Privacy Policy

Last Updated: June 16, 2026

1. Introduction

Three Peaks (“Three Peaks“, “we“, “our“, or “us“) is committed to protecting your privacy and ensuring that your personal data is processed responsibly, transparently, and in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”), the Greek data protection legislation, and other applicable laws. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit https://threepeaks.gr (“the Website”), contact us, or otherwise interact with our services. Please read this Privacy Policy carefully before using our Website.

2. Data Controller

The data controller responsible for processing your personal data is: Three Peaks Litochoro, Greece VAT Number: EL012354589 Email: info@threepeaks.gr Privacy Contact: Alexandros

3. Scope of this Policy

This Privacy Policy applies to:
  • Visitors of our Website
  • Individuals who contact us through our contact forms
  • Individuals communicating with us via email
  • Individuals interacting with our Website and online services
It does not apply to third-party websites linked from our Website.

4. Personal Data We Collect

Depending on how you interact with our Website, we may collect the following categories of personal information.

Information You Provide

When you submit our contact form, we may collect:
  • Full name
  • Email address
  • Telephone number (if provided)
  • Company name (if provided)
  • The contents of your message
  • Any information voluntarily included in your communication
You are under no legal obligation to provide personal data. However, failure to provide certain information may prevent us from responding to your request.

Information Collected Automatically

When visiting our Website, certain information is collected automatically, including:
  • IP address
  • Browser type and version
  • Device information
  • Operating system
  • Language preferences
  • Referring website
  • Date and time of access
  • Pages visited
  • Session duration
  • Clickstream information
This information is primarily collected through cookies and analytics technologies.

Google Analytics

We use Google Analytics 4 to better understand how visitors use our Website. Google Analytics collects anonymous statistical information, including:
  • Number of visitors
  • Pages visited
  • User interactions
  • Approximate geographic location
  • Device category
  • Traffic source
Where required by law, analytics cookies are only activated after your consent.

Google Maps

Our Website may embed Google Maps in order to display our location. When Google Maps is loaded, Google may collect information including:
  • IP address
  • Browser information
  • Device identifiers
  • Location information (if permitted)
Google processes this information according to its own Privacy Policy.

Google reCAPTCHA

Our contact forms use Google reCAPTCHA to protect the Website from spam and automated abuse. The use of reCAPTCHA is subject to Google’s Privacy Policy and Terms of Service. reCAPTCHA may collect:
  • IP address
  • Mouse movements
  • Time spent on page
  • Browser characteristics
  • Device information
  • User interactions
This information is processed solely for security purposes.

5. Legal Basis for Processing

We process personal data under one or more of the following legal bases under Article 6 GDPR:

Consent

Where you have provided your consent, including:
  • Acceptance of analytics cookies
  • Submission of contact forms
  • Other situations requiring explicit consent
You may withdraw your consent at any time.

Legitimate Interests

We process certain information where necessary for our legitimate interests, including:
  • Website security
  • Fraud prevention
  • Improving Website performance
  • Responding to enquiries
  • System administration
We carefully balance these interests against your rights and freedoms.

Legal Obligations

We may process your information where required to comply with legal obligations, including:
  • Tax obligations
  • Regulatory requirements
  • Court orders
  • Law enforcement requests

6. How We Use Your Information

Your personal information may be used to:
  • Respond to enquiries
  • Provide customer support
  • Improve our Website
  • Maintain Website security
  • Prevent abuse and fraud
  • Analyze Website traffic
  • Comply with legal obligations
  • Protect our legal rights
We do not sell personal information.

7. Data Sharing

We may share information only where necessary with trusted service providers assisting us in operating the Website. These may include:
  • Web hosting providers
  • Website maintenance providers
  • Google Analytics
  • Google Maps
  • Google reCAPTCHA
  • Legal advisors
  • Government authorities where legally required
Each service provider is required to process data in accordance with applicable privacy laws.

8. International Transfers

Some of our service providers, including Google, may process data outside the European Economic Area. Where such transfers occur, appropriate safeguards are implemented in accordance with Chapter V of the GDPR, including:
  • Standard Contractual Clauses (SCCs)
  • Adequacy Decisions
  • Other legally approved transfer mechanisms

9. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes described in this Policy. Typical retention periods include: Contact enquiries: Up to 24 months after the last communication. Analytics information: As configured within Google Analytics. Server logs: Generally retained for security purposes for a limited period. Where legal obligations require longer retention, we will comply with applicable laws.

10. Security

We implement appropriate technical and organizational measures to protect your information, including:
  • SSL/TLS encryption
  • Secure hosting infrastructure
  • Access controls
  • Firewall protection
  • Malware monitoring
  • Software updates
  • Backup procedures
While we strive to protect your information, no method of transmission over the Internet is completely secure.

11. Your Rights

Under the GDPR you have the right to:
  • Access your personal data
  • Correct inaccurate information
  • Request deletion (“Right to be Forgotten”)
  • Restrict processing
  • Object to processing
  • Withdraw consent
  • Request data portability
  • Lodge a complaint with the competent supervisory authority
Requests may be submitted by emailing: info@threepeaks.gr We will respond within the timeframes required by applicable law.

12. Children’s Privacy

Our Website is not directed to children under the age of 16. We do not knowingly collect personal information from children. If we become aware that personal data relating to a child has been collected without appropriate consent, we will promptly delete such information.

13. Third-Party Websites

Our Website may contain links to external websites. We are not responsible for the privacy practices or content of third-party websites. Users are encouraged to review the privacy policies of those websites before providing personal information.

14. Cookies

Our Website uses cookies and similar technologies. Detailed information regarding cookies, their purposes, retention periods, and your choices can be found in our separate Cookie Policy.

15. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect:
  • Changes in legislation
  • Technological developments
  • Improvements to our services
  • Regulatory requirements
The updated version will always be published on this page together with the revised “Last Updated” date.

16. Contact Us

If you have any questions regarding this Privacy Policy or the processing of your personal information, please contact us: Three Peaks Litochoro, Greece VAT Number: EL012354589 Email: info@threepeaks.gr Privacy Contact: Alexandros

17. Supervisory Authority

If you believe your personal data has been processed unlawfully, you have the right to lodge a complaint with the competent supervisory authority. For users located in Greece: Hellenic Data Protection Authority (HDPA) Website: https://www.dpa.gr Address: 1-3 Kifisias Avenue, 11523 Athens, Greece Telephone: +30 210 6475600 You are encouraged to contact us first so that we may attempt to resolve your concerns before contacting the supervisory authority.