1. Who Is Responsible for Your Data

The data controller for this website is the individual owner and operator of Mr. Gentleman Santorini, operating as a private independent service provider under Greek law. All enquiries regarding personal data may be directed to:

Email: mrgentleman.santorini@gmail.com

Jurisdiction: Heraklion, Crete, Greece

2. What Data I Collect and Why

I collect only the minimum personal data necessary to respond to enquiries and coordinate arrangements. Specifically:

a) Data you provide voluntarily

When you submit the contact form on this website, you may provide:

Your name (first name only is sufficient)
Your email address
Your phone number (optional)
Your preferred dates
The nature of your enquiry or desired experience
Any additional information you choose to share in your message

Purpose: To respond to your enquiry, provide information about services, and coordinate arrangements if you proceed with a booking.

Legal basis: Legitimate interest (Article 6(1)(f) GDPR) and, where relevant, performance of a contract (Article 6(1)(b) GDPR).

b) Data collected automatically

This website may collect anonymised technical data including IP addresses, browser type, pages visited, and session duration through analytics tools (such as Google Analytics or Microsoft Clarity). This data cannot be used to identify you personally.

Purpose: To understand how the website is used and improve its performance and content.

Legal basis: Legitimate interest (Article 6(1)(f) GDPR), subject to your cookie consent where required.

c) Communications data

If you contact me via WhatsApp, Telegram, Signal, Viber, or email directly, I retain only the content necessary to manage our communication and any subsequent arrangement. I do not store copies of messages beyond what is operationally necessary.

3. How I Use Your Data

Your personal data is used solely for the following purposes:

Responding to your enquiry privately and promptly
Coordinating and confirming arrangements for services
Following up on previous communications where relevant
Improving the website and understanding visitor behaviour (anonymised only)

I do not use your data for unsolicited marketing, profiling, or any purpose other than those stated above. I do not sell, rent, trade, or share your personal data with any third party, ever.

4. Confidentiality and Discretion

The nature of the services provided by Mr. Gentleman Santorini is inherently private. I apply the highest standard of confidentiality to all client data — significantly exceeding standard data protection requirements. Specifically:

No client information is ever discussed with or disclosed to any third party
No client lists, records, or personal details are stored in shared systems
All direct communications are conducted through encrypted channels (WhatsApp, Signal, Telegram) wherever possible
Form submissions are transmitted via encrypted SMTP (TLS) to a private Gmail account accessible only to me
Your identity, your arrangements, and the existence of your enquiry remain entirely private

5. Data Retention

I retain personal data only for as long as is necessary for the purpose for which it was collected:

Enquiries that do not lead to an arrangement: Data is deleted within 30 days of the final communication.
Arrangements that are confirmed: Relevant communication is retained for up to 12 months for continuity purposes, then permanently deleted.
Anonymised analytics data: Retained in accordance with the analytics provider's standard retention policy (typically 14–26 months), after which it is automatically deleted.

You may request early deletion of your data at any time (see Section 8).

6. Cookies

This website uses cookies — small text files stored on your device — for the following purposes:

Cookie type	Purpose	Can be declined?
Essential / Functional	Required for the website to function correctly (e.g. session management, age verification banner)	No — these are strictly necessary
Analytics	Anonymised visitor behaviour data (Google Analytics, Microsoft Clarity)	Yes — via cookie consent banner

You may manage your cookie preferences at any time through your browser settings. Declining analytics cookies does not affect your ability to use the website or contact me.

7. Third-Party Services

This website may use the following third-party services, each with their own privacy policies:

Google Analytics — anonymised website usage statistics. Privacy policy: policies.google.com/privacy
Microsoft Clarity — anonymised heatmap and session analytics. Privacy policy: privacy.microsoft.com
Google Fonts — typography loaded from Google servers, which may log your IP address. Privacy policy: policies.google.com/privacy
Gmail (Google SMTP) — email delivery of contact form submissions. Privacy policy: policies.google.com/privacy

I do not use advertising networks, retargeting pixels, or social media tracking tools on this website.

8. Your Rights Under GDPR

Under the General Data Protection Regulation (EU 2016/679) and Greek Law 4624/2019, you have the following rights regarding your personal data:

Right of access: You may request a copy of the personal data I hold about you.
Right to rectification: You may request correction of inaccurate or incomplete data.
Right to erasure: You may request permanent deletion of your personal data at any time.
Right to restriction: You may request that I limit the processing of your data in certain circumstances.
Right to data portability: You may request your data in a commonly used, machine-readable format.
Right to object: You may object to processing of your data based on legitimate interests.
Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact me at mrgentleman.santorini@gmail.com. I will respond within 30 days. If you believe your rights have been violated, you have the right to lodge a complaint with the Hellenic Data Protection Authority (HDPA): www.dpa.gr

9. Data Security

I implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or disclosure:

Contact form submissions are transmitted via TLS-encrypted SMTP
Direct communications are conducted via end-to-end encrypted platforms (Signal, WhatsApp, Telegram) wherever possible
No client data is stored in cloud databases, CRM systems, or shared platforms
The website is served over HTTPS (TLS encryption)

No method of transmission over the internet is completely secure. While I take every reasonable precaution, I cannot guarantee absolute security of data transmitted to me electronically.

10. International Transfers

Your data is processed within the European Economic Area (EEA). Where third-party services (such as Google Analytics) may transfer anonymised data outside the EEA, they do so under standard contractual clauses or other safeguards approved by the European Commission, in accordance with Article 46 GDPR.

11. Children's Privacy

This website and all associated services are strictly intended for adults aged 18 and over. I do not knowingly collect personal data from individuals under the age of 18. If I become aware that a minor has submitted personal data, that data will be deleted immediately.

12. Updates to This Policy

This Privacy Policy may be updated periodically to reflect changes in legal requirements, technology, or the services offered. The effective date at the top of this page indicates when the most recent revision was made. Continued use of the website following any update constitutes acceptance of the revised policy.

Significant changes will be communicated through the website's cookie consent mechanism or other appropriate means.

13. Governing Law

This Privacy Policy is governed by Greek law and the General Data Protection Regulation (EU 2016/679). Any disputes arising from or relating to this policy shall fall under the exclusive jurisdiction of the courts of Heraklion, Crete, Greece.