kavala-online

Privacy Policy

Last updated: March 2026

1. Data Controller

The party responsible for data processing on this website is:

Kavala Online · Marcus Jacobi
Posidonos 28, 65302 Kavala, Greece
E-Mail: info@kavala-online.com

2. Overview

This website is a hotel directory for Kavala, Greece. We collect only the personal data that is strictly necessary to provide our services. We do not sell your data. We do not use advertising or tracking cookies. All data processing is based on the EU General Data Protection Regulation (GDPR).

3. Data We Collect

3.1 Visitors (public directory)

When you browse the hotel directory, no personal data is stored by us. Standard server logs (IP address, browser type, page visited, timestamp) are processed by our hosting provider Firebase App Hosting (Google LLC) for security and operational purposes and are automatically deleted after a short retention period.

3.2 Registered Hoteliers

If you register an account to list your property, we process the following data:

  • E-mail address and password (for authentication)
  • Full name and phone number (optional, for your profile)
  • Hotel details you enter (name, address, amenities, images)
  • Billing information (processed by Stripe — we never see your card details)

Legal basis: contract performance (Art. 6 § 1 lit. b GDPR) and legitimate interest (Art. 6 § 1 lit. f GDPR).

3.3 Contact Form

When you use our contact form, we process your name, e-mail address and message in order to respond to your enquiry. This data is not stored in a database — it is forwarded directly to our team by e-mail and retained only as long as necessary to handle your request. Legal basis: legitimate interest (Art. 6 § 1 lit. f GDPR).

4. Cookies & Storage

We use only technically necessary cookies — no tracking, no analytics, no advertising cookies.

  • Session cookie (Supabase Auth) — keeps you logged in as a hotelier. Deleted when you log out or your session expires.
  • Locale cookie — stores your language preference (e.g. "en" or "el"). No personal data.

5. Third-Party Service Providers

We work with the following processors, each bound by a Data Processing Agreement (DPA):

Firebase App Hosting (Google LLC, USA)

Hosts and serves this website. Standard Contractual Clauses (SCCs) are in place for data transfers outside the EU.Privacy info →

Supabase (Supabase Inc., USA)

Database and authentication provider. Data is stored in EU data centers (Frankfurt).Privacy info →

Stripe (Stripe Inc., USA)

Payment processing for hotelier subscriptions. Stripe operates under SCCs and is certified under various compliance frameworks. We never receive or store your full card details.Privacy info →

Resend (Resend Inc., USA)

Transactional email delivery (contact form submissions). Messages are forwarded and not stored.Privacy info →

Google Maps (Google LLC, USA)

Embedded map on hotel detail pages. When the map loads, Google may process your IP address. Only loaded if the hotel has provided coordinates.Privacy info →

6. Data Retention

Account data is retained for as long as your account is active. You may request deletion at any time. Billing records are retained for 7 years as required by applicable tax law. Contact form messages are kept only until the enquiry is resolved.

7. Your Rights (GDPR Art. 15–22)

You have the right to:

  • Access the personal data we hold about you (Art. 15)
  • Rectification of inaccurate data (Art. 16)
  • Erasure ("right to be forgotten") (Art. 17)
  • Restriction of processing (Art. 18)
  • Data portability (Art. 20)
  • Object to processing based on legitimate interest (Art. 21)
  • Withdraw consent at any time, without affecting prior processing

To exercise any of these rights, contact us at: info@kavala-online.com

You also have the right to lodge a complaint with a data protection supervisory authority. In Greece, the competent authority is the Hellenic Data Protection Authority (HDPA).

8. Security

This website uses HTTPS encryption for all data in transit. Access to personal data is restricted to authorized personnel only. Passwords are never stored in plain text — authentication is handled by Supabase Auth using industry-standard protocols.

9. Changes to This Policy

We may update this privacy policy from time to time. The current version is always available at this URL. For material changes, we will notify registered users by e-mail.