Privacy Policy

Last updated: [02/10/2025]

Paros Ancient Quarries Park respects your privacy and is committed to protecting your personal data in compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

This Privacy Policy explains what personal information we collect, how we use it, your rights, and how we keep your data safe.

1. Information We Collect

We collect the following types of personal information:
Information you provide:

  • When you make a donation via WooCommerce with Piraeus Bank e-Pay, we collect your name, email address, and billing information. Payment details are processed securely by Piraeus Bank and are not stored on our servers.
  • When you contact us using our contact forms, we collect your name, email address, and any information you include in your message.

Automatically collected information:

  • Through cookies and Google Analytics, we collect data such as IP address, device type, browser, operating system, pages visited, and the date/time of visits.

2. Legal Bases for Processing (GDPR)

We process your personal data under the following lawful bases:

  • Contractual necessity: To process donations you make through our website.
  • Consent: When you accept cookies or contact us via our forms.
  • Legal obligation: To comply with tax, accounting, and regulatory obligations.
  • Legitimate interest: To analyse and improve website performance, maintain security, and respond to inquiries.

3. How We Use Your Information

Your personal data may be used to:

  • Process and confirm donations.
  • Respond to your inquiries and communication.
  • Ensure the proper functioning, security, and performance of our website.
  • Analyse website usage and improve our services (via Google Analytics).
  • Comply with legal and regulatory obligations.

We do not sell, rent, or trade your personal information.

4. Cookies and Tracking Technologies

Our website uses cookies for:

  • Necessary cookies – Required for donations and site functionality.
  • Analytics cookies – Google Analytics is used to understand how visitors use our site. Google may collect data outside the EU, but we have configured Analytics to respect GDPR standards (IP anonymisation enabled, minimal data retention).

When you first visit our website, you will see a cookie consent banner. You can accept or reject non-essential cookies, and you may change your preferences at any time.

5. Data Location and Transfers

  • Our web server and email services are hosted in Europe (EEA), and your personal data is stored within the EU.
  • Donations are processed via Piraeus Bank e-Pay (Greece). Your payment information does not leave the EU.
  • Google Analytics may involve limited data transfers to the United States. Such transfers are subject to safeguards such as Standard Contractual Clauses and IP anonymisation.

6. Data Sharing

We may share your personal information only with:

  • Service providers necessary for website operation and donation processing (e.g., hosting provider, Piraeus Bank e-Pay, WooCommerce).
  • Google (Analytics) for site usage statistics.
  • Legal authorities, where disclosure is required by law.

7. Data Retention

  • Donation records (including personal data) are retained for the period required by Greek tax and accounting law.
  • Contact form submissions are kept only as long as necessary to respond to your inquiry.
  • Google Analytics data is retained according to our configured settings (currently [insert duration, e.g., 14 months]).

8. Data Security

We use appropriate technical and organisational measures to protect your personal data against unauthorised access, disclosure, alteration, or destruction. However, no method of transmission over the Internet is 100% secure.

9. Your Rights under GDPR

You have the following rights regarding your personal data:

  • Right of access – Obtain a copy of the personal data we hold about you.
  • Right to rectification – Request correction of inaccurate or incomplete data.
  • Right to erasure – Request deletion of your data, where applicable.
  • Right to restrict processing – Ask us to limit how we use your data.
  • Right to data portability – Receive your data in a structured, commonly used format.
  • Right to object – Object to processing based on legitimate interests or direct marketing.
  • Right to withdraw consent – Withdraw your consent at any time (e.g., for cookies).
  • Right to complain – File a complaint with the Hellenic Data Protection Authority (HDPA) or your local data protection authority.

To exercise these rights, please contact us at [Insert Contact Email].

10. Third-Party Links

Our website may contain links to external websites. We are not responsible for the privacy practices of those sites.

11. Updates to this Policy

We may update this Privacy Policy occasionally. The latest version will always be posted on this page with a revised “last updated” date.

12. Contact Us

If you have any questions about this Privacy Policy or your personal data, please contact us at:
Email
Address: Marathi, Paros