Privacy Policy

Privacy Policy

Last Updated: 18/11/2025
Website: GreekMonasteries.com
Contact Email: info@greekmonasteries.com
Location: Athens, Greece
Data Controller: GreekMonasteries.com (Athens, Greece)

1. Introduction

GreekMonasteries.com (“Website”, “we”, “our”, “us”) is committed to protecting your personal data and handling it responsibly, transparently, and in compliance with applicable data protection laws.
This includes:

  • General Data Protection Regulation (GDPR – EU Regulation 2016/679)
  • ePrivacy Directive (EU Directive 2002/58/EC as amended)
  • Greek Law 4624/2019 implementing GDPR
  • Relevant guidance issued by the Hellenic Data Protection Authority (HDPA)

This Privacy Policy explains, in detail:

What personal data we collect

We describe every category of data, the source of each category, and why it is needed.

Why we collect it

We identify the specific legal basis for each processing purpose under GDPR Articles 6 and 9.

How your data is stored, secured, and processed

We outline retention periods, security practices, anonymization logic, and technical measures.

Your rights as an EU data subject

We explain how you may exercise each individual GDPR right and how we respond.

How you can contact us

We operate exclusively via email to ensure traceability and confidentiality of communications.

By accessing or using this Website, you acknowledge that you have read and understood this Privacy Policy.

2. Data Controller

The entity responsible for determining the purposes and means of data processing is:

GreekMonasteries.com
Athens, Greece
Email: info@greekmonasteries.com

We chose to use email-only communication to ensure a controlled and secure channel where all personal data transmitted is protected and traceable. This reduces risk of unauthorized access.

3. Categories of Personal Data We Collect

We collect only the minimum data necessary to operate the Website safely, lawfully, and efficiently.

3.1. Data You Provide Voluntarily

These are data categories you actively send to us:

a. Contact Information

When you email us, we process:

  • Your name (if provided)
  • Your email address
  • The content of your message
  • Any attachments you send

Purpose:
To respond to inquiries, provide support, or fulfil a request.

Important: We never request sensitive personal data such as religious beliefs, health details, ethnicity, political orientation, or financial information. If a user voluntarily provides such data, we immediately delete it unless legally required to retain it.

b. User-Generated Content

Any data you may submit in emails or forms (if implemented), including:

  • Comments
  • Requests for corrections
  • Suggestions
  • Technical feedback

This content is stored only as long as needed to complete the communication, then deleted based on retention rules.

3.2. Data Collected Automatically

Automatic data collection occurs through your interaction with the Website. This is standard practice for security, functionality, and analytics.

a. Cookies

We use:

  • Essential cookies (always active; required for basic functionality)
  • Functional cookies (preferences)
  • Analytical cookies (only with consent)

No tracking cookies are used without explicit prior consent.

b. Device and Browser Information

Automatically collected data includes:

  • Browser type and version
  • Operating system
  • Device model
  • Language and region settings

Purpose:
Ensure compatibility, optimize display, and enhance user experience.

c. Technical Logs (Server Logs)

Our hosting environment automatically logs:

  • IP address (anonymized where possible)
  • Timestamp of page access
  • URL paths visited
  • Referrer data
  • Error logs
  • Security logs (e.g., blocked IPs)

Purpose:
Security, troubleshooting, operational integrity, attack prevention, and compliance with legal obligations (e.g., monitoring for fraud or unauthorized access).

d. Analytics Data

We use privacy-focused analytics tools (e.g., Google Analytics with IP anonymization or alternatives).
Data may include:

  • Page views
  • Time spent on pages
  • Device categories
  • Geographic region (not precise location)

All analytics follow data minimization and anonymization standards.

3.3. Data from Third-Party Services (If Implemented)

If the Website integrates external services, they may process additional technical data according to their own privacy policies. Examples include:

a. Google Analytics (IP anonymization enabled)

Collects aggregated, anonymized data about how users interact with the Website.

b. Travel or Hotel Widgets

Used to display accommodation options. Providers may collect data such as device information or click events.

c. Multimedia Embeds (YouTube, Vimeo, Maps, etc.)

These platforms may set cookies or process data upon interaction.

We configure all third-party integrations to the most privacy-friendly settings possible.

4. Legal Basis for Processing

Under GDPR, every processing activity must rely on a legally valid basis:

4.1. Consent – Article 6(1)(a)

We rely on user consent for:

  • Non-essential cookies
  • Analytical/tracking technologies
  • Newsletter subscriptions (if implemented)

Consent is:

  • Freely given
  • Specific
  • Informed
  • Revocable at any time

Users may withdraw consent from the cookie banner or by contacting us.

4.2. Performance of a Contract – Article 6(1)(b)

Applies when:

  • Users contact us seeking support
  • We respond to user inquiries
  • We fulfil direct user requests

Communication is considered part of the user’s contractual expectation.

4.3. Legitimate Interests – Article 6(1)(f)

Our legitimate interests include:

  • Ensuring Website security
  • Preventing misuse or fraud
  • Basic analytics for operational insights
  • Maintaining server stability
  • Debugging technical issues

We apply a balancing test to ensure these interests never override user rights or freedoms.

4.4. Legal Obligation – Article 6(1)(c)

We may process data when required to:

  • Comply with Greek or EU legislation
  • Cooperate with law enforcement
  • Retain logs for security auditing
  • Address legal claims or disputes

Such processing is strictly limited to what the law mandates.

5. How and Why We Use Your Data

Below is the detailed explanation of every purpose:

5.1. To Operate and Improve the Website

a. Monitoring Traffic and Performance (Analytics)

We analyze aggregated statistics to understand page usage patterns and improve content structure.

b. Debugging Issues

Technical logs help identify software errors, broken links, and server-related problems.

c. Preventing Spam and Abuse

Security systems monitor for bots, DDoS attacks, brute force attempts, and other forms of digital abuse.

These actions are essential for maintaining Website integrity and user safety.

5.2. To Communicate with You

a. Responding to Emails

We use your contact details solely to reply to your inquiries.
No marketing messages are sent without explicit consent.

b. Providing Support or Information

We address technical issues, provide guidance about Website content, and follow up on user requests.

No data is stored longer than necessary.

5.3. To Ensure Security

a. Detecting Suspicious Activity

Our systems track unusual behavior (e.g., repeated failed logins, malicious traffic patterns).

b. Protecting from Cyberattacks

IP addresses may be logged temporarily to block harmful connections.

c. Maintaining Data Integrity

Systems are monitored to ensure that content has not been altered or compromised.

We never use personal data for:
❌ Advertising profiling
❌ Selling user information
❌ Automated decision-making
❌ Remarketing campaigns
❌ Unsolicited communication

6. Cookies and Tracking Technologies

This Website uses a structured cookie classification system:

6.1. Essential Cookies (Strictly Necessary)

  • Enable core Website functions (security, load balancing, session management).
  • Cannot be disabled because the Website would not function normally without them.
  • These cookies do not store personal information.

6.2. Functional Cookies

  • Store user preferences (language, layout, accessibility settings).
  • Enhance usability, but are not strictly required.

6.3. Analytical Cookies

  • Measure site performance and user interaction.
  • Always anonymized or pseudonymized.
  • Activated only with explicit user consent (via cookie banner).

6.4. Third-Party Cookies (If Used)

These may originate from:

  • Mapping tools (e.g., Google Maps)
  • Embedded videos (YouTube, Vimeo)
  • Accommodation or travel widgets
  • Social media integrations

These cookies are optional; users may refuse them.

For detailed lists, refer to our Cookie Policy.

7. Data Sharing and Disclosure

We only share data when necessary for lawful Website operation.

7.1. Service Providers (Processors)

We may share data with vetted third-party processors, including:

  • Hosting and cloud infrastructure providers
  • Security monitoring tools
  • Email service systems
  • Analytics platforms (privacy-compliant)

All processors operate under GDPR-compliant Data Processing Agreements (DPAs) ensuring confidentiality, integrity, and restricted access.

7.2. Legal Authorities

We may disclose data only under lawful circumstances:

  • Court orders
  • Law enforcement requests
  • Regulatory investigations

We will never provide unnecessary data or voluntarily share user information.

8. International Data Transfers

If data flows outside the EU, it is safeguarded with:

  • Standard Contractual Clauses (SCCs)
  • Approved data transfer frameworks
  • Additional security measures (encryption, minimization)

We never transfer data to countries lacking adequate protection unless legally justified.

9. Data Retention

We retain data strictly for limited durations:

  • Emails: Up to 12 months after our last interaction.
  • Technical logs: Between 1–6 months, depending on security needs.
  • Analytics: Stored only in anonymized form, indefinitely.
  • Cookie preferences: 6–12 months, depending on settings.

When retention periods expire, data is permanently deleted or anonymized.

10. Your GDPR Rights

You may exercise any of these rights at any time by contacting us.

Right of Access

You may request confirmation of whether we process your data and receive a copy.

Right to Rectification

You may request correction of inaccurate, outdated, or incomplete data.

Right to Erasure (“Right to be Forgotten”)

You may request deletion of your data unless retention is required by law.

Right to Restrict Processing

You may request limited processing while data accuracy or legality is assessed.

Right to Data Portability

You may request your personal data in a structured, commonly used, machine-readable format.

Right to Object

You may object to processing based on legitimate interests.

Right to Withdraw Consent

You may withdraw consent at any time.
This does not affect prior lawful processing.

Right to Lodge a Complaint

You may submit a complaint to the supervisory authority:

Hellenic Data Protection Authority (HDPA)
Website: www.dpa.gr
Athens, Greece

11. Security Measures

We implement industry-standard security controls including:

  • SSL/TLS encrypted connections
  • Secure hosting infrastructure
  • Firewall and intrusion-prevention systems
  • Anti-malware scanning
  • Access controls and authentication restrictions
  • Routine software updates and patches
  • Data minimization practices
  • Secure data deletion protocols

While no system is completely immune from breaches, we take all appropriate measures to mitigate risk and respond rapidly.

12. Third-Party Links

Our Website may include links to external:

  • Monastery websites
  • Travel service providers
  • Accommodation platforms
  • Tourism resources

We do not control these sites and are not responsible for their privacy practices.
Users should consult each site’s respective privacy policy.

13. Children’s Privacy

This Website is not directed to individuals under 16 years old.
We do not knowingly collect, store, or process personal data of minors.
If we learn that a minor has submitted data, we delete it immediately.

14. Changes to This Privacy Policy

We may update this Privacy Policy to reflect:

  • Legal developments
  • Technological improvements
  • Changes in Website functionality

Updates take effect upon publication. Continued use of the Website indicates acceptance of revised terms.

15. Contact Information

For all GDPR-related requests, rights, or questions:

📧 Email: info@greekmonasteries.com
📍 Location: Athens, Greece

We communicate only via email for accuracy, traceability, and data protection compliance.

Scroll to Top