Privacy & Cookies Policy

Last updated: 12 May 2026

This Privacy Policy describes how we collect, use, and protect your personal data when you visit seatree.gr or contact us. We comply with EU law (General Data Protection Regulation — GDPR 2016/679) and Greek law 4624/2019.

1. Data Controller

The data controller responsible for processing your data is the owner of The SeaTree:

• Name / Legal entity: ΑΚΤΑΙ ΠΑΡΟΥ ΙΔΙΩΤΙΚΗ ΚΕΦΑΛΑΙΟΥΧΙΚΗ ΕΤΑΙΡΕΙΑ
• Distinctive title: ΑΚΤΑΙ ΠΑΡΟΥ Ι.Κ.Ε.
• VAT number (ΑΦΜ): 802416469 / D.O.Y. KEFODE Attikis
• Address: Grigoriou Lampraki 69, Glyfada, Attica, Greece
• Contact email: antocosto@gmail.com
• Phone: +30 697 3286 811

2. What data we collect

a) When you contact us directly

• Name
• Email
• Dates of interest (if selected via the calendar)
• The message you send

b) When you browse the site (only with your consent)

• Anonymous usage data via Google Analytics 4 (page views, session duration, country/city at city level, device type)
• IP address — pseudonymised by GA4

We do not collect sensitive data, payment data (handled directly by Stripe / Viva), or advertising data. We do not profile users.

3. Why we collect it — legal basis

• Direct contact messages: to respond to the booking enquiry you sent by email, phone, or WhatsApp. Legal basis: pre-contractual measures at your request (Article 6(1)(b) GDPR).
• Analytics: to understand how the site is used and improve it. Legal basis: consent via the cookie banner (Article 6(1)(a) GDPR).

4. Cookies

We use analytics cookies only — no advertising, no cross-site tracking. Analytics cookies are not loaded until you give explicit consent via the banner (Google Consent Mode v2 — default denied).

You may change or withdraw consent at any time by clearing cookies in your browser settings.

5. Third parties (processors)

We share the minimum necessary data with the following providers:

• Google Ireland Ltd. — Google Analytics 4 (pseudonymised usage data, only after consent).
• GitHub Inc. / Microsoft Corp. — site hosting (GitHub Pages).
• Stripe / Viva Payments — payment processing if you proceed with a booking. Card details never pass through us.

When you click external links (Airbnb, Booking.com), their own privacy policies apply — we do not share your data with them.

6. International data transfers

Google, GitHub, and payment processors may process data on servers outside the European Economic Area (mainly the USA). In those cases the transfer is covered by Standard Contractual Clauses approved by the European Commission and/or certifications such as the EU-US Data Privacy Framework.

7. Data retention

• Direct contact messages: up to 24 months after our last interaction, or until you request deletion.
• Booking / payment data: as required by Greek tax law (10 years for receipts).
• Analytics: 14 months (GA4 limit).

8. Your rights

Under Articles 15–22 of GDPR, you have the right to:

• Access your data
• Rectify inaccurate data
• Erasure ("right to be forgotten")
• Restrict processing
• Data portability
• Object to processing
• Withdraw consent at any time

To exercise any of these rights, email antocosto@gmail.com. We respond within 30 days.

9. Complaints

You have the right to lodge a complaint with the Hellenic Data Protection Authority (1-3 Kifisias Ave., 11523 Athens, +30 210 6475600).

10. Changes to this policy

We may update this policy. Material changes will be announced at the top of the page with a new date. Please check it periodically.