Blue Bay Resort & Spa
Blue Bay Resort & Spa
Blue Bay Resort & Spa
Blue Bay Resort & Spa
Blue Bay Resort & Spa
Book now Join our loyalty club Call us

Privacy Policy

Date: 08.04.2024

The present Privacy Policy aims to inform you about the information we collect and process during your visit to our website.

The collection of this data makes us responsible for processing and is subject to legislation on the protection of personal data, in particular General Data Protection Regulation 679/2016 and national Law No. 4624 (Official Gazette 137/29 August 2019). We provide you with information about who we are, why we collect your personal data, how we use it, and what rights you have as a data subject.

To read our Privacy Policy for electronic bookings, please click here.

Who we are

We are the company VALARAKIS S.A., trading under the name Blue Bay Resort Hotel (hereinafter Blue Bay Resort Hotel).

You can contact us in the following ways:

Our organization is not legally required to appoint a Data Protection Officer. For questions regarding data protection, you can contact us using the above contact details.

What are personal data?

Personal data are defined in accordance with Article 4 of the GDPR as any information relating to an identified or identifiable natural person, such as name, postal address, email address, telephone number, etc., whose identity can be directly or indirectly determined.

What is the processing of personal data?

According to the GDPR, "processing of personal data" refers to any operation or set of operations performed on personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction of such data.

What personal data do we collect?

The personal data we collect and process are kept to a minimum to achieve the respective intended purpose. In any case, these data are collected, stored, and processed according to their purpose and the legal basis of the processing, in compliance with European and national legislation.

If you choose not to provide us with your personal data, this may affect some of our transactions.


When you make a room reservation at our hotel, we collect and process your contact details (name, address, email, phone), reservation details (duration of stay), and payment information (credit or debit card). The legal basis for processing is the conclusion of a service contract between the customer and the hotel.

Your personal data are collected in the hotel reservation system and disclosed to the system administrator, the cloud-based accounting service provider, and the relevant authorities.

Your data are kept until the end of the season, unless there is a legal or other obligation of the company to store the data (with a maximum retention period of ten years).

For reservations made through our website, you can find the Privacy Policy on our website.

For reservations made through a third-party website or agency, please consult their respective Privacy Policy.


When you check in with us, either online through our website or at the hotel reception, we collect and process guest information from the reservation (name, date of birth, nationality, ID number) as well as reservation details (room type, check-in and check-out dates, originating agency). The legal basis for processing is the fulfillment of a service contract between the customer and the hotel.

Your personal data are collected in physical form in the reception file, electronically in the company's booking system and disclosed to the relevant authorities.

Your data are kept by us until the end of the season, unless there is a legal or other obligation of the company (with a maximum retention period of ten years).

Use of the Guest App
Our hotel offers guests the opportunity to use a special app to enjoy additional services such as reserving a table at the restaurant, connecting to the guest Wi-Fi, room service, etc. For the use of certain services, we collect and transmit to the app administrator your name, duration of your stay, your country of residence, and your dietary preferences (e.g., for vegetarian menus). For other services, with your consent, we may additionally collect your email address and the MAC address of the device used to connect to the guest Wi-Fi.

These data are kept by the app administrator until the end of the season, unless there is a legal or other obligation of the company (with a maximum retention period of ten years).

Survey Regarding Satisfaction

During or at the end of your stay, you will receive a printed or digital satisfaction survey that you can optionally complete and submit. Subsequently, we will request your explicit consent to collect and process your email address and country of residence. The purpose of processing this information is the statistical research of customer satisfaction at our hotel.

Your personal data will be securely stored at our facility and processed in a spreadsheet file (anonymized). If you submit the survey digitally, your data will be transmitted to the administrator of the online form service. With your explicit consent, we may contact you regarding the reviews or comments you left in the survey.

Your personal data will be retained by us until the end of the tourism season and then completely anonymized.

Contact Form

When you communicate with us via the contact form on our website, we collect and process your full name and email address to provide you with a satisfactory response to your inquiry. The legal basis for processing is our legitimate interest as a company.

Your personal data will be transmitted to the company's email service administrator. Your personal data will be kept until your request is fulfilled or one month passes without communication from you.

Newsletter Subscription

When you subscribe to our newsletter, we collect and process your full name and email address to send you our newsletter and inform you about special offers, promotions, events, and updates related to our services. The legal basis for processing your data is your explicit consent, which you provide when subscribing to our newsletter.

Your personal data will be disclosed to the newsletter service provider we use.

We will store your personal data until your consent is withdrawn. You can revoke your consent at any time by clicking the "Unsubscribe" link at the end of each newsletter email or by contacting us and requesting the withdrawal of your consent.

Closed-Circuit Television (CCTV)

The Blue Bay Resort Hotel is monitored by a closed-circuit television (CCTV) system.

Data Controller:
Legal Representative of Valarakis S.A., Agia Pelagia, 71500, Municipality of Malevizi, Heraklion, Crete
Phone: +30 2810 811 072

Purpose of Data Processing and Legal Basis:

We use a surveillance system to exercise property rights and protect persons and property. Processing is necessary to safeguard our legitimate interests as data controllers (Articles 6(1)(e) and (f) of the GDPR).

Analysis of Legal Interests:

Our legitimate interest is to protect our space and property from illegal acts such as theft. This also applies to the safety of life, physical integrity, health, and property of our employees and third parties lawfully present in our monitored area. We only capture image material and limit recording to areas where we have identified an increased likelihood of illegal acts such as theft, e.g., at our cash registers and entrance, without focusing on areas where the privacy of individuals whose image material is captured could be excessively restricted, including their right to data protection.

Function of the CCTV System and Data Recipients:

The recorded data is only accessible and manageable by authorized security personnel. Disclosure only occurs in the following cases:
a) to the competent judicial, police, and security authorities when data are needed for the investigation of a crime affecting persons or property of the data controller,
b) to the competent judicial, police, and security authorities when data are lawfully requested within their jurisdiction, and
c) to the victim or perpetrator of a crime when the data can serve as evidence for the crime.

Data Security:

The Blue Bay Resort Hotel acknowledges the importance of data protection and implements appropriate organizational and technical measures to ensure the confidentiality, availability, and integrity of your data as well as the resilience of the systems and services.

Data Retention:

We retain the data for seven (7) days and then delete it. In the event of an incident, we isolate the relevant video material for an additional month to conduct investigations and take legal measures to protect our legitimate interests.

Rights of Data Subjects

Data subjects have the following rights:

• Right of Access: You have the right to know if we are processing your image material and, if so, to obtain a copy of it.
• Right to Restriction: You have the right to request us to restrict processing, for example, by not deleting data that you need for legal claims.
• Right to Object: You have the right to object to processing.
• Right to Erasure: You have the right to request the erasure of your data.

You can exercise these rights by sending an email to or by sending a letter to the hotel address. To process your request, you must roughly indicate when you were in the area covered by the cameras and provide us with a photo of yourself to identify your data and conceal the data of third parties who were also captured. Alternatively, you can appear in person at the hotel to view the images in which you appear. Please note that exercising the right to object or erasure does not automatically result in the immediate deletion of data or a change in processing. In any case, we will provide you with a detailed response as soon as possible and within the legally required deadlines.

Right to Lodge a Complaint

If you believe that the processing of your data violates the General Data Protection Regulation (GDPR), you have the right to lodge a complaint with the relevant supervisory authority. The competent supervisory authority for Greece is the Hellenic Data Protection Authority, Leoforos Kifisias 1-3, 115 23 Athens,, Phone: +30 210 6475600.


If you send us applications, we collect your contact details and your CV, as well as other information relevant to your application. This data is stored either by the company in a secure physical space or encrypted, depending on its form. Subsequently, it will be used to evaluate your application in accordance with the legitimate interest of our hotel and for the purposes of a potential employment contract with you.

Cookie Information

To ensure the proper operation of our website, we use cookies, small text files that are stored on your computer or device when you visit our website. These files do not damage your device and do not contain any harmful software. Information about the device visiting the website, including settings and behavior, is stored in cookies, but this does not mean that we can always identify you.

In addition to strictly necessary cookies, we will always ask for your consent before placing them on your computer.

Our website uses the following types of cookies:

Necessary Cookies:

These cookies are essential for the operation of our website, and we do not ask for your consent to place them on your computer.

Name Provider Purpose Duration
_RequestVerificationToken Blue Bay This cookie is set by the web application created with ASP.NET MVC technologies. It is an anti-forgery cookie designed to prevent cross-site request forgery attacks. Session
GRECAPTCHA Google The Google Recaptcha service sets this cookie to identify bots and protect the website from malicious spam attacks. 6 months
cookie_consent_level Blue Bay This cookie is used to store visitor preferences for cookies in the information notification. 1 year


Performance Cookies:

Performance cookies are used to monitor visitors' usage of our website and collect information to enhance understanding and satisfaction of visitor needs, optimize the content of our websites, and create websites that better serve users.

We do not use performance cookies on the website.

Analytical Cookies:

Analytical cookies track a user's activities on a website and provide insights into metrics such as visits, traffic sources, and exit rates. These cookies help us better understand user behavior and improve functionality and user experience on the website.

Name Provider Purpose Duration
_ga Google Analytics It calculates visitor data, session and campaign information, and also tracks website usage for report analysis. The cookie stores information anonymously and assigns a randomly generated number to identify unique visitors. 1 year
_ga_* Google Analytics Google Analytics sets this cookie to store and count pageviews. 1 year
_gid Google Analytics Installed by Google Analytics, the _gid cookie stores information about how visitors use a website and also generates a detailed performance report for the website. Some of the collected data includes the number of visitors, their source, and the anonymously visited pages. 1 day
_gat_UA-* Google Analytics Google Analytics sets this cookie to track user behavior. 1 minute
_fbp Facebook Facebook sets this cookie to display ads on Facebook or on digital platforms that operate with Facebook ads after visiting the website. 3 months


Blocking and Deleting Cookies

If you wish, you can block or delete cookies from your computer by adjusting your browser settings.

For more information:

Who Receives Your Data

Recipients of your personal data may include/can include:


How We Protect Your Data

Our company has taken all necessary and recommended organizational and technical measures to ensure the security, protection, and confidentiality of your personal data, including protection against unauthorized or malicious processing, theft, or accidental loss. Our company has implemented appropriate operational systems and procedures as well as security measures that restrict access through technical and physical measures. Access to your data is limited to authorized persons who manage the information confidentially and act within their duties.

These measures are reviewed and adjusted at least once annually, as deemed necessary by our company.

When we engage third parties to process your personal data, this is done strictly in accordance with written instructions, and the third parties contractually commit to confidentiality and the obligation to implement appropriate technical and organizational data protection measures to which they have access.

Retention Period of Your Data

Your personal data is retained by our company for the period necessary to fulfill the purposes for which we collected it, unless a longer retention period has been legally approved. All your personal data collected by us are subject to this privacy policy. If you do not agree to the processing of your personal data, this does not affect the lawfulness of the previous processing carried out. After the retention period expires, your data will be securely deleted and removed from our systems.

Legal Basis for Processing

The processing of your personal data is based on a case-by-case legal basis, depending on the purposes of the respective processing. In particular:

Your Rights

Your rights as "data subjects" include the following:

To submit a request regarding your personal data, you can contact us at the address or phone number provided in our imprint or by email at, as stated in this privacy policy.

Complaint to the Data Protection Authority

If you have a complaint about the use of your information by us, we prefer that you first contact us directly so that we can address your complaint. However, you can also contact the Data Protection Authority for Personal Data Protection, either through the website at, or by phone at +30-210 6475600, or in writing at the address:
Data Protection Authority, Kifisias 1-3, 115 23 Athens, Greece

Revisions to this Privacy Policy

This privacy policy is regularly reviewed and updated as necessary, in accordance with applicable national and community laws, as well as any changes to our services and the use of your personal data by us. If the way we use your personal data changes in a manner that has not been previously identified, we will contact you and, if necessary, seek your consent.

We will update the date of this document each time it becomes necessary.

Special Offers


Experience our lively Greek hospitality through cultural immersion, traditional architecture, and vivid culinary journeys. Simply select the offer that best meets your interests & needs.

 A journey of ideal experiences that inspire enduring moments awaits you at BlueBay Resort in Agia Pelagia, Crete

View all offers

  • Summertime Deal

    Take advantage of an up to 20% discount on your summer vacation.

  • Join our Members’ Club

    Earn an extra -10% off by becoming a Loyalty Member!

  • Romantic Package for 2

  • First Child Free

    Bring your kids! They will have a lot of fun under the Greek sun!

  • Renewal of vows or informal weddings

Agia Pelagia P.O Box 65 - 71414 Heraklion, Crete, Greece. Tel.: 0030 2810 811072, e-mail: MH.TE. 1039Κ014Α0182400
  • Facebook
  • Twitter
  • Pinterest
  • Instagram
  • Youtube
  • foursquare
  • TripAdvisor
  • HolidayCheck
Jet2holidays - quality award

Blue Bay Resort Hotel

The Corporate Reputize Index™ is an aggregate score measuring the reputation of all your properties at a given point of time. It is based on data aggregated from more than 100 online sources for each of your properties. more...

Reputize Index™
Blue Bay Resort Hotel
Agia Pelagia Crete Greece
88.0/ 100
6764 reviews
Covid-19 iso-22000 iso-9001 qs-covid-19
Full name is required
Email is required

is required

Subscribe to our Newsletter to be the first to get our news, announcements and information about our services.