At GR&PL, we value your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and safeguard your personal information, as well as your rights under the General Data Protection Regulation (GDPR – Regulation (EU) 2016/679) and applicable national legislation.

We encourage you to read this Policy carefully to understand how we process your data and the choices you have.

1. Data Controller

The Data Controller responsible for your personal data is:

GR&PL
For privacy-related inquiries, please contact us at: [email protected]

2. Purposes and Legal Bases for Processing

We collect and process your personal data solely for specific, legitimate, and clearly defined purposes, such as:

• Responding to your inquiries, requests, or complaints
• Sending newsletters or promotional communications (upon your consent)
• Managing your participation in competitions or promotional events
• Complying with legal or regulatory obligations
• Protecting the legitimate interests of our business (e.g., ensuring system security)

Processing is based on one or more of the following legal bases:

• Your explicit consent
• The performance of a contract or steps prior to entering a contract
• Compliance with legal obligations
• Legitimate interests pursued by GR&PL
• Protection of vital interests of individuals

3. Categories of Personal Data

We may collect and process the following categories of personal data:

• Full name
• Email address
• IP address and browsing data (e.g. cookies)
• Any other information you voluntarily provide via contact forms or event participation

We do not collect or process special categories of personal data (sensitive data) or data related to children under the age of 16.

4. Data Retention

Your personal data will be retained only for as long as necessary to fulfill the purposes for which it was collected, and as required by applicable legal obligations. After this period, your data will be securely deleted or anonymized.

5. Recipients and Data Transfers

We do not share your personal data with third parties, except in the following cases:

• Where you have given your explicit consent
• Where it is necessary for the performance of a contract
• Where required by law or competent authorities
• To data processors acting on our behalf under contractual obligations (in compliance with Article 28 GDPR)

In case data is transferred outside the European Economic Area (EEA), we ensure that adequate safeguards are in place, such as EU Standard Contractual Clauses.

6. Your Rights

Under the GDPR, you have the following rights:

• Right of access – to know what personal data we hold about you
• Right to rectification – to correct incomplete or inaccurate data
• Right to erasure – to request deletion of your personal data (“right to be forgotten”)
• Right to restriction of processing
• Right to object to processing based on legitimate interests or direct marketing
• Right to data portability
• Right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal

To exercise your rights, contact us at: [email protected]

You also have the right to lodge a complaint with the Hellenic Data Protection Authority (HDPA): www.dpa.gr

7. Data Security

We apply appropriate technical and organizational security measures to protect your personal data from unauthorized access, alteration, disclosure, or destruction. These include:

• Secure servers with encryption
• Password protection and firewalls
• Access controls and internal data protection policies
• Regular security assessments

8. Cookies

We use cookies to improve your browsing experience and analyze traffic on our website. Cookies help us remember your preferences and offer you personalized content.

Types of cookies we use:

• Strictly necessary cookies – essential for website functionality
• Performance cookies – collect anonymous statistics for site improvement
• Functionality cookies – remember user settings and preferences
• Advertising cookies – used for personalized advertising (with consent)

You can enable, disable, or delete cookies through your browser settings (e.g., in Chrome: chrome://settings/content/cookies). Disabling cookies may affect the functionality of certain website features.

9. Automated Decision-Making

We do not use any automated decision-making or profiling processes that have legal or significant effects on users.

10. Policy Updates

This Privacy Policy may be updated periodically to reflect changes in legal requirements or business practices. The latest version will always be available on our website, with an indication of the effective date.

If substantial changes are made, we will notify registered users via email.

Your continued use of our website signifies your acceptance of the current Privacy Policy.

11. Contact Us

For any questions or concerns regarding this Policy or the processing of your personal data, please contact our Data Protection Officer (DPO):

Email: [email protected]

Effective Date: April 8, 2025