HUT Creative Studio

We design brand IDs, illustrate, curate projects, paint murals and make crafts. We believe in healthy and solidarity cooperation and in this way, we give HUT its strength and quality 


Chania, Crete / Greece 73003


Welcome to our website


We are pretty sure that you won’t gonna read this, but it is necessary to have it in our website! 


We take the protection of your personal data and private life very seriously. In accordance with transparency principles, we have created this policy, to provide you with adequate information regarding the processing of your data by our Company through our Website.



1. Introduction / Data


The website found at, hereinafter referred to as the “Website”, is owned by Dimitris Papadopoulos Graphic Designer.

Tel.: +30 697 8214 312


In order to provide our services to you and comply with our legal obligation, we process information through the Website, which may lead, directly or indirectly, to your identification, as users.


According to the applicable legal framework on data protection, some of this information is “personal data”, while you, as users, are characterized as “data subjects” and we, the Company, are the “controller” of your data.


This Policy aims at providing information in a clear and simple way about the data we process, the purpose and the legal ground for the processing, the recipients of your data and, finally, your rights and how you can exercise them.


In case you have any questions regarding the processing of your data or the exercise of your rights, you are more than welcome to contact us via email at


2. Our key data processing principles


We are committed to ensuring that your personal data are processed in a fair and transparent way, in compliance with the applicable legal framework, in particular the General Data Protection Regulation (GDPR) [Regulation (EU) 2016/679] and the national legislation, especially Greek Laws nr. 4624/2019 and 3471/2006.


To put it simply, this means that:

– We process your data only for specified, explicit and legitimate purposes, as defined in this policy. We do not process your data further for purposes incompatible to the original ones (purpose limitation).


– We only process data which are adequate, relevant and limited to what is necessary in relation to the purposes that we have set (data minimisation).


– We make every effort to ensure that your data are accurate and that you can ask for their correction or deletion where applicable (data accuracy).


– We keep your data in a form that permits your identification only for as long as it is necessary for the purposes that we have determined in advance, as described in this policy (storage limitation).


– We make every effort to ensure the security of your data, and to prevent, among others, any unauthorized or unlawful processing, and accidental loss, destruction, or damage (integrity and confidentiality).


To ensure the adequate protection of your data, the Company implements internal security policies, takes all appropriate technical and organizational measures, and trains its staff, which is bound by confidentiality and privacy clauses. In addition, we use technologies that ensure the security of your data, e.g., Secure Sockets Layer (SSL) certificate, as well as encryption and anonymization methods.


Our goal is to integrate information security and data protection principles in all aspects of the Company’s operation. In this context, we monitor the security measures on a regular basis and, if deemed necessary, we align them with the new best practices.


3. What data we process and under which conditions


In principle, we process your data only when you provide them in an active manner to us, e.g., by filling out a contact form, or by sending an email to us.


This rule does not fully apply to certain technical data which are automatically collected with the help of cookies or similar technologies. Please see the cookies section for further information.


Α. Information we receive automatically


Due to the nature and function of the Internet, as soon as you visit our Website, your IP address and other information, such as the date and time of your visit, the website from which your visit originated, the type of your browser, and operating system, is recorded in our server’s special log files. Although we are not in a position to identify you on our own based on this information, your IP address is considered to be personal data.


The legal basis for collecting and storing data in our server’s special log files is our legitimate interests since our goal is to ensure network, information and services security, in case of accidental events or unlawful or malicious actions that compromise the availability, authenticity, integrity and confidentiality of stored or transmitted personal data (e.g. avoiding “denial of service” (DoS) attacks), as well as to effectively resolve any technical issues.


This processing is in compliance with the applicable legal framework, as it does not entail serious risks for your rights and freedoms. Furthermore, it is necessary for the purposes of the legitimate interests pursued by us, according to the GDPR and the national legislation.


Β. Information provided to us by you


We process personal data provided by you in the following cases:


1. Contact via email


Data we process: α. Full name, β. Email address


Important note: Your message should include only the necessary information related to your request. Please avoid any unnecessary reference to personal information either yours or any third party’s.


Purpose: We process this data, in order to be able to contact you in response to your message.


Legal Basis: We process your data based on our legitimate interests (article 6 (1) (f) GDPR), i.e. to respond to your message and improve our communication with current or potential clients.


2. Newsletter


Data we process: Email address


Purpose: We use your email in order to send you updates about news, offers and other matters that we think are of interest to you.


Purpose: We process your email address in order to be able to send you our news and updates.


Legal Basis: We process your data based on your consent (article 6 (1) (a) GDPR), which you have the right to withdraw at any time and you can also request the erasure of your data.
In case you withdraw your consent, the lawfulness of the processing already carried out will not be affected. Your withdrawal prevents us from communicating with you in the future.


Important Note: The obligation to submit accurate data falls upon the person who provides it. Find out about your right to rectify inaccurate data at the section of this policy which refers to your rights.


4. Who has access to your data

In principle, access to your data is permitted to authorized members of our staff, who process your data in a strictly confidential manner, only to the extent and in the context of the purposes which you have already been informed about.

Furthermore, to be able to provide our services to you, we share some of your data with our partners. These companies (Data Processors) do not process your data for their own commercial purposes but only for the purposes mentioned above and only on behalf of and for the Company, with the exception of any legal obligations imposed by the applicable laws. When transferring your data, the Company takes all appropriate technical and organizational measures to ensure the highest level of security possible.

One of the key criteria when choosing our partners is the respect for the rules regarding the security of the processing of your data. In addition, our partners are contractually bound to provide the necessary safeguards and to take all appropriate technical and organizational measures to ensure the lawful processing and protection of your data and rights.

These companies provide us with: (a) web hosting services, and (b) services related to the Website and its online promotion.


5. Social Media


Facebook Page


Our Website has an official Facebook page ( The page uses hyperlinks that direct you to the Page.


You may contact us via our Facebook page in order to get more information about our products and services using the ‘send message’ function.


In order to respond to your queries, we process your Facebook username and other information which is publicly available through your profile (e.g., your email address). By sending a message for the purposes of communication between us you provide us with your consent to the abovementioned processing of your data. Access to and use of our Facebook Page is subject to the terms of this Privacy Policy.


By clicking the “LIKE” button on our Facebook Page you provide us with your consent to process your data so that you are able to see our news and promotional activities (via your newsfeed). If you do not wish to receive such updates, you can click “UNLIKE” at any time and withdraw your consent.


Facebook Ireland Limited, Hanover Reach, 5-7 Hanover Quay, Dublin, Ireland, is responsible for Facebook’s operations in the European Union. You can learn more about Facebook data policy:




Our Website has an official Instagram account (


You can follow the Company’s account on Instagram and comment on its posts, thus providing data to be processed on the platform.


Facebook Ireland Limited, Hanover Reach, 5-7 Hanover Quay, Dublin, Ireland, is responsible for Instagram’s operations in the European Union. Instagram has its own cookie and data protection policies, over which we exercise no control and are not in a position to influence.


General information regarding social media


Based on the case-law of the Court of Justice of the European Union, the Company, by processing social media (Facebook, Instagram) users’ personal data, as the page administrator, may be considered a joint Controller with the social media (Facebook, Instagram) provider. This relationship concerns only the user’s data processing operations that take place through the page, e.g., the use of a like button on a post. This processing is based on the consent given by the user, as described above.


The Company takes all appropriate technical and organizational measures to ensure the security of data processing via social networking platforms, including, but not limited to, applying restrictions to the number of persons with administrator-level access to each page.


The Company is responsible only for the means it processes your data for its own purposes (communication, provision of services, and promotion) and to the extent that it exercises control over your data. On the other hand, it bears no responsibility for the way any social networking platform processes your data.


We urge you to be extremely careful about the content you post on our social media pages, especially when you provide your own or any third party’s personal information. In case you choose to communicate with us, please make sure that the page you are contacting is indeed our official page.


Comments on Social Media


In an effort to improve our services, we encourage users to comment on posts and/or on our pages on social media in a way that promotes public debate and pluralism.


We make every effort to provide a safe online environment, however, we do not have a general obligation to review the content that is submitted by users on these platforms.


We reserve the right to remove any kind of content found to be in violation of our terms of use, such as content that is abusive, vulgar, pornographic, threatening, or constitutes advertising, infringes intellectual property rights or contains a false statement about the user and at the same time we reserve the right to block users who submit such material. The terms of use of each media where the comments are published shall apply concurrently.


In case you think that there is content on our Company’s social media pages, which affects you in a negative way or otherwise violates our terms of use, please contact the administrators directly.


6. Cookies


Like most websites, we also use cookies and similar technologies so that we facilitate your browsing in the most effective way and gather some information about your navigation through our Website.


Cookies are small text files stored on the hard drive of your computer or any other electronic device you use to visit the Website. Cookies are unique to each web browser (web browsers including, e.g. Google Chrome, Mozilla Firefox, Internet Explorer etc.) and contain information relating to the websites you visit and the devices you use. Our policy also applies to any technology that stores or accesses information on the user’s device, including, for example, HTML5 local storage, Local Shared Objects and fingerprinting.


The cookies that our Website uses can be divided into the following categories:


Α. Essential cookies


These cookies relate to the storage of (or access to) information either for the sole purpose of carrying out the transmission of a communication over an electronic communications network or in order for us to provide a service explicitly requested by you. These cookies are exempt from the requirement of consent, which means that you cannot reject their use.


Name: wp-wpml_current_language


Duration: Session

Purpose: Used to determine what language should be used for the visitor.


Β. Performance cookies


These cookies collect information about the way you use the Website, e.g. the pages you visit the most, the website from which your visit originated and other related information. These cookies collect aggregate statistical data which cannot be used to identify visitors individually. They are used for the sole purpose of analyzing traffic and improving the Website performance.


Name: _ga

Source: Google

Duration: 2 years

Purpose: This cookie collects information on how visitors use the website and their storage duration is defined by Google’s usage policy. These specific cookies collect certain information, including the number of visitors to the Website, where the visitors came from, and the pages they visited within the Website. We use the information to compile reports that help us improve our Website.


Name: _gid

Source: Google

Duration: 1 day

Purpose: This cookie collects information on how visitors use the website and their storage duration is defined by Google’s usage policy. These specific cookies collect certain information , including the number of visitors to the Website, where the visitors came from, and the pages they visited within the Website. We use the information to compile reports that help us improve our Website.


Name: _gat

Source: Google

Duration: 1 day

Purpose: This cookie is used to throttle request rate.


Name: ads/ga-audiences

Source: Google

Duration: Session

Purpose: Used by Google AdWords to re-engage visitors that are likely to convert to customers based on the visitor’s online behaviour across websites.


Information about Google Analytics


We use Google Analytics for statistical audience measuring. Google Analytics, which relies on the use of cookies, is the most popular service for the collection and analysis of data regarding the behavior of visitors in websites. The purpose of using the Google Analytics service is to process data in order to optimize the Website, such as which page should be improved and how to make it easier to use, but also to conduct cost/benefit analysis for displaying ads.


Cookies are used to process certain information such as the visitor’s IP address, the time at which the visitor accessed the Website, the type of browser they are using, the location from which they accessed it, as well as the frequency of their visits. At each visit to the Website, this data is transmitted to Google’s servers. In case you also use other Google’s services, it is possible that your data will be processed in combination with other relevant information with the aim of profiling for advertising purposes. We have no control over Google’s policies and practices as far the processing of your data on its behalf is concerned. Further information on Google’s use of cookies and data processing in the context of Google Analytics can be found here.


Important note: In July 2020 the Court of Justice of the European Union (CJEU) invalidated the decision 2016/1250 of the European Commission regarding the adequacy of the protection provided by the EU-US Privacy Shield Framework.


Until this decision from the CJEU, data transfers to the USA including Google Analytics were based on this Framework. After the decision, data transfers are based on Standard Contractual Clauses provided by Google (article 46 GDPR) and, auxiliary, on your explicit consent, according to the terms set by article 49.1a GDPR, in the absence of an adequacy decision. Data subjects should be aware that their metadata may be used for profiling by Google and be transferred to the US and a competent public or security authority may be granted access to them according to the US legal framework.


In the context of Google Analytics, the Website uses the “Anonymize IP” feature provided by Google. As a result, your IP address is restricted by Google and anonymized as you access the Website. This measure is favored by EU data protection supervisory authorities as the best practice in the context of appropriate technical measures for data protection.


The same rules apply to the use of Mailchimp.


D. How to control cookies in your browser


You are able to adjust the installation of cookies at any time through the settings of the browser you use.


To manage and deactivate cookies, follow the instructions for each browser:


– Internet Explorer

– Mozilla Firefox

– Google Chrome

– Safari

– Opera


7. Where and for how long we store your data

Your data is stored on the Website’s server, which is hosted in a data center located within the European Economic Area (EEA). The data center is operated by a certified company that takes appropriate technical and organizational measures in order to avoid data breaches.


Your data is stored strictly for a period of time which is considered necessary for our processing purposes.


8. What are you rights and how you can exercise them

According to the applicable legal framework (mainly GDPR, Articles 12-22), you have a set of rights regarding the processing of your data by our Company.


In particular, you have the right:


1. To submit a request to the Website to be informed whether we process your data and, if so, what types of data (right of access).


2. To have inaccurate personal data rectified or completed if it is incomplete (right to rectification).


3. To request, under conditions, the erasure of the data (right to erasure).


4. To request, under conditions, the restriction of the data processing (right to restriction of processing).


5. To object, under conditions, to the processing of your data by us (right to object), especially with respect to the processing relating to marketing purposes.


6. To request the data that you have provided to us in a structured, commonly used and machine-readable format (right to data portability), as long as it is technically feasible.


7. In case of a data breach, which is likely to pose a high risk to your rights and freedoms, and as long as it does not fall under any of the exceptions provided in the General Data Protection Regulation and the national legislation, the Company has the obligation to communicate the breach to you without undue delay.


We have the right to request additional information necessary for your identification before you can exercise the rights described above.


In principle, the Company has the obligation to respond to your request promptly and, at the latest, within one month. If deemed necessary, taking into account the complexity of the request and the number of the requests, that period may be extended by two further months. In any event, we will inform you as soon as possible, and always within one month after the submission of your request, concerning the progress made and the reason for any possible delay.


In case your requests are manifestly unfounded or excessive, in particular, because of their repetitive character, the Company may either i) charge a reasonable fee taking into account the administrative costs for providing the information or making communication or performing the action requested, or ii) refuse to act on the request.


In case you consider that we do not comply with the personal data protection laws, you have the right to lodge a complaint with the Hellenic Data Protection Authority (, 1-3 Kifissias Ave., Athens, P.C. 115 23 Greece, email:


9. Hyperlinks

Within our Website you can find hyperlinks which allow you to access third party websites. These links have the sole purpose of facilitating your browsing on the Web and they do not imply, in any way, our endorsement or approval of the content of other websites.


Accessing these websites via hyperlinks in our Website is solely your responsibility and we strongly urge you to read each website’s privacy policy and terms of use carefully.


10. Minors

The Company offers its services exclusively to individuals over 18 years of age. When a request is submitted to the Company, the user is presumed to be over 18 years of age. In case the user is under 18 years of age, it is presumed that consent is given or authorized by the holder of parental responsibility over the user and that information will be provided, upon request from the Company.


Since it is not technically feasible to effectively control the age of the users of the Website, in case a minor submits personal data in violation of our terms, we will delete all relevant information. We will not delete this information if it is deemed necessary to establish, exercise or defend legal claims or fulfill a legal obligation.


11. Changes in policy and updates


This policy may change at any time and without prior notice. Guided by the principle of transparency, we will inform you on any major changes in our policy. However, you should regularly review our policy, since the use of our Website means that you accept these terms.


Thank you for your time!