Privacy Policy & GDPR Notice

Effective Date: 3 May 2026 · Last Updated: 3 May 2026

Samos Housing (“we”, “us”, “our”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains what data we collect when you visit www.samoshousing.com or use our services, why we collect it, who we share it with, how long we keep it, and what rights you have under the EU General Data Protection Regulation (GDPR, Regulation 2016/679) and Greek Law 4624/2019.

Contents

Data Controller
Data We Collect
How We Collect It
Why & Legal Basis
Who We Share With
International Transfers
Cookies & Tracking
Data Retention
Your GDPR Rights
Exercising Your Rights
Lodging a Complaint
Children’s Data
Security
Updates
Contact

1. Data Controller

The data controller for personal data processed through this website is:

Samos Housing — Samos Island, Greece
Email: info@samoshousing.com
Website: www.samoshousing.com

Given the scale of our operations we are not required to appoint a Data Protection Officer (DPO) under Article 37 GDPR. All privacy enquiries are handled directly by the controller at the email above.

2. Categories of Data We Collect

We collect only the data we genuinely need to operate the website and provide our services. Specifically:

Category	Examples
Identity	Name, surname, language preference, country of residence (when you submit a form).
Contact	Email address, phone number, WhatsApp number, postal address (only if you supply it).
Property data	Property addresses, photographs, plot details, valuation requests — for owners listing or requesting valuation of property.
Financial	Budget range, mortgage pre-approval status (only if you provide it). We do not collect bank-account or card data; payments are not processed through this website.
Technical	IP address, browser type and version, operating system, device type, referrer URL, pages visited, time on page, approximate location derived from IP.
Cookies	Session, preference, cache, security, and (with consent) analytics cookies. See section 7.
Correspondence	Content of emails, contact-form messages, WhatsApp messages, viewing-request notes.

We do not knowingly collect special-category data (health, religion, political views, biometrics, etc.). Please do not send us such data.

3. How We Collect Your Data

Directly from you — when you complete a contact, valuation, viewing-request, or property-submission form, send us an email or WhatsApp message, or call us.
Automatically — through cookies, server logs, the Wordfence security firewall, and the LiteSpeed Cache plugin when you browse the website.
From third parties — for example, when a partner agency refers a buyer to us, when public registries provide property-related information, or when an introducer shares contact details with your prior consent.

4. Why We Process Your Data & Legal Basis

Purpose	Legal Basis (Art. 6 GDPR)
Replying to enquiries, valuation requests, viewing requests	Performance of a contract or steps prior to entering one (Art. 6(1)(b))
Listing and marketing properties on behalf of owners	Performance of a contract (Art. 6(1)(b))
Sending occasional updates about new listings (only if you opt in)	Consent (Art. 6(1)(a)) — withdrawable at any time
Operating, securing, and improving the website	Legitimate interest in running a safe, fast, lawful service (Art. 6(1)(f))
Complying with tax, accounting, anti-money-laundering and brokerage law	Legal obligation (Art. 6(1)(c))
Defending legal claims	Legitimate interest (Art. 6(1)(f))

5. Who We Share Your Data With

We never sell your personal data. We share it only with carefully selected processors that help us operate the website and our business, and only to the extent strictly necessary:

Recipient	Purpose
Hostinger International Ltd (EU/Lithuania)	Website hosting infrastructure
Cloudflare Inc. (USA — EU SCCs)	DNS, CDN, security and DDoS protection
QUIC.cloud (USA — EU SCCs)	Image optimisation and CDN edge cache
Google Ireland Ltd / Google LLC	Google Site Kit: Analytics 4 (with consent), Search Console, Maps, Fonts
Defiant Inc. (Wordfence) (USA — EU SCCs)	Web application firewall, malware scanning, login protection
CleanTalk Inc.	Anti-spam protection on contact and submission forms
Meta Platforms (WhatsApp Ireland)	WhatsApp Business communications — only when you message us first
Authorities & partner professionals	Notaries, lawyers, civil engineers, banks, tax authorities — only when required to complete a transaction you have asked us to facilitate, or to comply with the law

6. International Data Transfers

Some of our processors are located outside the European Economic Area (EEA), primarily in the United States. When we transfer data outside the EEA we rely on the safeguards approved by the European Commission, in particular the Standard Contractual Clauses (SCCs, Decision 2021/914) and, where applicable, the EU-US Data Privacy Framework. You may request a copy of the relevant safeguards by emailing us.

7. Cookies & Similar Technologies

A cookie is a small text file stored on your device when you visit a website. We use the following categories of cookies:

Strictly necessary — required for the website to function (session, security, language, cache). These cannot be switched off.
Functional — remember preferences such as currency, area filters, or saved listings.
Analytics — Google Analytics 4 via Google Site Kit. Loaded only after you consent via the cookie banner. IP-anonymised; used to understand aggregate traffic, popular pages, and search performance.
Security — Wordfence and CleanTalk cookies that block bots, brute-force attempts, and spam.

You can withdraw or change your cookie consent at any time via the cookie-preferences link in the website footer. You can also delete or block cookies through your browser settings; doing so may affect site functionality.

8. How Long We Keep Your Data

Data type	Retention period
Contact-form messages	Up to 24 months from last meaningful interaction, then deleted
Valuation / viewing requests	Up to 24 months from last interaction
Active client correspondence	Duration of mandate plus 5 years (statute of limitations)
Tax, accounting and brokerage records	10 years (Greek tax / brokerage law)
Server & security logs	30–90 days (rolling)
Analytics aggregates	14 months (Google Analytics 4 default)
Marketing email list (with consent)	Until you unsubscribe, plus 30 days

9. Your Rights Under GDPR

You have the following rights regarding your personal data:

Right of access (Art. 15)Obtain a copy of the data we hold about you.

Right to rectification (Art. 16)Correct inaccurate or incomplete data.

Right to erasure (Art. 17)Have your data deleted (“right to be forgotten”), where applicable.

Right to restrict processing (Art. 18)Limit how we process your data while a request is reviewed.

Right to portability (Art. 20)Receive your data in a structured, machine-readable format and transfer it elsewhere.

Right to object (Art. 21)Object to processing based on legitimate interest, including direct marketing.

Withdraw consent (Art. 7)Withdraw consent at any time, without affecting prior lawful processing.

No automated decisions (Art. 22)We do not perform automated decision-making with legal effect.

10. How to Exercise Your Rights

Send an email to info@samoshousing.com with a clear description of your request. We may need to verify your identity before acting. We will respond within one (1) month as required by Article 12(3) GDPR; complex requests may be extended by a further two months with notice.

Exercising your rights is free of charge unless requests are manifestly unfounded or excessive (Article 12(5) GDPR).

11. Right to Lodge a Complaint

If you believe we have not handled your personal data lawfully, you have the right to lodge a complaint with the supervisory authority of your country of residence. In Greece, the competent authority is:

Hellenic Data Protection Authority (HDPA)
Αρχή Προστασίας Δεδομένων Προσωπικού Χαρακτήρα
Kifissias 1–3, 11523 Athens, Greece
Tel: +30 210 6475600 · Email: contact@dpa.gr
Website: www.dpa.gr

We would, however, appreciate the chance to address your concerns first — please contact us before approaching the authority.

12. Children’s Data

The website is intended for adult users. We do not knowingly collect personal data from children under 16. If you believe a child has provided personal data, please contact us and we will delete it promptly.

13. How We Protect Your Data

We apply reasonable technical and organisational measures, including:

HTTPS encryption (TLS 1.2/1.3) across the entire website;
Cloudflare DDoS and bot protection;
Wordfence web-application firewall and malware scanning;
CleanTalk anti-spam on all forms;
Strong unique passwords and two-factor authentication on administrative accounts;
Regular software updates and off-site encrypted backups;
Need-to-know access — only staff and contractors who require data to deliver services may access it.

No system is 100 % secure. In the event of a personal-data breach posing a risk to your rights, we will notify the Hellenic Data Protection Authority within 72 hours and, where required, inform affected users without undue delay (Articles 33 and 34 GDPR).

14. Updates to This Policy

We may update this Privacy Policy to reflect changes in technology, our services, or applicable law. The “Last Updated” date at the top of this page indicates when changes were made. For material changes we will, where appropriate, provide a more prominent notice.

15. Contact

For any privacy-related question, request, or concern please contact:

Samos Housing — Privacy
Samos Island, Greece
Email: info@samoshousing.com
Website: www.samoshousing.com