Cookie Policy
Greece Activity Guide is operated by a company being incorporated in the Republic of Cyprus. This Cookie Policy explains what cookies and similar technologies we use on greeceactivityguide.com, why we use them, and how you can control them. It should be read alongside our Privacy Policy.
1. What Are Cookies?
Cookies are small text files placed on your device when you visit a website. They allow the website to remember your actions and preferences (such as language, currency, or items you have started booking) over time, and they help us understand how the site is used so we can improve it.
Cookies can be:
- Session cookies — deleted when you close your browser.
- Persistent cookies — stored on your device until they expire or you delete them.
They can be set by us (first-party cookies) or by third-party services we use (third-party cookies), such as our payment processor.
We also use similar technologies — including localStorage, sessionStorage and (where strictly necessary for a feature you have asked us to provide) limited fingerprint-like signals such as your screen size or browser language. Throughout this policy we use the word "cookies" as a shorthand for all of these.
2. How We Use Cookies
We use cookies to:
- Make the website function correctly (load the right page, keep you signed in, complete your booking).
- Remember choices you have made (language, recently viewed tours).
- With your consent, understand how visitors interact with our site so we can improve it.
- With your consent, measure the performance of any advertising we run on third-party platforms.
We do not sell information collected from cookies, and we do not use cookies to build advertising profiles outside what is described below.
3. Categories of Cookies We Use
You can switch the optional categories on or off at any time using the Cookie Settings button in the footer of every page.
Necessary (always active)
These cookies are essential for the website to function and cannot be switched off. They are usually set in response to actions you take — signing in, adding a tour to checkout, saving your cookie preferences. Without them parts of the site will not work.
| Cookie / storage key | Set by | Purpose | Duration |
|---|---|---|---|
gag_consent | Greece Activity Guide | Stores the categories of cookies you have accepted so we do not ask again. | 12 months |
gag_consent_cid | Greece Activity Guide | An opaque random ID linking your accept / withdraw actions in our consent audit log. Not used for tracking. | 12 months |
__session, __client_uat, __clerk_db_jwt (and similar) | Clerk (our authentication provider) | Keep you signed in to your account. Only set after you sign in. | Session – 1 year |
NEXT_LOCALE | Greece Activity Guide | Remembers your language preference (English / Greek). | 1 year |
__stripe_mid, __stripe_sid | Stripe | Required to process card payments and to detect fraud during checkout. The Stripe script is only loaded on /checkout, so these cookies are not set anywhere else on the site. | Session – 1 year |
ref_code | Greece Activity Guide | If you arrived through an affiliate link (?ref= parameter), records which partner referred you so they can be credited if you book. Set in response to your own action — you clicked the partner link knowing where it would take you — and therefore falls within the "strictly necessary for the service the user has requested" exemption in Article 5(3) of Directive 2002/58/EC. | 30 days |
gag_consentgag_consent_cid__session, __client_uat, __clerk_db_jwt (and similar)NEXT_LOCALE__stripe_mid, __stripe_sid/checkout, so these cookies are not set anywhere else on the site.ref_code?ref= parameter), records which partner referred you so they can be credited if you book. Set in response to your own action — you clicked the partner link knowing where it would take you — and therefore falls within the "strictly necessary for the service the user has requested" exemption in Article 5(3) of Directive 2002/58/EC.Functional
Enable enhanced functionality and personalisation. Currently no functional cookies are set beyond those classed as Necessary.
Analytics
Help us understand how visitors interact with the site (which pages are viewed, how long visits last, where errors happen) so we can improve it. All data is aggregated and we ask Google Analytics to anonymise IP addresses.
| Cookie | Set by | Purpose | Duration |
|---|---|---|---|
_ga | Google Analytics (GA4) | Distinguishes unique visitors. | 13 months |
_ga_* | Google Analytics (GA4) | Persists session state. | 13 months |
_ga_ga_*Analytics cookies are only set if you accept the Analytics category. Until then we tell Google Consent Mode that analytics storage is denied, and the GA4 script is not loaded at all.
Performance
Allow us to measure load times, crash rates and other performance signals so we can fix slow or broken pages. We do not currently load a dedicated performance vendor; performance is inferred from Analytics where you have granted that category.
Advertisement
Used to measure the effectiveness of any advertising campaigns we run on third-party platforms (such as Meta / Facebook / Instagram) and to build audiences for retargeting.
| Cookie | Set by | Purpose | Duration |
|---|---|---|---|
_fbp | Meta (Facebook) | Identifies the browser for advertising and retargeting. | 3 months |
_fbpAdvertisement cookies are only set if you accept the Advertisement category. The Meta Pixel script is not loaded otherwise.
Other
Any cookie that does not fit the above categories. Currently none are in use. If we add one we will update this page and re-prompt for consent.
4. Third-Party Services and International Data Transfers
The following third parties may set cookies through our site when you use a feature they provide:
- Stripe — payment processing (Ireland, EU). Necessary for completing a booking. Stripe privacy policy.
- Clerk — authentication. Necessary if you sign in to a customer or supplier account. Clerk privacy policy.
- Google Analytics (GA4) — analytics, only with your consent. Google privacy policy.
- Meta (Facebook) Pixel — advertising, only with your consent. Meta privacy policy.
Google and Meta process data in the United States. Those transfers are covered by the EU–US Data Privacy Framework (European Commission Adequacy Decision 2023/1795 of 10 July 2023) — both companies have self-certified under the Framework, and you can confirm their status on the DPF participants list. For any other transfer outside the EEA, we rely on the Standard Contractual Clauses adopted by the European Commission (Decision 2021/914) together with appropriate supplementary measures.
Each provider has its own privacy and cookie policy, which governs the data they collect through their cookies.
5. Legal Basis
Strictly-necessary cookies are placed on the basis of our legitimate interest in providing the website and the services you have requested (Article 6(1)(f) GDPR, and the "strictly necessary" exemption in Regulation 5(3) of the ePrivacy Directive as transposed into Cyprus law).
All other categories are placed only on the basis of your explicit consent (Article 6(1)(a) GDPR), which you can grant or withdraw at any time without affecting the lawfulness of processing carried out before withdrawal.
6. Managing and Withdrawing Consent
You can update or withdraw your consent at any time:
- Click Cookie Settings at the bottom of any page.
- Or clear cookies for this site in your browser, which will cause the banner to re-appear on your next visit.
We will also re-prompt you for consent at least every 12 months, even if nothing has changed, in line with the recommendation of the European Data Protection Board.
How we record your consent
We keep a record of every accept / reject / save / withdraw action so we can demonstrate, if asked by a supervisory authority, that consent was freely given and informed (Article 7(1) GDPR). Each record contains: an opaque browser identifier (gag_consent_cid), the categories you chose, the policy version, your language, a timestamp, a truncated IP prefix (/24 for IPv4, /48 for IPv6 — never your full address) and your browser's user agent. The legal basis for this processing is Article 6(1)(c) GDPR (compliance with a legal obligation) read together with Article 7(1).
We retain these records for 6 years after withdrawal or expiry — the longer of the limitation periods in Cyprus (Limitation of Actions Law 66(I)/2012, 6 years) and Greece (Civil Code Article 250, 5 years for commercial claims). They are deleted automatically at the end of that period.
Browser-level controls
You can also manage or delete cookies directly through your browser:
Be aware that blocking strictly-necessary cookies will prevent parts of the site (signing in, checkout, language preference) from working.
7. Do Not Track
Most browsers offer a "Do Not Track" signal. Because there is no consensus on how it should be interpreted, we do not currently respond to it. Use the Cookie Settings panel to make your choice instead — those preferences are honoured.
8. Children
This site is not directed at children under 16, and we do not knowingly collect personal data from them. Where a booking's pricing depends on age, the parent or guardian making the booking provides the age on the child's behalf — the data does not come directly from the child. If you believe we have collected data from a minor without parental consent, please contact us so we can delete it.
9. Data Protection Officer
Based on the scale and nature of our processing, we have determined that we are not required to appoint a Data Protection Officer under Article 37 GDPR — our core activities do not consist of regular and systematic monitoring of data subjects on a large scale, nor of large-scale processing of special-category data. We review this assessment annually. For data-protection enquiries please use the contact details below.
10. Automated Decision-Making
We do not use automated decision-making or profiling that produces legal effects concerning you or similarly significantly affects you, within the meaning of Article 22 GDPR.
11. Changes to This Policy
We may update this Cookie Policy from time to time. If we change the categories of cookies, add a new tracker, or make any other material change, we will bump the consent version, which automatically re-prompts every visitor for their preferences. The current version is shown at the top of this page.
12. Contact and Complaints
If you have questions about how we use cookies, or you would like to exercise any of your GDPR rights, please contact us:
- Email: hello@greeceactivityguide.com
- Postal address: Greece Activity Guide, Limassol, Cyprus.
You also have the right to lodge a complaint with a supervisory authority:
- Cyprus: Office of the Commissioner for Personal Data Protection (www.dataprotection.gov.cy).
- Greece: Hellenic Data Protection Authority (www.dpa.gr).
- Or with the supervisory authority of the EU Member State where you reside.