1. Introduction
ES FEREOS I.K.E. (hereinafter "we", "us" or "the Company"), operating the website Darion Residence, is committed to protecting your personal data in accordance with Regulation (EU) 2016/679 (GDPR), Greek Law 4624/2019, and the ePrivacy Directive 2002/58/EC.
This Privacy Policy explains what data we collect, how we use it, and your rights as a data subject. By using our website or services, you acknowledge this policy.

2. Data Controller

3. Personal Data We Collect
3.1 Booking & Reservation DataWhen you make a reservation, we collect:

• First name and last name.
• Email address.
• Phone number, including preferred messaging channel (WhatsApp or Viber).
• Selected residence/property.
• Number of guests, arrival and departure dates.
• Special requests and comments (e.g. early check-in, accessibility needs).

3.2 Payment DataPayment transactions are processed by PCI-DSS certified third-party providers. We do not store full card numbers or CVV codes on our systems.

3.3 Communication DataMessages sent via contact forms, email, or phone - including inquiries and complaints.

3.4 Technical & Analytics DataIP addresses, browser type, device identifiers, pages visited, and session duration, collected via cookies, Google Analytics, embedded Google Maps, and the Elfsight reviews widget (see Section 7). When you interact with these embedded services, the respective providers may collect your IP address and usage data directly.

3.5 Sensitive DataWe do not intentionally collect special categories of data (race, religion, health, biometric data, etc.). If a guest voluntarily discloses medical or accessibility needs to facilitate their stay, this information is used solely for that purpose and deleted after check-out.

3.6 Third-Party BookingsIf you make a booking on behalf of other guests, you confirm that you have obtained their consent to share their personal data with us and that they are aware of this Privacy Policy.

4. Legal Bases for Processing

5. How We Use Your Data

• Confirm and manage your reservation.
• Process payments and issue invoices.
• Communicate before, during, and after your stay.
• Send promotional emails (only with explicit consent; unsubscribe at any time).
• Improve our website and services through analytics.
• Comply with Greek and EU legal obligations.

6. Data Retention

7. Cookie Policy
We use cookies to ensure our website functions correctly and to understand how visitors interact with it. Consent for non-essential cookies is managed through CookieScript. You may update your preferences at any time via the cookie banner.

We use the following categories of cookies:

• Necessary cookies - required for the website to function. These include CookieScript cookies that store your consent preferences. They cannot be disabled.
• Analytics cookies - provided by Google Analytics (GA4). They help us understand how visitors use the site (pages visited, session duration, returning users). Activated only with your consent.
• Google Maps cookies - set when embedded maps are loaded on our website. Google may collect your IP address and location data to render the map. Governed by Google's Privacy Policy (policies.google.com/privacy). Activated only with your consent.
• Elfsight cookies - set by the Elfsight reviews widget, which aggregates guest reviews from Booking.com, Airbnb, and Google. When the widget loads, Elfsight may collect your IP address and browser data. Governed by Elfsight's Privacy Policy (elfsight.com/privacy-policy). Activated only with your consent.
• Cloudflare cookies - set by Cloudflare's infrastructure used by Elfsight. The _cfuvid cookie is a session cookie that tracks sessions to optimise user experience. It is activated when the Elfsight widget loads and is deleted when the browser is closed.
• Marketing cookies - used for remarketing (e.g. Google Ads). Activated only if you explicitly opt in via the cookie banner.

8. Sharing with Third Parties
We do not sell your personal data. We may share data with:

• Payment processors - PCI-DSS certified providers for secure transactions.
• Booking platforms - Airbnb, Booking.com, or similar OTAs through which you may have booked.
• Google LLC (USA) - via Google Analytics (usage data) and Google Maps (IP address and location data). Google operates under Standard Contractual Clauses for EEA data transfers. See Google's Privacy Policy at policies.google.com/privacy.
• Elfsight LLC (Armenia) - a third-party widget provider that displays aggregated reviews from Booking.com, Airbnb, and Google on our website. When the widget loads, Elfsight may receive your IP address and browser data. See Elfsight's Privacy Policy at elfsight.com/privacy-policy.
• Objectis, UAB / CookieScript (Lithuania, EU) - our consent management platform. CookieScript stores records of visitor cookie consents (IP address, consent timestamp, preferences) to demonstrate GDPR compliance. As a Lithuanian company, all data remains within the EEA. See CookieScript's Privacy Policy at cookie-script.com/legal/privacy-policy.
• IT & hosting providers - under Data Processing Agreements (DPAs).
• Legal authorities - when required by Greek or EU law.

All third-party processors are contractually bound to process data only on our instructions and in compliance with GDPR.

9. International Data Transfers
Some of our third-party service providers are located outside the European Economic Area (EEA). We ensure appropriate safeguards are in place for all such transfers:

• Google LLC (USA) - Google Analytics and Google Maps transfer data to the United States. These transfers are protected by Standard Contractual Clauses (SCCs) approved by the European Commission, ensuring an equivalent level of data protection.
• Elfsight LLC (Armenia) - Elfsight is located in Armenia, a country without an EU adequacy decision and without Standard Contractual Clauses in place. Data transfer to Elfsight (IP address, browser data) therefore takes place solely on the basis of your explicit consent in accordance with Art. 6(1)(a) and Art. 49(1)(a) GDPR. The Elfsight widget is only activated after you accept cookies via our consent banner. You may withdraw consent at any time by updating your cookie preferences. Please be aware that transfers to countries without an adequacy decision carry inherent risks regarding the level of data protection.

10. Your Rights Under GDPR

To exercise any right, contact us at esfereos@gmail.com. We will respond within 30 days. You also have the right to lodge a complaint with the Hellenic Data Protection Authority (HDPA) at www.dpa.gr or by calling +30 210 6475600.

11. Data Security
We implement appropriate technical and organisational measures to protect your data, including:

• SSL/TLS encryption for all data transmitted via our website.
• Access controls limiting data access to authorised personnel only.
• Regular security assessments of our systems and third-party providers.
• Secure deletion procedures when data retention periods expire.

12. Children's Privacy
Our services are not directed at children under 16 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with data without parental consent, please contact us immediately.

13. Updates to This Policy
We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. The current version will always be published on our website with the date of last revision. Material changes will be communicated via email or a prominent notice on the website.

14. Contact Us
For any questions, requests, or concerns regarding this Privacy Policy or the processing of your personal data, please contact:


This document was prepared in compliance with GDPR (Reg. EU 2016/679), Greek Law 4624/2019, and the ePrivacy Directive 2002/58/EC.

1. Introduction
ES FEREOS I.K.E. (hereinafter "we", "us" or "the Company"), operating the website Darion Residence, is committed to protecting your personal data in accordance with Regulation (EU) 2016/679 (GDPR), Greek Law 4624/2019, and the ePrivacy Directive 2002/58/EC.
This Privacy Policy explains what data we collect, how we use it, and your rights as a data subject. By using our website or services, you acknowledge this policy.

2. Data Controller

3. Personal Data We Collect
3.1 Booking & Reservation DataWhen you make a reservation, we collect:

• First name and last name
• Email address
• Phone number, including preferred messaging channel (WhatsApp or Viber)
• Selected residence/property
• Number of guests, arrival and departure dates
• Special requests and comments (e.g. early check-in, accessibility needs)

3.2 Payment DataPayment transactions are processed by PCI-DSS certified third-party providers. We do not store full card numbers or CVV codes on our systems.

3.3 Communication DataMessages sent via contact forms, email, or phone - including inquiries and complaints.

3.4 Technical & Analytics DataIP addresses, browser type, device identifiers, pages visited, and session duration, collected via cookies, Google Analytics, embedded Google Maps, and the Elfsight reviews widget (see Section 7). When you interact with these embedded services, the respective providers may collect your IP address and usage data directly.

3.5 Sensitive DataWe do not intentionally collect special categories of data (race, religion, health, biometric data, etc.). If a guest voluntarily discloses medical or accessibility needs to facilitate their stay, this information is used solely for that purpose and deleted after check-out.

3.6 Third-Party BookingsIf you make a booking on behalf of other guests, you confirm that you have obtained their consent to share their personal data with us and that they are aware of this Privacy Policy.

4. Legal Bases for Processing

5. How We Use Your Data

• Confirm and manage your reservation
• Process payments and issue invoices
• Communicate before, during, and after your stay
• Send promotional emails (only with explicit consent; unsubscribe at any time)
• Improve our website and services through analytics
• Comply with Greek and EU legal obligations

6. Data Retention

7. Cookie Policy
We use cookies to ensure our website functions correctly and to understand how visitors interact with it. Consent for non-essential cookies is managed through CookieScript. You may update your preferences at any time via the cookie banner.

We use the following categories of cookies:

• Necessary cookies - required for the website to function. These include CookieScript cookies that store your consent preferences. They cannot be disabled.
• Analytics cookies - provided by Google Analytics (GA4). They help us understand how visitors use the site (pages visited, session duration, returning users). Activated only with your consent.
• Google Maps cookies - set when embedded maps are loaded on our website. Google may collect your IP address and location data to render the map. Governed by Google's Privacy Policy (policies.google.com/privacy). Activated only with your consent.
• Elfsight cookies - set by the Elfsight reviews widget, which aggregates guest reviews from Booking.com, Airbnb, and Google. When the widget loads, Elfsight may collect your IP address and browser data. Governed by Elfsight's Privacy Policy (elfsight.com/privacy-policy). Activated only with your consent.
• Marketing cookies - used for remarketing (e.g. Google Ads). Activated only if you explicitly opt in via the cookie banner.

8. Sharing with Third Parties
We do not sell your personal data. We may share data with:

• Payment processors - PCI-DSS certified providers for secure transactions
• Booking platforms - Airbnb, Booking.com, or similar OTAs through which you may have booked
• Google LLC (USA) - via Google Analytics (usage data) and Google Maps (IP address and location data). Google operates under Standard Contractual Clauses for EEA data transfers. See Google's Privacy Policy at policies.google.com/privacy
• Elfsight LLC (Armenia) - a third-party widget provider that displays aggregated reviews from Booking.com, Airbnb, and Google on our website. When the widget loads, Elfsight may receive your IP address and browser data. See Elfsight's Privacy Policy at elfsight.com/privacy-policy
• Objectis, UAB / CookieScript (Lithuania, EU) - our consent management platform. CookieScript stores records of visitor cookie consents (IP address, consent timestamp, preferences) to demonstrate GDPR compliance. As a Lithuanian company, all data remains within the EEA. See CookieScript's Privacy Policy at cookie-script.com/legal/privacy-policy
• IT & hosting providers - under Data Processing Agreements (DPAs)
• Legal authorities - when required by Greek or EU law

All third-party processors are contractually bound to process data only on our instructions and in compliance with GDPR.

9. International Data Transfers
Some of our third-party service providers are located outside the European Economic Area (EEA). We ensure appropriate safeguards are in place for all such transfers:

• Google LLC (USA) - Google Analytics and Google Maps transfer data to the United States. These transfers are protected by Standard Contractual Clauses (SCCs) approved by the European Commission, ensuring an equivalent level of data protection.
• Elfsight LLC (Armenia) - Elfsight is located in Armenia, a country without an EU adequacy decision and without Standard Contractual Clauses in place. Data transfer to Elfsight (IP address, browser data) therefore takes place solely on the basis of your explicit consent in accordance with Art. 6(1)(a) and Art. 49(1)(a) GDPR. The Elfsight widget is only activated after you accept cookies via our consent banner. You may withdraw consent at any time by updating your cookie preferences. Please be aware that transfers to countries without an adequacy decision carry inherent risks regarding the level of data protection.

10. Your Rights Under GDPR

To exercise any right, contact us at esfereos@gmail.com. We will respond within 30 days. You also have the right to lodge a complaint with the Hellenic Data Protection Authority (HDPA) at www.dpa.gr or by calling +30 210 6475600.

11. Data Security
We implement appropriate technical and organisational measures to protect your data, including:

• SSL/TLS encryption for all data transmitted via our website
• Access controls limiting data access to authorised personnel only
• Regular security assessments of our systems and third-party providers
• Secure deletion procedures when data retention periods expire

12. Children's Privacy
Our services are not directed at children under 16 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with data without parental consent, please contact us immediately.

13. Updates to This Policy
We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. The current version will always be published on our website with the date of last revision. Material changes will be communicated via email or a prominent notice on the website.

14. Contact Us
For any questions, requests, or concerns regarding this Privacy Policy or the processing of your personal data, please contact:


This document was prepared in compliance with GDPR (Reg. EU 2016/679), Greek Law 4624/2019, and the ePrivacy Directive 2002/58/EC.