Privacy Policy (GDPR)

This Privacy Policy explains how Crete Access E.E, operating Malia Access, collects, uses, and protects personal data when you visit our website or purchase products through our platform.

1. Data Controller

The data controller responsible for personal data processed through Malia Access is:

Crete Access E.E
Operating brand: Malia Access

2. Personal Data We Collect

We may collect the following personal data when you interact with our website or services:

  • full name

  • email address

  • phone number

  • purchase details

  • payment confirmation data

  • IP address

  • browser and device information

  • website usage data through cookies and analytics tools

Payment card details are processed securely through external payment providers and are not stored directly by Malia Access.

3. Why We Process Personal Data

Your data may be processed for the following purposes:

  • to complete purchases and issue tickets or wristbands

  • to provide customer support

  • to manage bookings and order confirmations

  • to communicate important purchase-related information

  • to improve website performance and user experience

  • to comply with legal and accounting obligations

4. Legal Basis for Processing

Personal data is processed only where legally permitted, including:

  • performance of a contract

  • compliance with legal obligations

  • legitimate business interests

  • user consent where required

5. Sharing of Data

Personal data may be shared only where necessary with:

  • payment service providers

  • ticketing platforms

  • technical website providers

  • legal or accounting advisors where legally required

We do not sell personal data to third parties.

6. Data Retention

Personal data is stored only for as long as reasonably necessary to fulfil legal, operational, and contractual obligations.

Purchase and accounting records may be retained where required by Greek tax and accounting law.

7. Your Rights

Under GDPR, you have the right to:

  • request access to your personal data

  • request correction of inaccurate data

  • request deletion where legally possible

  • object to certain processing

  • request restriction of processing

  • request data portability where applicable

Requests may be submitted through our contact channels.

8. Cookies and Analytics

Malia Access may use cookies and analytics technologies to improve website functionality, monitor traffic, and understand visitor behaviour.

Users may control cookie preferences through browser settings where available.

9. Data Security

Reasonable technical and organisational measures are used to protect personal data against unauthorised access, misuse, loss, or disclosure.

10. Third-Party Services

Our website may use third-party services including payment providers, analytics systems, social media tools, and ticketing integrations, each operating under their own privacy policies.

11. Contact

For privacy-related questions regarding personal data processed by Malia Access, users may contact Crete Access E.Ethrough the official website contact channels.

12. Applicable Law

This Privacy Policy is governed by applicable EU GDPR legislation and relevant Greek data protection law.