Privacy Policy

Last updated: 3 June 2026

This Privacy Policy explains how Rhodes Youth Hostel collects, uses, stores and protects personal data when you visit this website, contact us through the contact form, use booking-related links, or interact with services available through the website.

1. Who we are

This website is operated by:

Nikolaos Magkafas, operating as Rhodes Youth Hostel
Ergeiou 12, Rhodes Old Town, 85100 Rhodes, Greece
Email: info@rhodesyouthhostel.com
Telephone: +30 22410 30491

For the purposes of the General Data Protection Regulation (EU) 2016/679, the above operator is the data controller for personal data collected through this website, unless otherwise stated.

2. Scope of this Privacy Policy

This Privacy Policy applies to personal data processed through this website, including:

  • visits to rhodesyouthhostel.com;
  • contact form submissions;
  • cookie consent choices;
  • embedded services such as Google Maps;
  • booking-related links or booking engine access;
  • technical and security processing related to website operation.

This Privacy Policy does not replace the privacy policies or terms of third-party services, such as WebHotelier, Google, Cloudflare, Kinsta or other providers that may process data through their own platforms or systems.

3. Personal data we collect

We may collect and process the following categories of personal data.

3.1 Contact form data

When you submit the contact form, we collect the information you provide, including:

  • first name;
  • last name;
  • email address;
  • phone number;
  • message or special requests, if provided;
  • consent confirmation;
  • captcha, security or anti-spam verification data;
  • technical form submission data needed for security and spam prevention.

The message / special requests field is optional.

Please do not send sensitive personal data through the contact form, such as health information, identification documents, payment card details, financial information, passwords, or other highly confidential information.

3.2 Contact form processing, storage and replies

Contact form submissions are processed through Forminator.

When you submit the contact form:

  • the information you submit may be stored in the WordPress administration area;
  • an email notification is sent to Rhodes Youth Hostel;
  • an automatic reply may be sent to the email address you provided;
  • consent and anti-spam verification data may be recorded for security and compliance purposes.

Access to form submissions is limited to authorised website or business administrators who need access for operational purposes.

3.3 Contact form security and anti-spam

The contact form uses Cloudflare Turnstile or similar anti-spam/security technology to help prevent spam, abuse and automated submissions.

These technologies may process technical data such as IP address, browser information, device signals, interaction data and verification results for security and anti-spam purposes.

3.4 Booking-related data

When you use a Book now button or booking-related link, you may be directed to a booking engine provided by WebHotelier or another booking platform used by Rhodes Youth Hostel.

The booking engine may appear as part of the booking flow connected with this website, but it may be provided and operated by a third-party booking platform.

If you make or manage a reservation through the booking engine, the booking platform may collect and process booking-related personal data, such as:

  • name;
  • contact details;
  • stay dates;
  • reservation details;
  • payment-related information, where applicable;
  • booking preferences or requests;
  • communication related to the booking.

Where WebHotelier or another booking provider processes data through its own platform, its own privacy information, booking terms and cookie practices may also apply.

3.5 Technical, security and website data

When you visit the website, some technical data may be processed automatically, including:

  • IP address;
  • browser type and version;
  • device and operating system information;
  • date and time of access;
  • pages visited;
  • referring page or URL, where available;
  • server logs;
  • security and anti-spam signals;
  • cookie consent choices.

This data is used for website operation, security, troubleshooting, fraud prevention, spam prevention and maintaining the functionality of the website.

3.6 Cookies and consent data

The website uses a cookie consent system provided by Complianz.

The cookie banner allows visitors to accept, deny or manage cookie preferences. The website currently uses essential cookies and may use third-party services for maps, booking tools and security features.

The cookie consent system may store information about your cookie choices so that the website can remember your preferences.

We do not currently use Google Analytics, Google Tag Manager, Meta Pixel, Hotjar, advertising cookies, newsletter tracking or marketing cookies.

For more information, please see our Cookie Policy.

3.7 Google Maps

The Contact page may include an embedded Google Maps service.

Google Maps is blocked by the cookie consent system until the visitor gives the relevant consent. If you choose to enable the map, Google may process technical data and may use cookies or similar technologies according to its own privacy terms.

3.8 WordPress technical and administrator cookies

WordPress may set technical cookies for website administrators or authorised users when they log in to the WordPress administration area.

These cookies may support:

  • login sessions;
  • screen preferences;
  • admin dashboard functionality;
  • basic website management functionality.

These cookies are not intended for ordinary website visitors who do not log in to the website.

3.9 WooCommerce and direct website payments

WooCommerce may be installed on the website, but direct website payments are not currently active through this website.

If direct online payments, WooCommerce checkout or payment gateway functionality are enabled in the future, this Privacy Policy will be updated before or at the time such functionality becomes active, and the relevant payment provider information will be added.

3.10 Newsletter and marketing emails

We do not currently send newsletters or marketing emails through this website.

If newsletter or marketing email functionality is introduced in the future, it will only be used where legally permitted and, where required, after explicit opt-in consent.

Visitors will be able to withdraw consent or unsubscribe from marketing communications.

4. Why we use personal data

We process personal data for the following purposes:

  • to respond to enquiries submitted through the contact form;
  • to answer questions about rooms, availability, arrival, location or hostel services;
  • to send automatic confirmation replies after contact form submission;
  • to support booking-related communication;
  • to operate, maintain and secure the website;
  • to prevent spam, fraud, abuse and automated submissions;
  • to remember cookie consent choices;
  • to display third-party services, such as Google Maps, where consent has been given;
  • to maintain website logs and troubleshoot technical issues;
  • to comply with legal, accounting or regulatory obligations;
  • to protect our legal rights and legitimate business interests.

5. Legal bases for processing

We process personal data only when there is a lawful basis to do so.

Depending on the situation, the legal bases may include the following.

5.1 Contract or steps before entering into a contract

We may process your data when you contact us about room availability, reservations, arrival details or services connected with a possible or existing stay.

This may include responding to enquiries, assisting with booking-related questions, or communicating about a reservation.

5.2 Legitimate interests

We may process data where necessary for legitimate business interests, including:

  • responding to ordinary enquiries;
  • operating and maintaining the website;
  • protecting the website from spam, abuse and security threats;
  • managing normal guest communication;
  • sending administrative email replies related to enquiries;
  • keeping appropriate business records;
  • troubleshooting technical issues;
  • protecting legal rights.

We rely on legitimate interests only where our interests are not overridden by your rights and freedoms.

5.3 Legal obligation

We may process or retain certain data where required by applicable law, including accounting, tax, consumer protection, legal claim or regulatory obligations.

5.4 Consent

We rely on consent where required, including for certain non-essential cookies, third-party embedded content, optional future marketing emails, or other optional processing that requires consent.

You may withdraw consent where processing is based on consent. Withdrawing consent does not affect processing that took place before withdrawal.

6. Contact form submissions and retention

Contact form submissions are sent to us by email and may also be stored in the WordPress administration area through Forminator.

We normally retain contact form submissions for up to 12 months, unless a longer period is necessary for:

  • booking management;
  • dispute handling;
  • legal obligations;
  • accounting requirements;
  • security investigation;
  • the establishment, exercise or defence of legal claims.

If you want us to delete a contact form submission, you may contact us at info@rhodesyouthhostel.com. We will review the request in accordance with applicable law.

7. Cookies and third-party services

This website uses Complianz to manage cookie consent.

The cookie banner gives visitors the option to:

  • accept cookies and relevant third-party services;
  • deny non-essential cookies;
  • manage preferences.

Google Maps is blocked until the visitor gives the relevant consent. This helps prevent Google Maps from loading automatically before consent.

The website does not currently use analytics or marketing tracking tools such as Google Analytics, Google Tag Manager, Meta Pixel, Hotjar or advertising scripts.

If analytics or marketing tools are introduced in the future, the cookie banner and Cookie Policy will be updated before such tools are enabled, and consent will be requested where required.

8. Who we share data with

We may share or make data available to service providers only where necessary for the purposes described in this Privacy Policy.

These may include:

  • website hosting and infrastructure providers, including Kinsta;
  • WordPress and website plugin providers;
  • Forminator, for contact form processing, storage, email notifications and automatic replies;
  • Complianz, for cookie consent management;
  • Cloudflare Turnstile, for anti-spam and security verification on forms;
  • Google Maps, where the visitor enables the map;
  • WebHotelier or another booking engine provider, when booking-related services are used;
  • email and technical service providers;
  • professional advisers, accountants or legal advisers where necessary;
  • public authorities, courts or regulators where required by law.

Some third-party providers may act as processors, while others may act as independent controllers for their own services.

Where you use a third-party service directly, such as a booking engine or Google Maps, the provider’s own privacy information may also apply.

9. International transfers

Some service providers may process data outside Greece, the European Union or the European Economic Area.

Where required, such transfers should take place under appropriate safeguards recognised by applicable data protection law, such as adequacy decisions, standard contractual clauses or other lawful transfer mechanisms.

10. How we protect personal data

We use reasonable technical and organisational measures to protect personal data against unauthorised access, loss, misuse, alteration or disclosure.

These measures may include:

  • managed hosting;
  • access controls;
  • website security measures;
  • anti-spam tools;
  • software updates;
  • backups;
  • restricted administrative access;
  • cookie consent management;
  • form security verification.

No website, email system or internet transmission is completely secure. For that reason, you should not send highly sensitive information through the contact form.

11. How long we keep data

We keep personal data only for as long as necessary for the purposes for which it was collected, unless a longer retention period is required or permitted by law.

Indicative retention periods:

Data categoryRetention
Contact form submissionsUp to 12 months
Contact form email notifications and repliesAs long as necessary to respond and manage the enquiry
Booking-related communicationAs long as necessary for booking management, accounting, legal or dispute purposes
Cookie consent recordsAccording to the consent tool settings and applicable requirements
Server and security logsFor a limited period necessary for security, troubleshooting and fraud prevention
Legal and accounting recordsAs required by applicable law

12. Your rights

Subject to applicable law, you may have the right to:

  • request access to your personal data;
  • request correction of inaccurate or incomplete data;
  • request deletion of your personal data;
  • request restriction of processing;
  • object to processing based on legitimate interests;
  • request data portability, where applicable;
  • withdraw consent where processing is based on consent;
  • lodge a complaint with a competent data protection authority.

To exercise your rights, contact us at:

info@rhodesyouthhostel.com

We may need to verify your identity before responding to a request.

13. Complaint to a supervisory authority

If you believe that your personal data has been processed unlawfully, you may lodge a complaint with the competent data protection authority.

For Greece, the competent authority is the Hellenic Data Protection Authority.

Hellenic Data Protection Authority
Kifissias 1-3, 115 23 Athens, Greece
Website: www.dpa.gr
Email: contact@dpa.gr
Telephone: +30 210 6475600

14. Children

This website is not intended for children to submit personal data without appropriate parental or guardian involvement.

If you believe that a child has submitted personal data through the website, please contact us.

15. Links to third-party websites and services

This website may contain links to third-party websites or services, including booking platforms, map services or other external providers.

We are not responsible for the privacy practices, content or security of third-party websites.

You should review the privacy information of any third-party service you use.

16. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in the website, services, legal requirements or business operations.

The updated version will be posted on this page with a revised “Last updated” date.