Privacy Policy

Last updated: 27 February 2026

This Privacy Policy explains how Crete3D® (“we”, “us”, “our”) collects, uses and protects personal data when you visit https://www.crete3d.com or contact us regarding our services.

A space should be experienced, not imagined.
ALES BORSZÉK
unterschrift weiss

1. Controller

1.1 Responsible Entity

Crete3D®
Ales Borszék
Mythimnis Street, Drapanias
73400 Kissamos, Chania
GREECE

Email: office@crete3d.com
Phone: +30 698 917 0890

2. Legal Framework

2.1 Applicable Law

Processing of personal data is carried out in accordance with the General Data Protection Regulation (GDPR) (EU) 2016/679 and applicable Greek data protection laws.

3. Categories of Personal Data

3.1 Data You Provide

  • Name
  • Email address
  • Phone number
  • Message content via FormCraft forms
  • Project details (property location, requested services, etc.)
  • Billing data (if a contract is concluded)

3.2 Automatically Collected Data

  • IP address
  • Browser type and version
  • Device information
  • Operating system
  • Referrer URL
  • Date and time of access
  • Pages visited

4. Purposes and Legal Bases of Processing

4.1 Website Operation and Security

Purpose: Ensuring proper technical operation and security of the website.
Legal basis: Art. 6(1)(f) GDPR (legitimate interest).

4.2 Communication and Inquiries

Purpose: Responding to inquiries submitted via FormCraft forms.
Legal basis: Art. 6(1)(b) GDPR (pre-contractual measures).

4.3 Contract Performance

Purpose: Providing photography, marketing and 3D scanning services.
Legal basis: Art. 6(1)(b) GDPR (contract performance).

4.4 Legal Obligations

Purpose: Accounting, tax compliance and legal record keeping.
Legal basis: Art. 6(1)(c) GDPR (legal obligation).

4.5 Analytics and Marketing

Purpose: Measuring website usage and advertising effectiveness.
Legal basis: Art. 6(1)(a) GDPR (consent).

5. Cookies and Tracking Technologies

5.1 Essential Cookies

Required for the operation and security of the website.

5.2 Analytics Cookies (Google Analytics 4)

We use Google Analytics 4, provided by Google Ireland Limited, to analyze website usage. Google Analytics may process IP addresses and usage data. IP anonymization is enabled where applicable.
Processing is based on your consent (Art. 6(1)(a) GDPR).

5.3 Marketing Cookies (Meta Pixel)

We use the Meta Pixel provided by Meta Platforms Ireland Ltd. to measure advertising effectiveness and optimize campaigns.
Meta may process identifiers, IP address and browsing behavior.
Processing is based on your consent (Art. 6(1)(a) GDPR).

5.4 Managing Consent

You may grant, withdraw or modify your cookie consent at any time via the cookie banner settings or your browser settings.

6. Embedded Third-Party Content

6.1 YouTube Videos

Our website embeds YouTube videos. When loaded, YouTube (Google Ireland Limited) may process your IP address and technical data.

6.2 Google Maps

We use Google Maps to display location information. When accessed, Google may process your IP address and device information.

7. Form Processing (FormCraft)

7.1 Contact Forms

We use FormCraft WordPress forms to collect and process inquiries. Submitted data is transmitted securely and stored only as long as necessary to process the request.

8. International Data Transfers

8.1 Transfers Outside the EU

Some service providers (e.g., Google, Meta) may process data outside the European Economic Area. Appropriate safeguards such as Standard Contractual Clauses or recognized adequacy mechanisms are applied.

9. Data Retention

9.1 Inquiry Data

Stored up to 24 months after last contact unless a contract is concluded.

9.2 Accounting Data

Stored according to Greek tax law requirements.

9.3 Server Logs

Typically retained for security purposes for up to 30 days.

10. Data Sharing

10.1 Service Providers

Data may be shared with hosting providers, analytics providers, advertising platforms and technical service providers where necessary.

10.2 Legal Authorities

Data may be disclosed if required by law.

11. Your Rights Under GDPR

11.1 Your Rights

  • Right of access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure (Art. 17 GDPR)
  • Right to restriction (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object (Art. 21 GDPR)
  • Right to withdraw consent at any time

11.2 Supervisory Authority

You have the right to lodge a complaint with the Hellenic Data Protection Authority (HDPA).

12. Data Security

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure or destruction.

13. Automated Decision-Making

We do not conduct automated decision-making or profiling within the meaning of Art. 22 GDPR.

14. Changes to This Policy

We may update this Privacy Policy from time to time. The latest version will always be published on this page.

15. Intellectual Property Notice

CRETE3D® is a registered European Union trade mark (EUTM No. 019274162). All rights reserved.