Privacy Policy


1. Protection of personal data and privacy

Our core beliefs about protecting users' privacy and data protection:

  • User privacy and data protection are important human rights
  • We have an obligation to protect PI saved in our database
  • PI is a responsibility, it should only be collected and processed when absolutely necessary
  • Spam bothers us as much as it bothers you!
  • We will never, in any way, sell, rent disclose or distribute your personal information without your consent

2. What personal information do we collect and why

We collect only the minimum and absolutely necessary personal data. We would never sell, rent, distribute or disclose your personal information to third parties, in any way and for any reason, unless required by law.

2.1 Traffic monitoring

This site uses Google Analytics (GA) to track user interaction. We use this data to determine the number of people visiting our site, to better understand how they find and use our web pages and witness their journey around the site.

Although GA records data such as the device, web browser, and operating system, none of this information personally identifies you. GA also records your computer's IP address and geographical location, which could be used for your personal identification, but Google does not give us access to it. We believe that Google is performing the editing.

GA uses cookies, details of which can be found in the Google Developer Guides. Our site uses GA's analytics.js application.

Disabling cookies in the internet browser will prevent GA from tracking any part of your visit to the pages of this website. Information on disabling cookies for each browser can be found below.

2.2 Contact Forms and Email Links

In case you choose to contact us using the contact form on the "Contact Us" page or any other internal contact form on the pages with our services, none of the data you provide will be transferred or processed by any processor.Instead, the data will be entered into an email and sent to us via the Simple Mail Transfer Protocol (SMTP). SMTP servers are protected by TLS (sometimes known as SSL), which means that email content is encrypted using 256-bit SHA-2 encryption before being sent over the Internet. Email content is decrypted by local computers and devices.

3. Use of Cookies

This website uses cookies. We use cookies to personalise content and ads, to provide social media features and to analyse our traffic. We also share information about your use of our site with our social media, advertising and analytics partners who may combine it with other information that you’ve provided to them or that they’ve collected from your use of their services.

Cookies are small text files that can be used by websites to make a user's experience more efficient.

The law states that we can store cookies on your device if they are strictly necessary for the operation of this site. For all other types of cookies we need your permission.

This site uses different types of cookies. Some cookies are placed by third party services that appear on our pages.

You can at any time change or withdraw your consent from the Cookie Declaration on our website.

4. Web Hosting Server

All traffic (file transfer) between this site and your browser is encrypted and delivered via HTTPS.The company uses the digital services of Digital Ocean which is a GDPR compliant service. More information about the server, protection and security it provides can be found here: Digital Ocean's GDPR Compliance

5. The processing executors we work with

We use a number of third parties to process our personal data. These third parties have been carefully selected to comply with EU-US Privacy Policy and are as follows:

6. Data breaches

We will report any unlawful breach of this website or any third party data processing database to anyone directly concerned and to the authorities within 72 hours of the breach, provided that the personal data that is stored in a recognizable form, have been stolen.

7. Personal Data

Data Protection Officer (DPO)

Vavoulas Group of Companies

S Str., Industrial Area

PC 71601, Heraklion, Crete, Greece

T: +30 2810 380 640



Processor of Personal Data

For the purposes of the General Data Protection Regulation (GDPR), other data protection laws applicable in Member states of the European Union and other provisions related to data protection:


VAT Number: L997855812, Tax Office: Heraklion

S Str., Industrial Area

PC 71601, Heraklion, Crete, Greece

8. Changes to our privacy policy

This privacy policy may change from time to time in accordance with legislation or industry developments. We reserve and reserve every right to make any changes we wish without personally informing each visitor. Instead, we encourage you to periodically check this page for any policy changes.

9. Right to file a complaint

9.1. Responsible for processing:


9.2. Purpose of processing and legal basis:

We use a surveillance system for the purpose of protecting people and property. The processing is necessary for the purposes of legitimate interests pursued by us as the controller (Article 6 para. 1.f GDPR).

9.3. Analysis of legitimate interests

Our legitimate interest consists in the need to protect our premises and the property of the customers who are in it from illegal acts, such as theft. The same applies to the safety of life, physical integrity, health and property of our staff and third parties who are legally present in the supervised area. We only collect image data and limit downloads to areas we have assessed as having an increased likelihood of illegal acts being committed e.g. theft, such as in our cash registers and at entrances and exits, without focusing on areas where the privacy of the persons whose image is taken may be unduly restricted, including their right to respect for personal data.

9.4. Receivers

The guarded material is only accessible by our competent / authorized personnel who are in charge of site security. This material is not transmitted to third parties, with the exception of the following cases: a) to the competent judicial, prosecutorial and police authorities when it includes elements necessary for the investigation of a criminal act, which concerns persons or goods of the data controller, b) to the competent judicial, prosecutorial and police authorities when they request data, legally, in the exercise of their duties, and c) to the victim or the perpetrator of a criminal act, when it comes to data which may constitute evidence of the act.

9.5. Compliance time

We keep the data for fifteen (15) days, after which it is automatically deleted. In the event that we discover an incident during this period, we isolate part of the video and keep it for up to one (1) month, with the aim of investigating the incident and initiating legal proceedings to defend our legal interests, while if the incident concerns third we will keep the video for up to three (3) more months.

9.6. Data subjects' rights

Data subjects have the following rights:

Right of access: you have the right to know whether we are processing your image and, if so, to receive a copy of it.
Right to restriction: you have the right to ask us to restrict the processing, such as not to delete data that you consider necessary to establish, exercise or support legal claims.
Right to object: you have the right to object to processing.
Right to deletion: you have the right to request that we delete your data.
You can exercise your rights by sending an e-mail to or a letter to our postal address or by submitting the request to us in person. In order to consider a request related to your image, you will need to tell us approximately when you came into range of the cameras and provide us with an image of you to help us identify your own data and mask the data of third-party imagers . Alternatively, we allow you to come to our premises to show you the images in which you appear. We also point out that the exercise of the right to object or deletion does not imply the immediate deletion of data or the modification of processing. In any case, we will answer you in detail as soon as possible, within the deadlines set by the GDPR.

9.7. Right to file a complaint

If you believe that the processing of your data violates Regulation (EU) 2016/679, you have the right to file a complaint with a supervisory authority. The competent supervisory authority for Greece is the Data Protection Authority, Kifisias 1-3, 115 23, Athens,, tel. 2106475600.

In case you consider that the processing of the data concerning you violates Regulation (EU) 2016/679, you have the right to file a complaint to a supervisory authority. Competent supervisory authority for Greece is the Data Protection Authority, Kifissias 1-3, 115 23, Athens,, tel. 2106475600.