Neorama (“Neorama”, “we”, “us”, or “our”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, store, and otherwise process personal data when you visit our website, contact us, submit information through our forms, or otherwise interact with us online. This Policy is intended to provide the information required under the General Data Protection Regulation (Regulation (EU) 2016/679 – GDPR) and applicable Greek data protection law, including Law 4624/2019 and, where relevant, the Greek rules on electronic communications and cookies.
The controller responsible for the processing of personal data through this website is:
Neorama Estates IKE
Registered address: Fanariou 22, Kalamaria, Greece
Email: orri@neorama.org
Depending on how you interact with our website, we may collect and process the following categories of personal data:
Contact and identification data
Such as your name, email address, phone number, country, company name, job title, or any other identifying details you choose to submit.
Communications data
Such as the content of messages you send to us, inquiries submitted through contact forms, meeting requests, and correspondence records.
Technical and usage data
Such as your IP address, browser type and version, device type, operating system, language settings, referring URLs, pages visited, time spent on pages, access dates and times, clickstream data, and similar website interaction data.
Cookie and tracker-related data
Such as information collected through cookies, pixels, tags, consent tools, analytics technologies, and similar tracking mechanisms.
Any other data you voluntarily provide
Including information you choose to include in forms, messages, registrations, or inquiries.
Under the GDPR, “personal data” is interpreted broadly and covers information relating to an identified or identifiable natural person.
We may collect personal data:
directly from you, when you fill out forms, contact us, subscribe, book a meeting, or otherwise communicate with us;
automatically, through your use of the website, including via cookies and analytics tools;
from service providers that help us operate the website and communications systems;
in limited cases, from publicly available sources or professional networking platforms, where lawful and relevant.
We process personal data only where we have a valid legal basis under the GDPR. Depending on the context, we may process your personal data for the following purposes:
We process your personal data to reply to messages, provide requested information, schedule calls or meetings, and maintain communications with prospective partners, clients, suppliers, or interested parties.
Legal basis: taking steps at your request prior to entering into a contract, or our legitimate interests in managing communications and inquiries.
We process technical and usage data to ensure the website functions properly, remains secure, and performs efficiently.
Legal basis: our legitimate interests in operating, protecting, and improving our website; and, where required, compliance with legal obligations.
We may analyze how visitors use the website in order to improve content, structure, functionality, security, and performance.
Legal basis: our legitimate interests; or your consent where analytics cookies or similar technologies legally require consent.
Where you subscribe or otherwise lawfully receive such communications, we may use your contact details to send you updates, marketing materials, event information, or similar communications.
Legal basis: your consent where required, and/or our legitimate interests where permitted by applicable law.
We may process personal data where necessary to comply with legal obligations, respond to lawful requests, protect our rights, prevent fraud or abuse, or establish, exercise, or defend legal claims.
Legal basis: compliance with a legal obligation and/or our legitimate interests.
The GDPR requires that privacy notices identify both the purposes of processing and the legal bases relied upon.
As a general rule, providing your personal data is voluntary. However, if you choose not to provide certain information, we may be unable to respond to your inquiry, provide requested information or services, schedule a meeting, or otherwise fulfill the purpose for which the data was requested.
We may disclose personal data, where necessary and appropriate, to:
website hosting providers;
cloud service providers;
CRM, email, and communications platform providers;
analytics, advertising, and cookie management providers;
IT, security, maintenance, and support providers;
legal, accounting, compliance, and professional advisors;
competent public authorities, regulators, courts, or law enforcement bodies where required by law or necessary to protect our rights;
successor entities or transaction counterparties in connection with a merger, acquisition, restructuring, financing, or sale of all or part of our business or assets.
We require service providers acting on our behalf to process personal data only under appropriate contractual and confidentiality safeguards, where required by law.
Your personal data may be processed within the European Economic Area (“EEA”). In some cases, personal data may also be transferred to or accessed from countries outside the EEA, for example where one of our service providers uses infrastructure or support teams located outside the EEA.
Where we transfer personal data outside the EEA, we will do so only where an appropriate safeguard exists under applicable law, such as:
an adequacy decision by the European Commission; or
appropriate contractual safeguards, such as the European Commission’s Standard Contractual Clauses; or
another lawful transfer mechanism recognized under the GDPR.
The GDPR regulates international transfers and requires an appropriate legal mechanism when personal data is transferred outside the EEA.
We retain personal data only for as long as necessary for the purposes for which it was collected, including for the purposes of responding to inquiries, maintaining business records, complying with legal obligations, resolving disputes, enforcing agreements, and protecting our legal interests.
Retention periods may vary depending on the type of data, the purpose of processing, and applicable legal or regulatory requirements. When personal data is no longer required, we will delete it, anonymize it, or securely restrict it, unless continued retention is required by law.
Our website may use cookies and similar technologies, including strictly necessary cookies and, where applicable, analytics, functionality, advertising, or social media cookies.
Cookies are small text files stored on your device and retrieved by the website on subsequent visits in order to provide or improve services and website functionality. Under the Greek data protection authority’s guidance, optional cookies such as analytics or marketing cookies generally require user consent, while strictly necessary cookies may be used without consent where legally permitted.
We may use cookies and trackers for purposes such as:
enabling the website to function properly;
remembering your preferences;
maintaining website security;
measuring audience and traffic patterns;
understanding website performance and user engagement;
supporting marketing, advertising, and remarketing activities, where applicable.
You can manage cookie preferences through our cookie banner or settings tool, where available, and through your browser settings. Disabling certain cookies may affect the functionality of the website.
[Insert cookie-specific list here if available, such as: cookie name, provider, purpose, duration, type.]
Where permitted by law, we may send you newsletters, updates, event invitations, or other promotional communications. Where consent is required, we will request it before sending such communications. You may opt out at any time by using the unsubscribe link in the communication or by contacting us using the contact details above.
Greek rules on electronic communications may apply in addition to the GDPR in this area.
Subject to the GDPR and applicable law, you may have the following rights in relation to your personal data:
the right to be informed about how your personal data is processed;
the right of access to your personal data;
the right to rectification of inaccurate or incomplete data;
the right to erasure in certain circumstances;
the right to restriction of processing in certain circumstances;
the right to data portability, where applicable;
the right to object to processing based on legitimate interests;
the right to object to direct marketing at any time;
the right to withdraw consent at any time, where processing is based on consent;
the right not to be subject to a decision based solely on automated processing, including profiling, where the legal conditions are met.
The GDPR requires that data subjects be informed of these rights in privacy notices.
To exercise any of your rights, please contact us at: [insert privacy email]
We may ask you for information necessary to verify your identity before responding to your request.
If you believe that the processing of your personal data infringes applicable law, you have the right to lodge a complaint with the competent supervisory authority.
For Greece, the competent supervisory authority is the Hellenic Data Protection Authority (HDPA). The HDPA is the authority responsible for monitoring and enforcing the GDPR, Law 4624/2019, Law 3471/2006, and related data protection rules in Greece.
Website: [insert HDPA contact page if you want to include it on the site]
You may also have the right to lodge a complaint with the supervisory authority in the EU Member State of your habitual residence, place of work, or place of the alleged infringement, where applicable.
We implement appropriate technical and organizational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or unauthorized access. Such measures may include access controls, system monitoring, encryption where appropriate, internal confidentiality controls, and security review procedures.
However, no method of transmission over the internet or electronic storage is completely secure, and we cannot guarantee absolute security.
Our website is not intended for children, and we do not knowingly collect personal data directly from children through the website unless expressly stated and lawfully permitted. If we become aware that personal data relating to a child has been collected unlawfully, we will take appropriate steps to delete or restrict that data.
Our website may contain links to third-party websites, platforms, or services. We are not responsible for the privacy practices of those third parties. We encourage you to review their privacy notices before providing them with personal data.
We may update this Privacy Policy from time to time in order to reflect legal, technical, or operational developments. Any updated version will be posted on this page with a revised “Last updated” date. We encourage you to review this Policy periodically.
If you have any questions about this Privacy Policy or about how we process personal data, please contact us at:
Neorama Estates IKE
Email: orri@neorama.org