Privacy Policy

PRIVACY POLICY 
Last updated: [14 January 2026]

This Privacy Policy explains how we collect, use, and protect your personal data when you visit opuntia.gr (the “Website”), contact us, or book an experience.

1) Data Controller

[LEGAL ENTITY NAME : ΠΑΠΑΔΑΤΟΥ ΑΝΔΡΟΜΑΧΗ ΑΝΑΣΤΑΣΙΟΣ]
Address: Keramies, Kefalonia, 28100, Greece
Email: info@opuntia.gr
Phone: +30 6937 260 097

2) What data we collect

a) Data you provide to us
- Contact details (name, email, phone)
- Booking details (experience selected, date/time, number of people, notes you submit, dietary requirements/allergies if you choose to share them)
- Billing/receipt details if required by law (e.g., name and tax details where applicable)
- Any messages you send us by email or other channels

b) Data collected automatically
- Technical and usage data (IP address, device/browser information, approximate location derived from IP, pages viewed, timestamps) via server logs and similar technologies for security and basic operation.

3) Why we use your data (purposes)

We use personal data to:
- Respond to your inquiries and requests
- Manage bookings and provide the experiences you request
- Provide customer support and handle changes/cancellations
- Process payments (where applicable)
- Maintain the Website’s security, prevent fraud/abuse, and troubleshoot issues
- Meet legal and accounting obligations

4) Legal bases (GDPR)

We process personal data based on:
- Contract (Article 6(1)(b)) – to manage your booking and deliver the requested service
- Legitimate interests (Article 6(1)(f)) – to secure and improve the Website, prevent fraud/abuse, and communicate with you about your request
- Legal obligation (Article 6(1)(c)) – where we must keep records for tax/accounting or comply with lawful requests
- Consent (Article 6(1)(a)) – where required (e.g., optional cookies/marketing). You can withdraw consent at any time.

5) Payments (Viva Payments / Viva.com)

If you pay online, payment is processed by Viva (Viva.com / Viva Wallet / Viva Payments) through a payment page and systems provided by Viva. We do not receive or store your full card number or card security code. We typically receive only payment confirmation and limited transaction information (e.g., status, amount, order reference, transaction ID) needed to complete your booking and support refunds/chargebacks where applicable.
Viva processes personal data under its own privacy notice. Please review Viva’s privacy information before completing payment.

6) Sharing your data (recipients)

We may share personal data only as needed with:
- Payment provider(s): Viva (for payment processing)
- Service providers that help us run the Website and bookings (hosting, email delivery, booking/checkout tools, anti-spam/security tools)
- Professional advisors (accountant, legal counsel) where necessary
- Authorities/courts where required by law

We do not sell your personal data.

7) WhatsApp and Google Maps links

If you choose to contact us via WhatsApp (“Text us”) or use the “Get Directions” link, you will be interacting with third-party services (WhatsApp/Meta and Google). Those providers process data under their own policies.

8) International transfers

Some providers (e.g., messaging or map services) may process data outside the European Economic Area. Where applicable, transfers are safeguarded using recognized legal mechanisms (such as Standard Contractual Clauses) and/or other lawful safeguards provided by those vendors.

9) Retention

We keep personal data only for as long as necessary for the purposes above:
- Booking and communications data: for as long as needed to manage the booking and support follow-ups
- Accounting/tax records: as required by applicable law
- Security logs: for a limited period, unless needed to investigate abuse or security incidents

10) Your rights

Subject to conditions, you have the right to:
- Access your data
- Correct inaccurate data
- Delete your data
- Restrict or object to processing
- Data portability (where applicable)
- Withdraw consent (where processing is based on consent)
To exercise rights, contact us at info@opuntia.gr.

You also have the right to lodge a complaint with the Hellenic Data Protection Authority (HDPA).

11) Security

We use appropriate technical and organizational measures to protect personal data. However, no method of transmission or storage is 100% secure.

12) Children

Our Website and experiences are not intended for children acting without the consent/oversight of a parent or guardian. If you believe a child has provided us personal data without appropriate consent, contact us.

13) Changes to this Policy

We may update this Privacy Policy from time to time. The “Last updated” date will indicate the latest revision.