Privacy Policy
This Privacy Policy explains how BATH HOUSE MON IKE, trading under the brand name Al Hammam Traditional Baths, collects, uses, stores and protects personal data in connection with the website www.alhammam.gr, online bookings, gift card purchases, customer enquiries and the provision of hammam, spa, massage and wellness services.
Website: www.alhammam.gr
Company: BATH HOUSE MON IKE
Greek Tax/VAT ID (AFM): 801380145
Registered office: Tripodon 16, Athens 10558, Greece
version: June 2026
1. Data Controller
The data controller is:
Brand name | Al Hammam Traditional Baths |
Legal entity | BATH HOUSE MON IKE |
Greek Tax/VAT ID (AFM) | 801380145 |
Registered office | Tripodon 16, Athens 10558, Greece |
Website | www.alhammam.gr |
For privacy-related enquiries, data subject requests or complaints, you may contact us using the contact details published on www.alhammam.gr or by email at: [insert privacy/contact email].
2. Personal Data We May Collect
Depending on how you interact with us, we may collect the following categories of personal data:
- Identity and contact data: name, surname, telephone number, email address, country or city of residence, and any details provided through enquiry forms, booking forms or direct communications.
- Booking and service data: preferred location, service selected, date and time of appointment, number of guests, staff/resource allocation, special requests and booking history.
- Payment and transaction data: payment status, invoice or receipt details, gift card purchases, refund data and limited payment references. Full card details are normally processed by the relevant payment service provider and are not stored by us unless explicitly stated otherwise.
- Health, safety and wellness information: information that you voluntarily provide and that may be relevant for the safe provision of hammam, massage, facial or wellness services, such as allergies, pregnancy, recent surgery, injuries, medical conditions, skin sensitivities or contraindications.
- Technical and usage data: IP address, device information, browser type, pages viewed, referring pages, approximate location, cookie identifiers and website analytics data.
- Communication data: messages, emails, call notes, WhatsApp or social media messages, feedback, complaints and reviews.
- Marketing preferences: newsletter opt-in status, consent records and communication preferences.
3. How We Collect Personal Data
- Directly from you when you make a booking, purchase a gift card, complete a form, contact us, visit one of our locations or provide information before receiving a service.
- Automatically through cookies and similar technologies when you use the website.
- From third-party service providers, such as booking platforms, payment processors, analytics tools, email providers, website hosting providers and social media platforms, where applicable.
4. Purposes and Legal Bases for Processing
We process personal data only when we have a lawful basis to do so. The main purposes and legal bases are:
Purpose | Examples | Legal basis |
Bookings and service provision | Managing appointments, confirming bookings, allocating therapists, handling changes or cancellations. | Contract performance or steps prior to entering a contract. |
Customer support | Responding to enquiries, complaints, feedback and service requests. | Contract performance and/or legitimate interests. |
Payments, invoicing and accounting | Processing payments, issuing receipts or invoices, accounting and tax compliance. | Contract performance and legal obligation. |
Health and safety | Reviewing contraindications, allergies, pregnancy or other relevant information to provide services safely. | Explicit consent where required and/or legitimate interests in customer safety; special category data handled with additional care. |
Website security and operation | Maintaining website functionality, preventing fraud, protecting systems and troubleshooting. | Legitimate interests and/or legal obligation. |
Marketing | Sending newsletters, offers or updates where permitted. | Consent or legitimate interests, depending on the channel and applicable law. |
Analytics and improvement | Understanding website performance and service demand. | Consent where required for non-essential cookies; legitimate interests for aggregated internal analysis where lawful. |
5. Health and Wellness Information
Some services may require us to ask whether you have any relevant health conditions, allergies, pregnancy, injuries, recent medical procedures, skin sensitivities or contraindications. This information is requested only to help us deliver services safely and appropriately. You should not provide unnecessary medical details. If you have a serious medical condition or are unsure whether a service is suitable for you, you should consult a qualified medical professional before booking.
6. Cookies and Similar Technologies
Our website may use cookies and similar technologies to operate the website, remember choices, analyse website performance and support marketing or advertising functions. Strictly necessary cookies may be used without consent because they are required for the website to function. Non-essential cookies, such as analytics or advertising cookies, should be used only where consent is obtained through the website cookie banner or consent management tool.
You can usually manage cookies through your browser settings and, where available, through the cookie settings tool on our website. Disabling certain cookies may affect website functionality.
Developer note: the final website should include a live cookie banner and a detailed cookie list identifying each cookie, provider, purpose, duration and category.
7. Who We Share Personal Data With
We may share personal data with trusted recipients only where necessary and lawful, including:
- booking and scheduling providers;
- payment processors and banks;
- website hosting, maintenance and security providers;
- email, SMS, messaging, CRM or customer support providers;
- analytics and advertising providers, subject to cookie consent requirements;
- accountants, auditors, legal advisors and insurers;
- public authorities, courts, regulators or law enforcement where required by law.
Where third parties process personal data on our behalf, we aim to use appropriate contractual safeguards and data processing arrangements.
8. International Transfers
Some service providers may process personal data outside Greece or the European Economic Area. Where this occurs, we will seek to ensure that appropriate safeguards are in place, such as an adequacy decision, Standard Contractual Clauses or another lawful transfer mechanism under applicable data protection law.
9. Data Retention
We keep personal data only for as long as necessary for the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law. Typical retention periods may include:
- booking and customer service records: for as long as needed to provide the service and handle follow-up requests, complaints or disputes;
- accounting, tax and invoice records: for the period required by applicable Greek law;
- health and wellness screening information: only for the period necessary for safe service provision and legitimate follow-up, unless longer retention is required for legal claims;
- marketing data: until you withdraw consent or unsubscribe, or until the data is no longer needed;
- technical logs and analytics data: for a limited period according to security and analytics needs.
10. Your Data Protection Rights
Subject to applicable law, you may have the right to:
- request access to your personal data;
- request correction of inaccurate or incomplete data;
- request erasure of your data in certain circumstances;
- request restriction of processing;
- object to processing based on legitimate interests;
- withdraw consent where processing is based on consent;
- request data portability where applicable;
- lodge a complaint with the Hellenic Data Protection Authority or another competent supervisory authority.
We may need to verify your identity before responding to a request. We will respond within the timeframe required by applicable law.
11. Security
We use reasonable technical and organisational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access. No website, online transmission or storage system is completely secure. You are responsible for keeping any booking confirmations, account credentials or communication channels secure.
12. Children
Our website and services are not intended for children to use independently. Minors may receive services only where permitted by law and with the involvement or consent of a parent or legal guardian, depending on the service and circumstances.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. The latest version will be posted on www.alhammam.gr with the effective date. Significant changes may be highlighted on the website or communicated through appropriate channels.
14. Contact
For any privacy enquiry or request, please contact Al Hammam Traditional Baths using the contact details available on www.alhammam.gr or by email at: info@alhammam.gr