PRIVACY POLICY

Including Information on Cookies, Web Analytics, and Integrated Services

We, Owl Estates O.E., take the protection of your personal data very seriously and adhere strictly to the rules of data protection laws. Personal data is only collected on this website to the extent that is technically necessary. Under no circumstances will the data collected be sold or passed on to third parties for other reasons. The following declaration gives you an overview of how we guarantee this protection and what type of data is collected for what purpose.

1) Name and Contact Details of the Data Controller

This data protection information applies to data processing by:

Owl Estates O.E.
 Amaniou
 ΤΚ: 85300 Kos
 Greece

E-mail: info[at]owl-estates[dot]com

2) Collection and Storage of Personal Data and the Nature and Purpose of Their Use

a) When Visiting the Website

When you visit our website www.paradiso-kos.com, the browser used on your device automatically sends information to the server of our website. This information is temporarily stored in a so-called log file. The following information is collected without any action on your part and stored until it is automatically deleted:

```
IP address of the requesting computer
```
```
Date and time of access
```
```
Name and URL of the retrieved file
```

Website from which the access was made (referrer URL)

Browser used and, if applicable, the operating system of your computer and the name of your access provider

We process the aforementioned data for the following purposes:

```
Ensuring convenient use of our website
```
```
Analysing system security and stability
```
```
Other administrative purposes
```

The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest follows from the data collection purposes listed above. Under no circumstances do we use the collected data for the purpose of drawing conclusions about your person.

We also use cookies and analysis services when you visit our website. You can find more detailed explanations on this in sections 4 and 5 of this privacy policy.

b) When Using Our Contact Form

If you have questions of any kind, we offer you the opportunity to contact us using a form provided on the website. It is necessary to provide a valid e-mail address so that we know who sent the enquiry and can answer it. Further information can be provided voluntarily.

Data processing for the purpose of contacting us is carried out in accordance with Art. 6 para. 1 sentence 1 lit. a) and b) GDPR on the basis of your voluntarily given consent. The personal data collected by us for the use of the contact form will be automatically deleted after your enquiry has been dealt with.

3) Transfer of Data

Your personal data will not be transferred to third parties for purposes other than those listed below. We only pass on your personal data to third parties if:

You have given your express consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR,

The transfer is necessary for the fulfilment of contractual relationships and/or for the implementation of pre-contractual measures in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR, and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data,

There is a legal obligation for the disclosure pursuant to Art. 6 para. 1 sentence 1 lit. c GDPR,

This is legally permissible and necessary for the processing of contractual relationships with you in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR.

4) Cookies

We use cookies on our website. These are small files that your browser automatically creates and that are stored on your end device (laptop, tablet, smartphone, etc.) when you visit our website. Cookies do not cause any damage to your end device and do not contain any viruses, Trojans or other malware.

Information is stored in the cookie that results in each case in connection with the specific end device used. However, this does not mean that we obtain direct knowledge of your identity.

On the one hand, the use of cookies serves to make the use of our website more convenient for you. For example, we use session cookies to recognise that you have already visited individual pages of our website. These are automatically deleted after you leave our site.

In addition, we also use temporary cookies to optimise user-friendliness, which are stored on your end device for a specified period of time. If you visit our site again to make use of our services, it is automatically recognised that you have already visited us and which entries and settings you have made so that you do not have to enter them again.

On the other hand, we use cookies to statistically record the use of our website and to evaluate it for the purpose of optimising our offer for you (see section 5). These cookies enable us to automatically recognise that you have already visited our website when you visit it again. These cookies are automatically deleted after a defined period of time.

The data processed by cookies is necessary for the purposes mentioned in order to safeguard our legitimate interests and those of third parties in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR.

Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or a message always appears before a new cookie is created. However, completely deactivating cookies may mean that you cannot use all the functions of our website.

5) Analysis and Tracking Tools

a) Squarespace

This website is hosted on the Squarespace platform. When you visit this website, certain data is collected and stored by Squarespace, Inc., 225 Varick Street, 12th Floor, New York, NY 10014, USA ("Squarespace").

Squarespace processes data on our behalf and in accordance with our instructions. For further details on data processing by Squarespace, please refer to their privacy policy: https://www.squarespace.com/privacy

Data transfer to the USA: Squarespace, Inc. is certified under the EU-US Data Privacy Framework. This framework provides an adequate level of data protection for transfers of personal data from the EU to certified US companies, as recognised by the European Commission's adequacy decision of 10 July 2023.

b) Squarespace Metrics

This website uses Squarespace Metrics, a web analytics service provided by Squarespace, Inc. Squarespace Metrics uses cookies to analyse your use of the website.

The information generated by the cookie about your use of this website (including your IP address) is transmitted to a Squarespace server in the USA and stored there. Squarespace will use this information for the purpose of analysing your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage.

Squarespace may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Squarespace's behalf. Squarespace will not associate your IP address with other Squarespace data.

The legal basis for this processing is Art. 6 para. 1 sentence 1 lit. f GDPR (legitimate interest in analysing user behaviour to optimise our website).

6) Integrated Third-Party Services

We use the following third-party services on our website on the basis of Art. 6 para. 1 sentence 1 lit. f GDPR. The underlying purposes constitute legitimate interests within the meaning of the GDPR.

a) Google Maps

This site uses the map service Google Maps via an API. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. For users outside the European Economic Area, the service is provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

To use the functions of Google Maps, it is necessary to save your IP address. This information is usually transmitted to a Google server and stored there. The provider of this site has no influence on this data transfer.

The use of Google Maps is in the interest of an appealing geographical representation of our holiday villa location. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.

Data transfer to the USA: Google LLC is certified under the EU-US Data Privacy Framework. This framework provides an adequate level of data protection for transfers of personal data from the EU to certified US companies, as recognised by the European Commission's adequacy decision of 10 July 2023.

You can find more information on the handling of user data in Google's privacy policy: https://policies.google.com/privacy

b) Google Web Fonts

This site uses web fonts provided by Google for the standardised display of fonts. When you access a page, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly.

For this purpose, the browser you are using must connect to Google's servers. This informs Google that our website has been accessed via your IP address. The use of Google Web Fonts is in the interest of a uniform and appealing presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.

If your browser does not support web fonts, a standard font will be used by your computer.

Data transfer to the USA: Google LLC is certified under the EU-US Data Privacy Framework.

Further information on Google Web Fonts can be found at https://developers.google.com/fonts/faq and in Google's privacy policy: https://policies.google.com/privacy

c) Adobe Fonts (Typekit)

This site uses Adobe Fonts, a web font hosting service provided by Adobe Inc., 345 Park Avenue, San Jose, CA 95110, USA. When you access a page, your browser loads the required fonts from Adobe's servers (use.typekit.net).

For this purpose, the browser you are using must connect to Adobe's servers. This informs Adobe that our website has been accessed via your IP address. The use of Adobe Fonts is in the interest of a uniform and appealing presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.

Data transfer to the USA: Adobe Inc. is certified under the EU-US Data Privacy Framework.

Further information can be found in Adobe's privacy policy: https://www.adobe.com/privacy/policies/adobe-fonts.html

d) Instagram

Our website contains a link to our Instagram profile. Instagram is operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

Please note that we only provide a link to Instagram. No Instagram plugins are integrated on our website, and no data is transmitted to Instagram when you visit our website. Data is only transferred to Instagram if you actively click on the Instagram link and visit our Instagram page.

For information on Instagram's data processing, please refer to Instagram's privacy policy: https://help.instagram.com/519522125107875

7) Rights of Data Subjects

You have the right:

Information (Art. 15 GDPR): To request information about your personal data processed by us. In particular, you can request information about the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of appeal, the origin of your data if it was not collected by us, and the existence of automated decision-making including profiling and, if applicable, meaningful information on its details.

Rectification (Art. 16 GDPR): To immediately request the correction of incorrect or completion of incomplete personal data stored by us.

Erasure (Art. 17 GDPR): To request the erasure of your personal data stored by us, unless the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims.

Restriction (Art. 18 GDPR): To demand the restriction of the processing of your personal data if the accuracy of the data is disputed by you, the processing is unlawful but you refuse its erasure, we no longer need the data but you need it for the assertion, exercise or defence of legal claims, or you have lodged an objection to the processing in accordance with Art. 21 GDPR.

Data portability (Art. 20 GDPR): To receive your personal data that you have provided to us in a structured, commonly used and machine-readable format, or to request that it be transmitted to another controller.

Withdrawal of consent (Art. 7 para. 3 GDPR): To revoke your consent given to us at any time. The consequence of this is that we may no longer continue the data processing that was based on this consent in the future.

Complaint (Art. 77 GDPR): To lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters. The competent supervisory authority for Greece is the Hellenic Data Protection Authority (HDPA), Kifisias 1-3, 115 23 Athens, Greece (www.dpa.gr).

8) Right of Objection

If your personal data is processed on the basis of legitimate interests in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR, you have the right to object to the processing of your personal data in accordance with Art. 21 GDPR, provided that there are reasons for this arising from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right to object, which will be implemented by us without specifying a particular situation.

If you would like to exercise your right of objection, simply send an e-mail to: info[at]paradiso-kos[dot]com

9) Data Security

We use the widespread SSL (Secure Socket Layer) method in conjunction with the highest level of encryption supported by your browser when you visit our website. As a rule, this is 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can recognise whether an individual page of our website is transmitted in encrypted form by the closed display of the key or lock symbol in the lower status bar of your browser.

We also use suitable technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorised access by third parties. Our security measures are continuously improved in line with technological developments.

10) Updating and Amendment of This Privacy Policy

This privacy policy is currently valid and was last updated in January 2026.

It may become necessary to amend this privacy policy as a result of the further development of our website and services or due to changes in legal or official requirements. You can access the current privacy policy at any time on the website at https://www.paradiso-kos.com/privacypolicy