1. INTRODUCTION AND STATUTORY COMPLIANCE

1.1. Protection: Discover Corfu (“the Company”, “We”, “Us”) is committed to protecting the privacy of our Users and Vendors. This Policy explains how we collect, process, and safeguard personal data in accordance with the EU General Data Protection Regulation (GDPR) and the relevant Greek Data Protection laws.

1.2. The Platform: In this Policy, “the Platform” refers collectively to the website www.discover-corfu.com, the “Discover Corfu” mobile application, and all associated digital interfaces.

1.3. Consent: By accessing or using the Platform, you explicitly consent to the data practices described in this Policy.

2. DATA COLLECTION AND USAGE MODALITIES

2.1. User Account Data: When you create an account to save posts, bookmark businesses, or manage inquiries, we collect your name, email address, and account credentials. This data is essential for maintaining your personalised profile and synchronising data between the Website and the App.

2.2. Vendor and Business Data: To build and manage your digital directory profile, we collect a range of business information including, but not limited to, your official business name, public address, contact telephone numbers, email addresses, website links, and public social media account names.

2.3. B2B Statutory Data: For B2B transactions, we collect statutory financial data such as your VAT Number (ΑΦΜ) and registered billing address. This data is mandatory under Greek Accounting Standards (Law 4308/2014) to facilitate legal invoicing and compliance with the myDATA (AADE) digital reporting system.

2.4. Mobile App Geolocation: The “Discover Corfu” App requires location data to provide resort-based guides, map navigation, and proximity-based business listings (“Near Me”). You may grant or revoke this permission via your device settings; however, certain App features may become unavailable without location data.

2.5. Mailing List and Newsletters: We operate a “Double Opt-In” newsletter system. If you subscribe, we collect your email address to send updates and marketing offers. You may withdraw your consent at any time via the “Unsubscribe” link.

2.6. Inquiry Data: When a User sends an inquiry to a Vendor via the Platform, we collect the details of that inquiry (name, email, and message) to transmit it to the Vendor. Financial payment data for Vendor B2B subscriptions is processed exclusively by our secure third-party facilitators and payment systems (such as Stripe and IRIS) and is never stored on our servers.

3. LEGAL BASIS FOR PROCESSING

3.1. Frameworks: We process data under the following legal frameworks:

• Contractual Necessity: To manage your account and facilitate inquiries between you and a Vendor.
• Legal Obligation: To issue tax-compliant invoices and report to Greek authorities.
• Consent: For marketing communications and App location tracking.
• Legitimate Interest: To improve Platform security, prevent fraud, and enhance user experience.

4. DATA SHARING AND THIRD-PARTY DISCLOSURE

4.1. With Vendors: When you send an inquiry for an experience or accommodation, your name and contact details are shared with the specific third-party Vendor to allow them to respond to you. Discover Corfu is not liable for how the Vendor subsequently manages your data. The Vendor becomes an independent Data Controller of that information once it is transmitted.

4.2. With Financial Facilitators: B2B Payment data is transmitted directly to our payment processors and gateways (such as Stripe or via the IRIS system). Their usage of your data is governed by their respective Privacy Policies.

4.3. With Statutory Authorities: We are legally required to transmit Vendor data and VAT information to the Greek Independent Authority for Public Revenue (AADE) for e-invoicing compliance.

4.4. International Transfers: While we prioritise EU-based servers, some technical data may be processed by service providers outside the EEA. We ensure these providers adhere to standard contractual clauses.

5. COOKIE POLICY AND TRACKING TECHNOLOGY

5.1. Essential Cookies: Required for the technical operation of the Platform, including managing User login sessions and securing transactions.

5.2. Analytical Cookies: We utilise tools (such as Google Analytics) to monitor Platform traffic and App usage patterns to improve our resort logic.

5.3. Management: You are presented with a Cookie Consent Banner upon your first visit. You may choose to “Accept All”, “Reject Non-Essential”, or manage preferences.

6. DATA RETENTION, SECURITY & BREACHES

7. CHILDREN’S PRIVACY

7.1. Age Restriction: The Platform is not intended for individuals under the age of 16. We do not knowingly collect personal data from minors. If we become aware that we have collected data from a child without parental consent, we will take steps to securely delete that information immediately.

8. YOUR DATA RIGHTS

8.1. GDPR Rights: Under GDPR, you maintain the right to access, rectify, restrict processing, or request erasure of your data, as well as the right to data portability and the right to withdraw consent at any time. To exercise these rights, contact us at info@discover-corfu.com.

9. COMPLAINTS

9.1. Statutory Authority: If you believe your data rights have been infringed, you have the right to lodge a complaint with the Hellenic Data Protection Authority (HDPA): www.dpa.gr.

10. MODIFICATIONS TO THIS POLICY

10.1. Updates: The Company reserves the right to amend or update this Privacy Policy at any time to reflect changes in legal, regulatory, or operational requirements. Continued use of the Platform after any such changes shall constitute your consent to the updated Policy.