Privacy and Data Protection Commitment
For us, safeguarding your online privacy is a fundamental right. As a Data Controller, within the framework of the General Data Protection Regulation (EU) 2016/679 (GDPR), we are committed to protecting the confidentiality of your personal data collected during our commercial transactions.
The processing and protection of your personal data are governed by this Privacy Policy, the GDPR, and all applicable national, European, and international laws relating to the protection of individuals against the processing of personal data.
What is Personal Data under GDPR?
Personal data refers to any information that can be used to directly or indirectly identify a natural person, such as a name, identification number, location data, online identifier, or one or more factors related to the physical, genetic, psychological, economic, cultural, or social identity of that person.
What Data We Collect and for What Purpose
The personal data we collect during your browsing and use of our website includes:
- Data you provide when registering or completing a contact form: full name, email address, postal address, and telephone number
- Technical data, such as your IP address and browser type
By registering on our website, you consent to the General Terms of Use and their modifications as described herein.
Consent
Where processing is based on your consent, we retain a record of that consent, including all relevant details, to demonstrate compliance and facilitate withdrawal if requested.
Consent is granted for specific and clearly defined purposes that have been communicated to you in advance. By providing consent, you acknowledge that you have been fully informed.
Your Rights
As a data subject, you have the right to access the personal data we hold about you. You may also request:
- Correction of inaccurate data
- Deletion of your data
- Restriction of processing
- Objection to processing
Exceptions apply where we are legally required to retain certain data for administrative, legal, or security purposes.
You also have the right to withdraw your consent at any time.
Summary of Your Rights under GDPR
- Right of access
- Right to rectification
- Right to erasure (“right to be forgotten”)
- Right to restriction of processing
- Right to data portability
- Right to object
- Right to object to automated decision-making, including profiling
Requests and Exercise of Rights
To exercise your rights, you may submit a relevant request.
We are committed to responding without undue delay and within one (1) month from receipt of your request.
This period may be extended by up to two (2) additional months, depending on the complexity and number of requests. In such cases, you will be informed within one month.
If we are unable to respond within the required timeframe, you will be informed of the reasons within one month.
Requests are assessed for excessive or repetitive nature in accordance with Article 12(3) of the GDPR.
How We Process Your Personal Data
In compliance with GDPR principles, we process your personal data lawfully, fairly, and transparently.
We ensure that:
- Data is collected for specified, explicit, and legitimate purposes
- Data is adequate, relevant, and limited to what is necessary
- Data is accurate and kept up to date
- Data is retained only for as long as necessary
- Data is securely protected against loss, misuse, unauthorized access, or disclosure
We implement appropriate technical and organizational measures to safeguard your data.
Legal Basis for Processing
For the purposes described above, the legal basis for processing is compliance with legal obligations.
Failure to process necessary data may result in legal violations, penalties, and inability to properly provide our services.
Specifically, the Company’s operations and obligations are defined by applicable legislation, regulations, and official guidelines, which determine how processing activities are carried out.
Sharing of Personal Data
Your personal data is treated with strict confidentiality and is not disclosed to third parties except where required.
Data Retention Period
Your personal data is retained only for as long as necessary for the purposes of processing.
Retention periods are determined based on:
- Legal obligations
- Regulatory requirements
- Audit periods by authorities
- Statutes of limitation
- Your legitimate interests
Where processing is based on consent, data is retained until you withdraw your consent, after which it is deleted.
Further Processing
We reserve the right to update this Privacy Policy whenever necessary.
If we need to process your data for a new purpose not covered by this Policy, we will inform you in advance and provide updated details regarding the new processing activities.
Where required, your prior consent will be requested.
Additional Terms
The personal data covered by this Policy is collected directly from you, the data subject.
As the Data Controller, we confirm that we have implemented all necessary organizational and security measures in accordance with GDPR requirements.
Data processing is conducted lawfully and in a manner that respects your privacy, personality, and human dignity.
This Policy is applied in good faith and in accordance with fair business practices, aiming at a transparent and effective relationship.
Supervisory Authority
If you are unable to exercise your rights or have any questions, concerns, or complaints, you have the right to contact the Hellenic Data Protection Authority for support and assistance.