Legal information
Privacy Policy
Last updated: 25 June 2026
This Privacy Policy explains how Sylligardos & Co. G.P., which operates “To Potiraki”, collects, uses and protects the personal data of website visitors.
1. Data controller
The controller responsible for personal data is Sylligardos & Co. G.P.
- Address: 7-8 Eleftheriou Venizelou Square, Agios Nikolaos, Crete, Greece
- Telephone: +30 28410 24674
- Email: info@topotiraki.gr
2. Personal data we collect
Depending on how you use the website, we may collect:
- your name, email address, telephone number and message when you use the contact form,
- your name, contact details, rating and comments when you use the private feedback form,
- technical information such as IP address, device type, browser, access date and time through server logs,
- website usage statistics through Google Analytics 4, only where you have given consent.
3. Purposes and legal bases
- To answer enquiries and contact requests, based on our legitimate interest in assisting visitors and customers.
- To receive and assess private feedback, based on our legitimate interest in improving our services.
- To maintain website security, technical operation and prevent malicious activity, based on legitimate interest.
- To perform statistical analysis through Google Analytics 4, based only on your consent.
4. Google Analytics 4
The website may use Google Analytics 4 to measure traffic and improve its content.
Google Analytics will not be activated before you provide consent through the cookie banner. You may refuse or withdraw consent at any time through the cookie settings.
According to Google, Google Analytics 4 does not log or store IP addresses. It may nevertheless process technical and statistical information and use cookies such as _ga.
5. Recipients and service providers
Personal data may be accessible only to authorised members of the business and providers supporting the website, such as the hosting provider, email provider and, after consent, Google for Google Analytics.
6. Transfers outside the European Economic Area
Some providers may process data outside the European Economic Area. Where this occurs, lawful safeguards are applied, such as adequacy decisions or standard contractual clauses.
7. Retention period
- Contact and feedback messages are kept only for as long as necessary to handle and respond to them and normally for no longer than 12 months, unless a lawful reason requires longer retention.
- Technical server logs are retained for a limited period determined by the hosting provider for security and operational purposes.
- Google Analytics data is retained for the period configured in the relevant service settings.
8. Your rights
Under the General Data Protection Regulation, you may, depending on the circumstances, request:
- access to your personal data,
- correction of inaccurate or incomplete data,
- erasure of data,
- restriction of processing,
- objection to processing,
- data portability, where applicable,
- withdrawal of consent at any time, without affecting the lawfulness of processing carried out before withdrawal.
To exercise your rights, contact us at info@topotiraki.gr.
9. Right to lodge a complaint
You have the right to lodge a complaint with the Hellenic Data Protection Authority if you believe that the processing of your personal data breaches applicable law.
10. Data security
We use appropriate technical and organisational measures to protect personal data against loss, unauthorised access, alteration or disclosure.
11. Links to third-party services
The website may contain links to third-party services such as Google, Tripadvisor, MyTable and social networks. These services apply their own privacy policies and are not controlled by us.
12. Changes to this Privacy Policy
This Policy may be updated when website functions or legal requirements change. The date of the latest update appears at the top of this page.