
  • CCTV footage (if implemented in the future): kept for a limited period, and then deleted unless needed to investigate a security incident or required by law.
  • Marketing data (if used in the future): until you unsubscribe or withdraw consent.
  • Analytics/advertising data: retained according to the settings in the relevant tools and our consent choices.

8. Security

We implement appropriate technical and organizational measures to protect personal data, including access controls and secure transmission (HTTPS). No method of transmission or storage is completely secure; please avoid sending sensitive data via insecure channels where possible.

9. Your rights

Under GDPR, you have the following rights (subject to legal conditions):

  • Right of access (obtain a copy of your data)
  • Right to rectification (correct inaccurate data)
  • Right to erasure (delete data, where applicable)
  • Right to restriction of processing
  • Right to data portability
  • Right to object (including to direct marketing)
  • Right to withdraw consent (where processing is based on consent)

To exercise your rights, email hi@brandmazed.com. We may ask for information to verify your identity before responding.

10. Complaints

You also have the right to lodge a complaint with the Hellenic Data Protection Authority (HDPA). Website: https://www.dpa.gr

11. Third-party links and services

Our website may include links or integrations with third-party services (for example, OTAs, maps, videos, or social media). These third parties have their own privacy policies and we are not responsible for their practices.

12. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. When we do, we will publish the updated version on our website and update the effective date at the top.

 

 

COOKIE POLICY

This Cookie Policy explains how we use cookies and similar technologies on nomadekefalonia.com.

1. What are cookies?

Cookies are small text files stored on your device when you visit a website. Cookies may be session cookies (deleted when you close your browser) or persistent cookies (remain until they expire or you delete them).

2. Cookies and technologies we use

We use the following categories of cookies and similar technologies:

  • Strictly necessary cookies: These are required for the website to function properly and cannot be switched off in our systems in most cases.
  • Analytics cookies (Google Analytics via Google Tag Manager): These help us understand how visitors use our website so we can improve performance and user experience.
  • Advertising/remarketing cookies (Meta Pixel and Google technologies): These help us measure advertising performance and run remarketing campaigns on platforms such as Meta and Google.
  • Functional cookies: These remember preferences and enable enhanced functionality where used.
  • Embedded content cookies (potential future use): If we embed content such as maps or videos, those providers may set cookies when you interact with the embed.

3. Consent and cookie controls

Where required by law, we use a cookie banner/settings tool to request your consent before placing non-essential cookies (such as analytics and advertising cookies). You can change your choices at any time through the cookie settings (if available) and through your browser settings.

You can also control cookies through your browser settings:

  • delete existing cookies,
  • block all cookies, or
  • block third-party cookies.

Please note that blocking some cookies may impact the functionality and performance of the website.

4. Contact

If you have questions about our use of cookies or personal data, contact us at hi@brandmazed.com.

Back To Top
EXPLORE STAYS BOOK NOW