Privacy Policy

Last updated: 13.05.2026

1. Who we are

This website (the "Website") is operated by Athanasiadou Valentini, a company registered in Greece under company number 161740500, with its registered office at Saframpoleos 53, Nea Ionia, Greece ("VALID", "we", "us", "our").

VALID is the controller of the personal data processed through this Website within the meaning of Article 4(7) of Regulation (EU) 2016/679 (the "GDPR") and Greek Law 4624/2019 on the protection of personal data.

For any matter relating to this Privacy Policy or to the processing of your personal data, you may contact us at: [email address].

 

2. Scope of this Policy

This Privacy Policy explains how we collect, use, and protect personal data submitted through the contact form on the Website, and the rights available to you under applicable data protection law.

This Policy applies only to this Website. It does not apply to third-party websites that may be linked from the Website, and we accept no responsibility for the privacy practices of such third parties.

 

3. What personal data we collect

We collect only the personal data that you provide voluntarily when submitting an enquiry through the contact form on the Website. This is limited to:

your name;
your email address;
any other information you choose to include in the body of your message (for example, the name of your company, the nature of your enquiry, or your professional context).

We do not deliberately collect any special categories of personal data (such as data revealing racial or ethnic origin, political opinions, health data, or similar). We ask that you do not include such information in your message.

We do not use cookies or analytics tools on this Website. We do not track your browsing activity. We do not build profiles of visitors.

 

4. Why we process your data and on what legal basis

We process the personal data you submit through the contact form for the following purposes and on the following legal bases under Article 6(1) GDPR:

  • To respond to your enquiry and engage in any resulting correspondence.Steps taken at your request prior to entering into a contract (Art. 6(1)(b) GDPR)
  • To keep a record of our correspondence for legitimate business administration, including the management of client relationships and the defence of legal claims. Our legitimate interests (Art. 6(1)(f) GDPR)
  • To comply with any legal obligations to which we are subject. Legal obligation (Art. 6(1)(c) GDPR)

Where we rely on legitimate interests, we have assessed that our interest in handling enquiries and maintaining a record of business communications is not outweighed by your rights and freedoms, given the limited and ordinary nature of the data processed.

 

5. How long we keep your data

We retain the personal data submitted through the contact form for the following periods:

  • Enquiries that do not result in a client engagement: for up to twelve (12) months from the date of last correspondence, after which the data is deleted.
  • Enquiries that lead to a client engagement: for the duration of the engagement and for a further five (5) years thereafter, in line with general statute-of-limitations periods under Greek civil law and our legitimate need to defend potential legal claims.
  • Correspondence subject to specific legal retention obligations (for example, tax or accounting records): for the period required by the applicable law.

After the applicable retention period, the data is securely deleted.

 

6. Who has access to your data

Your personal data is accessible only to the co-founders of VALID and to a limited number of trusted service providers who process data on our behalf as processors under Article 28 GDPR. These currently include:

  • our email service provider, which hosts our business email accounts;
  • our website hosting provider, which hosts the Website and the contact form infrastructure.

We enter into written data processing agreements with all processors and require them to implement appropriate technical and organisational measures to protect your data.

We do not sell, rent, or trade your personal data. We do not share your data with third parties for marketing purposes.

We may disclose your personal data to public authorities where required to do so by law, court order, or other binding legal process.

 

7. International transfers

Where our processors are located outside the European Economic Area (the "EEA"), or where they store data outside the EEA, we ensure that any such transfer is subject to appropriate safeguards in accordance with Chapter V of the GDPR — typically the European Commission's Standard Contractual Clauses, or transfers to jurisdictions covered by an adequacy decision.

You may request a copy of the relevant safeguards by contacting us at the address in Section 1.

 

8. How we protect your data

We implement appropriate technical and organisational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. These include, among others, access controls, encryption in transit, and the principle of data minimisation reflected throughout this Policy.

No method of transmission over the Internet is entirely secure. While we apply reasonable measures to protect your data, we cannot guarantee absolute security.

 

9. Your rights

Subject to the conditions set out in the GDPR, you have the following rights in relation to your personal data:

  • Right of access (Art. 15) — to obtain confirmation of whether we process your data and, if so, a copy of that data.
  • Right to rectification (Art. 16) — to have inaccurate or incomplete data corrected.
  • Right to erasure (Art. 17) — to have your data deleted in the circumstances set out in the GDPR.
  • Right to restriction of processing (Art. 18) — to limit how we use your data in specific situations.
  • Right to data portability (Art. 20) — to receive your data in a structured, commonly used, machine-readable format, where the legal basis for processing is consent or contract performance.
  • Right to object (Art. 21) — to object, on grounds relating to your particular situation, to processing based on legitimate interests.
  • Right to withdraw consent — where processing is based on your consent, to withdraw that consent at any time, without affecting the lawfulness of processing carried out prior to withdrawal.

To exercise any of these rights, please contact us at info@valid-agency.com. We will respond within one (1) month of receiving your request, in accordance with Article 12(3) GDPR. This period may be extended by a further two (2) months where necessary, taking into account the complexity and number of requests.

We do not charge a fee for handling your request, except where a request is manifestly unfounded or excessive, in which case we may charge a reasonable fee or refuse to act on the request, in accordance with Article 12(5) GDPR.

 

10. Right to lodge a complaint

If you believe that our processing of your personal data infringes the GDPR or applicable Greek data protection law, you have the right to lodge a complaint with the competent supervisory authority:

Hellenic Data Protection Authority (HDPA) Kifisias Avenue 1-3, 115 23, Athens, Greece Telephone: +30 210 6475600 Email: complaints@dpa.gr Website: www.dpa.gr

We would, however, appreciate the opportunity to address your concerns directly before you approach the supervisory authority — please feel free to contact us first at the address in Section 1.

 

11. Children

The Website and its services are directed at professionals and business owners. We do not knowingly collect personal data from individuals under the age of eighteen (18). If you believe that a child has submitted personal data to us, please contact us and we will take steps to delete the relevant information.

 

12. Changes to this Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or in applicable law. The "Last updated" date at the top of this Policy indicates when it was most recently revised. Where changes are material, we will take appropriate steps to bring them to your attention.

 

13. Governing law

This Privacy Policy is governed by the laws of the Hellenic Republic and by the GDPR. Any disputes arising in connection with this Policy shall be subject to the jurisdiction of the competent courts of Athens, Greece.