Effective as of 01 Jan. 2026

This Privacy Policy describes how we collect, use, store and/or otherwise process Personal Data of the Users of this Website.
Any processing undertaken in this context shall be in compliance with the provisions of the GDPR and the Greek Law providing for the Protection of Natural Persons with regard to the Processing of Personal Data and for the Free Movement of such Data of 2016 (Law 2016/679).
References in this policy to “we”, “us” and “our” are references to ONO apartments . References to “you” and “your” are to the Users.
We respects the privacy of your data. The Terms and Conditions and our Privacy Policy have been designed to protect your data and to be straightforward and easy to understand.

In a nutshell:

• We never resell or share personal information about you.
• Protection of your Data is our top priority and we take significant measures to keep it safe and secure.

Definitions

Personal Data (or Data)

Any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
In the context of the services provided by the Company, Personal Data refers to data relating solely to the User/Users, as these are set out in the Types of Data Collected paragraph below.

Usage Data

Information collected automatically from this Website (or third-party service providers retained by the Company), as set out in detail in the Types of Data Collected paragraph below.

User/Users

The individual/individuals (natural persons) downloading and using this Website.

Data Subject

The natural person to whom the Personal Data relates.
In the context of the services provided by the Company, Data Subject refers to User/Users.

Data Processor

The natural person, legal person, public administration or any other body, association or organization authorized by the Data Controller to process the Personal Data.

Data Controller

The natural person, legal person, public administration or any other body, association or organization with the right, also jointly with another Data Controller, to make decisions regarding the purposes, and the methods of processing of Personal Data and the means used, including the security measures concerning the operation and use of this Website

Cookie

Small piece of data stored in the User’s device.

Data Controller

With respect to the processing of Personal Data of the Users, we act as a Data Controller. Our contact details are set out below:

ONO apartments
Email:  hello@onoyourplace.com

Types of Data collected

We collect your Personal Data when visiting this website.
We may collect the following types of information relating to Users, which also include:

1. Customer data (registered users and advertised parties)

• Identification and contact information: Individual’s full name, email address.
• Other information: Requests, queries / wishes / complaints, meeting minutes, reviews/ feedback.
• We wish to clarify that we also obtain business logos, store images , which, in principle, are not your personal data unless you include therein any information that identifies you.

2. Data of partners / suppliers / subcontractors

• Identification and contact information: Full name, email address, telephone number, postal code, address / registered office address.
• Official identification information: Tax ID no, competent Tax Office.
• Work information: Service provided, agreement, agreement details / terms, complaints and actions initiated against them, feedback / reviews.
• Travel and expense information: Booking information, travel background information, expense details.
• Financial information: Fee details, bank account information, payment invoices / receipts, agreed remuneration / desired remuneration.
• Data from social networks or other information systems: Information posted on social network public accounts such as LinkedIn, Facebook, Instagram, information posted on websites such as Vrisko, Yellow Pages.
• Other information: Requests, arrangements, complaints, reviews.

3. Data of users

1. Full name
2. Email address

Usage Data:

Information collected automatically by us (or third party service providers retained by us), which can include: the unique device identifier, the time of server requests, the method utilized to submit the request to the server, the size of the file received in response, the numerical code indicating the status of the server’s answer (successful outcome, error, etc.), the features of the browser and the operating system utilized by the User, the various time details per visit (e.g., the time spent on each page within the Application) and the details about the path followed within the Application with special reference to the sequence of pages visited.

Mode and place of processing the Data

Methods of processing

Data is processed in a proper manner and appropriate security measures are undertaken to prevent unauthorized access, disclosure, modification, or unauthorized destruction of the Data.
Data processing is carried out using computers and/or IT enabled tools, following organizational procedures and modes strictly related to the purposes indicated.
In addition to us, in some cases, the Data may be accessible to certain types of persons in charge, involved with the operation of the site (administration, sales, marketing, legal, system administration) or external parties (such as third party technical service providers, mail carriers, hosting providers, IT companies, communications agencies) appointed, if necessary, as Processors or by potential purchasers or assignees of our business.
We may share some of the Data with subsidiaries, joint ventures, or other companies under a common control (i.e. affiliates). If another company acquires our company, business, or our assets, that company will possess the Data collected by us and will assume the rights and obligations regarding the Data as described in this Privacy Policy.

Place

The Data is processed at the our operating offices and in any other places where the parties involved with the processing are located. For further information, please contact us.
Transfers of data to countries outside the EEA may take place as part of the services described in this Privacy Policy. Any such transfers will be undertaken in compliance with the general principles on transfers, as these are set out in the GDPR and the Greek Law providing for the Protection of Natural Persons with regard to the Processing of Personal Data and for the Free Movement of such Data of 2016 (Law 2016/679).

Retention time

The Data is kept for the time necessary to provide the service requested by the User, or stated by the purposes outlined in this document, and the User can always request that we correct, suspend or remove the data.

Security of personal data

We protect your personal data by taking all necessary organizational and technical measures to avoid any form of illegal or unlawful processing. In particular:

• Ensuring the Confidentiality of the Transfer of Your Personal Data
  To ensure the confidentiality of data transfer, the SSL encryption protocol with RSA key 2048 bits (e 65537) is used. In addition, all backup systems we use have additional encryption (AES-256) before being transmitted to an approved cloud provider via SSL connection as an additional data safeguard measure. The backup providers we use today to store the data are:
  infrastructure of the company Top Host
• Controlled Access
  The back-end infrastructure is hosted and installed in Data Centers that have ISO 27001 security standards and meet the GDPR requirements for data protection. Access to the Company’s systems (servers) is controlled by a firewall, which allows the use of specific services by users while prohibiting access to systems and databases with confidential data and information of the Company. The web hosting provider we use today is: Top Host
• Encryption
  With the use of special software, the Company’s electronic system first decrypts the information it receives before processing it. The Company’s systems send information following the same encryption process. Wherever on the website you enter personal data (password, email, etc.) there is SSL encryption with an RSA key of 2048 bits (e 65537).
  The encryption protocol ensures that all the data you provide to us, including your name and address and password to your account, are encrypted so that they cannot be decrypted or changed when transferred online.

Legal bases for the use of the collected Data

The Data concerning you as a User is collected to allow us to provide its services via the Application as well as, wherever required, with your consent, for any of the following purposes: traffic optimization and distribution and hosting and backend as a service.
We may also process your Personal Data where it is necessary for compliance with a legal obligation to which we are subject, for example if we are required by law to disclose certain Data to public authorities.
Finally, it may be necessary for us to process your Personal Data for the purposes of legitimate interests pursued by us and where such interests are overridden by the interests or fundamental rights and freedoms of Users. For example, your Personal Data may be used for legal purposes in Court proceedings or in the stages leading to possible legal action arising from improper use of the Application or the related services.

Detailed information on the purposes of the processing of Personal Data

Personal Data is collected for the following purposes and using the following services:

Analytics

The services contained in this section enable us to monitor and analyze web traffic and can be used to keep track of User behavior.

Google Analytics (Google Inc)

Google Analytics is a web analysis service provided by Google Inc. (“Google”). Google utilizes the Data collected to track and examine the use of this website, to prepare reports on its activities and share them with other Google services. Google may use the Data collected to contextualize and personalize the ads of its own advertising network. Personal Data collected: Cookie and Usage data.
Place of processing: USA https://policies.google.com/privacy

Hosting and backend as a service

These services have the purpose of hosting data and files that enable us to run and be distributed as well as to provide a ready-made infrastructure to run specific features or parts of is. Some of these services work through geographically distributed servers, making it difficult to determine the actual location where the Personal Data are stored.

Information not contained in this policy

More details concerning the collection or processing of Personal Data may be requested from us at any time. Please see the contact information at the beginning of this document.

The rights of Users

You have the following legal rights with regard to the processing of your Personal data:

• the right of access to the personal data we hold about you
• the right to obtain rectification of any inaccurate personal data
• the right of erasure of your personal data
• the right of restriction of processing of your personal data
• the right to object to processing of your personal data
• the right to data portability
• the right to lodge a complaint with the relevant data protection supervisory authority in Greece, the details of which are available on their website at: https://www.dpa.gr/el/polites/katagelia_stin_arxi
• Where the processing of any of your Personal Data is based on your consent, you may withdraw such consent at any time either by deleting your account or by contacting onoyourplace@gmail.com.

You may exercise your above rights by contacting us at onoyourplace@gmail.com.
We do not support “Do Not Track” requests.
To determine whether any of the third party services it uses honor the “Do Not Track” requests, please read their privacy policies.

Users over 18 years old

Using  this Website can be made only by adults over 18 years of age.

Changes to this Privacy Policy

We reserve the right to make changes to this Privacy Policy at any time by giving notice to its Users on this page and by way of an in-app pop up notification. It is strongly recommended to check this page often, referring to the date of the last modification listed at the top. If a User objects to any of the changes to the Policy, the User must cease using this website and can request that we remove the Personal Data. Unless stated otherwise, the then-current privacy policy applies to all Personal Data we have about Users.