This Privacy Policy explains how Dimas Apartments & Studios (“we”, “us”, “our”), located at Kassiopi, Corfu 49100, Greece, collects, uses, and protects information when you visit https://www.dimaskassiopi.com.
1. What Data We Collect
We collect only the information you voluntarily provide to us and limited analytics data generated automatically by your visit.
This data is associated with a randomly generated identifier and does not directly identify you.
2. How We Use Your Data
We use the information we collect exclusively for the following purposes:
To respond to your enquiry or booking request — we use your name and email address to reply to messages you send us.
To process a reservation — booking details (dates, room, guest numbers) are used solely to manage your stay.
To improve our website — anonymised GA4 analytics help us understand which pages are most useful and identify areas for improvement.
We do not sell, rent, or share your personal data with third parties for marketing purposes.
3. Cookies
Our website uses a small number of cookies and browser storage:
Analytics Cookies (Google Analytics 4)
If you accept cookies, GA4 sets first-party cookies (typically named _ga and _ga_*) to distinguish users and sessions. These cookies expire after 2 years. GA4 data is processed by Google in accordance with Google's Privacy Policy.
Cookie Consent Preference
When you accept or reject cookies on our banner, your choice is saved to localStorage under the key cookieConsent. This value remains in your browser until you clear site data. No server-side cookie is set for this purpose.
Session Cookie
A temporary PHP session cookie (PHPSESSID) is set to protect our forms against cross-site request forgery (CSRF). It expires when you close your browser and contains no personal information.
Managing Cookies
You can withdraw consent at any time by clearing your browser's cookies and local storage, or by using your browser's privacy settings. Please note that disabling cookies will not affect your ability to browse the site.
4. Data Retention
Form submissions (contact and booking enquiries) are delivered directly to our email inbox and are not stored in any database on our server. Emails are retained only as long as necessary to handle your enquiry or reservation, after which they may be deleted at our discretion.
Google Analytics data is retained for 14 months within Google's systems, after which it is automatically deleted.
5. Your Rights (GDPR)
If you are located in the European Economic Area, you have the following rights regarding your personal data:
Right of access — you can request a copy of any personal data we hold about you.
Right to rectification — you can ask us to correct inaccurate or incomplete data.
Right to erasure — you can ask us to delete your personal data (“right to be forgotten”).
Right to restrict processing — you can ask us to limit how we use your data.
Right to data portability — you can request your data in a structured, machine-readable format.
Right to object — you can object to processing based on legitimate interests.
To exercise any of these rights, please contact us at the address below. We will respond within 30 days.
6. Data Security
Our website is served over HTTPS (TLS) to encrypt data in transit. Form submissions are protected by CSRF tokens. We do not store payment card details — payment arrangements are agreed separately and directly.
7. Third-Party Services
This website uses the following third-party services which may process data on our behalf: