Privacy Policy

This Privacy Policy describes the way in which STERGIOS G. PRAPAS KAI SIA O.E., operating under the distinctive title TYROKOMIKA, with registered address at 1 KM NEO TYRNAVOU ELASSONAS 0, TYRNAVOS, 40100, VAT No. 081873910, G.E.MI. No. 026436640000, contact email prapasoe@otenet.gr, and telephone number 249 20 25 860 (hereinafter referred to as the “Company” or the “Data Controller”), collects and processes personal data through this website.

The Company processes personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”), Law 4624/2019, Law 3471/2006 on the protection of privacy in electronic communications, as well as any other applicable provision of Greek and European Union legislation.

1. What data we collect

Depending on the use of the website, we may collect and process the following categories of data:

a) Identification and contact details, such as full name, business name, telephone number, email, address, VAT number, or other invoicing/transaction details.
b) Information you provide to us through contact forms, order forms, quotation requests, cooperation inquiries, or support requests.
c) Technical data and usage data, such as IP address, device type, browser, operating system, date and time of access, logs, pages visited, and basic browsing information.
d) Data collected through cookies or similar technologies, according to the preferences you select through the consent mechanism, where such mechanism is required.
e) Data related to commercial transactions, such as order details, communication history, shipping or payment status, where the website supports such functions.

2. How data is collected

Data is collected either directly from you when you fill in forms or contact us, or automatically while you browse the website through technical means such as log files, cookies, and similar technologies. In some cases, we may also receive data from cooperating service providers, such as hosting providers, email providers, telephony services, CRM systems, marketing software, or payment providers, always to the extent that this is necessary and lawful.

3. Purposes of processing

The Company processes personal data for the following purposes:

a) for the proper operation, maintenance, and security of the website,

b) for the management of communication requests, information requests, orders, and commercial relationships,

c) for customer service and complaint management,

d) for the performance of contracts or the taking of steps at your request prior to entering into a contract,

e) for compliance with legal, tax, accounting, or regulatory obligations,

f) for the protection of the legitimate interests of the Company, such as network security, fraud prevention, legal establishment and defense of claims,

g) for sending newsletters or marketing communications, only where there is an appropriate lawful basis,

h) for statistical analysis, service improvement, and user experience evaluation, provided that the legal requirements are met.

4. Legal bases for processing

Processing is based, as applicable, on one or more of the following legal bases:

a) your consent,

b) the necessity for the performance of a contract or for taking pre-contractual steps at your request,

c) compliance by the Company with a legal obligation,

d) the legitimate interests of the Company, provided that your rights and freedoms do not override them.

5. Cookies and similar technologies

The website may use:

a) strictly necessary cookies for technical operation and security,

b) functional cookies for storing preferences,

c) statistical/analytical cookies,

d) marketing or third-party cookies.

Where required, the installation of non-essential cookies takes place only after your prior, free, specific, informed, and explicit consent through an appropriate choice mechanism. You may withdraw your consent at any time, without affecting the lawfulness of processing carried out before such withdrawal.

6. Recipients of the data

Access to personal data may be granted, to the extent necessary, to authorized employees or partners of the Company, as well as to third parties acting as data processors on our behalf, such as website hosting providers, technical support providers, email services, cloud services, accounting services, ERP/CRM providers, transport providers, payment providers, legal advisors, or consultants. Where required by law, data may also be disclosed to public authorities, judicial authorities, or supervisory authorities.

7. Transfers outside the EEA

As a rule, we seek to ensure that data is processed within the European Economic Area. If, however, a transfer of data to a third country or an international organization is required, such transfer shall take place only if the conditions of the GDPR are met, such as an adequacy decision by the European Commission or appropriate safeguards, including standard contractual clauses or another lawful transfer mechanism.

8. Retention period

We retain personal data only for as long as necessary for the purpose for which it was collected and, in any case, for as long as required by the nature of our relationship, our legitimate business needs, and any applicable tax, accounting, regulatory, or evidential obligations. After the necessary period has expired, the data is securely deleted or anonymized, unless its further retention is required or permitted by law.

9. Security of processing

The Company implements appropriate technical and organizational security measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. These measures are adapted to the nature, scope, context, and purposes of the processing, as well as to the risks to the rights and freedoms of natural persons.

10. Your rights

Subject to the conditions of the law, you have the right to:

a) access your personal data,

b) rectify inaccurate or incomplete data,

c) erasure,

d) restriction of processing,

e) data portability,

f) object to processing, especially where it is based on legitimate interest or used for direct marketing,

g) withdraw your consent at any time where processing is based on consent.

11. How to exercise your rights

To exercise your rights, you may contact us at [EMAIL] or at [ADDRESS], clearly stating your request and providing the necessary identification details. The Company will respond within the time limits provided by the applicable legislation, unless the request is manifestly unfounded, excessive, or a lawful extension is required.

12. Filing a complaint

If you believe that the processing of your personal data violates the applicable legislation, you have the right to lodge a complaint with the competent supervisory authority. In Greece, the competent authority is the Hellenic Data Protection Authority (HDPA).

13. Minors

The website is not intentionally directed at minors and we do not knowingly seek to collect personal data from minors without the required parental or guardian consent, where such consent is required by law. If it is established that such data has been collected without a lawful basis, appropriate measures will be taken to delete the data or cease processing.

14. Automated decision-making and profiling

The Company does not make decisions producing legal effects concerning you or similarly significantly affecting you solely by automated means, unless this is expressly stated and the legal requirements are met. If statistical tools, remarketing tools, or limited user categorization tools are used for commercial or analytical purposes, this is done under the appropriate legal conditions and with the required safeguards.

15. Changes to the Policy

This Privacy Policy may be modified or updated at any time, especially when the operation of the website, our services, or the applicable legal framework changes. The most recent version is posted on the website and applies from the date of publication.

16. Contact details for privacy matters

For any matter concerning this Privacy Policy and the processing of personal data, you may contact us at:

STERGIOS G. PRAPAS KAI SIA O.E.

Address: 1 KM NEO TYRNAVOU ELASSONAS 0, TYRNAVOS, 40100

Email: prapasoe@otenet.gr

Telephone: 249 20 25 860

Last updated: 8/4/2026