Privacy Policy
This Privacy Policy explains how the Corfu Websites Team collects, uses, and protects your personal data when you visit our website or get in touch with us. We keep it plain and honest: we only collect what we genuinely need to reply to you and run a small web studio, and we never sell your data. This policy is written to comply with the EU General Data Protection Regulation (Regulation (EU) 2016/679, the GDPR), Greek Law 4624/2019, and the ePrivacy rules.
1. Who We Are (Data Controller)
Corfu Websites Team is operated by Henri Shani, a web-design and software studio based in Corfu, Ionian Islands, Greece. We design and build custom websites, web apps, and full systems for our clients. For the purposes of data protection law, Henri Shani is the data controller responsible for the personal data described in this policy.
You can contact the data controller, or exercise any of your privacy rights, using the details below.
- Email: info@corfuwebsites.com
- WhatsApp: +30 698 778 0934
- Instagram: @corfuwebsites
2. What Data We Collect
We collect only a small amount of data, and most of it is information you choose to give us. Specifically:
- Contact form data: your name (required), email address (required), business name (optional), your message (required), and optionally the services you are interested in (tags you select). We need this so we can understand your enquiry and reply.
- Analytics data: if analytics is enabled, anonymous or pseudonymous usage data about how visitors use the site (pages viewed, approximate region, device/browser type) collected via Google Analytics 4 with IP anonymization turned on.
- Server logs: like almost every website, our hosting provider may automatically and transiently process technical information such as your IP address, timestamp, and the request made, to deliver the site and keep it secure.
- We do NOT store contact form submissions in a database on this website, and we do not collect special categories of data (such as health, religion, or political views).
3. How and Why We Use Your Data (Legal Bases)
Under Article 6 of the GDPR, we must have a lawful basis for every use of your personal data. Here is exactly what we do and why:
We do not carry out automated decision-making or profiling that produces legal or similarly significant effects on you.
- To reply to your enquiry and discuss a possible project. Legal basis: steps taken at your request prior to entering into a contract (Art. 6(1)(b)), and our legitimate interest in responding to people who contact us (Art. 6(1)(f)).
- To deliver, secure, and maintain the website (including server logs). Legal basis: our legitimate interest in operating a safe, functioning website (Art. 6(1)(f)).
- To understand site usage via analytics. Legal basis: your consent (Art. 6(1)(a)). Analytics is intended to load only on a consent basis. We never use it for advertising or remarketing.
- To carry out an agreed project once you become a client. Legal basis: performance of our contract with you (Art. 6(1)(b)).
4. Cookies, Analytics & Maps
Cookies are small files placed on your device. We aim to keep them to a minimum and to load anything non-essential only with your consent.
Honest note: a cookie-consent banner is not yet implemented on this site. We intend to load analytics on a consent basis and we are working towards a consent mechanism. Until that is in place, you can control cookies through your browser settings, and you can contact us with any concerns.
- Google Analytics 4 (GA4): loaded only if configured, with IP anonymization (anonymize_ip) enabled. It helps us understand which pages are useful. No advertising or remarketing cookies are used.
- Google Maps: we embed a Google Map on our contact area. When the map loads, Google may set cookies and collect data under its own privacy policy.
5. Third-Party Processors & Links
We use a small number of trusted service providers to run the studio. Some act as processors on our behalf; others are independent services you may choose to engage. Each has its own privacy policy, which we encourage you to read.
- Email delivery (SMTP / nodemailer): when you submit the contact form, your details are emailed to us through an SMTP email provider so we can read and reply to your message.
- Vercel (hosting/CDN): hosts the website and may transiently process server logs and IP addresses to serve and secure the site.
- Google Analytics & Google Maps (Google): analytics and embedded maps as described above.
- Calendly: if you book a 15-minute call, Calendly processes the booking details you provide under its own privacy policy.
- WhatsApp (Meta): if you message us on WhatsApp, your communication is processed by Meta under its own terms and privacy policy.
- Instagram (Meta): if you engage with us on Instagram, Meta processes that interaction under its own terms and privacy policy.
6. International Data Transfers
Some of our service providers (Vercel, Google, Meta, Calendly) are based in the United States or process data outside the European Economic Area. Where data is transferred internationally, it is protected by appropriate safeguards recognised under the GDPR, such as the European Commission's Standard Contractual Clauses or an applicable adequacy framework (for example, the EU to US Data Privacy Framework).
7. How Long We Keep Your Data (Retention)
We keep personal data only for as long as we genuinely need it.
- Contact enquiries (emails from the form): kept for as long as needed to handle your enquiry and any follow-up, then deleted when no longer relevant, unless we have a legal reason to keep them longer.
- Client project records: kept for the duration of the project and afterwards as required for accounting, tax, and legal obligations under Greek and EU law.
- Analytics data: retained according to the GA4 configuration and Google's retention settings, in anonymized/aggregated form.
- Server logs: retained only transiently by our hosting provider for a short period, for security and operational purposes, then rotated out.
8. Your GDPR Rights
Under the GDPR and Greek Law 4624/2019, you have the following rights over your personal data. You can exercise any of them by emailing us at info@corfuwebsites.com, and we will respond within the legally required time.
- Right to be informed about how we use your data (this policy).
- Right of access to the personal data we hold about you.
- Right to rectification of inaccurate or incomplete data.
- Right to erasure (the 'right to be forgotten') where applicable.
- Right to restrict or object to certain processing.
- Right to data portability, where technically applicable.
- Right to withdraw consent at any time, without affecting processing already carried out.
- Right to lodge a complaint with the supervisory authority: the Hellenic Data Protection Authority (HDPA / Αρχή Προστασίας Δεδομένων Προσωπικού Χαρακτήρα), www.dpa.gr.
9. Data Security
We take reasonable technical and organisational measures to protect your data. The website is served over encrypted HTTPS, contact form submissions are sent over a secure email connection, and we limit access to your information to the people who need it to reply to you or deliver your project. No method of transmission over the internet is ever completely secure, but we work to keep the risk as low as we can.
10. Children's Data
Our website and services are intended for businesses and adults. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.
11. Changes to This Policy
We may update this Privacy Policy from time to time, for example if our tools or legal obligations change. When we do, we will revise the 'Last updated' date at the top. We encourage you to review this page occasionally to stay informed.
12. How to Contact Us
If you have any questions about this Privacy Policy or about how we handle your personal data, or if you would like to exercise any of your rights, please get in touch:
- Email: info@corfuwebsites.com
- WhatsApp: +30 698 778 0934
- Instagram: @corfuwebsites
- You also have the right to complain to the Hellenic Data Protection Authority (HDPA) at www.dpa.gr.
