Blue Bay Resort & Spa
Blue Bay Resort & Spa
Blue Bay Resort & Spa
Blue Bay Resort & Spa
Blue Bay Resort & Spa
Book now Join our loyalty club Call us

Privacy Policy

Date: 19/7/2023 

This Privacy Policy aims to inform you about the information we collect and process during your visit to our website. 

In collecting this information, we are acting as data controllers and, according to the European Union’s General Data Protection Regulation (GDPR) and Greek Law 4624/2019, we are required to provide you with information about us, about why and how we use your data, and about the rights you have over your data. 

To view our Online Booking Privacy Policy, please click here. 

Who we are 

We are VALARAKIS S. S.A., with the trade name Blue Bay Resort Hotel. 

We are located at Agia Pelagia, Heraklion Crete. 

You can contact us through one of the following options: 

We are not required to have a Data Protection Officer, so any enquiries about our use of your personal data should be addressed to the contact details above. 

What are Personal Data 

According to Article 4 of the GDPR, ‘personal data’ means any information relating to an identified or identifiable natural person. This includes your full name, postal address, e-mail address, telephone number, and any piece of data which can be used to, directly or indirectly, identify you (the data subject). 

What is Data Processing 

According to the GDPR, ‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. 

What personal data do we collect 

The personal data we collect from you and process are the minimum required to achieve the purposes of processing activities. For processing activities that require your consent, we will not process your personal data without said consent. All processing activities are compliant with Greek and European legislation and security requirements. 

In case you do not wish to disclose some of your personal information, this may have an effect in some of our interactions with you. 


When you make a room reservation with our hotel, we collect and process your contact information (name, address, email, phone),  reservation details (length of stay), and payment information (credit or debit card). The legal basis for processing is the contract for provision of services between the customer and the hotel. 

Your personal data will be registered in the hotel's reservation system and shared with the administrator of the reservation system, our platform provider and the relevant authorities. 

We will retain your data until the end of the season, unless there is a legal or other obligation for the business to retain the data (with a maximum retention time of ten years) .For bookings made through our website, see the Privacy Policy available on our booking engine. 

For bookings made through a third-party website, see their respective Privacy Policy. 


When you check-in at our hotel, either electronically through our website or at the hotel reception, we collect and process guest information from the reservation (name, date of birth, nationality, identification document number) as well as reservation details (room type, arrival and departure dates, booking agency). The legal basis for processing is the performance of a service contract between the customer and the hotel. 

Your personal data will be kept in physical form in the reception file, electronically in the company's reservation program, and will be disclosed to the administrator of the reservation program and competent authorities. 

Your data will be kept by us until the end of the season, unless there is a legal or other obligation of the company (with a maximum retention time of ten years). 

Use of Guests App 

Our hotel provides its guests with the possibility of using a special application to provide additional services, such as reserving a table in the restaurant, connecting to the customer Wi-Fi network, room service, etc. For the use of some of the services, we collect and forward to the administrator of the application your name, your stay’s duration, your country of residence, your dietary preferences (e.g. for a vegetarian menu). For other services, with your consent, we may additionally collect the email address and MAC address identifier of the device used to connect to the customer Wi-Fi network. 

This data will be retained by the application administrator until the end of the season, unless there is a legal or other obligation of the business (with a maximum retention time of ten years). 

Satisfaction Questionnaire 

At the end of your stay, you will be presented with an optional satisfaction questionnaire that you may fill-in and submit. On it, we will ask for your explicit consent to collect and process your e-mail address and country of residence. The purpose of processing this information is statistical research regarding customer satisfaction at our hotel. 

Your personal data will be stored in a secure file cabinet at our facilities, and will be processed in spreadsheet software once anonymized. If you submit the questionnaire digitally, your data will be shared with the digital form service provider. If you consent explicitly to this, we may contact you regarding the scores or comments you left on the questionnaire. 

Your personal data will be kept by us until the end of the holiday season, and then they will be completely anonymized. 

Contact Form 

When you reach out to us using the contact form in our website, we collect and process your full name and e-mail address in order to provide you with a satisfactory answer to your request. The legal basis of processing here is our company’s legitimate interest. 

Your personal data will be shared with our e-mail service provider. 

Your personal data will be kept by us until your request is resolved, or if we haven’t heard back from you in one month. 

Newsletter Subscription 

When you sign up for our newsletter, we collect and process your full name and email address to deliver our newsletter and keep you informed about special offers, promotions, events, and updates related to our services. The legal basis for processing your data is your explicit consent, which you give us when you sign up for our newsletter.  

Your personal data will be shared with our newsletter service provider. 

Your personal data will be kept by us until you withdraw your consent. You may withdraw your consent at any time, either by clicking on the “Unsubscribe” link provided at the bottom of each newsletter email, or by contacting us with your request to withdraw your consent. 

CCTV Cameras 

The hotel premises are monitored by closed-circuit cameras (CCTV) in order to ensure the safety of guests and staff, to prevent criminal or delinquent acts, and to assist the authorities' investigations in the event of an incident. 

The data collected includes footage taken where there are surveillance cameras, which may include your image if you are at the location. The legal basis for the processing of this data is the safeguarding of the public interest. 

The footage will be retained for approximately 15 days, after which it will be automatically deleted unless required by the relevant authorities. The material may be shared with the relevant authorities in the event of an incident, and may also be accessed by employees of the monitoring system maintenance company. 

Job Applications 

When you send us job applications, they include your contact and CV details, as well as other information relevant to your job application. 

This data will be stored, depending on its format, either in a secure physical location or encrypted by the company. It will then be used to evaluate your application, in accordance with the legitimate interest of our hotel and for the purposes of potentially entering into an employment contract with you. 

Job application data may be retained by the business for an additional 2 years before being destroyed, and we may contact you should a new job opportunity arise that may be of interest to you. 


To ensure the proper function of our website, we use cookies, small text files that are stored on your computer or mobile device when you visit our website. These files do not harm your device, and do not contain malicious software. Information relating to the terminal visiting the website, including preferences and behavior, are stored inside cookies but that does not mean we can always identify you. 

Except for necessary cookies, we will always ask for your consent before placing them on your computer. 

Our website uses the following types of cookies: 

  1. Necessary cookies

These cookies are strictly necessary for our website to function, and we don’t ask for your consent to place these on your computer. 







This cookie is set by web application built in ASP.NET MVC Technologies. This is an anti-forgery cookie used for preventing cross site request forgery attacks. 




Google Recaptcha service sets this cookie to identify bots to protect the website against malicious spam attacks. 

6 months 


Blue Bay 

This cookie is used for storing the visitor preference for the cookies in the information notice. 

1 year 

  1. Performance cookies

For performance monitoring purposes, we use cookies to collect information about the use of our websites by visitors with the aim of meeting more visitor needs, improving the content of our websites, and making our websites easier to use. 

We do not make use of performance cookies. 

  1. 3. Analytics cookies

Analytics cookies track user activity on a website, providing insights into metrics such as visitor numbers, traffic sources, and bounce rates. These cookies help us better understand user behavior and improve the site's functionality and user experience. 






Google Analytics 

It calculates visitor data, session and campaign information, and also tracks website usage for reporting analytics. The cookie stores information anonymously and assigns a randomly generated number to identify unique visitors. 

1 year 


Google Analytics 

Google Analytics sets this cookie to store and count pageviews. 

1 year 


Google Analytics 

Installed by Google Analytics, the _gid cookie stores information about how visitors use a website and also generates a detailed performance report for the website. Some of the data collected includes the number of visitors, their source, and the pages they visit anonymously. 

1 day 


Google Analytics 

Google Analytics sets this cookie to track user behavior. 

1 minute 



Facebook sets this cookie to display ads on Facebook or on digital platforms that operate with Facebook ads after visiting the website. 

3 months 


Blocking and deleting cookies 

If you wish to block or delete cookies from your computer, you can do so through your browser’s settings. For more information: 

Who will receive your data 

The recipients of your personal data will/may include: 

In the event that your personal data is transferred outside the European Union, the transfer will be governed by all necessary and indicative measures to ensure compliance with European and national legislation at all times. 

How we protect your data 

Our company has taken all necessary and recommended organizational and technical measures to ensure the security, protection, and confidentiality of your personal data, including protection from accidental or malicious processing, theft, or accidental loss. Our company has implemented appropriate business systems and procedures, and security procedures, restricting access through technical and physical measures. Access to your data is limited to authorized persons who handle the information under full confidentiality and as part of the performance of their duties. 

These measures are subject to regular review. 

In the event that we use third parties to process your personal data, this is done strictly according to written instructions, and third parties are contractually bound by confidentiality agreements and the obligation to implement appropriate technical and organizational measures to ensure the security of the data to which we allow them access. 

For how long are your personal data retained 

Your personal data are retained by our company for the period necessary to fulfill the purposes for which we have collected them unless a longer retention period is permitted by law. 

All your personal data collected by us are subject to the present Privacy Policy. In case you object to the processing of your personal data, this does not affect the legality of previously carried out processing activities. 

After the retention period has elapsed, your data will be safely deleted and removed from our systems. 

Legal basis of processing 

The processing of your personal data is carried out on a case-to-case lawful basis, depending on the purposes of the processing activity in question. Specifically: 

Your rights as data subject 

Your rights as a ‘data subject’ include the following: 

To submit a request regarding your personal data, you can contact us in the postal address or telephone number provided in the ‘Who we are’ section of this consent form, or by email at 

Your right to complain 

If you have a complaint about our use of your information, we would prefer you to contact us directly in the first instance so that we can address your complaint. However, you can also contact the Hellenic Data Protection Authority, via their website at or by telephone at +30-210 6475600, or write to them at: 

Data Protection Authority Offices[Text Wrapping Break]Kifissias 1-3, 115 23[Text Wrapping Break]Athens, Greece 

Reviews to the present Privacy Policy 

We regularly review and, if appropriate, update this privacy policy from time to time, and as our services and use of personal data evolves. If we want to make use of your personal data in a way that we haven’t previously identified, we will contact you to provide information about this and, if necessary, to ask for your consent. 

We will update the version number and date of this document each time it is changed. 

Offres spéciales

Découvrez notre hospitalité grecque animée à travers une immersion culturelle, une architecture traditionnelle et des voyages culinaires éclatants. Sélectionnez simplement l'offre qui correspond le mieux à vos intérêts et besoins.

Un voyage d'expériences idéales qui inspirent des moments durables vous attend au BlueBay Resort à Agia Pelagia, Crète

Voir toutes les offres

  • Flexible Early Booking Offer

    Plan ahead and secure up to 35% off with the best flexible terms!

  • Join our Members’ Club

    Earn an extra -10% off by becoming a Loyalty Member!

  • Premier enfant gratuit

    Amenez vos enfants ! Il vont s'éclater sous le soleil grec !

  • Offre forfaitaire pour 2

    Profitez de moments idylliques avec votre bien-aimé(e), en ajoutant une touche romantique à votre séjour.

  • Renouvellement de promesse de mariage

    Renouvellement de promesse de mariage

Agia Pelagia, boîte postale: 65 - 71414 Héraklion, Crète, Grèce. Tél.: 0030 2810 811072, MH.TE. 1039Κ014Α0182400
  • Facebook
  • Twitter
  • Pinterest
  • Instagram
  • Youtube
  • foursquare
  • TripAdvisor
  • HolidayCheck
Jet2holidays - quality award

Blue Bay Resort Hotel

The Corporate Reputize Index™ is an aggregate score measuring the reputation of all your properties at a given point of time. It is based on data aggregated from more than 100 online sources for each of your properties. more...

Reputize Index™
Blue Bay Resort Hotel
Agia Pelagia Crete Greece
88.0/ 100
6670 reviews
Covid-19 iso-22000 iso-9001 qs-covid-19
Nom et prénom est requis
Adresse e-mail est requis

est requis

Subscribe to our Newsletter to be the first to get our news, announcements and information about our services.