Summary: We collect only the information you give us directly (via WhatsApp, email, or our contact form) to arrange your Mykonos experience. We do not sell your data. We do not use advertising trackers. We comply with the EU General Data Protection Regulation (GDPR).
01 Who We Are
Mykonos Island Best is a luxury concierge and tourism promotion service operated by The Alpha Regal Group, owned by George Arvanitis, registered in Greece under GEMI number 187884703000.
Our registered business activities are:
- Tourism promotion and visitor information services (KAD 79901000)
- Video production for sales and marketing (KAD 59111201)
- Property rental and management services (KAD 68201100)
Data Controller contact:
Email: MykonosIslandBest@outlook.com
WhatsApp: +30 694 903 5331
Website: mykonos-island-best.com
02 Data We Collect
We collect personal data only when you voluntarily provide it to us. This may include:
- Identity data: Your name (first and/or last)
- Contact data: Email address, phone number, WhatsApp number
- Trip data: Travel dates, group size, occasion, preferences, and budget range as shared in your inquiry
- Communication data: The content of messages you send us via WhatsApp, email, or our contact form
- Technical data: Basic web server logs (IP address, browser type, pages visited) — retained for security purposes only and not linked to your identity
We do not collect payment card numbers, passport information, or any sensitive categories of personal data as defined under GDPR Article 9.
03 How We Use Your Data
Your personal data is used exclusively for the following purposes:
- Responding to your inquiry and providing the concierge service you requested
- Coordinating your booking with licensed third-party suppliers (yacht operators, villa owners, restaurants, venues)
- Sending you a curated proposal, options, or itinerary relevant to your trip
- Following up on an existing inquiry or booking
- Complying with applicable legal obligations
We do not use your data for automated decision-making, profiling, or direct marketing without your explicit consent.
04 Legal Basis for Processing
Under GDPR, we process your personal data on the following legal bases:
- Contract performance (Art. 6(1)(b)): Processing is necessary to respond to your inquiry and arrange the services you have requested.
- Legitimate interests (Art. 6(1)(f)): We have a legitimate interest in maintaining business records, responding to follow-up communications, and preventing fraud.
- Legal obligation (Art. 6(1)(c)): Where we are required to retain or disclose data by applicable Greek or EU law.
- Consent (Art. 6(1)(a)): Where you have explicitly provided consent (e.g., subscribing to receive information). You may withdraw consent at any time.
05 Data Sharing & Third Parties
We may share limited personal data with trusted third parties strictly as required to fulfil your booking:
- Service suppliers: Licensed yacht charter operators, villa owners, restaurant reservations teams, transfer providers, and other relevant partners — only to the extent necessary to confirm your booking
- IT and platform providers: Hostinger (website hosting, located in EU/EEA), Meta Platforms (WhatsApp communications), Microsoft (email via Outlook)
We do not:
- Sell your data to any third party
- Share your data with advertisers or data brokers
- Transfer your data outside the EU/EEA without appropriate safeguards
All third-party suppliers we use are required to treat your personal data with confidentiality and in accordance with applicable data protection law.
06 Data Retention
We retain your personal data only for as long as necessary:
- Active inquiries: Until your inquiry is resolved or your trip is completed
- Completed bookings: Up to 5 years for accounting and legal compliance purposes under Greek law
- Unanswered inquiries: Deleted or anonymised after 12 months of inactivity
- Marketing communications (if consented): Until you withdraw consent
Upon request, we will delete your personal data from our records, subject to any overriding legal retention obligations.
07 Your Rights Under GDPR
If you are located in the European Union (or the UK), you have the following rights regarding your personal data:
- Right of access (Art. 15): You may request a copy of the personal data we hold about you.
- Right to rectification (Art. 16): You may ask us to correct inaccurate or incomplete data.
- Right to erasure (Art. 17): You may ask us to delete your personal data ("right to be forgotten"), subject to legal retention obligations.
- Right to restriction (Art. 18): You may ask us to restrict processing of your data in certain circumstances.
- Right to data portability (Art. 20): You may request your data in a structured, machine-readable format.
- Right to object (Art. 21): You may object to processing based on legitimate interests.
- Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
To exercise any of these rights, contact us at MykonosIslandBest@outlook.com. We will respond within 30 days. You also have the right to lodge a complaint with the Hellenic Data Protection Authority (HDPA) at www.dpa.gr.
08 Cookies
Our website uses minimal cookies:
- Essential cookies: Required for basic site functionality. Cannot be disabled.
- Analytics cookies: If used, we rely only on privacy-respecting, anonymised analytics. No personal identifiers are tracked.
We do not use third-party advertising cookies, Facebook Pixel, Google Ads remarketing, or any cross-site tracking technology.
You can control or delete cookies through your browser settings at any time.
09 Data Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, alteration, or disclosure. These include:
- HTTPS encryption on all site communications
- Password-protected access to communication accounts
- Restricted access to personal data on a need-to-know basis
No method of transmission over the internet is 100% secure. In the event of a data breach that poses a risk to your rights, we will notify you and the relevant supervisory authority as required by GDPR.
10 Children's Privacy
Our services are intended for adults aged 18 and over. We do not knowingly collect personal data from individuals under 18. If you believe we have inadvertently collected data from a minor, please contact us immediately and we will delete it without delay.
11 Changes to This Policy
We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page will reflect any changes. Where changes are material, we will take reasonable steps to notify you (e.g. by a notice on our website). Your continued use of our services after any update constitutes acceptance of the revised policy.
12 Contact & Complaints
For any privacy-related questions, requests, or concerns, please contact us:
We are committed to resolving any concerns directly. If you are not satisfied with our response, you have the right to complain to the Hellenic Data Protection Authority (HDPA):
- Website: www.dpa.gr
- Address: Kifisias 1-3, 115 23 Athens, Greece
- Tel: +30 210 647 5600