GDPR Information
Your Data Protection Rights Under EU Law
We Take Your Privacy Seriously
Lauer House is committed to protecting your personal data and complying with the General Data Protection Regulation (GDPR). This page provides detailed information about how we handle your data and your rights as a data subject.
1. What is GDPR?
The General Data Protection Regulation (GDPR) is a comprehensive data protection law that came into effect on May 25, 2018. It applies to all organizations operating within the European Union (EU) and the European Economic Area (EEA), as well as organizations outside these areas that offer goods or services to individuals in the EU/EEA.
GDPR establishes rules for:
- How personal data must be collected and processed
- Transparency about data usage
- Individual rights over personal data
- Security measures to protect data
- Accountability and compliance requirements
2. Data Controller Information
Under GDPR, Lauer House is the "data controller" for the personal data we collect. This means we determine the purposes and means of processing your personal data.
Data Controller:
Lauer House Restaurant
Sarti, Halkidiki 630 72
Greece
Email: info@lauerhouse.gr
Phone:
For GDPR inquiries, please include "GDPR Request" in your email subject line.
3. Your Rights Under GDPR
GDPR grants you specific rights regarding your personal data. We are committed to honoring these rights:
Right of Access (Article 15)
You have the right to request a copy of the personal data we hold about you. This includes information about what data we process, why we process it, and who we share it with.
Right to Rectification (Article 16)
You have the right to request correction of any inaccurate personal data and to have incomplete data completed.
Right to Erasure (Article 17) - "Right to Be Forgotten"
You can request deletion of your personal data when it's no longer necessary for the purpose it was collected, when you withdraw consent, or when the data was unlawfully processed.
Right to Restrict Processing (Article 18)
You can request that we limit how we use your data while a complaint is being investigated or if you have objected to processing.
Right to Data Portability (Article 20)
You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit that data to another controller.
Right to Object (Article 21)
You can object to processing based on legitimate interests or for direct marketing purposes. We will stop processing unless we have compelling legitimate grounds.
Right Not to be Subject to Automated Decision-Making (Article 22)
You have the right not to be subject to decisions based solely on automated processing, including profiling. Note: We do not use automated decision-making for significant decisions about you.
Right to Withdraw Consent (Article 7)
Where processing is based on consent, you have the right to withdraw consent at any time. This will not affect the lawfulness of processing before withdrawal.
4. How to Exercise Your Rights
To exercise any of your GDPR rights, you can:
- Email us at info@lauerhouse.gr with "GDPR Request" in the subject line
- Call us at
- Write to us at: Lauer House, Sarti, Halkidiki 630 72, Greece
What to Include in Your Request:
- Your full name
- Email address associated with your data
- The specific right you wish to exercise
- Any relevant details to help us locate your data
We will respond to your request within 30 days. If your request is complex, we may extend this by an additional 60 days, but we will inform you of any extension within the first 30 days.
5. Legal Basis for Processing
Under GDPR, we must have a lawful basis for processing your personal data. We rely on the following legal bases:
| Processing Activity | Legal Basis | GDPR Article |
|---|---|---|
| Processing reservations | Contract performance | Art. 6(1)(b) |
| Responding to inquiries | Legitimate interests | Art. 6(1)(f) |
| Sending newsletters | Consent | Art. 6(1)(a) |
| Website analytics | Consent / Legitimate interests | Art. 6(1)(a/f) |
| Dietary/allergy information | Vital interests / Consent | Art. 6(1)(d/a) |
| Tax and accounting records | Legal obligation | Art. 6(1)(c) |
6. Data Protection Measures
In accordance with GDPR Article 32, we implement appropriate technical and organizational measures to ensure data security:
6.1 Technical Measures
- SSL/TLS encryption for all data transmission
- Secure, encrypted data storage
- Regular software updates and security patches
- Firewall protection
- Access controls and authentication
- Regular backups with encryption
6.2 Organizational Measures
- Limited access to personal data (need-to-know basis)
- Staff awareness and training on data protection
- Data processing agreements with service providers
- Regular review of data protection practices
- Incident response procedures
7. Data Breach Notification
In accordance with GDPR Articles 33 and 34, in the event of a personal data breach that poses a risk to your rights and freedoms:
- We will notify the Hellenic Data Protection Authority within 72 hours
- If the breach poses a high risk, we will notify affected individuals without undue delay
- We will document all breaches, regardless of whether notification is required
8. International Data Transfers
Some of our service providers may process data outside the EEA. When this occurs, we ensure that:
- The country has an adequacy decision from the European Commission
- Standard Contractual Clauses (SCCs) are in place
- Other appropriate safeguards are implemented as required by GDPR Chapter V
9. Data Retention Periods
We retain personal data only for as long as necessary:
| Data Type | Retention Period | Reason |
|---|---|---|
| Reservation data | 2 years | Service improvement, repeat bookings |
| Contact form messages | 1 year | Follow-up, dispute resolution |
| Newsletter subscriptions | Until unsubscribe | Ongoing consent |
| Website analytics | 26 months | Google Analytics default |
| Financial records | 10 years | Greek tax law requirements |
10. Supervisory Authority
If you believe we have not handled your personal data properly, you have the right to lodge a complaint with a supervisory authority. For Greece, this is:
Hellenic Data Protection Authority
Αρχή Προστασίας Δεδομένων Προσωπικού Χαρακτήρα
Kifisias 1-3, 115 23 Athens, Greece
Phone: +30 210 6475600
Fax: +30 210 6475628
Email: contact@dpa.gr
Website: www.dpa.gr
However, we encourage you to contact us first so we can try to resolve any concerns you may have.
11. Children's Data
Our services are not directed at children under 16 years of age. We do not knowingly collect personal data from children. If you are a parent or guardian and believe your child has provided personal data to us, please contact us so we can delete it.
12. Updates to This Information
We may update this GDPR information from time to time. Any changes will be posted on this page with an updated revision date. We recommend checking this page periodically to stay informed.
13. Contact for GDPR Matters
For any GDPR-related questions or to exercise your rights, please contact us:
Lauer House Restaurant
GDPR Contact
Sarti, Halkidiki 630 72, Greece
Email: info@lauerhouse.gr
Phone:
Please include "GDPR Request" in your email subject line for faster processing.