Privacy Policy

Effective date: 17 March 2026

1. Data Controller

The data controller for this website is:

savage.design
Serres, Greece
Email: [email protected]
Phone: +30 231 231 1829

2. Data We Collect

We collect the following data when you interact with our website:

  • Quote form submissions: name, email address, phone number (optional), selected service, and project details
  • Session cookie (PHPSESSID): a temporary cookie required for CSRF protection and form security
  • Server access logs: IP address, user agent, timestamp, and requested URL — collected automatically by our hosting provider

3. Legal Basis

We process your personal data under the following legal bases as defined by the General Data Protection Regulation (GDPR):

  • Article 6(1)(a) — Consent: when you submit the quote form, you explicitly consent to the processing of your personal data for the purpose of responding to your enquiry
  • Article 6(1)(f) — Legitimate interests: for session security (CSRF protection) and server access logs necessary for the secure operation of the website

4. How We Use Your Data

We use the data we collect for the following purposes:

  • To respond to your quote requests and project enquiries
  • To send you a confirmation email acknowledging your submission
  • To protect the website from abuse and ensure security

We do not use your data for marketing, profiling, or automated decision-making.

5. Data Retention

  • Quote form data: retained in our email system per standard email retention practices. You may request deletion at any time.
  • Session data: expires when you close your browser
  • Server access logs: retained per our hosting provider's policy (typically 30–90 days)

6. Third Parties

We share or expose your data to the following third-party services:

  • Google Workspace SMTP: used to deliver quote form emails (name, email, phone, project details pass through Google's servers)
  • CDN providers: Google Fonts, cdnjs (Cloudflare), jsdelivr, and esm.sh serve static assets. These services may log your IP address and user agent per their own privacy policies.

We do not sell, trade, or otherwise transfer your personal data to any other parties.

7. Cookies

This website uses only one cookie:

  • PHPSESSID: a strictly necessary session cookie used for CSRF protection and form security. It contains no personal data and expires when you close your browser.

We do not use analytics cookies, tracking cookies, or any third-party cookies.

8. Your Rights

Under Articles 15–22 of the GDPR, you have the following rights:

  • Right of access — request a copy of your personal data
  • Right to rectification — request correction of inaccurate data
  • Right to erasure — request deletion of your personal data
  • Right to restriction — request limited processing of your data
  • Right to data portability — receive your data in a structured, machine-readable format
  • Right to object — object to the processing of your data
  • Right to withdraw consent — withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal

To exercise any of these rights, contact us at [email protected].

9. Supervisory Authority

If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Hellenic Data Protection Authority:

Hellenic Data Protection Authority (HDPA / ΑΠΔΠΧ)
Kifisias 1-3, 115 23 Athens, Greece
Phone: +30 210 647 5600
Email: [email protected]
Website: www.dpa.gr

10. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated effective date. We encourage you to review this page periodically.