Personal Data/GDPR

At Melia and the Cuckoo, we are committed to protecting the personal data of our customers and visitors in compliance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and applicable Greek data protection laws.

This page explains how we collect, use, store, and protect your personal information.

1. Data Controller

The Data Controller responsible for the processing of your personal data is:

Melia and the Cuckoo
Address: Pindou 25, Veria, 59132
VAT: 122767378
Email: meliaandthecuckoo@gmail.com
Phone: +30 6938612313

If you have questions about the protection of your data, please contact our Data Protection Officer (DPO) at:
meliaandthecuckoo@gmail.com

2. What Personal Data We Collect

We may collect and process the following types of personal data:

  • Name and surname

  • Shipping and billing address

  • Email address

  • Phone number

  • IP address and browser information

  • Order history and transaction details

  • Communication preferences

We do not collect or store payment card information. All transactions are securely processed through third-party payment providers (e.g., Shopify Payments, PayPal, Stripe, etc.).

3. Legal Basis for Processing

We process your data on the following legal bases, as per Article 6 of the GDPR:

  • To fulfill our contractual obligations (e.g., order fulfillment, delivery)

  • To comply with legal obligations (e.g., tax records)

  • Based on your consent (e.g., newsletter subscription)

  • For legitimate interests (e.g., analytics, fraud prevention)

4. How We Use Your Data

Your data may be used for the following purposes:

  • To process and deliver your orders

  • To communicate with you about your purchases or inquiries

  • To manage your account

  • To send promotional emails, only if you have provided consent

  • To analyze website traffic and improve user experience

5. Third-Party Processors

We may share your personal data with trusted third-party providers strictly for the purposes outlined above. These may include:

  • Shopify (e-commerce platform)

  • Google Analytics (site traffic analysis)

  • Facebook Pixel (ad tracking and performance)

  • Email marketing services (e.g., Mailchimp – if used)

  • Payment providers (e.g., Stripe, PayPal)

All third-party processors are GDPR-compliant and bound by data processing agreements.

6. Data Retention

We retain your personal data only as long as necessary for the purposes for which it was collected, including legal, accounting, and tax obligations. Typically, data is kept for:

  • Up to 6 years for invoicing and tax compliance

  • Until consent is withdrawn for marketing communications

7. Your Rights

Under the GDPR, you have the following rights:

  • Right to access your data

  • Right to rectification

  • Right to erasure ("right to be forgotten")

  • Right to restrict processing

  • Right to data portability

  • Right to object to processing

  • Right to lodge a complaint with a supervisory authority (Hellenic Data Protection Authority)

You may exercise your rights by contacting us at: meliaandthecuckoo@gmail.com

8. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

  • SSL encryption for secure transmission

  • Limited access to data by authorized personnel

  • Secure storage and regular data audits

9. Transfers Outside the EU

If your data is transferred to countries outside the European Economic Area (EEA), we ensure such transfers are carried out with appropriate safeguards (e.g., standard contractual clauses).

10. Changes to This Policy

We may update this Personal Data Policy from time to time. Any changes will be posted on this page with the updated date.