Privacy Policy


The individual company PAUL NANOS located in Viotia on Tanagra’s Municipality at Loutsa location , VAT ID: 115947420 – Tax office Thivon  (the "Company") , recognizing the fundamental importance of the protection of personal data , has fully complied with its obligations as a Data Controller under the General Regulations Privacy (EU) 2016 /679 (GDPR) and N 4624/2019 .

This Policy Protection of Personal Data in accordance with Article 13 of the General Regulation on the Protection of the EU Data 2016 /679 ( GKPD or GDPR), and the applicable relevant Greek legislation, inform you about your personal data’s collection and process from the Company, the legal basis for processing, the purposes of their processing, the way we use and protect it, the possibilities and the rights you have under the above legal framework .

This Privacy Statement, which provides to any person receiving or interested in receiving services from our company, accurate and thorough relevant information, may be amended from time to time in order to be always updated and in accordance with the current provisions. Please visit our web site http: // regularly to make sure you are aware of any changes. It will also be available at the reception of our facilities.

I. What is personal data? - Basic Definitions

I1. The term 'personal data’, in accordance with Article 4§1 of the EU General Data Protection Regulation (GDPR), refers to any information relating to an identified or identifiable natural person (data subject), hereinafter referred to as 'Personal Data'. or Data ". The identifiable natural person is one whose identity can be identified, directly or indirectly, in particular by reference to identifier identity, such as name, in identity number, to location data in online identifier to one or more factors specific the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.

I2. The term 'processing' of personal data ' in accordance with Article 4§2 of EU General Data Protection Regulation 2016/679 (GDPR) refers to any act or series of acts performed with or without the use of automated means, personal data or personal data sets, such as the collection, registration, organization, structure, storage, adjustment or alteration, retrieval, information retrieval, use, disclosure, dissemination any other form of disposal, the correlation or combination, restriction, erasure or destruction.

I3. The term data controller of personal data, in accordance with Article 4§7 of EU General Data Protection Regulation 2016/679 (GDPR), refers to the natural or legal person , public authority, service or other body that alone or in conjunction with others, determine the purpose and manner of processing personal data. Where the purposes and modalities of such processing defined by European law or the National law, the controller or the specific criteria for his appointment may be provided for by European or National law.

I4. The term 'perform processing' of personal data , in accordance with Article 4 §8 of EU General Data Protection Regulation 2016/679 ( GDR or GDPR), refers to a natural or legal person, public authority, service or another entity that processes personal data on behalf of the controller.

I5. The term "consent" of the subject of personal data pursuant to Article 4 §11 of the General Regulation on the Protection of the EU Data 2016/679 ( GKPD or GDPR), refers to any indication of intent, free, precise, specific and full informed by which the data subject expresses his agreement to process any personal data relating to him, with statement or a clear positive energy.

1. What personal information do we collect about you? 

We collect and process only personal data concerning you and are strictly necessary to serve the purpose for which they were provided and used solely for that purpose and after we have obtained your explicit consent. In particular:

1.1. Simple Identity Data: We collect simple personal information about you such as: name, surname, contact information (home - postal address, mobile phone number, email address).

1.2. Contact Data : We collect your name, address and more generally your contact information (including your email address and phone number.

1.3. Required information for issuing legitimate Documents: We collect your necessary data for billing of the offered services, management and payment issues, such as your VAT number, your bank details and payment details (eg IBAN), etc.

1.4. Activity data on- line: We collect your personal data when you use the internet services and websites of our company, if you have previously provided your consent for this purpose. These may include your social media account ID, IP address, and other online IDs you provide online at our site. The foregoing applies only to our company’s websites and web sites and does not apply to information collected from another website.

1.5. The Company declares that it will not collect and process personal data from underage natural persons without first obtaining the consent of the person exercising the parental responsibility of the minor.

2. For what purpose do we process personal data about you? 

We process your personal data for the following indicative purposes:

  • For the performance of our contractual obligations to you and in particular the supply of goods and services.
  • To improve the quality of our services to you.
  • For each kind of communication in order to inform you about our offered services (including telephone call, messages, email to reply at your submitted form of communication – send our proposals/offer).
  • For our overall compliance with our legal obligations, with applicable tax, insurance, labor law, applicable laws for the provision of our services and our generally legal obligations.
  • To comply with legal procedures and court decisions, to respond to requests from public and state agencies and authorities in the exercise of their public authority.
  • For the fulfillment of the legitimate interest of our company.
  • To defend our legal rights and claims in order to protect our legitimate interests and business, or our affiliates, and to safeguard the rights, privacy, security or assets of our company and our affiliates , of your own legal claims or rights, or of other persons.

3. Where do we collect and process your personal data? 

Your personal data is collected:

  • By you when you contact us by telephone, when completing online forms, sending e- mail, or any other way of contacting us in order to inquire or use the services of our company.
  • Automatically via your browser or mobile you use to access our site. When you visit and use our site for informational purposes, we collect only the Personal Data which your browser transmits to our server, which is technically necessary for viewing our site and guarantees stability and security. Except from any of your Personal Data which is collected from Cookies (see more Cookies Policy here ), your Personal Data limits in your indicated purposes and after your explicit consent. We also collect your Personal Data when you visit our site and if you have explicitly consented to it, by filling in the relevant fields.
  • From social media pages, other social media content, our tools and applications.
  • From you, when you visit our facilities to obtain information about the services we offer, to provide our services to you.

4. Legal basis for the processing of personal data concerning you 

The process of your simple Personal Data is based in the fulfillment of our contractual obligations to you and specially to provide you our services based on:

- your positive, free, specific, explicit and fully informed consent, which you can freely revoke at any time.

- the conclusion and execution of a service contract between us.

- at your request when you visit our premises/facilities to receive information about our services.

- in our legal obligation, about our compliance with the applicable national / or EU legislation and the fulfillment of our legitimate obligations to public / government services and authorities.

- in our legitimate interest in fulfilling our corporate purpose, the provision of our services, in the foundation, exercise or support of our legal claims.

5. Storage duration of your personal data

  • When we are about complying with a legal or regulatory obligation, we hold your personal data, at least for as long as required by law, to comply with the specific obligation.
  • When it comes about our contact with you, your consent statement is kept until you withdraw it.

6. Guarantees and measures we take to protect your data 

When you give us your personal data, we take appropriate technical and organizational measures to ensure that it is kept secure. We are constantly updating and testing our security technology. We limit the access of your personal data strictly to the employees who need to know your data, in order to provide you our services. Furthermore, we train the staff of our company on the importance of confidentiality and maintaining the confidentiality and security of your personal data committed by confidentiality agreements, secrecy regarding the information received to provide our services. Among other things, we have implemented the following appropriate technical and organizational measures and procedures to protect your personal data from any loss, alteration or illegal processing:

- Use of servers which are in areas with scaled, limited access and be checked regularly.

- Use of GIS-compliant information systems and software, which are installed in a way that minimizes the use of personal data. - Adoption of individual procedures for the preservation of personal data and their safe deletion / destruction;

- Measures about business continuity.

- Storage and retention of your personal data either in electronic or printed form, in a special storage, protected and safe, with no access to unauthorized persons.

-Codification, Data Encryption.

- Continuous adaptation and updating of the operation of our processes and systems.

7. Who are the recipients of your personal data? 

The processing of your personal data is carried out by specially authorized personnel of our company, through information systems and electronic devices and / or manuscripts, on our behalf by external partners who will act as "processors " (indicatively financial advisers - accountants, legal advisors etc.) , who have committed to us confidentiality, privacy and protection of your personal data  only for the purposes you provided us.   

7.1. Our company guarantees that there will not be any transmission, disclosure, transfer etc. of your personal data (other than those mentioned herein) unless if this is forced by applicable law and required by public / judicial / audit bodies and authorities.

7.2. At each transmission for our processing and on our behalf, we take the appropriate technical and organizational measures to ensure that the data transmitted are the least necessary and that the conditions for their lawful processing are met.

8. Your rights

You have the following rights under the GATT legal framework:

• Right of access - The right to receive information on whether data is processed and have access. The right to have information about this process (who, for what purpose, recipients, retention period, etc.)             

• Right to correction - Right to correct inaccurate personal data and to fill in missing information.             

• Right of Deletion (Right to Forget) - Right to request the deletion of any data concerning the subject under certain conditions and as long as this does not conflict with another provision of the law (data no longer necessary, withdrawal of consent, data submitted to illegal processing).             

• Right of Restriction on Processing - when data accuracy is questioned, the processing is illegal, data is no longer needed by the controller, the data subject has objected to automated processing.             

• Right to data portability - The right to request the transfer of personal data to another Controller in a structured, widely used and mechanically readable form, unless this is contrary to another prohibited provision of law.             

• Right to be addressed SRA before the PDPA for all matters related to its competence in relation to the above -described processing of your personal data.             

You can exercise your above-mentioned rights after submitting registered application to the company which have to reply you without burden within 30 days from the date of submission of the application.

9. Consequences of not providing your data 

The provision of your personal data is necessary for the provision of our services to you and for the execution of our contractual obligations , therefore, in case of your denial, we will not be able to provide you with our services.

10. How to contact us? 

You can contact us for any questions regarding the processing of your personal data by email

Our Company has a Personal Data Protection Department, to exercise your rights you can contact us by email at or by sending a form to: 46 Kapodistriou Avenue,15123, Marousi under the Personal Data Protection Department. 

11. Release Information - Changes and Updates 

This Privacy Policy was last updated on [07.01.2020 ].

We reserve the right to modify and update this Privacy Policy at any time, for any reason, without notice, except from posting of the updated Privacy Policy on our Website. We may periodically email you to remind the changes and updates to this Privacy Policy , but you will need to check our site frequently to keep up to date with the current Privacy Statement.