Privacy Policy

1. Who We Are

4 Elements Massage Kefalonia is a massage therapy business operated by Fotis, based in Vlachata, Kefalonia 281 00, Greece. We provide studio and mobile massage services across the island of Kefalonia.

Data Controller: 4 Elements Massage Kefalonia
Address: Vlachata, Kefalonia 281 00, Greece
Email: relax@massage4kefalonia.com
Phone: +30 694 480 1019

2. What Personal Data We Collect

We may collect the following personal data when you interact with us:

• Contact information: Name, email address, phone number — when you fill out our contact form, book an appointment, or reach out via WhatsApp, phone, or email.
• Booking details: Preferred service, date, time, and any special requests or health information you voluntarily share to help us tailor your session.
• Technical data: IP address, browser type, device information, and pages visited — collected automatically through cookies and server logs when you browse our website.
• Communication data: The content of messages you send us through our contact form, email, or social media.

3. How We Use Your Data

We process your personal data for the following purposes:

• To provide our services: Processing your bookings, confirming appointments, and delivering massage therapy sessions.
• To communicate with you: Responding to enquiries, sending appointment reminders, and following up on your experience.
• To improve our website: Understanding how visitors use our site so we can improve its functionality and content.
• To comply with legal obligations: Meeting our obligations under Greek law and EU regulations, including tax and accounting requirements.

4. Legal Basis for Processing

Under the General Data Protection Regulation (GDPR) and Greek Law 4624/2019, we process your personal data based on:

• Your consent: When you submit a contact form, send us a message, or accept cookies on our website.
• Contractual necessity: When processing is needed to fulfil a booking or provide a service you have requested.
• Legitimate interests: To improve our services, maintain the security of our website, and respond to enquiries — provided these interests do not override your rights.
• Legal obligation: When we are required to retain certain data under Greek tax or business laws.

5. How We Share Your Data

We do not sell, rent, or trade your personal data. We may share limited data with the following trusted third parties, solely to deliver our services:

• Setmore: Our online booking platform, used to manage appointments. View their privacy policy.
• Formspree: Processes contact form submissions securely. View their privacy policy.
• Google: We use Google Maps on our contact page and Google Analytics to understand website traffic. View their privacy policy.
• Cloudflare: Provides CDN and security services for our website. View their privacy policy.

All third-party providers are GDPR-compliant and process data in accordance with EU data protection standards.

6. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes outlined above:

• Booking records: Retained for up to 5 years to comply with Greek tax obligations.
• Contact form messages: Retained for up to 12 months, then deleted unless an ongoing business relationship exists.
• Website analytics data: Anonymised and retained for up to 26 months.

7. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

• Right of access: Request a copy of the personal data we hold about you.
• Right to rectification: Ask us to correct any inaccurate or incomplete data.
• Right to erasure: Request deletion of your personal data where there is no compelling reason for continued processing.
• Right to restrict processing: Ask us to limit how we use your data in certain circumstances.
• Right to data portability: Receive your data in a structured, machine-readable format.
• Right to object: Object to processing based on legitimate interests or direct marketing.
• Right to withdraw consent: Withdraw your consent at any time where processing is based on consent.

To exercise any of these rights, contact us at relax@massage4kefalonia.com. We will respond within 30 days.

8. Data Security

We take appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, destruction, or alteration. Our website uses HTTPS encryption, and we work only with GDPR-compliant service providers.

9. International Transfers

Some of our third-party service providers may process data outside the European Economic Area (EEA). Where this occurs, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission, or the service provider is certified under the EU-US Data Privacy Framework.

10. Complaints

If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Hellenic Data Protection Authority (HDPA):

Hellenic Data Protection Authority
Kifisias 1-3, 115 23 Athens, Greece
Phone: +30 210 6475600
Website: www.dpa.gr

11. Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices or legal requirements. Any updates will be posted on this page with a revised "last updated" date. We encourage you to review this page periodically.