Book a Room | Book a Table
Lofos Social House
Book a Room Book a Table
Lofos Social House

Privacy Policy

Last updated · 8 June 2026

This Privacy Policy explains how we collect, use and protect personal data when you use this website. It is published under the EU General Data Protection Regulation (GDPR) and Greek Law 4624/2019.

1. Who we are

This website is operated by ORFANOUDAKIS KAI SIA O.E., trading as Lofos Social House, with registered address at Olympou, Vatheianos Kampos, Heraklion 71500, Crete, Greece. We are the data controller for personal data collected through this website.

For any privacy-related question or to exercise your rights below, write to stay@lofoscrete.com.

2. What personal data we collect

We collect only the data we need to operate the site and respond to you:

  • Contact form — name, email, subject and message you submit.
  • Server logs — IP address, user agent, requested URL and referrer (kept for security and troubleshooting).
  • Analytics (only with your consent) — pages visited, anonymised IP, device and browser information collected by Google Analytics.
  • Cookies — see Section 6 below.

3. Why we use it (legal basis)

  • To reply to inquiries — legitimate interest / pre-contractual steps at your request.
  • To confirm and manage bookings — contract performance.
  • To keep the site secure and operational — legitimate interest.
  • To understand site usage via analytics — your consent (cookie banner).

4. How long we keep it

  • Contact form messages: 24 months.
  • Server logs: approximately 30 days.
  • Analytics: as configured in Google Analytics (default retention 2–14 months).
  • Booking records: as required for accounting and tax law (typically 5–10 years).

5. Who processes data on our behalf

Where useful, we share limited data with trusted service providers acting as data processors under written terms:

  • Brevo (Sendinblue SAS, France) — delivers contact form submissions to our inbox.
  • Google Analytics (Google Ireland Ltd) — anonymised website statistics, only with your consent.
  • Google Maps (Google Ireland Ltd) — embedded map on the Contact page.
  • Google Fonts (Google Ireland Ltd) — typography served from Google's CDN.
  • Hosting provider — server infrastructure inside the EU.

We do not sell or rent personal data, and we do not use it for advertising or profiling.

6. Cookies

This site sets a minimal number of cookies:

  • Essential — stores your consent choice so the banner does not reappear. Always set.
  • Analytics (Google Analytics: _ga, _ga_*) — set only after you click "Accept all" in the cookie banner. Used for aggregated website statistics.

No advertising, marketing or third-party tracking cookies are used. You can change your choice at any time via the Cookie preferences link in the footer.

7. International transfers

Some of our processors (notably Google) may transfer data to servers outside the European Economic Area. Such transfers are protected by the EU–US Data Privacy Framework, Standard Contractual Clauses, or equivalent safeguards as required by GDPR.

8. Your rights under GDPR

You have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate or incomplete data.
  • Request deletion ("right to be forgotten").
  • Restrict or object to processing.
  • Receive your data in a portable format.
  • Withdraw consent at any time, where consent is the legal basis.
  • Lodge a complaint with the Hellenic Data Protection Authority.

To exercise any of these rights, write to stay@lofoscrete.com. We respond within 30 days.

9. Children

This site is not directed at children under 16, and we do not knowingly collect data from minors through it.

10. Updates to this policy

This policy may be updated from time to time to reflect changes in law, our services or our processors. The "Last updated" date at the top of the page indicates the latest revision.