Privacy Policy

Privacy Policy (GDPR)

Last updated: 01/13/2025

This Privacy Policy explains how Sociably Media (“we”, “our”, “us”) collects, uses, shares, and protects your personal data when you visit or use our websites and services available at sociably.gr and sociably.media.

We are committed to processing personal data lawfully, fairly, and transparently, in accordance with the EU General Data Protection Regulation (GDPR) and applicable Greek law.

Who we are (Controller)

• Controller: Sociably Media
• Legal representative: George Kastritseas
• Address: Agiou Ioannou str 18–20, 15342 Athens, Greece
• Phone: +30 211 1828 738 (Mon–Fri, 09:00–17:00, excluding holidays)
• General contact: [email protected], [email protected]
• Privacy contact: [email protected]

How we collect your data

• Directly from you when you:
• Submit a contact form
• Create or manage a user/customer account
• Place orders and request invoicing
• Communicate with us by phone or email
• Automatically via our websites (e.g., via cookies or similar technologies). For details, please see our Cookie Policy.

What data we collect

Depending on how you interact with us, we may collect:

• Contact details: first and last name, email address, landline and/or mobile number
• Account and billing details:
• Individuals: full address, phone(s), (optional) fax, email
• Businesses: company name, trade name, registered address, Tax Identification Number (AFM), Tax Office (DOY), occupation, phone(s), (optional) fax, email
• Service/order details: services purchased or activated (e.g., hosting, domain registration), renewal/expiration data, support history
• Payment details: cardholder name, card type, card number, expiry date, CVV2/CVC2 (processed securely by our payment provider; we do not store your full card data in our systems)
• Domain registration data: registrant/administrative/technical contact details, as required by applicable registries and rules
• Communications data:
• Phone calls may be recorded for service quality and to document transactions (you will be informed)
• Emails exchanged with us may be retained for support and quality assurance

Why we use your data (purposes and legal bases)

We process your personal data only when we have a lawful basis to do so. The purposes and legal bases include:

• Provide and support our services (e.g., hosting, domain registration), manage your account, process orders, and deliver customer support
• Legal basis: performance of a contract (GDPR Art. 6(1)(b))
• Billing, invoicing, accounting, and tax compliance
• Legal basis: legal obligation (GDPR Art. 6(1)(c))
• Security, fraud prevention, service quality improvement, and call recording to document transactions and improve support
• Legal basis: legitimate interests (GDPR Art. 6(1)(f))
• Send you service-related notices (e.g., renewals, expirations)
• Legal basis: performance of a contract/legitimate interests (GDPR Art. 6(1)(b), (f))
• Send newsletters, offers, and marketing communications
• Legal basis: your consent (GDPR Art. 6(1)(a)); you can withdraw consent at any time

If we rely on legitimate interests, we balance our interests against your rights and expectations and implement appropriate safeguards. You can object to processing based on legitimate interests at any time (see “Your rights” below).

Who we share your data with

We share personal data only as necessary and under appropriate contracts and safeguards:

• Service providers (processors) who support our operations, such as:
• Hosting and infrastructure providers
• Email and telephony service providers
• Payment service providers/banks (e.g., card processing)
• IT support and security providers
• Accountants and professional advisors
• Domain registries and authorities (e.g., EETT, ITE, EURid, OnlineNIC and other relevant registries) when required to register or manage domain names
• SSL/TLS certificate authorities when issuing certificates
• Public authorities or regulators where required by law or to establish, exercise, or defend legal claims

We remain responsible for your data when processed by our processors and require them to process it in compliance with GDPR.

International transfers

Some providers or registries may be located outside the European Economic Area (EEA). Where we transfer data internationally, we use appropriate safeguards such as European Commission Standard Contractual Clauses or other lawful transfer mechanisms, and we apply additional safeguards where appropriate.

How long we keep your data (retention)

We retain personal data only for as long as needed for the purposes described above:

• Contracts and service data: for the duration of the contract and as needed to establish, exercise, or defend legal claims
• Invoicing and accounting records: as required by tax and accounting laws
• Marketing data: until you withdraw consent or unsubscribe
• Account data: while your account remains active or until you request deletion (subject to legal/contractual obligations)
• Communications and call recordings: for a limited period necessary for support, quality assurance, and documentation of transactions

Where retention is based on your consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

Children’s data

We do not knowingly collect personal data from children under 16. If you are under 16, please use our websites and services only with the involvement and consent of a parent or guardian. If we learn we have collected data from a child under 16 without appropriate consent, we will delete it.

Your rights under GDPR

Subject to conditions and limitations under law, you have the right to:

• Access your personal data and obtain information about its processing
• Rectify inaccurate or incomplete data
• Erase your data (“right to be forgotten”)
• Restrict processing
• Object to processing based on legitimate interests, including direct marketing (and profiling for such marketing)
• Data portability, where processing is based on consent or contract and carried out by automated means
• Withdraw consent at any time (without affecting prior lawful processing)
• Lodge a complaint with a supervisory authority

We aim to respond to requests within one month. To exercise your rights, contact us at [email protected] or +30 211 1828 738.

Supervisory authority in Greece:

• Hellenic Data Protection Authority (HDPA)
• Website: www.dpa.gr
• Tel: +30 210 6475600
• Fax: +30 210 6475628
• Email: [email protected]

Security

We implement appropriate technical and organizational measures to protect personal data, including encrypted transmission (e.g., SSL/TLS), access controls, and security monitoring to prevent unauthorized access, alteration, disclosure, or destruction. However, no method of transmission over the Internet or method of electronic storage is 100% secure.

Cookies and similar technologies

We use cookies and similar technologies to operate our sites, analyze usage, and (with your consent) personalize content or marketing. For details and your choices, please see our Cookie Policy.

Links to other websites

Our websites may include links to third-party sites. We are not responsible for their privacy practices or content. Please review their privacy policies.

How to contact us

• Privacy email: [email protected]
• Phone: +30 211 1828 738 (Mon–Fri, 09:00–17:00, excluding holidays)
• Postal address: Agiou Ioannou str 18–20, 15342 Athens, Greece
• General contact: [email protected], [email protected]
• Contact form: available at sociably.media

Changes to this Policy

We may update this Policy from time to time. We will post the updated version on this page and revise the “Last updated” date above. Where required, we will notify you of material changes.