Privacy Policy

Last updated: March 2026

ROYAL Exclusive Properties & Investments (“REP”, “we”, “us”) respects your privacy and is committed to protecting your personal data.

This Privacy Policy explains how we collect, use, share, and protect personal data when you visit royal-properties.net (the “Website”) or contact us via our forms and communications.

1. Who we are (Data Controller)
Data Controller: ROYAL Exclusive Properties & Investments
VAT/TIN: EL801348993
Contact: via the contact form on the Website.
This Privacy Policy applies only to this Website operated by REP. Links to other websites (including other ROYAL ecosystem brands or partner sites) are governed by their own privacy policies.

2. What data we collect
Depending on how you use the Website, we may collect:

A) Data you provide to us
•Identity & contact data: name, email, phone number
•Inquiry data: your request, preferred areas, budget range, timeline, asset type (residential/land/hotel), and any information you include in your message
•Documents (if you send them): files or details you share for evaluation (e.g., ownership documents, plans, photos)

B) Data we collect automatically
•Technical data: IP address, device type, browser, operating system, and basic usage logs (e.g., date/time of access, pages requested)
•Cookie and similar technology data: depending on your cookie settings (see Section 8)

C) Data from third parties (limited)
We may receive limited data from:
•Professional advisors or partners you ask us to involve (e.g., lawyers, engineers, finance partners)
•Referrers who introduce you to us (e.g., name and contact details)

3. Why we use your data (purposes)
We use personal data to:
•Respond to inquiries and provide requested information (e.g., property options, process steps, availability)
•Provide brokerage and advisory services (screening, shortlisting, coordination of next steps)
•Coordinate introductions to qualified third parties only when relevant and usually at your request (e.g., legal/immigration, finance partners, technical professionals)
•Operate and secure the Website, including troubleshooting and preventing misuse
•Improve Website performance and user experience (analytics only if enabled via cookie preferences)
•Comply with legal obligations (e.g., record-keeping, handling lawful requests)

4. Legal bases for processing (GDPR)
We process personal data under one or more of the following legal bases:
•Contract / pre-contract steps: when you request services or information and we need your data to respond and proceed
•Legitimate interests: to operate, secure, and improve the Website and manage our communications professionally
•Consent: where required (e.g., optional cookies; marketing communications where you explicitly opt in)
•Legal obligation: where we must retain or disclose data under applicable law

5. Marketing communications
We do not add you to marketing lists by default.
•If you opt in to receive updates, we may send you occasional communications.
•You can unsubscribe at any time (unsubscribe link in emails or by contacting us).
•If you did not opt in, you will only receive communications necessary to respond to your inquiry or provide the service you requested.

6. Who we share your data with
We do not sell your personal data.
We may share data with:
•Service providers (processors) supporting Website hosting, email delivery, form handling, and security—only as needed to operate the Website and communications
•Professional advisors (lawyers, accountants, auditors) where necessary for legitimate business purposes
•Qualified partners (e.g., finance partners, licensed legal/immigration professionals, engineers/architects) only when relevant and typically at your request, or where needed to progress a service you requested
•Authorities where required by law or to protect legal rights
All processors act under contract and instructions, and must apply appropriate security measures.

7. International transfers
If any of our service providers process data outside the European Economic Area, we use appropriate safeguards (such as Standard Contractual Clauses) and take measures to ensure an adequate level of protection.

8. Cookies and similar technologies
We use cookies and similar technologies for:
•Strictly necessary cookies (website functionality, security)
•Preferences cookies (remembering choices where applicable)
•Analytics cookies (only if enabled via your cookie preferences)
•Marketing cookies (only if enabled; where used)

9. Data retention
We keep personal data only as long as necessary for the purposes described above, including:
•Inquiry communications: typically up to 24 months from last contact
•Service-related records: for the duration of the service and as required for legal/financial record-keeping
•Marketing (opt-in only): until you unsubscribe or withdraw consent
Retention periods may be extended where required by law or for legal claims.

10. Your rights
Under GDPR, you may have the right to:
•Access your personal data
•Correct inaccurate data
•Request deletion (where applicable)
•Restrict or object to processing (where applicable)
•Data portability (where applicable)
•Withdraw consent at any time (where consent is the basis)
You also have the right to lodge a complaint with the Hellenic Data Protection Authority (HDPA).
To exercise rights, contact us via the Website contact form.

11. Security
We apply appropriate technical and organizational measures to protect personal data. No system is 100% secure, but we work to prevent unauthorized access, loss, or misuse.

12. Children
Our Website and services are not intended for children, and we do not knowingly collect personal data from minors.

13. Changes to this policy
We may update this Privacy Policy from time to time. The “Last updated” date will reflect changes. Material changes will be posted on this page.