1. Data Controller
The Data Controller of personal data is “EPIC ECHO MONOPROSOPI IKE”, owner of the website thebiglittleone.gr (hereinafter collectively the “Websites”).
For any issue related to the protection of your personal data, you may contact us at: info [at] epicecho.gr
2. What Data We Collect
a) Contact Form
Through the contact form available on our Websites, we may collect the following personal data:
- Full Name
- Email Address
- Message / Comments voluntarily submitted by the user
We do not intentionally collect sensitive personal data unless the user voluntarily includes such information in their message.
b) Availability / Booking Widget (Smoobu)
When users interact with the availability or booking widget provided by Smoobu GmbH, certain technical and personal data may be processed by Smoobu, such as:
- IP address
- Browser and device information
- Dates of stay or availability searches
- Booking-related details voluntarily submitted by the user
This data is processed directly by Smoobu through the embedded widget.
3. Purpose of Processing
Personal data is processed exclusively for:
- Responding to inquiries or communication requests
- Providing customer support and requested information
- Allowing users to check availability and initiate booking procedures through the Smoobu widget
- Ensuring the proper technical functionality and security of the Websites
Personal data is not sold or rented to third parties and is not used for unsolicited marketing without explicit consent.
4. Legal Basis for Processing
The processing of personal data is based on one or more of the following legal bases:
- User Consent (Article 6(1)(a) GDPR) – when voluntarily submitting a contact form or accepting cookies
- Legitimate Interest (Article 6(1)(f) GDPR) – to respond to communications and ensure website functionality and security
- Performance of a Contract or Pre-Contractual Steps (Article 6(1)(b) GDPR) – when users check availability or initiate a booking process via the Smoobu widget
5. Data Retention Period
Personal data is retained only for as long as necessary to fulfill the purposes described above and not longer than [e.g., 12 months], unless a longer retention period is required or permitted by law.
6. Data Recipients
Access to personal data may be granted only to:
- Authorized employees or partners of the company
- Hosting providers and technical support providers, only as necessary
- Third-party service providers strictly for functionality purposes, such as Smoobu GmbH for availability and booking services
We do not sell or commercially disclose personal data to third parties.
7. Third-Party Services – Smoobu
Our Websites use the Smoobu availability/booking widget, a service provided by Smoobu GmbH. When users interact with this widget, Smoobu may process personal and technical data either as an independent data controller or as a data processor, depending on the context of the interaction.
Users are encouraged to review Smoobu’s own Privacy Policy on their official website to understand how their data is processed by Smoobu.
8. Cookies
The Websites may use cookies and similar technologies for:
- Strictly necessary technical functionality
- Remembering user preferences
- Enabling third-party services such as booking or availability widgets
Some cookies may be set by third-party providers (e.g., Smoobu).
Non-essential cookies are used only after obtaining user consent through a cookie banner or consent management tool.
9. International Data Transfers
Personal data is primarily processed within the European Economic Area (EEA).
If data transfers outside the EEA occur, appropriate safeguards will be applied in accordance with GDPR requirements.
10. User Rights
Under the GDPR, users have the right to:
- Access their personal data
- Rectify inaccurate or incomplete data
- Request deletion (“right to be forgotten”)
- Restrict processing
- Object to processing
- Data portability
- Withdraw consent at any time
To exercise these rights, users may contact the company via the provided email address.
Users also have the right to lodge a complaint with the Hellenic Data Protection Authority (HDPA) or their local supervisory authority.
11. Data Security
We implement appropriate technical and organizational measures to protect personal data from unauthorized access, loss, misuse, or alteration.
12. Policy Updates
This Privacy Policy may be updated from time to time. Any changes will be published on the Websites along with the updated revision date.
Last updated: 3/2/2026