GROUNDSTAY – Privacy Policy
Last updated: 26 December 2025
1. Introduction
This Privacy Policy explains how Groundstay E.E., a company established and operating in Greece, trading under the brand name GROUNDSTAY (“we”, “us”, “our”), collects, uses, stores, and protects personal data when you visit our website or interact with our services.
We are committed to protecting your personal data and complying with the General Data Protection Regulation (EU) 2016/679 (GDPR) and applicable Greek data protection laws.
By using our website or contacting us, you acknowledge that your personal data will be processed in accordance with this Privacy Policy.
2. Data Controller
For the purposes of the GDPR, the data controller is:
Groundstay E.E.
Greece
Email: info@groundstay.com
3. Personal Data We Collect
We may collect and process the following categories of personal data:
a) Data you provide directly
- Full name
- Email address
- Phone number
- Company or property-related information
- Any information you submit via contact or consulting forms
- Any information provided via email or direct communication
b) Technical & usage data
- IP address
- Browser type and version
- Device information
- Pages visited and time spent on the website
This data is collected through standard website technologies (e.g. server logs, analytics tools).
4. Purpose of Processing
We process personal data only when necessary and for the following purposes:
- Responding to inquiries and requests
- Providing consulting or property management information
- Communicating with property owners or business partners
- Improving website functionality and performance
- Ensuring website security and preventing abuse
- Complying with legal and regulatory obligations
We do not sell personal data and do not use it for automated decision-making or profiling.
5. Legal Basis for Processing (GDPR Article 6)
We process personal data based on one or more of the following legal grounds:
- Consent – where you voluntarily submit information (e.g. contact forms)
- Legitimate interest – to operate and improve our services and website
- Pre-contractual steps – when responding to service-related inquiries
- Legal obligation – where required under applicable law
6. Data Recipients & Third Parties
Personal data may be shared only when necessary with:
- Website hosting providers
- Email and communication service providers
- IT and security service providers
- Channel management or operational tools used internally
All third parties are contractually bound to process data in compliance with GDPR and only on our instructions.
We do not transfer personal data outside the European Economic Area (EEA) unless appropriate safeguards are in place.
7. Data Retention
We retain personal data only for as long as necessary to fulfil the purposes outlined in this Policy, unless a longer retention period is required by law.
Indicatively:
- Contact inquiries: up to 24 months
- Business communications: duration of the relationship + statutory obligations
- Technical logs: limited period for security and analytics purposes
8. Data Security
We implement appropriate technical and organisational measures to protect personal data against:
- Unauthorized access
- Loss or alteration
- Disclosure or misuse
This includes secure servers, access controls, encryption where appropriate, and internal data protection procedures.
9. Your Rights (GDPR Articles 12–23)
You have the right to:
- Access your personal data
- Request correction of inaccurate data
- Request erasure (“right to be forgotten”)
- Restrict or object to processing
- Request data portability
- Withdraw consent at any time (where applicable)
To exercise your rights, please contact us at info@groundstay.com
10. Right to Lodge a Complaint
If you believe your data protection rights have been violated, you have the right to lodge a complaint with the competent supervisory authority.
In Greece, this is:
Hellenic Data Protection Authority (HDPA)
Website: https://www.dpa.gr
11. Cookies & Tracking Technologies
Our website may use cookies and similar technologies to ensure proper functionality and performance.
Detailed information regarding cookies, categories, and consent mechanisms will be provided in a separate Cookie Policy.
Where required, cookies will be used only after your consent.
12. Third-Party Links
Our website may contain links to third-party websites. We are not responsible for the privacy practices or content of such websites. Users should review the privacy policies of third parties independently.
13. Children’s Data
Our website and services are not directed to children under the age of 16. We do not knowingly collect personal data from minors.
14. Changes to This Privacy Policy
We reserve the right to update this Privacy Policy at any time. Any changes will be published on this page with an updated revision date.
Continued use of the website constitutes acceptance of the updated Privacy Policy.
15. Contact
For any questions regarding this Privacy Policy or the processing of personal data, please contact: