Privacy Policy

Be Our Guest is a design studio that produces bespoke multilingual digital welcome books for boutique hotels, villas, and short-term rentals across the Mediterranean. This Privacy Policy applies to beourguest.app and any sub-pages we operate.

Questions about this policy, requests to exercise your rights, or any other privacy concern can be sent through the contact form on our homepage. We aim to respond within 30 days, as required by the EU General Data Protection Regulation (GDPR).

Contact form data: when you submit a quote request, we collect the name, email address, mobile phone, property type, property location, number of properties, and any free-text message you provide.

Technical data: our hosting provider records standard web-server logs (IP address, user agent, request timestamps, referring page) for security and debugging. These logs are retained for a short period and then deleted.

Cookies and similar technologies: we use only strictly necessary cookies. See Section 7 below for details.

We do not knowingly collect personal data from children under 16. We do not collect special categories of data (health, biometric, political, religious, etc.).

To respond to your quote request and pre-contractual communications, legal basis: performance of a contract or steps taken at your request (GDPR Article 6(1)(b)).

To protect the site against abuse (spam, bots, fraud), legal basis: legitimate interests (GDPR Article 6(1)(f)).

To comply with legal obligations (tax, accounting, responding to lawful requests from authorities), legal basis: legal obligation (GDPR Article 6(1)(c)).

Quote requests that do not become a client relationship: up to 12 months from the last contact, then deleted or anonymized.

Client records (invoices, contracts, correspondence): retained for the period required by applicable tax and commercial law (typically 5–10 years in the EU).

Server logs: up to 30 days, unless a security incident requires longer retention.

Hosting and infrastructure: Cloudflare, Inc. (edge hosting, bot protection).

Transactional email: Resend, Inc. (delivery of quote-request notifications).

Professional advisors: accountants and legal counsel, only where strictly necessary and under confidentiality obligations.

We do not sell, rent, or trade your personal data. We do not use your data for automated decision-making or profiling.

Some of our processors are located outside the European Economic Area. In those cases, transfers rely on Standard Contractual Clauses or equivalent safeguards approved by the European Commission.

Under the GDPR, you have the right to: access the personal data we hold about you; correct inaccurate data; request erasure; restrict or object to processing; receive a portable copy of your data; and withdraw consent where processing is based on consent.

To exercise any of these rights, contact us through the form on our homepage. We may ask you to verify your identity before acting on the request.

If you believe our processing infringes the GDPR, you have the right to lodge a complaint with the Hellenic Data Protection Authority (www.dpa.gr) or the supervisory authority of your EU country of residence.

We use only strictly necessary cookies that are required for the site to function. These do not track you across sites, do not build an advertising profile, and do not require your consent under the ePrivacy Directive.

Locale preference cookie: stores the language you selected (for example, NEXT_LOCALE). Expires after 1 year. Purpose: remembering your language choice across visits.

Cloudflare security cookies (e.g. __cf_bm): set by our infrastructure provider to distinguish humans from bots and to mitigate attacks. Expire within 30 minutes of inactivity. Purpose: site security.

We do not currently use analytics, advertising, or social-media tracking cookies. If we add any in the future, we will update this policy and present a consent banner before setting them.

You can block or delete cookies through your browser settings, though doing so may affect site functionality.

Our site runs over HTTPS. Form submissions are transmitted encrypted. We apply reasonable technical and organizational measures to protect your data against loss, misuse, and unauthorized access. No system is perfectly secure; if we become aware of a breach that affects you, we will notify you and the competent supervisory authority as required by law.

We may update this Privacy Policy to reflect changes in our practices or the law. The "Last updated" date at the top of this page indicates when the current version took effect. Material changes will be announced on the site. Continued use of the site after an update constitutes acceptance of the revised policy.

For any privacy question, request to exercise your rights, or complaint, reach us through the contact form on our homepage.