Personal Data Protection Policy

Controller’s Identity

Data Controller: Skiadopoulos Georgios, Email: [email protected], Phone: +30 210 2718306, Tsamadou 26‑28, 10683 Athens, Leof. Irakleiou 350, 14231 Nea Ionia, Attica, Greece

Definitions

– Personal Data: Any information relating to an identified or identifiable natural person.

– Data Subject: A natural person whose personal data is processed.

– Processing: Any operation performed on personal data.

– Controller: The entity determining the purposes and means of data processing.

– Processor: One who processes data on behalf of the Controller.

– Consent: Freely given, specific, informed indication of wishes by which the data subject signifies agreement.

– Profiling: Any form of automated processing to evaluate personal aspects.

Your Rights

As a data subject under the GDPR, you have:

– Right to Information – to understand why and how your data is processed and with whom it may be shared.

– Right of Access – to see the personal data we hold.

– Right to Rectification – to correct any inaccurate information.

– Right to Erasure (“Right to be Forgotten”) – to request deletion of your data when lawfully applicable.

– Right to Restrict Processing – to suspend handling of your data under certain conditions.

– Right to Data Portability – to receive your data or transfer it to another controller.

– Right to Object – to oppose processing, including profiling and marketing.

– Rights Related to Automated Decision-making – to avoid decisions based solely on automated processing.

You may contact us anytime to:

– Confirm whether we hold your data,

– Access and verify your data,

– Request correction or update,

– Request deletion or cessation of processing when no legal basis exists.

Right to Lodge a Complaint

You may lodge a complaint with the Hellenic Data Protection Authority:

Address: 1–3 Kifisias Avenue, 115 23 Athens, Greece

Phone: +30 210 6475600–28

Website: dpa.gr

Data We Collect

We only collect and process personal data that you voluntarily provide.

Purpose & Legal Basis for Processing

We process your data only when:

– You have provided consent (which you may withdraw at any time without affecting lawful past processing);

– It is necessary for fulfilling a contractual obligation with you;

– It is required by law.

Your data may be used for:

– Delivering our services and information,

– Responding to queries or complaints,

– Personalizing service delivery,

– Sending newsletters (with your consent),

– Conducting statistical analyses (only with your explicit consent).

Data Sharing with Third Parties

We never sell or trade your personal data.

We may share it with carefully selected Processors under binding Data Processing Agreements (DPAs) in compliance with Article 28 of the GDPR. These Processors offer adequate guarantees for maintaining data security and confidentiality.

Data Retention

We retain personal data only as long as required by law or justified by its processing purpose. Once that period expires, your data is securely deleted.

Data on Minors

Our services are not directed to individuals under 18. We do not knowingly collect data on minors. If we learn that we have collected such data without verified consent, we will promptly delete it.

Security Measures

We implement state-of-the-art technical and organizational measures to protect your data, in accordance with best practices and legal standards.

External Links

Our website may contain links to external websites. We are not responsible for their privacy practices. Please review their privacy notices before providing any personal data.