Privacy Policy
Data Controller and Contact Information
Karakontis Management Ltd is the data controller for all personal data processed through our website and services. We are registered in the Republic of Cyprus and comply with the General Data Protection Regulation (GDPR) and applicable EU data protection laws. For any questions regarding your personal data or to exercise your data rights, please contact us at ck@urbanicahospitality.com.
What Data We Collect
We collect personal data in limited circumstances to operate our website and deliver our services. The types of data collected include:
Contact Form Data: If you submit a contact form on our website, we collect your name, email address, and message content. This information is used solely to respond to your inquiry and is not used for marketing purposes unless you explicitly consent.
Google Analytics Data: We use Google Analytics (via Google Tag Manager, ID: AW-18042715737) to understand how visitors use our website. This includes anonymised IP addresses, pages visited, device information, browser type, and referral source. Google Analytics uses cookies to track this data. We process this data with your consent through our cookie banner. Individual users cannot be identified from this data.
Payment Data: When you purchase a digital product, payment information (such as credit card details) is processed by our third-party payment processor (Stripe or similar service). We do not store your payment information on our servers. Payment data is processed under a data processing agreement with our payment processor and in compliance with PCI DSS standards.
Legal Basis for Processing
Consent: For contact form submissions, we process your data based on your consent when you choose to submit the form. You may withdraw this consent at any time by requesting data deletion.
Legitimate Interest: We process analytics data based on our legitimate interest in understanding website usage patterns, improving our services, and troubleshooting technical issues. We balance this interest against your privacy rights through anonymization and aggregation.
Contract Performance: When you purchase a digital product, we process payment and order data as necessary to fulfill the purchase agreement and deliver your product.
Google Analytics and Cookies
Google Analytics uses cookies such as _ga, _gat, and _gid to collect usage data. These cookies are placed on your device when you visit our website. The cookies have a default retention period of 26 months for user-level data in Google Analytics. You can view more information about Google Analytics cookies here.
To opt out of Google Analytics data collection, you can install the Google Analytics Opt-out Browser Add-on. You can also control cookie preferences through your browser settings.
Data collected by Google Analytics is stored on Google's servers and is subject to Google's Privacy Policy. We have a Data Processing Agreement with Google to ensure your data is protected.
Data Sharing and Third Parties
We do not sell, rent, or lease your personal data to third parties. However, we share data with trusted partners as necessary to operate our services:
Google (Analytics): We share anonymised analytics data with Google to understand website usage patterns. Google acts as a data processor under our Data Processing Agreement.
Payment Processor (Stripe or similar): We share payment information with our third-party payment processor to process your purchase. The payment processor is a data controller for payment data and processes this information according to their own privacy policy and PCI DSS compliance requirements.
Legal Compliance: We may disclose personal data if required by law, court order, or governmental request, provided such request is valid and legally enforceable.
Data Retention Periods
Contact Form Data: We retain contact form submissions for up to 1 year for customer support purposes, unless you request deletion earlier.
Analytics Data: Google Analytics retains user-level data for a default period of 26 months. Aggregated analytics reports are retained indefinitely for business analysis purposes.
Payment Data: Payment information is retained by our payment processor according to their data retention policies and applicable financial regulations, typically 7 years for tax and regulatory compliance.
Your Rights Under GDPR
As a data subject within the EU, you have the following rights under the GDPR:
Right of Access: You have the right to request a copy of the personal data we hold about you in a portable format.
Right to Rectification: If your personal data is inaccurate or incomplete, you have the right to request that we correct or complete it.
Right to Erasure (Right to be Forgotten): You have the right to request deletion of your personal data, subject to certain exceptions (such as legal obligations or legitimate business interests).
Right to Restrict Processing: You may request that we restrict the processing of your personal data while a request is being investigated or disputed.
Right to Data Portability: You have the right to receive your personal data in a structured, commonly-used, machine-readable format and to transmit that data to another controller.
Right to Object: You have the right to object to processing of your personal data for direct marketing, analytics, or other purposes based on legitimate interest.
Right to Lodge a Complaint: If you believe your rights have been violated, you have the right to lodge a complaint with your local data protection supervisory authority.
Supervisory Authority
For residents of Cyprus, the competent data protection supervisory authority is the Office of the Commissioner for Personal Data Protection (OCDP). If you have concerns about how we handle your personal data, you may contact them directly or file a complaint. More information is available at their website.
For EU residents from other member states, you may contact your local supervisory authority. Each EU member state has a dedicated data protection authority listed on the EDPB website.
Security of Personal Data
We implement appropriate technical and organizational security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These include SSL/TLS encryption for data in transit, secure server infrastructure, and limited access to personal data within our organization. However, no security measure is completely impenetrable, and we cannot guarantee absolute security.
Children's Privacy
Our website and services are not intended for individuals under the age of 13. We do not knowingly collect personal data from children under 13. If we become aware that a child under 13 has provided us with personal data, we will delete such data promptly.
Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by updating the "Last updated" date on this page. Continued use of our website constitutes your acceptance of the updated Privacy Policy.
Exercising Your Rights
To exercise any of your rights under the GDPR, please submit a written request to ck@urbanicahospitality.com. We will respond to your request within 30 days or provide an explanation of any delays. You may be asked to verify your identity to ensure we are providing data to the correct individual.
Contact Us
If you have any questions about this Privacy Policy or our data handling practices, please contact us at ck@urbanicahospitality.com. We are committed to working with you to resolve any concerns about your privacy.