Facebook-f Linkedin Twitter Youtube
MENU

Facebook-f Linkedin Twitter Youtube
Request Demo

Privacy Policy

Introduction

Eirmos PCC, hereinafter referred to as “the Company,” is committed to protecting the privacy and personal data of its clients, partners, and users in compliance with the General Data Protection Regulation (GDPR) (EU) 2016/679. This Privacy Policy outlines how the Company collects, processes, stores, and protects personal data when providing software development and related services. This policy applies to all personal data processed by the Company, whether as a Data Controller or Data Processor.

1. Scope

This Privacy Policy applies to all individuals (“data subjects”) whose personal data is processed by the Company, including clients, prospective clients, website visitors, and other stakeholders. It covers all data processing activities related to the Company’s services, including software development, project management, and client communications.

2. Definitions

  • Personal Data: Any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as name, an identification number, location data, an online identifier or to one or more factors specific to a physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
  • Processing: Any operation or set of operations performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or deletion.
  • Data Controller: The entity that, alone or jointly with others, determines the purposes and means of processing personal data.
  • Data Processor: The entity that processes personal data on behalf of the Data Controller.
  • Data Subject: An individual whose personal data is processed.

3. Data Controller and Contact Information

The Company acts as a Data Controller for personal data processed for its own purposes (e.g., client management, billing) and as a Data Processor when handling data on behalf of clients. For inquiries or to exercise your rights under GDPR, contact:

Data Protection Officer (DPO)

Eirmos PCC
Email: dpo@adacs.eu
Address: Giannitson 90, 546 27 Thessaloniki, Greece

4. Types of Personal Data Collected

The Company may collect and process the following categories of personal data:
  • Identity and Contact Data: Name, email address, phone number, and company details.
  • Financial Data: Billing information, payment details, and invoicing records.
  • Project-Related Data: Information provided by clients for software development projects, which may include personal data.
  • Technical Data: IP addresses, browser types, and device information collected via the Company’s website or services.
  • Marketing and Communication Data: Preferences for receiving marketing materials or communications.

5. Purposes and Lawful Bases for Processing

The Company processes personal data for the following purposes and under the following GDPR lawful bases:

Purpose Lawful Basis
To deliver software development services Contractual necessity
To manage client relationships Legitimate interests
To process payments and invoicing Contractual necessity, legal obligation
To improve services and user experience Legitimate interests
To send marketing communications Consent (where required)
To comply with legal obligations Legal obligation

6. How We Collect Personal Data

Personal data is collected through:

  • Direct Interactions: Information provided by clients via contracts, forms, emails, or meetings.
  • Automated Technologies: Data collected via the Company’s website (e.g., cookies, analytics tools) with user consent where required.
  • Third Parties: Data received from partners or clients, with appropriate consent or contractual agreements.

7. Data Subject Rights

Under GDPR, data subjects have the following rights:

  1. Right to Access: Request access to your personal data.
  2. Right to Rectification: Request correction of inaccurate or incomplete data.
  3. Right to Erasure: Request deletion of your data (“right to be forgotten”) where applicable.
  4. Right to Restriction of Processing: Request restriction of processing under certain conditions.
  5. Right to Data Portability: Receive your data in a structured, machine-readable format.
  6. Right to Object: Object to processing based on legitimate interests or for direct marketing.
  7. Right to Withdraw Consent: Withdraw consent at any time, where processing is based on consent.
  8. Right to Lodge a Complaint: Lodge a complaint with a supervisory authority.

To exercise these rights, contact the DPO at dpo@adacs.eu.The Company will respond within one month, extendable by two months for complex requests.

8. Data Sharing and Third Parties

  • Third-Party Processors: The Company may share personal data with trusted third-party processors (e.g., cloud providers, payment processors) under GDPR-compliant Data Processing Agreements (DPAs).
  • International Transfers: y default, we do not transfer data outside the European Economic Area. In case such a transfer is necessary, it is conducted using GDPR-compliant mechanisms, such as Standard Contractual Clauses (SCCs).
  • Other Disclosures: Data may be shared to comply with legal obligations, enforce contracts, or protect the Company’s rights, with prior notification where feasible.

9. Data Security

The Company implements robust technical and organizational measures to protect personal data, including:

  • Encryption: Data is encrypted during transmission.
  • Access Controls: Role-based access limits data access to authorized personnel.
  • Regular Audits: Security audits and vulnerability assessments are conducted periodically.
  • Employee Training: Staff are trained on GDPR and data protection best practices.
  • Incident Response: A process is in place to detect, report, and respond to data breaches.

10. Data Retention

Personal data is retained only for as long as necessary to fulfill the purposes for which it was collected or to comply with legal obligations. Specific retention periods are:

  • Client Data: Retained for the duration of the client relationship and up to 7 years thereafter for legal and tax purposes.
  • Project Data: Retained until project completion or as specified in client agreements.
  • Marketing Data: Retained until consent is withdrawn or the data is no longer relevant.

Data is securely deleted or anonymized when no longer needed.

11. Data Breach Notification

In the event of a personal data breach, the Company will:

  • Notify the relevant supervisory authority within 72 hours, where feasible, if the breach is likely to result in a risk to data subjects’ rights.
  • Inform affected data subjects without undue delay if the breach poses a high risk.
  • Document all breaches and remedial actions taken.

12. Cookies and Website Tracking

The Company’s website may use cookies and similar technologies to enhance user experience and analyze usage. Users are informed of cookie usage and can manage preferences via a cookie consent tool. For details, see our Cookie Policy.

13. Marketing Communications

The Company may send marketing communications to clients or prospects who have provided consent or where a legitimate interest exists (e.g., existing clients). Recipients may unsubscribe at any time via the unsubscribe link in communications or by contacting the DPO.

14. Children’s Data

The Company’s services are not directed to individuals under 16, and we do not knowingly collect personal data from children. If such data is identified, it will be deleted immediately.

15. Compliance and Updates

The Company regularly reviews this Privacy Policy to ensure GDPR compliance. Updates will be communicated to clients and posted on the Company’s website. This policy is reviewed at least annually or as required by changes in law or operations.

16. Complaints

If you have concerns about how your personal data is handled, contact the DPO at dpo@adacs.eu. You may also lodge a complaint with your local supervisory authority.

17. Effective Date

This Privacy Policy is effective as of May 18, 2025, and supersedes any previous versions.

Thanks for signing up!