Who we are?

The Company under the name SUN SHINE SA which is based in Mykonos, Kalo Livadi, AFM 094204440, DOU Mykonos, is active in the field of hotel business and tourism.

You can contact us at:


Postal address

Street & Number: Kalo Livadi

Town: Mykonos

PC: 84600

Phone: +30 22890 72012

Fax: +30 22890 72007

Email: [email protected]

1. Information about the collection of your personal data

 As part of our Corporate Responsibilities and our business activities in Hotel and Tourism, the personal data we collect from you is processed in accordance with the provisions of the General Data Protection Regulation (GBER 2016/679) as applicable from 25 May 2018, the applicable Greek law on personal data protection and the decisions of the Hellenic Personal Data Protection Authority (HDPA) and any specific national and European legislation for some areas.

No one other than the Company has access to such information nor is it forwarded to any third party for any re-use, except the data strictly necessary for the conclusion and performance of our contract, which are disclosed to our affiliated companies, such as booking, email, service and technology goods companies to achieve our electronic communication.

Our Company protects your personal data in full compliance with applicable laws.Within the framework of the GATT, the information held by our Company or by our subcontractor may be disclosed to third parties, competent authorities, prosecutors or other administrative departments in accordance with the rules and regulations provided for in the respective regulatory framework.

To protect your data, data and transactions, reasonable measures are taken to protect and safeguard their confidentiality when transmitting and / or executing transactions. All of the information you submit to our Company is managed exclusively by our specially authorized personnel and / or our subcontractors, which is under the control of the Company only and at its sole discretion.

In carrying out the processing, the Company selects persons with corresponding professional qualifications who provide adequate guarantees in terms of technical knowledge and personal integrity to maintain confidentiality. Also, our Company does not sell or trade the data it collects from you. The Company does not automate individual decisions, excluding profiling.

2. How and for what purpose we collect personal data

When you submit a query / request through the contact form of our websiteWhen you submit a question / request through our website contact form, we ask you for your name, telephone number and email address.

We use this information to answer your question / request and provide you with any information about our services.Access to your data, in addition to our authorized personnel, is also provided by the advertising and communications company we work with and is committed to the security of your data by applying all modern and appropriate processing and technical measures.

We keep your data within one year of completing the process, i.e. satisfying your query / request, unless due to the nature of your request there is a need for further communication and in any case for your service.

Exceptionally, the Company reserves the right to retain its historical correspondence between us as long as necessary for any exercise of its rights.

When you make a booking through our website

When booking from our site we collect through your booking system your name, your surname, your email address, your number – name – expiry date and your card security code, and optionally your phone number , country, postal address, city / region, county / state, postal code, company / organization, purpose of travel.We keep your data for one year for the purpose of drawing up and executing our contract.

 Who receives your data

Your data is processed by the booking system management company whose Privacy Policy can be accessed through our website  Following the execution of our contract between us, we retain the necessary data we have collected for a period that does not go beyond what is strictly necessary to comply with tax law or other applicable provisions. 

Subscribe to the newsletter

For your subscription to the Business newsletter, in order to receive our news and offers, we collect your email address for sending the relevant material.

We keep your data for as long as you wish to receive information from us, enabling you to opt-out of every message.

Your data is processed by the newsletter dispatch platform provider, with whom we collaborate and commit to the security of your data by applying all modern and appropriate processing and technical measures.

For this specific procedure we apply the provisions of the e-Privacy Directive (2002/58 / EC with the amendments to 2009/136 / EC), Law 3471/2006 and the case law of the Hellenic Data Protection Authority (HDPA).

Add further transactions to the site by setting the following:

(a) the purpose of the transaction

(b) the legal basis used

(c) the time and place of storage

(d) the recipients of personal data

 Obligation to enter correct personal information

The personal data you provide to the Business is necessary in order for the Business to contact you to arrange more specific matters in relation to your requests / queries, the fulfillment of its obligations to you as well as the execution of your booking, invoicing, the fulfillment of the contract with you, the reply of your booking requests, and the sending of a newsletter by email regarding our offers / news.  For this purpose you must provide us with information that is absolutely correct, accurate and up to date. In case of any subsequent change, you should notify us in writing within a reasonable time. In the event that the contractual or legal obligations of our Company, which are fulfilled by the use of data disclosed to us, are not fulfilled in a timely manner due to the use of incorrect or un-updated personal information that you have stated, the Company bears no responsibility.

In particular, any updates to the email address you have given us when you sign up for the newsletter, booking or via the contact form will be considered valid even if it is not delivered to you due to an error in the information you provide and / or and due to technical or other damage to your server, and / or your phone, and / or your telecommunications provider, and / or due to a change of your information (if you have not been informed in due time).It is emphasized that each user bears the sole and exclusive responsibility for the accuracy, truthfulness and updating of the data he / she declares. Our Company makes no identification of user-reported data and is therefore not responsible for them.

3. Connecting and interacting with social networks 

The Website provides the user with the opportunity to connect and interact with social networks or websites at his / her own initiative and request. In this case, the Company is not responsible for the processing of personal data carried out by these networks. In order to exercise the rights provided for by law, the user must contact these networks. Our company manages our account on facebook, instagram, pinterest, linkedin  without third party intervention.The purpose of processing all of the data we collect from you, whether anonymized or not, is to provide updates about our services or to communicate with you in response to the messages you send to us.

Your legal basis for processing is your consent

You give your consent by liking or following our pages and you can easily retrieve it in exactly the same way (unlike, unfollow).Entering into a contest via facebook and instagram, the winner’s details are announced through the account maintained by the Business and our staff member contacts him to collect the data in order to make the necessary arrangements to redeem his gift.

4. Rights of the Data Subject

Entity’s right of access (Article 15 GDPR)You have the right to request copies of your personal data at any time. There are some exceptions, which means that you may not always receive all the information we process.  More specifically: Natural persons (data subjects) have the right to receive:(a) confirmation as to the processing of their data, and(b) a copy of this data (see Articles 12, 15 GDPR). You may, in principle, exercise this right free of charge in writing.  You can send an email to [email protected]. You may only be required to pay a reasonable fee if your request is manifestly unfounded or excessive (especially when repeated) or if the number of copies we are called upon to provide is large.

Right of correction (Article 16 GDPR)

You have the right to ask for your data to be corrected when it is inaccurate, or to fill in your data when it is incomplete (see Articles 12, 15, 19 GDPR). You may exercise this right in writing at [email protected]

Right of cancellation (‘right to forgetfulness’) (Art. 17 GDPR)

You have the right to ask us to delete personal data concerning you, provided one of the reasons as set forth in Article 17 of the Regulation applies.

Right to restrict processing (Article 18 GDPR) 

1. You have the right to ask the controller to limit the processing when one of the following applies:

(a) the accuracy of personal data is questioned by the data subject for a period of time allowing the controller to verify the accuracy of personal data;

(b) the processing is unlawful and the data subject opposes the deletion of personal data and requests that their use be restricted instead;

(c) the controller no longer needs personal data for the purpose of processing, but such data is required by the data subject to establish, exercise or support legal claims;

(d) the data subject has objections to the processing in accordance with Article 21 (1), pending verification of whether the legitimate reasons of the controller override the data subject’s reasons.

2. Where processing has been restricted in accordance with paragraph 1, such personal data, other than storage, shall be processed only with the data subject’s consent or for the foundation, exercise or support of legal claims or for the protection of rights other natural or legal person or for reasons of significant public interest of the Union or of a Member State.

3. The data subject who has secured the processing restriction in accordance with paragraph 1 shall be informed by the controller prior to the removal of the processing restriction.

Obligation to notify about the correction or deletion of personal data or the restriction of processing (Article 19 GDPR)

The controller – SUN SHINE S.A. announces any correction or deletion of personal data or restriction on the processing of data carried out in accordance with Article 16, Article 17 (1) and Article 18 to any recipient to whom the personal data have been disclosed, unless this proves impracticable or implies disproportionate effort. Editor – SUN SHINE A.E. shall inform the data subject of such recipients, if so requested by the data subject.

Right to data portability (Article 20 GDPR)

You have the right to receive the personal data relating to you provided to the controller in a structured, commonly used and machine-readable format, as well as the right to transmit such data to another controller without objection from the controller who provided the personal data when:

(a) the procedure is based on consent in accordance with Article 6 (1) (a) or Article 9 (2) (a) or a contract in accordance with Article 6 (1) (b); and

(b) the processing is carried out by automated means.

Right to object (Article 21 GDPR)

You have the right to object at any time and for reasons related to your particular situation to the processing of personal data concerning you based on Article 6 (1) (e) or (f), including the preparation of profiles on the basis of such provisions.

Right to withdraw consent (Article 7 Requirements for consent) 

You have the right to withdraw your consent at any time. Withdrawal of consent does not affect the legality of the processing based on consent prior to its withdrawal. 

5. Exercise of rights

To request your personal data or exercise your rights as set out above and under the terms and conditions set by the GDPR, you can contact us at [email protected] or send your letter at the address Archipelagos Hotel, Kalo Livadi, Mykonos, PC 84 600.

6. Contact details of the Data Protection Officer

To exercise your rights or for any other reason regarding the processing of data performed by SUN SHINE SA and included in this update you can contact the SUN SHINE SA Data Protection Officer at [email protected] or via the SUN SHINE SA mailing address. Please note in the folder « For SUN SHINE SA Data Protection Officer ».

7. Time of Compliance of the Controller

Editor – SUN SHINE SA must respond to your requests and satisfy your rights, as provided by the GDPR, within one (1) month of the date of receipt of your request. The one month deadline may be extended for another two (2) months if the request is complex or the number of copies we have to provide is large. In this case we will inform you of the extension within one month of receipt of the request.  

8. Notification of personal data breach to data subject

Our company will promptly notify you of any breach of your personal data, as it may endanger your rights and freedoms.

9. Right to appeal to the HDPA

You have the right to file a complaint in case of breach of the provisions of Regulation 2016/679 to the competent supervisory authority

10. Updating the privacy policy

This Privacy Policy is updated whenever necessary.You frequently visit our site to stay up to date. In case we need / need to process your personal data for a purpose other than the one for which they were originally collected, we will contact you to provide you with any necessary information and, if necessary, request your consent.