Call us+30 23774 40050


Scope of TOR HOTEL GROUP Privacy Policy

Tor Hotel Group (THG) appreciates your interest in its services and your visit to this website. This privacy policy describes the personal data collected or generated (processed) when you use Tor Hotel Group’s websites (“Sites”), mobile applications (“Apps”) and official social media profiles . It also explains how your personal data is used, shared and protected, what choices you have relating to your personal data and how you can contact us. THG is committed to protecting your privacy, providing a secure environment in accordance with the EU General Data Protection Regulation (GDPR), the Greek Law 4624/2019 on the Protection of Individuals with regard to the Processing of Personal Data and Law 3471/2006 for the protection of personal data and privacy in the electronic telecommunications sector, and will only use your information for clearly described purposes and in accordance with your data protection rights.

This Privacy Policy applies to all websites, mobile applications and official social media profiles which link to this policy and are published by Tor Hotel Group (TOR Hotel Group, The Excelsior, City Hotel, Eagles Palace, Eagles Villas) and describes the personal data collected or processed when you use Tor Hotel Group’s services, facilities, websites, mobile applications and social media official profiles.

Our Sites contain links to third party websites which are not subject to this privacy policy. We are not responsible for their content, use of personal information, or security practices.


Data Protection Officer

We have appointed a manager to oversee compliance with this privacy notice. If you have any questions about this privacy notice or how we handle your personal information, please contact our Data Protection Officer at info@rhetor.gr OR our customer services team at privacy@torhotelgroup.gr. We welcome questions, comments, and concerns about our cookies policy and privacy practices. If you contact us with a privacy complaint it will be assessed with the aim of resolving the issue in a timely and effective manner.


Your Rights

You have six basic rights under privacy and data protection laws related to the data we process about you. You do not have to pay a fee, and we will aim to respond to your request within 30 days. We will honor the requests you make related to your rights as the law allows, which means in some cases there may be legal or other official reasons that we may not be able to address the specific request you make related to your rights. You may:

request access to the personal information we process about you;

request that we correct inaccurate or incomplete personal information about you;

request deletion of personal information about you;

request restrictions, temporarily or permanently, on our processing of some or all personal information about you;

request transfer of personal information to you or a third party where we process the data based on your consent or a contract with you, and where our processing is automated; and

opt-out or object to our use of personal information about you where our use is based on your consent or our legitimate interests.

Make a complaint: You may make a complaint about our data processing activities to a supervisory authority, for Greece this is the Hellenic Data Protection Authority complaints@dpa.gr

To make enquires and/or to exercise any of your rights in this Privacy Policy please fill this form and send it to our customer service team at privacy@torhotelgroup.gr Or our Data Protection Officer  at info@rhetor.gr


Information we collect

“Personal data” is any information that can be used to identify you or that THG can link to you.  TGH collect (may automatically) certain information when you use, access, or interact with us via our websites.

If you are a business partner or supplier, please click here.

if you are a job applicant, please click here.

If you visit the websites and online properties we provide.

THG uses browser cookies and similar technologies (collectively, “cookies”) to collect and store certain information when you use, access, or interact with us via our websites. When you visit our site we may also collect information on an ongoing basis through Google Analytics about what pages you access or visit, and information about your use of our site, for example the pages viewed, the website from which you came to visit our site, changes you make to information you provided to us and your transactions including by use of cookies. THG may, for example, collect information about the type of device you use to access our websites, the operating system and version, your IP address, your general geographic location as indicated by your IP address, your browser type, the content you view and features you access on our websites, the web pages you view immediately before and after you access our websites, whether and how you interact with content available on our websites, and the search terms you enter on our websites. For information about how THG uses cookies and the choices you may have, please read further below.

If you are a customer, or express interest in our services.

When you directly register to use our services we may ask you to provide certain personal information including your full name, email address, contact number, registration and payment details, such as your bank account and payment card information (i.e. credit card type and number, credit card holder name, expiration date and CCV code) . This information is required to process and complete your reservation (including the sending of a confirmation email of the booking to you). THG collects your personal data when you provide it to us, for instance by visiting our website, sending us an email or entering into a contract; when you sign up for an event; When you subscribe to our newsletter to receive exclusive offers and the latest news on our services.

When you create a profile or sign in to access an existing profile on our website or App;

When you make a reservation through our website directly; and

During your stay at THG including information provided during check-in.

During your stay, we record your itemized spending to properly assemble your folio, which sets out your room rate and other expenses billed to your room. We also record this information to comply with financial reporting requirements, including those imposed by auditors and government regulators. We may also collect certain information as required by local laws (e.g. passport number). Information particular to your stay may also be stored (i.e. health issues, payment difficulties, special requests, service issues). This stay specific information is stored in our CRM system and is combined with information from previous visits that you have made to one of our hotels. Certain information regarding your service preferences is also stored centrally by us and may be made available to other THG’s properties through the guest history database. You may advise the hotel if you do not want personal preferences shared. In addition, we may retain the content of any document (including letters, comment cards, electronic documents such as e-mails and other similar forms of communication) that you send us before, during or following your stay. This information may be shared with employees of the hotel.

THG is obliged to maintain a data record of all the people who stayed in its hotels for additional reasons of public interest in the area of public health (indicatively to encounter a covid19  case).

THG may also receive information about you from social media platforms including but not limited to when you interact with us on those platforms or access our social media content.


Information of children

Our websites and services are generally not directed to children under 15. Tor Hotel Group does not knowingly collect personal data from anyone under 15 without parental consent. We will delete any Personal Information collected that we later determine to be from an individual younger than the age of thirteen (13). If you are a parent of a child younger than age thirteen (13) and you have a concern about information that may have been provided by your child to us, please contact us at privacy@torhotelgroup.gr


What do we use your personal data for?

To Provide Superior Customer Service to our Guests

Personal Information is collected to assist us in making your reservation and providing the services you request at any of our properties, to ensure we meet your needs while you are staying with us and/or to allow us to contact you in relation to matters that arise from your stay with us. By keeping certain stay related Personal Information on file, such as information regarding guest history and itemized spending, guests of THG have the ability to confirm prior transactions and reconcile statements or invoices.  In the normal course of our business, to allow us to manage your reservation on the basis that processing is necessary in order to perform our contract with you to provide our services

To Keep Our Guests Informed

We may use the Personal Information you provide to send you newsletters regarding our properties and to advise you of promotions or to inform you of offers or other information that may be of interest to you.  You will be able to opt-out of such communications at any time by sending us an email at privacy@trohotelgroup.gr

For Marketing Research

We wish to contact Guests to conduct surveys or focus groups to receive your views of our properties and service delivery. Occasionally we will combine information from a number of Guests to better understand trends and Guest expectations;

to allow us to understand your personal preferences, personalize our services to you as our guest ;

 to store your data to pre-populate fields to make it easier for you to provide information when you return to our sites;

to validate your information (and, in some cases, match it against information that has been collected by a third party such as travel sites and online intermediaries) to check that the data we hold about our customers/users is accurate, consistent and up to date on the basis that processing is necessary in order to perform our contract with you to provide our services;

in pursuit of our legitimate interests, to record CCTV footage to ensure the safety and security of our premises, staff and customers; our legitimate interest consists in the necessity to protect our property and the goods located in it from illegal acts, such as theft. The same applies to the safety of life, physical integrity, health as well as the property of our staff, clients and other third parties legally located in the monitored area. We only collect image data and limit the surveillance to areas where we have assessed an increased likelihood of illegal activity, without focusing on areas where the privacy of the persons being monitored may be severely restricted, considering their right to respect for personal data;

to comply with any legal obligations to which we are subject;

for reasons of public interest in the area of public health, such as protecting against serious cross-border threats to health or ensuring high standards of quality and safety of health care and of medicinal products or medical devices, on the basis of European  Union or Member State law which provides for suitable and specific measures to safeguard the rights and freedoms of the data subject;and

We shall periodically check that the personal data we store for you is accurate. If you would like to update the personal data we hold about you, please contact us on privacy@torhotelgroup.gr with your request.

The provision of certain personal information is mandatory if you are to use our services. If you fail to provide such data we shall be unable to provide our services.

Who do we share your information with?

We may disclose your personal data to any member of our group of companies insofar as reasonably necessary for the purposes, and on the legal bases, set out in this policy. Information about our Binding Corporate Rules can be found here.

We may disclose your personal data to our insurers and/or professional advisers insofar as reasonably necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, obtaining professional advice, or the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of court procedure.

Financial transactions relating to our website and services are handled by our payment services provider. We will share transaction data with our payment services provider only to the extent necessary for the purposes of processing your payments, refunding such payments and dealing with complaints and queries relating to such payments and refunds.

Third parties that process data on our behalf (such as marketing agencies, infrastructure providers, management systems, it & information security professionals, law firms etc.) in order to pursue our legitimate interests and perform a contract.

if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to protect your vital interests or the vital interests of another natural person (employees, customers, or others). We may also disclose your personal data where such disclosure is necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.

CCTV storaged material is accessible only by our competent / authorized personnel and associates who are in charge of the security of the space. This material shall not be transmitted to third parties, except in the following cases: (a) to the competent judicial, prosecutorial and police authorities when it contains information necessary for the investigation of a criminal offense involving persons or property of the controller; (b) to the competent judicial, prosecutorial and police authorities when requesting data, lawfully, in the performance of their duties, and (c) to the victim or perpetrator of a crime, in the case of data which may constitute evidence of the act.


Disclosure of Data Transfer & Third-Parties

THG may pass on your personal data to third parties after first obtaining your consent for purposes that you explicitly approve.

THG may pass on your personal data to third parties without first obtaining your consent for purposes allowed under required collection and processing under GDPR, including but not limited to where such data is required to provide website or user security, authentication, fraud-protection, or anti-spam protecting;


Third-Party Service Providers

Our services may be used in conjunction with services provided through a variety of third parties, such as Google. The use of information provided by you to such third parties is governed by their privacy policies, not our Privacy Policy. THG is not responsible for such third party privacy policies or their compliance with such policies.

THG may allow third-party ad servers or ad networks to serve advertisements and/or collect information on the service. These third-party ad servers or ad networks use technology to send, directly to your browser, the advertisements and links that appear on THG’s websites. They automatically receive your IP address when this happens. They may also use other technologies (such as cookies, JavaScript, or web beacons) to measure the effectiveness of their advertisements and to personalize the advertising content. THG does not provide any personally identifiable information to these third-party ad servers or ad networks without your consent.

The THG Privacy Policy does not apply to, and we cannot control the activities of, third-party advertisers. Please consult the respective privacy policies of such advertisers for more information.


International Data Transfers

We may transfer, access, or store personal information about you outside of the European Economic Area (“EEA”), Switzerland, or another country that requires legal protections for international data transfer. When we do, we will ensure that an adequate level of protection is provided for the information by using one or more of the following approaches:

We may transfer personal information to organizations that participate in Privacy Shield or its successor data transfer mechanisms for transfers from the EEA or Switzerland to the U.S.

We may transfer personal information to countries that have privacy laws that have been recognized by the country from which the data are transferred as providing adequate protection for the data. Where personal data is transferred outside of the EEA to a data importer in a country that is not subject to an adequacy decision by the European Commission, data is adequately protected by appropriate safeguards, such as industry- standard GDPR – compliant contractual clauses with third parties.

We may rely on other transfer mechanisms approved by European or Greek authorities.


Legal Bases for Using Your Personal Data

There are different legal bases that THG relies on to use your personal data, namely:

Performance of a contract – The use of your personal data may be necessary to perform the contract that you have with us. For example, as a user of our websites or services THG will use your personal data to respond to your requests and provide you with such services.

Consent – THG will rely on your consent to use (i) technical information such as cookie data and geolocation data as described in this Privacy Policy; and (ii) your personal data for marketing purposes where required by law. You may withdraw your consent at any time by contacting us at the details at the end of this Privacy Policy.

Legitimate interests – THG may use your personal data for our legitimate interests to improve our services and the content on our websites; to protect our property and lives, health and physical integrity of our staff, clients and other third parties; to obtain professional advice and exercise legal claims

Legal compliance and/or vital interest as mandated by a valid and binding request from an applicable government entity with proper jurisdiction.

For reasons of public interest in the area of public health, such as protecting against serious cross-border threats to health.


Keeping and Securing Your Data

We will keep personal information about you for as long as we provide services to you, as long as you work for or with us, or as long as we are addressing a concern, question, complaint, or request you have made to us, as applicable to our interactions with you. If we have a contract or other agreement with you, we will follow the retention obligations of that agreement.

We may keep data longer if we have a legal obligation to keep it or to maintain necessary records for legal, financial, compliance, or other reporting obligations, and to enforce our rights and agreements. We also may keep data about you for statistical analysis or research purposes.

Deletions of data, pursuant to properly issued, valid, and verified GDPR-related requests from a person or entity with rights to make such a request, will occur within a reasonable timeframe; data in backup archives that is unlinked may take longer to delete than active data.

We store CCTV data for seven (7) days, after which they are automatically deleted. In the event that during this period an incident occurs, we isolate part of the video and store it for another (1) month, in order to investigate the incident and initiate legal proceedings to pursue our legitimate interests, while if the incident concerns third parties we will store the video for up to three (3) more months

We restrict access to your information to only those persons who need to use it for the relevant purpose. Our retention periods are based on business needs and your information that is no longer needed is either irreversibly anonymized or destroyed securely. Where we don’t need to keep all of your information in full, we will obfuscate or aggregate it, for example, web activity logs and survey responses. This is to ensure that we do not retain your information for any longer than is necessary.

We take appropriate security measures to protect personal information against loss, misuse, and unauthorized access, alteration, disclosure or destruction. We also have implemented measures to maintain the ongoing confidentiality, integrity and availability of the systems and services that process personal information, and will restore the availability and access to data in a timely manner in the event of a physical or technical incident.

For reservations made through booking.com, your credit card information is transmitted to us through a secure server protocol, which encrypts all your personal and credit card details. The encryption method used is the industry standard "Secure Socket Layer" (SSL) technology.

For reservations made through THG online booking engine (powered by WebHotelier HLDG Ltd), the collection and transmission methods used are the Secure Socket Layer" (SSL) and the PCI Data Security Standard (PCI DSS).


Cookies policy

THG collects information, which may include personal data, from your browser when you use our Sites. We use browser session cookies, which are temporary cookies that are erased from your device’s memory when you close your Internet browser or turn your computer off, and persistent cookies, which are stored on your device until they expire, unless you delete them before that time.

We use a variety of methods, such as cookies and pixel tags to collect this information, which may include your (i) IP-address; (ii) unique cookie identifier, cookie information and information on whether your device has software to access certain features; (iii) unique device identifier and device type; (iv) domain, browser type and language, (v) operating system and system settings; (vi) country and time zone; (vii) previously visited websites; (viii) information about your interaction with our Sites such as click behavior, purchases and indicated preferences; and (ix) access times and referring URLs.

For example, we use cookies and pixel tags to track usage of the Sites and to understand our customers’ preferences (such as country and language choices). This enables us to provide services to our customers and improve their online experience. We also use cookies and pixel tags to obtain aggregate data about site traffic and site interaction, to identify trends and obtain statistics so that we can improve our Sites.


Managing your cookie settings

If you do not want to accept cookies, you can block them by adjusting the settings on your internet browser. Please note that because this is a setting on your browser, this adjustment may also block cookies for any website you visit. You can visit www.aboutcookies.org, which provides detailed information on managing cookies in popular browsers.

You can completely disable cookies in your browser at any time. Blocking cookies may affect your ability to benefit from the conveniences afforded by the use of cookies, may affect your ability to use certain customization features associated with creating a user profile, and, in the case of cookies that are strictly necessary for the website to operate properly, may affect your experience of the website.

Videos and other features on our site use Flash cookies to collect and store your preferences, such as volume. Flash cookies are different from browser cookies because of the amount of, type of, and way that data is stored. Cookie management tools provided by your browser will not remove Flash cookies.  Some cookies may be placed by third party service providers who perform some of these functions for us. Based on what function cookies have and the purpose for which cookies are used, there are four categories of cookie: strictly necessary cookies, performance cookies, functional cookies and marketing cookies.

Cookies on this website that do not require approval.

Cookies that are essential, also known as ‘strictly necessary’ cookies enable features without which you would not be able to use the website as intended. These cookies are used exclusively by THG and are therefore known as first-party cookies. They are only saved on your computer while you are actually browsing the website. An example of what these cookies do is facilitate a switch from http to https when you change pages, so that the security of data transmitted is maintained. Furthermore, a cookie of this kind is used to store your decision about the use of cookies on our website. Your consent is not required for the use of strictly necessary cookies.

Strictly necessary cookies cannot be disabled using the features of this website.

Cookies on this website that require approval.

Performance cookies

Gather information about how a website is used – for example, which pages a visitor opens most often, and whether the user receives error messages from some pages. These cookies do not save information that would allow the user to be identified. The collected information is aggregated, and therefore anonymous. These cookies are used exclusively to improve the performance of the website and with it the user experience.

Functional cookies

Enable a website to save information which has already been entered (such as user names, languages choices, and your location), so that it can offer you improved and more personalized functions. Functional cookies are also used to enable features you request such as playing videos. These cookies collect anonymous information and cannot track your movements on other websites.

Marketing cookies

Are used to deliver adverts and other communications more relevant to you and your interests. They are also used to limit the number of times you see an advertisement and to help measure the effectiveness of advertising campaigns. They remember whether you have visited a website or not, and this information can be shared with other organizations such as advertisers (this includes advertising technologies on websites such as Facebook, LinkedIn and Twitter). Cookies for improving group targeting and advertising will often be linked to site functionality provided by other organizations.

Third party cookies on our Sites

Third parties may also collect data directly from your web browser and the processing of this data is subject to their own privacy policies. Our standard advertising terms and conditions do not permit our advertisers to drop their own cookies for profiling or retargeting without your consent.

We also use third party cookies on our Sites that fall into the categories above (“third party cookies”) for the following reasons:

to help us monitor traffic on our Sites (like many companies, we use Google Analytics to do this);

Our website uses cookies software provided by Google Analytics to monitor visitor usage to better understand how the website is used. The software will save a cookie to your computer hard drive in order to track and monitor your engagement and usage of our website, but will not store, save or collect personal information. If you would like to read Google’s privacy policy please visit https://policies.google.com/privacy?hl=en-US

to identify fraudulent or non-human traffic;

to assist with market research;

to improve Site functionality;

Advertisers sometimes use their own cookies to measure performance and to identify fraudulent or non-human traffic. To the extent that you have given them your consent to do so, advertisers may also provide you with targeted advertising based on their data. For example, advertisers may use a profile they have built either on their own site or on sites that you have previously visited to present you with more relevant advertisements during your visit to our website.

When does THG send you emails?

After you have made a booking, you will receive a confirmation message with all the information about your booking.

As mentioned above, sometimes THG may send feedback emails after your stay at the hotel. If you do not wish to give us your opinion, you can let us know and we will not request anyfurther feedback.

In the reservation process you can request our newsletter, which contains special offers and more information about THG. You can also choose to stop receiving the newsletter at any time.


Prohibition of Drone OperationsOut of safety concerns for guests and staff, as well as concerns for individual privacy, Eagles Resort prohibits the operation or use of unmanned aerial systems, or drones, by the general public - including recreational users and hobbyists - without the prior written authorization from Eagles Resort management. This prohibition includes drones used for filming or videotaping, as well as any drone use by media or journalists operating above or within the Eagles Resort area boundaries. This prohibition on drone operations or use extends to any drones launched or operated from within Eagles Resort property, as well as drones launched from private property outside of Eagles Resort area boundaries.

Any authorized operation of aerial drones is governed by the European Aviation Safety Agency and the Hellenic Civil Aviation Authority (HCAA) rules and regulations, local law enforcement as well as this policy separately established by Eagles Resort, which may include drone registration, permit – to – fly, mass limitations, altitude limitations, certification, training, insurance coverage, indemnification requirements, waivers or releases of liability etc.

Any violation of this prohibition may involve eviction from your accommodation(s), as well as confiscation of any drone equipment, and may subject violators to any damages, including, but not limited to, damages for violations of privacy and/or physical or personal injuries or property damage, as well as regulatory fines and legal fees.

Changes to this Privacy Policy

This Privacy Policy was last amended on February 06 2022

We may make changes to this Policy from time to time based on changes to applicable laws and regulations or other requirements applicable to us, changes in technology, or changes to our business. Any changes we make to the Policy in the future will be posted on this page, and where we change this Policy in ways that also affect how we process personal information about you, where appropriate, we will notify you directly via email or other direct contact with you, and we also will post a notice on our home page that this Policy has changed. If we materially change the way in which we process your personal data, we will provide you with prior notice, or where legally required, request your consent prior to implementing such changes. We strongly encourage you to read our privacy policy and keep yourself informed of our practices.