What does the Crete Vows privacy policy cover?

It explains how Crete Vows collects, uses, stores, and protects personal data.

Who does this policy apply to?

It applies to website visitors and clients who contact or work with Crete Vows.

How can I ask a privacy question?

You can contact hello@cretevows.com for privacy-related requests or questions.

CreteVows/Privacy Policy

Privacy Policy

Last updated: April 27, 2026

1. Who we are (data controller)

CreteVows is a wedding and proposal planning brand operating in Crete, Greece and backed by the True Cretan planning team. For the purposes of applicable data protection laws, CreteVows acts as the data controller for personal data processed through this website and direct inquiry channels.

Primary contact for privacy matters: [email protected].

2. Personal data we collect

Depending on how you interact with us, we may collect:

Identity and contact data (name, email, phone number, country/time zone).
Inquiry and planning data (event type, date range, guest count, budget, preferences, and messages).
Communication records (emails, contact form submissions, call notes).
Technical and usage data (IP address, browser/device information, pages viewed, referral source, consent preferences).

When relevant to the service you request, we may also process limited sensitive information you choose to share (for example health, mobility, or dietary information) only where necessary and with appropriate safeguards.

3. How we collect personal data

We collect data directly from you when you submit forms, contact us by email or phone, request planning support, or communicate with us on social channels. We also collect technical data through cookies and similar technologies, as described in our Cookie Policy.

4. Why we process your data

We use your data to:

Respond to inquiries and prepare proposals.
Plan, coordinate, and deliver requested services.
Communicate operational updates and support messages.
Improve website performance, usability, and service quality.
Meet legal, tax, accounting, and fraud-prevention obligations.

We do not sell your personal data.

5. Legal bases (EEA/UK)

Where GDPR/UK GDPR applies, our legal bases generally include: contract necessity (to provide requested services), legitimate interests (service improvement, security, fraud prevention), consent (for optional cookies/marketing where required), and legal obligations.

6. Sharing of personal data

We may share data only as needed with trusted service providers and partners, such as hosting, analytics, payment providers, communication tools, and vetted local vendors needed to deliver your requested event services. Data may also be shared with authorities where legally required.

All such sharing is limited to what is necessary and governed by appropriate confidentiality and data-processing safeguards.

7. International transfers

CreteVows is based in Crete, Greece. Some of our providers may process data outside your country. When this happens, we use appropriate safeguards required by applicable law (for example contractual protections and equivalent security standards).

8. Data retention

We retain personal data only as long as necessary for inquiry handling, service delivery, customer support, legal compliance, and legitimate business recordkeeping. When no longer needed, data is deleted or anonymized within reasonable operational timelines.

9. Security

We apply technical and organizational measures designed to protect personal data from unauthorized access, misuse, loss, or disclosure. No system is completely risk-free, but we continuously review and improve our controls.

10. Your rights

Depending on your location, you may have rights to access, rectify, erase, restrict, object to processing, and request portability of your data, as well as to withdraw consent where processing is based on consent.

To exercise your rights, contact [email protected]. You may also lodge a complaint with your local data protection authority.

11. Marketing communications

If you opt in, we may send occasional updates related to services and planning resources. You can unsubscribe at any time through the unsubscribe link or by emailing us.

12. Children

Our services are intended for adults planning events and travel. We do not knowingly collect personal data from children without appropriate legal basis and consent where required.

13. Updates to this policy

We may update this Privacy Policy from time to time. Material changes will be reflected on this page with a revised “Last updated” date.

14. Contact and complaints

If you have questions about this policy or how your data is handled, contact us at [email protected] or via our contact page.

If you are located in the EU/EEA and believe your data rights have been violated, you may also lodge a complaint with the competent data protection authority in Greece.