Privacy Policy

MykonosAll ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and share your personal data when you use our website and concierge services, in accordance with the General Data Protection Regulation (GDPR — EU 2016/679) and applicable Greek data protection laws.

1. Data Controller

2. Personal Data We Collect

We collect and process the following categories of personal data:

3. Legal Basis for Processing

We process your personal data based on one or more of the following legal grounds under Article 6 of the GDPR:

• ✦Contractual necessity: To provide the concierge services you request, manage bookings, and fulfil our obligations to you.
• ✦Consent: For sending marketing communications, push notifications, and non-essential cookies. You may withdraw consent at any time.
• ✦Legitimate interest: To improve our services, ensure security, and conduct internal analytics.
• ✦Legal obligation: To comply with tax, accounting, and other regulatory requirements under Greek and EU law.

4. How We Use Your Data

• ✦To create and manage your account
• ✦To process and fulfil service requests and bookings
• ✦To communicate with you about your trips and requests
• ✦To send booking confirmations, updates, and notifications
• ✦To respond to your inquiries via the contact form
• ✦To improve our website, services, and user experience
• ✦To comply with legal and regulatory obligations

5. Data Sharing & Third Parties

We do not sell your personal data. We share it only with the following categories of trusted third parties, all of which are bound by data processing agreements:

6. International Data Transfers

Some of our service providers (Vercel, Supabase) are based in the United States. Where personal data is transferred outside the European Economic Area (EEA), we ensure adequate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission, in compliance with Chapter V of the GDPR.

7. Data Retention

• ✦Account data: Retained for as long as your account is active. Deleted within 30 days of account closure upon your request.
• ✦Contact form messages: Retained for up to 12 months, then deleted.
• ✦Booking & trip data: Retained for up to 5 years for legal and accounting purposes under Greek tax law.
• ✦Technical logs: Automatically deleted after 90 days.

8. Your Rights Under GDPR

As a data subject, you have the following rights under the GDPR. You may exercise any of these by contacting us at info@mykonosall.com:

We will respond to your request within 30 days. If you are not satisfied with our response, you have the right to lodge a complaint with the Hellenic Data Protection Authority (HDPA) — www.dpa.gr.

9. Cookies

Our website uses the following types of cookies:

We do not currently use analytics or advertising cookies. If this changes, we will update this policy and request your consent.

10. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including encrypted data transmission (TLS/SSL), secure password hashing, role-based access controls, and regular security reviews. While no method of transmission over the internet is 100% secure, we take all reasonable steps to protect your data in line with industry best practices.

11. Children's Privacy

Our services are not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately and we will take steps to delete it.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated "Last updated" date. For material changes, we will notify registered users via email. We encourage you to review this page periodically.

13. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please contact us: