Effective Date: January 1, 2024
Data Controller: Tzagkaraki E. – Kardasi E. O.E / Muses Travel

At Muses Travel (“we”, “us”, “our”), accessible from musestravel.com, we are committed to safeguarding your privacy and protecting your personal data. This Privacy Policy explains how we collect, use, store and protect your information in full compliance with EU General Data Protection Regulation (GDPR – EU 2016/679), Greek Law 4624/2019, and all applicable EU and Greek data protection legislation.

By using our website, submitting a booking request, or contacting us, you acknowledge that you have read and understood this Privacy Policy.

1. Data Controller

Tzagkaraki E. – Kardasi E. O.E / Muses Travel
Dimakopoulou 30, Rethymno 74100, Crete, Greece
VAT Number: EL800557406
MHTE: 1041E60000077401

Email for GDPR requests: info@musestravel.com

We are the Data Controller for all data processed through musestravel.com and our booking systems.

2. Categories of Personal Data We Collect

We may collect and process the following categories of personal data:

a. Website & Technical Data

IP address
Browser type and device information
Operating system
Date/time of visit
Cookies and analytics data
Pages visited
Behavioural data (Google Analytics, Meta Pixel)

b. Booking & Accommodation Data

Full name
Email address
Phone number
Postal address
Number of guests
Arrival/departure dates
Passport/ID details when required by Greek law for tax or guest registration purposes
Booking history
Guest preferences
Villa selection

c. Financial Data

Payment status and transaction confirmation
Invoice details
We do not store credit card numbers or CVV codes. All online card payments are processed securely by Eurobank LivePay.

d. Communication Data

Messages via website forms
Emails
Concierge or service requests
Customer service records

e. Marketing Data

Newsletter subscription (Mailchimp)
Marketing preferences
Engagement metrics

f. PMS & Booking Engine Data

Via Avantio PMS and Avantio booking engine (booking.musestravel.com):

Booking records
Stay details
Payment schedule
Guest communication history

g. Third-Party Platform Data

If you contact us through Airbnb, Booking.com, Vrbo or social media, the data you provide is processed under their own privacy policies.

3. Legal Basis for Processing (GDPR Article 6)

We process personal data under the following lawful bases:

a. Contractual Necessity

To:

process and manage your booking
communicate regarding your stay
fulfil accommodation services
manage payments and reservation notes

b. Legal Obligation

To comply with:

tax laws
accounting requirements
local tourism regulations
obligations to Greek authorities (e.g., Police, Tax Office)

c. Legitimate Interest

For:

website security
fraud prevention
analytics and service improvement
internal record-keeping

d. Consent

For:

newsletters / promotional communication
non-essential cookies
You may withdraw your consent at any time.

4. How We Use Your Personal Data

We use your data to:

Process and confirm reservations
Communicate booking details and updates
Coordinate check-in/check-out with property owners
Provide guest support and concierge services
Manage payments through Eurobank LivePay
Comply with Greek legal and tax obligations
Improve website performance through analytics
Send newsletters (only with explicit consent)
Maintain booking history and guest experience records

We do not sell your personal data.

5. Cookies & Tracking Technologies

Our website uses cookies to ensure smooth functionality and to improve user experience.

Cookie Categories We Use

Strictly Necessary Cookies
Required for the website and booking pages to function properly.
Functionality Cookies
Remember your preferences for a more personalized experience.
Performance Cookies
Measure site performance and detect issues.
Analytics Cookies
Google Analytics (anonymous, aggregated statistics).
Advertising / Targeting Cookies
Google and Meta tools used to deliver relevant ads based on browsing behaviour.

Cookie Consent

The main site musestravel.com currently does not include a cookie banner.
The booking engine booking.musestravel.com (by Avantio) uses its own cookie banner and consent system.

Managing Cookies

You can manage or disable cookies via your browser (Chrome, Firefox, Safari, Edge).
Blocking necessary cookies may affect website functionality.

6. Third-Party Services & International Transfers

We use trusted third-party providers who process data strictly under GDPR-compliant agreements.

Our primary Data Processors:

Avantio PMS & Booking Engine – booking and reservation management
Eurobank LivePay – secure payment processing
Google Analytics – analytics (US transfer under SCCs)
Google Workspace – email hosting (US transfer under SCCs)
Mailchimp – newsletter services (US transfer under SCCs)
Meta Pixel – advertising analytics (US transfer under SCCs)
EU-based hosting provider – website hosting

Where data is transferred outside the EU/EEA (e.g., to the United States), this is done under:

Standard Contractual Clauses (SCCs)
Additional GDPR-compliant safeguards

We do not permit third parties to use your data for their own purposes.

7. Data Sharing

We may share your data only with:

Property owners (operational purposes and guest arrival details)
Local service providers (transfers, chefs, experiences) only when requested by you
Courier services (when necessary)
Accountants/auditors (legal compliance)
IT and hosting providers
Law enforcement or public authorities (when legally required)

We never share data with advertisers or data brokers.

8. Data Retention Periods

We retain your data only as long as necessary:

Type of Data	Retention Period
Booking & stay data	10 years (Greek accounting & tax law)
Communication & inquiries	2 years
Newsletter data (Mailchimp)	Until consent is withdrawn
Cookies	As per browser settings or cookie type
Google Analytics data	14 months
PMS/Avantio data	10 years, or as required by law
Passport/ID data	Only as required by Greek law for visitor registry

Data is deleted securely once the retention period expires, unless a legal dispute is pending.

9. Your GDPR Rights

You have the right to:

Access your personal data
Rectify inaccuracies
Erase your data (“right to be forgotten”)
Restrict processing
Object to certain types of processing
Data portability
Withdraw consent
Lodge a complaint to the Hellenic Data Protection Authority:

Hellenic Data Protection Authority (DPA)
Kifisias 1–3, 11523 Athens
Website: www.dpa.gr

To exercise your rights, contact us at info@musestravel.com.

We respond within 30 days, as required by GDPR.

10. Security Measures

We implement appropriate technical and organizational measures to secure your data, including:

SSL encryption
Secure servers
Encrypted email systems (Google Workspace)
Firewalls and antivirus protection
Controlled access for staff
Regular security reviews

No method of online transmission is 100% secure, but we take all reasonable precautions.

11. Children’s Data

Our website and services are not intended for individuals under 16 years old.
We do not knowingly collect children’s data. If such data is identified, it will be deleted immediately.

12. Links to External Websites

Our website may contain links to third-party sites (e.g., car rentals, travel services).
We are not responsible for their content or privacy practices.
We recommend reviewing the privacy policies of all external sites you visit.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time.
All changes take effect immediately once posted on this page.
We encourage visitors to review this page periodically.

14. Contact Information

For privacy questions or GDPR requests:

Muses Travel
Email: info@musestravel.com
Phone: +30 28310 26942
Address: Dimakopoulou 30, Rethymno 74100, Crete, Greece

PRIVACY POLICY