Privacy Policy

Last updated: May 17, 2026

Introduction

Myōko Massage ("we," "us," "our," or "Company") is committed to protecting your privacy in accordance with the General Data Protection Regulation (GDPR), Law 4624/2019 (implementation of the GDPR into Greek law), and all applicable data protection laws. This Privacy Policy explains how we collect, use, disclose, and process personal data in relation to our Website and services.

1. Data Controller & Contact Information

Data Controller: Myōko Massage
Location: Mykonos, Greece
Email: myokomassagegr@gmail.com
WhatsApp: +30 694 707 7567

If you have questions about this Privacy Policy or wish to exercise your data subject rights, please contact us using the above details. We will respond to all requests within 30 days in compliance with GDPR Article 12.

2. What Personal Data We Collect

2.1 Contact Form Data

When you submit our contact form, we collect:

• Name* (required): To identify and address you
• Email Address* (required): To respond to your inquiry, confirm your booking, issue your legal receipt, and send a one-time post-session follow-up email as described in this Policy
• Phone Number* (required): For appointment scheduling and coordination
• Message (optional): Your inquiry or service request details

2.2 Service Data

When you book or receive a massage session, we may also retain your name, email address, phone number, booking details, session date, and related service information for service administration, legal compliance, receipt issuance, and a one-time post-session follow-up email.

2.3 Automatically Collected Data

• Cookies: Limited to essential cookies only. See our Cookie Policy for full details.
• Server Logs: IP address, browser type, operating system, referral source, and pages visited — collected for security and troubleshooting purposes only.

2.4 What We Do NOT Collect

• Tracking pixels, analytics cookies, or advertising cookies without explicit consent
• Sensitive personal data (health data, financial data) through the Website
• Data sold or shared with third parties for marketing purposes

3. Legal Basis for Processing

We process your personal data under the following legal grounds (GDPR Article 6):

• Article 6(1)(a) – Consent: When you voluntarily submit the contact form where consent is the appropriate legal basis
• Article 6(1)(b) – Contract Performance: When processing booking inquiries, scheduling appointments, delivering services, and communicating with you in relation to your booking
• Article 6(1)(c) – Legal Obligation: When required by Greek law or regulatory authority, including issuing legal receipts and maintaining legally required business records
• Article 6(1)(f) – Legitimate Interests: For security, fraud prevention, Website functionality, customer service, and sending a single post-session follow-up email to existing clients requesting a review of their experience and referencing our Instagram profile. You have the right to object to such processing at any time.

4. Purpose of Data Processing

• Responding to service inquiries and booking requests
• Confirming and scheduling appointments
• Providing massage services and related customer support
• Issuing legal receipts and complying with tax and accounting obligations
• Sending a single post-session follow-up email requesting a review of your experience and optionally inviting you to view or follow our Instagram profile
• Complying with legal obligations under Greek and EU law
• Preventing fraud and ensuring Website security

The post-session follow-up email is a one-time communication sent to existing clients after a service has been provided. It is not part of an ongoing newsletter or recurring marketing sequence. If you do not wish to receive this email, you may object at any time by contacting us or by replying to the email, and we will honor your request.

5. Data Retention Period

• Booking Inquiries: Retained for up to 12 months from the date of inquiry
• Client and Service Records: Retained for as long as necessary to provide services, manage client communications, and protect our legal interests
• Receipts and Legal Compliance Records: Retained for as long as required by applicable Greek tax, accounting, or other legal obligations
• General Inquiries: Retained for 30 days unless deletion is requested sooner

After the applicable retention period expires, personal data is securely deleted or anonymized where possible. You may request deletion at any time, subject to any legal obligation requiring us to retain certain records.

6. Recipients & Data Sharing

6.1 No Third-Party Marketing Sharing

We do not share your personal data with third-party marketers, data brokers, or advertising networks under any circumstances.

6.2 Form Service Provider

Contact form submissions and business email communications are transmitted via secure SMTP/TLS encryption to our email provider, who acts as a data processor bound by confidentiality obligations and contractual agreements where required.

6.3 Legal Obligations

We may disclose personal data if required by law, court order, or regulatory authority (e.g., Hellenic Data Protection Authority, Greek tax authorities), in compliance with GDPR Article 6(1)(c).

6.4 No International Transfers

Your personal data is not transferred outside the European Economic Area (EEA) unless appropriate legal safeguards are in place in accordance with GDPR requirements.

7. Data Security

• HTTPS/TLS encryption for all Website connections
• Secure SMTP/TLS encryption for email communications
• Access controls limiting personnel who can access data
• Regular security assessments and software updates
• Reasonable technical and organizational measures designed to protect personal data against unauthorized access, loss, misuse, or disclosure

8. Your Data Subject Rights (GDPR Articles 15–22)

• Right of Access (Article 15): Request a copy of all personal data we hold about you
• Right to Rectification (Article 16): Request correction of inaccurate or incomplete data
• Right to Erasure (Article 17): Request deletion of your data ("Right to be Forgotten")
• Right to Restrict Processing (Article 18): Request limitation of how we use your data
• Right to Data Portability (Article 20): Request your data in a structured, commonly used format
• Right to Object (Article 21): Object to processing based on legitimate interests, including the one-time post-session follow-up email
• Right Against Automated Decision-Making (Article 22): Not to be subject to decisions based solely on automated processing

To exercise any of these rights, email us at hello@myokomassage.com with the subject line "Data Subject Request." We will respond within 30 days.

9. Children's Privacy

Our Website and services are not directed to children under 16. We do not knowingly collect personal data from children. If we become aware that a child under 16 has submitted personal data, we will delete it immediately.

10. Cookie Policy

For full information about the cookies used on our Website, please refer to our Cookie Policy. We use only essential cookies by default. Non-essential cookies require your prior explicit consent.

11. Third-Party Links

Our Website may contain links to third-party websites or platforms (e.g., Instagram). We are not responsible for their privacy practices. We recommend reviewing their privacy policies before providing any personal information.

12. Data Protection Authority

Hellenic Data Protection Authority (HDPA)
Kifisias Avenue 1-3, 11523 Athens, Greece
Website: www.dpa.gr
Email: contact@dpa.gr

13. Policy Updates

We may update this Privacy Policy to reflect changes in our practices or applicable law. Material updates will be reflected on this page by updating the "Last updated" date above.

14. Contact Us

Myōko Massage
Mykonos, Greece
Email: hello@myokomassage.com
WhatsApp: +30 694 707 7567