Privacy policy

Preamble

MAGNA GRAECIA SINGLE MEMBER SOCIETE ANONYME (hereafter “MAGNA GRAECIA” or “Company”), which is based in Athens, 10 Lukeiou str., with T.I.N. 801994120 and G.E.MI. No. (General Commercial Registry) 167791201000, manages the website magnagraecia.com (hereinafter referred to as 'the Website'), to offer information and services to its Users.

For the provision of the Company's services through the above Website it is necessary for the Company to collect and process certain information of visitors/registered Users.

The Company's primary concern is that all its actions are carried out in accordance with the principles of privacy protection, respect for human value, protection of personal data and confidentiality of communications.

This Privacy Policy describes the Company's standards for the management and protection of personal data by or on its behalf and applies to any activity carried out through the Website, which is related to the processing of information concerning natural persons.

Definitions

For the purposes of the present, the following shall be understood as stated below:

• ‘Personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

• ‘Special categories of personal data’ means personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation.

• ‘Processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

• ‘Anonymization’ means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject.

• ‘Pseudonymization’ means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

• ‘Controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

• ‘Processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

• ‘Consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

• ‘Personal data breach’ means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.

• 'Existing legislation' means the provisions of any existing Greek, European Union or other legislation in which we subject to and which set out issues of personal data protection, in particular the General Data Protection Regulation (GDPR) 2016/679 EU and L. 4624/2019 (Government Gazette A’ 137/29.8.2019).

Controller

For any processing of personal data conducted in the context of the use of the Company’s Website, solely for the purposes and in the manner set out in this Policy, the Controller shall be deemed to be the Company itself.

The personal data the Company collects through its Website and the purpose of the relevant processing

The Website collects personal data through various forms and third-party integrations, which are used for distinct operational purposes. In particular, the categories and type of personal data that each User should provide (whether acting as a visitor or as a registered user) in order to access the Company’s provided services through the Company's Website and the purpose of the relevant data processing are as follows:

1) Contact Form:

• Collects User-provided information, such as name, surname, email address, phone number and message content.

• This data is processed using SendGrid, which facilitates email delivery to the Company (MAGNA GRAECIA).

• The purpose of the above data processing is to allow the Users to inquire about services, request information or initiate communication.

• The information is stored within SendGrid’s infrastructure for email transmission and potential follow-up communication.

2) Registration Form:

• Through this process the Company collects information such as first name, last name, email address, telephone number, country, city and account type.

• It registers Users into Qobrix, a platform for property management and real estate listings.

• The purpose of the above data processing is to provide registered Users with exclusive access to premium property listings and client-specific features on an external Qobrix webpage.

•The information is stored securely in Qobrix.

3) Newsletter Signup Form:

• Collects name and email address.

• Registers Users for email newsletters via MailChimp.

• The purpose of the above data processing is to send updates, promotional material and company news to subscribers.

• The collected data is stored in Mail Chimp and is used for email marketing campaigns.

4) Analytical data collection:

• Collects anonymized user interaction data such as IP address, location, browser type and website activity.

• This data is processed via Google Analytics.

• The purpose of the above data processing is to track website usage, monitor traffics trends and optimize website performance.

• The above data is stored within Google Analytics and managed under Google’s data retention policies.

Lawful basis for processing

The Company process the personal data of the visitors/users of the Website transparently in accordance with the principles of legality, proportionality, confidentiality and integrity, limitation of purpose and accuracy, the specific retention time of the data, and data minimization.

The legal basis for processing the personal data οf the subjects per case may be in particular:

• The consent.

• The necessity to process data in the context of performing a contractual obligation or at the pre-contractual stage.

• The necessity to process data in the context of safeguarding Company’s legal interests.

• The necessity to process data in compliance with the Company’s legal obligations.

• The necessity to process data in order to perform the obligations and exercise specific rights of the Company or of the data subjects or to fulfill a duty carried out in the public interest.

• The necessity to process data to protect the vital interests of the subjects.

• The necessity to process data for the foundation, exercise or support of rights and legal claims.

• The necessity for the export of statistical data.

General Purposes of processing

Processing purposes are always based on a legitimate processing basis and vary according to the category of data. In addition to the above, the Company processes the personal data of visitors/users of the Website for the following purposes:

• To identify Users in the context of creating an account (user account) and when providing them with access to the Website as registered Users.

• For the communication with the visitors/users of the Website and the management of their requests/queries, whether they are related to issues of personal data protection or to the quality of their services offered by the Company.

• For the regular briefing of the visitor and/or the registered User via e-mail, whose contact details were legally obtained by the Company and if the visitor and/or the registered User does not oppose this communication.

• For the compliance of the Company with legal obligations, e.g. indicative of the tax legislation or for the possible cooperation of the Company with Judicial, Administrative and Regulatory authorities.

• To improve and develop the features and functions of the Website, including the conduct of research and studies, as well as tests to address website malfunctions or to personalize its content and functions, so that they are tailored to the interests and preferences of the Users.

• To export statistical data, after anonymizing the data.

• To protect visitors/Users from malicious actions and maintain the security and integrity of the Website.

Minors

Protecting the safety and privacy of minors is very important to the Company. By accepting the Terms of Use of the Website, the User declares that he/she is an adult over 18 years of age or, if he/she is under 18 years of age, that he/she has obtained the necessary consent from the person/persons having parental responsibility and that he/she will provide the information of him/her if so requested. In any case that the Company finds that it has unknowingly collected any personal information directly from a minor under the age of 15, without verifiable parental consent, it will delete the information from its database as soon as possible, with reservation about the exceptions provided in the Law.

Data Storage Location

The website’s content is hosted and served using Vercel’s Edge Network, which distributes content across multiple geographical locations for optimized performance.

Vercel Functions, which handle server-side logic, currently execute from Washington, D.C., USA.

Personal data collected through third-party integrations (SendGrid, Qobrix, MailChimp and Google Analytics) is stored in their respective locations, which may include data centers in the United States and Europe, depending on the service provider’s policies.

Access to and Transmission of Personal Data

Data collected is shared with, stored and used by the third-party services outlined above.

Only authorized personnel from the following entities have access to the data:

• MAGNA GRAECIA staff - internal personnel responsible for website administration and customer support.

• Stuurmen staff – Web development and technical support team currently managing the website’s functionality.

The Company may transmit the personal data of the visitors/users of the Website to third parties in the following cases:

• To third-party companies, which undertake to perform a certain processing for the Company. In this case the Company performs specific processing activities, ensuring that the processing is carried out in accordance with the applicable legal framework and that the personal data of the subjects are processed safely, and that the subjects can freely and unhindered exercise their rights.

• To Judicial and Prosecution authorities in the exercise of their duties ex officio or at the request of a third party claiming a legitimate interest and in accordance with the legal procedures.

• To other institutions of the Greek State, which, according to their statutes, have such a right and authority.

Personal data is not sold or shared with unauthorized third parties beyond what is necessary for service operation and compliance with applicable regulations.

Data Retention Time

All personal data that Company processes are kept for a predetermined and limited period, depending on the purpose of processing, at the end of which such personal data is deleted from the Company’s databases. Under no circumstances will the data be deleted as long as there is a connection with the natural persons (e.g. through an active user account) and for the period during which any legal claims may arise (e.g. 5-year limitation period of claims on tort action).

More specifically, the following applies:

Rights of Data Subjects

Data subjects always reserve the right to be informed about the processing of their personal data (right of access) and to request and receive more information about the processing performed.

In addition, with reservation to the exceptions provided by law, they have the right to request, at any time:

• Access in the personal data that the Company keeps.

• Rectification of the personal data.

• Erasure (‘right to be forgotten’) of the personal data provided to the Company.

• Restriction of processing personal data.

• Personal data portability.

• Objection to the processing of the personal data.

• Withdrawal of their consent (in cases where the processing is based on consent).

The Company provides the possibility to the registered users of the Website to view, correct/fill in their personal data through their personal account.

In any case, to exercise any of the aforementioned rights, the subjects can submit their requests to the email address: info@magnagraecia.com

If a subject exercises one or more of the aforementioned rights, such request will also be transmitted to any third-party recipient, to whom the personal data may have been transmitted in the context of the aforementioned processing purposes.

In case a subject exercises any of the aforementioned rights, the Company will respond within one (1) month, from the receipt and identification of the relevant request. This period may be extended by two (2) months, if necessary, taking into account the complexity of the request and the number of requests. In this case, the Company will provide the subject with notice of such extension within one (1) month of receipt of the request, as well as the reasons for the delay.

In case the subjects consider that their personal data have been affected in any way, they may contact the National Data Protection Authority in the website www.dpa.gr.

Modification of Privacy Policy

This Privacy Policy may be revised occasionally, in accordance with the requirements of the applicable law. In case of revision of this Policy, a relevant notice will be posted on the Website.

Date of Validity 26.3.2025