Privacy Policy & GDPR


Privacy Policy

This Privacy Policy (hereinafter referred to as “Policy”) concerns the processing of your personal data and, in particular, the conditions for the collection, storage and use thereof, when visiting, registering or using your site (hereinafter referred to as ” Website “) and the corresponding page A. Hilios Ltd Hydrotherapy, Sandblasting, General Cleaning on Facebook (hereafter” Facebook Page “).
Managing and protecting your personal data as visitors and users of the services of the Web site and the Facebook Page is subject to the terms of this text as well as to the relevant provisions of the European Privacy Policy [679/2016 CIS].

These terms are formulated taking into account both the rapid development of technology and in particular the internet and the existing legislation on these issues. In any case, the controller retains the right to change the terms of protection of personal data in order to ensure compliance with the dynamically developing Greek and European legal framework.

Processing Manager

The person responsible for processing your data is A. Hilios Ltd, which is the primary and beneficiary of the use of this site.

Definition of Personal Data and Processing

Personal information is information such as name, postal address, e-mail address, contact phone number, etc. that identify or may, in combination with other information, identify the identity of a natural person, visitor / user of the Website or the Facebook Page. Personal data processing is the collection, registration, organization, storage, adaptation, modification, retrieval, search of information, use, transmission to third parties, dissemination, association, combination, restriction, deletion and destruction of personal data of individuals. Processing includes any action performed by the Editor in the personal data of users of the Site or the Page.

Collection of Your Personal Data

We primarily collect your information directly from you when you sign up for services or when you contact us. In addition, we collect your personal data passively through tracking tools such as cookies and beacons. Finally, we also collect data from third parties, such as social networking platforms [Facebook, Instagram, Twitter, YouTube]. The ways of collecting your data are captured in the following stages:

A) When you visit and navigate the Site, your data is collected only from the cookies you have authorized with your consent to use, which are detailed in the Use of Cookies here

B) In order to contact us, please send us an email stating your name and e-mail address, which we collect together with your comment to respond to you.

C) We do not collect personal data from minors without the consent of their guardian. If we realize that a minor attempts to submit their personal data, we will remove that data from our records. If you are a parent / guardian of a minor who has submitted his or her personal data, please contact us to delete them.

D) The site uses external traffic logging services such as Google Analytics. Google Analytics provides us with anonymized data to determine the number of people using our Site to better understand how we find and use our websites and to see their progress on the Website. While Google Analytics uses cookies to capture data such as your location, your device, your web browser, and your operating system, none of this information is related to your face and does not identify you. Note that Google is a third data processor.

Purpose and Legal Basis of Your Data Processing

We process your Data for the following purposes, in particular for:

A) managing the Website.

B) monitoring the traffic of the Website,

C) optimizing site navigation and the experience of the visitor and user of the services involved,

D) communication and information to visitors,

E) posting comments on published texts on the Site platform,

F) the exercise of our legitimate rights.


Every processing of your personal data requires a specific and legitimate reason in accordance with existing legislation. That is why we make sure that every use of your information is based on one of the following legal bases:

A) the user’s consent when registering for the services of the Website, as well as the use of cookies.

B) to ensure our legitimate interests, without circumventing the rights of users, as is the case in claiming civil claims.

C) compliance with provisions of the Law, as in the case of termination of illegal activity by the competent authorities.

Access and Transmission of Your Personal Data

Access to your personal data has the absolutely necessary staff of the Processing Manager and our affiliated companies that process your Data as Processors on our behalf and in accordance with our instructions. The partner companies offer Web site management and social networking services, technical support and maintenance, comment management, data analysis and business activities and / or support and marketing information systems, and measurement analysis. Performers are contractually obliged by us to keep confidentiality, not to disclose Data to third parties without the permission of the Processing Person, to take appropriate security measures, to comply with the legal framework for the protection of personal data, and in particular the CIS.

In addition, we may disclose your Data when you have explicitly requested it or when required by law, such as if requested by the police to investigate illegal activities. Your Data is not transmitted outside the European Economic Area (EEA). In the event that your data is deemed to be transmitted to non-EEA countries, we will ensure that your rights and freedoms regarding the processing of your personal data are properly protected and duly protected. As far as our obligation is concerned, we will ensure that it is executed on the basis of contractual agreements using standard contractual clauses approved by the European Commission or other appropriate safeguards in accordance with applicable law.

Keeping and Securing Your Personal Data

Your personal data is retained for as long as the legitimate purpose of the processing for which it was originally collected has been obtained, subject to free consent.
We maintain an appropriate level of security for the data retention and have implemented reasonable physical, electronic and administrative procedures to prevent the accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access to personal data transmitted, stored or otherwise way of processing. Our information security policies and procedures are closely aligned with international standards and are regularly reviewed and updated whenever needed to meet our business needs, technology changes and regulatory requirements.

We delete the Data we collect from you if it is no longer necessary to achieve the purposes for which it was originally collected. Data collected solely for the purpose of communicating the user with us or informing interested parties about advertising from the respective forms of collection of the Website shall be retained during the communication and shall be deleted within 3 months of its termination. However, we may be asked to store your personal data for a longer period of time due to legal provisions. The Data collected by Cookies, we delete them in accordance with the Cookies Policy.

Your Legal Rights

As a data subject you have specific legal rights regarding the personal data we collect from you:

Access: You have the right to know if and how we process your personal data at any time and without any charge.

Update: You can request the correction of personal data that is incomplete or incorrect.

Deletion: You may request the deletion of your data if it is no longer necessary for the processing purposes for which it was originally collected or if you wish to withdraw your consent and there is no other legal basis for processing.

Opposition: You may at any time object to the processing of your personal data, which we will respect provided there are no other legitimate reasons.

Processing restrictions: You may ask us to restrict the processing of your personal data if you dispute their accuracy or the legitimacy of the processing.

Portability: You may ask us to receive in readable form the data you have provided or ask us to forward it to another controller.
Right of Withdrawal of Consent: You have the right to withdraw your consent at any time without affecting the legal basis of your data processing on our behalf under such consent before it is revoked.
In order to exercise your legal rights, please contact in writing by email. We will try to meet your request within 30 days. However, the deadline may be extended for specific reasons relating to the specific legal right or complexity of your request. We may request proof of your identity for identification purposes before answering your request. In some cases, we may not be able to allow access to certain personal data (e.g., if your personal data is related to someone else’s personal data or for legal reasons).
You have the right to submit a complaint to the Personal Data Protection Authority (post office Kifissias 1-3, PC 115 23, Athens, tel. 210 6475600, e-mail: ) if you believe that processing of your Personal Data violates the applicable national and regulatory framework for the protection of personal data.


The General Data Protection Regulation (GDPR) (EU) 2016/679 is a regulation in EU law on data protection and privacy for all individuals within the European Union (EU) and the European Economic Area (EEA).

The regulation contains provisions and requirements pertaining to the processing of personally identifiable information of individuals (formally called data subjects in the GDPR) inside the European Union, and applies to all enterprises, regardless of location, that are doing business with the European Economic Area. Business processes that handle personal data must be built with data protection by design and by default, meaning that personal data must be stored using pseudonymisation or full anonymisation, and use the highest-possible privacy settings by default, so that the data is not available publicly without explicit consent, and cannot be used to identify a subject without additional information stored separately. No personal data may be processed unless it is done under a lawful basis specified by the regulation, or if the data controller or processor has received explicit, opt-in consent from the data subject. implements all secutiry protocols for storage of personal data.