Privacy Policy

01 Data Controller

B·Cube acts as the Data Controller for all personal data processed through our website and order channels.

02 Data We Collect

We collect only the data necessary to fulfil your order and improve our service:

Data you provide directly

• Full name and contact details (email, phone number)
• Delivery address (hotel name, room number, or street address)
• Order preferences and dietary requirements
• Payment information (processed securely; we do not store card details)
• Any special instructions or messages submitted via order forms

Data collected automatically

• IP address and browser/device type
• Pages visited and time spent on the site
• Referral source (how you found us)
• Cookie identifiers (see our Cookie Policy)

03 Legal Basis for Processing

We process your personal data under the following lawful bases (GDPR Art. 6):

04 How We Use Your Data

• To process, confirm, and deliver your breakfast order
• To contact you regarding your order (confirmations, delays, or issues)
• To handle complaints, refund requests, and quality feedback
• To send occasional promotions or updates (only with your explicit consent)
• To comply with our legal and tax obligations under Greek law
• To analyse website usage and improve our service offering

We will never sell, rent, or trade your personal data to third parties for their marketing purposes.

05 Data Sharing & Third Parties

We share your data only where strictly necessary:

• Hotel partners: Your delivery details are shared only with the hotel fulfilling your specific order.
• Payment processors: Payment data is processed by our payment provider (Viva Wallet / Stripe). We do not store card numbers.
• Email service provider: Used solely to send order confirmation and transactional emails.
• Legal authorities: Where required by Greek or EU law, court order, or to protect our legal rights.

All third-party processors are bound by data processing agreements and are GDPR-compliant.

06 Data Retention

We retain your personal data only for as long as necessary:

• Order data: 5 years (Greek accounting and tax law requirements)
• Marketing consent records: Until you withdraw consent
• Website analytics: 13 months (then anonymised)
• Complaint/dispute records: 3 years from resolution

After the applicable retention period, your data is securely deleted or anonymised.

07 Your Rights Under GDPR

As a data subject, you have the following rights:

To exercise any of these rights, contact us at bcube-thespecialists@outlook.com. We will respond within 30 days. You also have the right to lodge a complaint with the Hellenic Data Protection Authority (HDPA) at www.dpa.gr.

08 Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or disclosure, including:

• SSL/TLS encryption for all data transmitted via our website
• Secure, access-controlled storage of order records
• Restricted access to personal data on a need-to-know basis
• Regular review of our security practices

In the event of a data breach that poses a risk to your rights, we will notify you and the HDPA within 72 hours as required by GDPR.

09 Children's Privacy

Our services are not directed at individuals under the age of 18. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected data from a minor, please contact us immediately at privacy@b-cube.gr.

10 Policy Changes

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. We will notify you of significant changes via email or a notice on our website. The "Last updated" date at the top of this page reflects the most recent revision.

11 Contact & Data Protection

For any privacy-related enquiries, requests, or concerns, please contact our Data Protection contact: