Privacy Policy
Privacy Policy
Last updated: 10 March 2026
Contact (privacy requests): info@messinia-holidays.com
Hosting: Papaki (EU)
This Privacy Policy explains how Messinia Holidays collects and processes personal data when you use our website.
1. Personal data we collect
Depending on how you interact with the website, we may collect:
A) Data you provide
- Contact form: name and email (and the message content you submit)
- Newsletter: email (and optional preferences)
- Purchases (PDF Shop): billing details (as required), email, transaction identifiers, product(s) purchased
B) Data collected automatically
- Technical data: IP address, browser/device information, pages viewed, approximate location (derived from IP), timestamps
- Cookies/identifiers: as described in our Cookie Policy
We do not intentionally collect special categories of data (e.g., health).
2. Purposes and legal bases
We process personal data for:
- Website operation & security (legitimate interests)
- Responding to inquiries (legitimate interests / pre-contract steps)
- Delivering digital products (PDFs) and handling orders (performance of a contract)
- Accounting/tax compliance (legal obligation)
- Analytics (GA4 via GTM) (consent for non-essential cookies)
- Marketing measurement (Meta Pixel) (consent for non-essential cookies)
- Newsletter marketing (Mailchimp) (consent; you can withdraw at any time)
3. Cookies and consent
We use cookies and similar technologies. Non-essential cookies (analytics/marketing) are set only after your consent and can be changed anytime via Cookie Settings (available from the cookie banner or a site link).
4. Who we share data with
We may share personal data with trusted service providers:
- Hosting: Papaki (EU)
- Analytics & tag management: Google Analytics 4 (GA4) and Google Tag Manager (GTM) (enabled based on consent)
- Search Console (GSC): uses aggregated site performance data; it is not a visitor-tracking cookie tool by itself
- Marketing: Meta Pixel (enabled based on consent)
- Newsletter/email marketing: Mailchimp
- Payments: Stripe (payment processing). We do not receive or store your full card details; Stripe processes them directly.
Affiliate partners and third-party platforms you visit through our links may process data as independent controllers under their own policies.
5. International transfers
Some providers (e.g., Google, Meta, Mailchimp, Stripe) may process data outside the EEA. Where required, we rely on appropriate safeguards such as Standard Contractual Clauses or other lawful transfer mechanisms.
6. Data retention
We keep data only for as long as necessary:
- Contact requests: up to 24 months
- Newsletter: until you unsubscribe
- Purchase records: as required by applicable accounting/tax laws
- Analytics/marketing data: according to tool settings and consent choices
7. Your GDPR rights
You may have the right to access, rectify, erase, restrict, object, and request portability of your data, and to withdraw consent at any time where consent is the legal basis.
You may also lodge a complaint with the Hellenic Data Protection Authority (HDPA).
To exercise your rights, email: info@messinia-holidays.com (subject: “GDPR Request”).
8. Children
This website is not intended for children under 15 where consent is required for information society services.
9. Security
We apply reasonable security measures; however, no online service can guarantee absolute security.
10. Third-party links
Our site contains links to third-party sites (including affiliate partners). Their privacy practices are governed by their own policies.
