Privacy Policy

1. Introduction

This Privacy Policy explains how SMART BIT SINGLE MEMBER S.A., a company incorporated under the laws of Greece (hereinafter the “Company”, “we”, “us” or “our”), collects, uses and otherwise processes personal data and how we protect your privacy.

We are committed to complying with Regulation (EU) 2016/679 (the “GDPR”), as well as applicable Greek and EU data protection laws. This Policy provides information in accordance with Articles 12–14 GDPR.

2. Definitions

For the purposes of this Policy, the terms personal data, processing, controller, processor, personal data breach, third party and data subject have the meanings assigned to them under Article 4 GDPR.

3. Data Controller

Where we determine the purposes and means of processing, the Data Controller is:

SMART BIT SINGLE MEMBER S.A.
Commercial Registry: 167070001000
TIN: EL801959602
Email: info@verifid.pro

Where we act as a processor on behalf of third parties, those parties remain responsible for informing data subjects about the processing.

4. Principles We Adhere To

We process personal data in accordance with the principles set out in Article 5 GDPR, namely:

  • lawfulness, fairness and transparency;
  • purpose limitation;
  • data minimisation;
  • accuracy;
  • storage limitation;
  • integrity and confidentiality;
  • accountability.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

5. How We Collect Personal Data

We may collect personal data when:

  • you contact us (via website, email, social media or otherwise);
  • you request information, offers or services;
  • you enter into a contractual or pre-contractual relationship with us;
  • you submit documents, forms or complaints;
  • personal data is lawfully disclosed to us by partners or collaborators;
  • you visit our premises or use our website or Wi-Fi network;
  • you apply for a job or are employed by us.

Where we act as a processor, the relevant controller is responsible for providing you with the required information.

6. Minors’ Personal Data

We do not knowingly collect or process personal data of minors without verifiable parental consent, where such consent is required under Article 8 GDPR.

If we become aware that personal data of a minor has been collected unlawfully, we will delete it without undue delay. If you believe such data has been collected, please contact us.

7. Categories of Data Subjects

We may process personal data relating to:

  • business contacts and representatives of legal entities;
  • customers and persons related to the provision of our services;
  • job applicants;
  • website and premises visitors;
  • employees and collaborators.

8. Categories of Personal Data

Depending on the relationship, we may process:

  • identification and contact details;
  • professional and business information;
  • identification documents (where legally required);
  • payment and billing information;
  • incident or complaint-related data;
  • photographs (with consent, where required);
  • website, social media and technical data (e.g. IP address, cookies);
  • Wi-Fi connection data (IP/MAC address);
  • CCTV images from our premises;
  • recruitment and employment-related data.

Employee-specific data is governed by internal notices and policies.

9. Purposes and Legal Bases of Processing

We process personal data only where a lawful basis under Articles 6 and 9 GDPR applies, including:

  • performance of a contract or pre-contractual measures;
  • compliance with legal obligations;
  • legitimate interests, provided such interests are not overridden by your rights;
  • consent, where required by law;
  • employment, social security and health law obligations, where applicable.

Consent is requested only where no other legal basis applies and may be withdrawn at any time.

10. Data Retention

We retain personal data only for as long as necessary for the relevant purposes, including:

  • contractual and legal obligations: as required by applicable law;
  • unsuccessful offers or business enquiries: up to 12 months;
  • recruitment data: up to 12 months;
  • Wi-Fi technical data: up to 3 months;
  • CCTV recordings: up to 15 days, unless required for incident investigation;
  • consent-based processing: until consent is withdrawn or no longer necessary.

Data is securely deleted or anonymised once no longer required.

11. Security of Personal Data

We implement appropriate technical and organisational measures in accordance with Article 32 GDPR, including:

  • restricted access on a need-to-know basis;
  • confidentiality obligations for staff;
  • secure IT systems and monitoring;
  • contractual safeguards with processors under Article 28 GDPR.

We follow recognised standards, including ISO/IEC 27001:2022.

12. Data Recipients

Personal data may be disclosed, where lawful and necessary, to:

  • supervisory, judicial or public authorities;
  • auditors and professional advisers (under confidentiality);
  • banks and payment service providers;
  • consultants and training or accreditation bodies.

Disclosures are limited to what is strictly necessary.

13. International Transfers

Personal data is processed within the European Economic Area (EEA).
If transfers outside the EEA occur, they will be subject to appropriate safeguards in accordance with Chapter V GDPR.

14. Your Rights as a Data Subject

Where we act as controller, you have the right to:

  • be informed;
  • access your personal data;
  • rectification;
  • erasure (where applicable);
  • restriction of processing;
  • data portability;
  • object to processing, including direct marketing;
  • withdraw consent at any time.

Requests may be submitted in writing or electronically. We respond within one (1) month, extendable by two months where permitted by law.

If we act as processor, requests should be addressed to the relevant controller.

You also have the right to lodge a complaint with a supervisory authority, in particular in your place of residence or work.

15. Personal Data Breaches

In the event of a personal data breach, we will comply with Articles 33 and 34 GDPR, including notification to the competent supervisory authority and affected data subjects where required.

Where we act as processor, we will notify the controller without undue delay.

16. Links to Third-Party Websites

Our website may contain links to third-party websites. We are not responsible for their privacy practices and recommend reviewing their privacy policies.

17. Contact

For any questions regarding this Privacy Policy or the processing of your personal data, please contact:

SMART BIT SINGLE MEMBER S.A.
Email: info@verifid.pro