This website has been created and is owned by the corporation under the name "DATAWAYS S.A.," located at 27 Georgikis Scholis Avenue, Postal Code 57001, Thessaloniki, GEMI No. 132673704000, TIN 800623125, under the jurisdiction of the Thessaloniki Tax Office for Large Enterprises (ΦΑΕ ΘΕΣ/ΝΙΚΗΣ), as the Data Controller of personal data.
1. Introduction
1.1. In this Privacy Policy, we provide information about the data we collect, use, and share when you visit our Website or pursuant to any Agreement you may have with DATAWAYS for the use of our products and services. You should consider this part of the DATAWAYS Website Terms and Conditions and the related Agreement.
1.2. By continuing to use this website, you agree that we, as data controllers, collect and use your personal information in accordance with this Privacy Policy and for the purposes of the proper functioning of the website and the provision of our Products and Services to you.
1.3. We reserve the right to update this Privacy Policy from time to time. Please check this policy periodically for changes. If you do not accept this or any revised Policy, you should stop using this website.
1.4. Any questions or disputes regarding privacy are subject to this Privacy Policy.
1.5. When you visit the Website, no information is collected or processed by us, and in most cases, you are not required to provide us with your personal data.
1.6. Depending on the activity or the Agreement between us, we may ask you for information that may be mandatory or optional. However, if you do not consent to the processing of your personal data, we may not be able to provide some or all of our personalized services. If the provision of a product or service requires us to process some of your personal data and you do not wish to share that data with us, we will not be able to cooperate with you, and you must understand that the related service or product cannot be delivered. In all cases, it will be clear when we seek your consent and when you must mandatorily share personal information.
1.7. Subscription to our newsletter for various services or those of our partners is always based on prior explicit consent. This newsletter allows us to inform you about new Products and Services, updates, and other news related to the company and the products or services you have received from us or our business partners.
2. Definitions
2.1. DATAWAYS, we, our: Refers to Dataways S.A.
2.2. You: Refers to you or the company or other legal entity on whose behalf you accept this policy, including any subsidiaries of that company or entity.
2.3. Services: Refers to software, applications, tools and their updates, relevant services, and platforms provided by DATAWAYS, excluding third-party applications.
2.4. Third-party applications: Refers to software, applications, tools, and their updates provided by third parties that interact with or communicate with DATAWAYS Services, commonly referred to as third-party apps, including, but not limited to, our Partners.
2.5. User content: Data, information, materials, and documents stored within DATAWAYS’ applications and products, whether or not related to the account of an authorized user.
2.6. User account: A location on a network used to store data and information, such as a computer username, password, etc., which allows or disallows a user to connect to a network, another computer, or shared resources.
2.7. Platform: Our platform or platforms/systems we may use from third parties or subcontractors for the provision of software as a service (SaaS), platform as a service (PaaS), and infrastructure as a service (IaaS), pursuant to our Agreement.
2.8. Agreement: The Master Services Agreement and any related SLA or Statement of Work (SoW) between Dataways S.A. and any other person or legal entity for the provision of products and services.
2.9. Your data: Refers to all electronic data or information you submit during the use of the Services, excluding personal data or personally identifiable information.
2.10. Personal Data or Personally Identifiable Information: Any information related to an identified or identifiable natural person (“data subject”).
2.11. Processing: Any operation or set of operations performed on personal data or sets of personal data, whether by automated means or not, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.
2.12. Data Controller: The natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Under these service terms, this is you.
2.13. Data Processor: The natural or legal person who processes personal data on behalf of the Data Controller, under these service terms.
2.14. Recipient: A natural or legal person, public authority, agency, or other body to whom the personal data is disclosed, whether a third party or not. However, public authorities that may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities must comply with the applicable data protection rules according to the purposes of the processing
2.15. Third party: A natural or legal person, public authority, agency, or body other than the data subject, the Data Controller, the Data Processor, and persons who, under the direct authority of the Data Controller or Processor, are authorized to process personal data.
3. Processing of Personal Data in the Provision of Web Hosting – Domain Name Services
3.1. The personal data of natural persons who are Domain Name Holders is collected and processed solely for the purpose of fulfilling our obligations as registrars. We collect personal data from individuals who submit domain name registration declarations with a .gr or .ελ extension, or other declarations regarding domain names with a .gr or .ελ extension, only to the extent necessary for processing such declarations. The collection or processing of personal data for other purposes is prohibited without the consent of the individual concerned, in accordance with applicable law
3.2. The personal data of natural persons who are Domain Name Holders is neither disclosed nor shared with third parties. Exceptionally, EETT (the Hellenic Telecommunications and Post Commission) will disclose the data of a Domain Name Holder with a .gr or .ελ extension if required by law for purposes related to the prevention, investigation, detection, or prosecution of criminal offenses, following a request from competent authorities.
3.3. The personal data of legal entities who are Domain Name Holders may be disclosed by EETT to third parties upon request
3.4. Following the issuance of a relevant EETT decision, Registrars may be permitted to disclose to third parties registration information of Domain Name Holders with a .gr or .ελ extension, provided they are legal entities.
3.5. Following the issuance of a relevant EETT decision, Registrars may also be allowed to share with third parties the personal data of natural persons who are Domain Name Holders with a .gr or .ελ extension, under their management, if those individuals have explicitly consented to the disclosure, and upon receiving a related request.
3.6. We disclose personal data of legal and natural persons who are Domain Name Holders with a .gr or .ελ extension under our management, following a request from a competent public audit authority.
3.7. Personal data is recorded and maintained in the Domain Name Registry for processing purposes under this Regulation. These data are retained for establishing, exercising, or defending legal claims and for archiving purposes in the public interest and are not deleted.
3.8. Subject to the provisions of applicable personal data protection laws, we collect personal data from individuals submitting domain name registration declarations with a .gr or .ελ extension, or other domain-related declarations with such extensions, only to the extent necessary for processing them. The collection or processing of personal data for other purposes is prohibited without the consent of the individual, in accordance with applicable law (Official Government Gazette 3321/2018).
3.9. For all other registration services regarding domain names that do not end in .gr or/and .ελ, we delegate the registration of all the domain names to the registrars EuroDNS and Enom. These registrars implement policies and practices that comply with the General Data Protection Regulation (GDPR), ensuring the privacy and security of customer personal data. For more information regarding the data protection policies of these registrars, you may refer to the following pages:
3.10. Processing as a Registrar Acting on Behalf of a Controller
3.10.1. To the extent that we act as processors, we apply appropriate technical and organizational measures so that the processing complies with the GDPR and ensures the protection of the rights of the data subject.
3.10.2. Processing by the processor is governed by the Regulation, which binds the processor in relation to the controller, especially regarding provisions defining the subject matter and duration of processing, the nature and purpose of processing, the types of personal data, and the categories of data subjects.
3.10.3. The processor:
3.10.4. Without prejudice to Articles 82, 83, and 84 of the GDPR, if the processor determines the purposes and means of the processing in violation of the Regulation for registrars and the GDPR, the processor shall be considered a controller with respect to that processing.
3.10.5. If the registrar acting as processor is not established in the EU or within the European Economic Area, they must appoint a written representative in Greece if their processing activities relate to the offering of services to data subjects within the Union.
4. Data Collection
Basic data or non-personally identifiable information we collect:
4.1. DATAWAYS, where applicable, collects certain technical routing information from your computer (also known as environmental variables) to facilitate the operation of its Website and Services. Examples include: the URL of the specific webpage visited, the IP (Internet Protocol) address of the computer you are using, or the browser version used to access the Website. All this information is processed to improve the performance of our Website and Services.
4.2. We collect usage information about the Website, such as the number of users we receive daily, in an aggregate form without individually identifying any user.
4.3. We collect information from your browser to ensure the Website functions properly and to provide the features you see on the Website.
4.4. We also use this information to better understand how visitors use the Website and how we can better adapt the Website, its content, and functionality to meet our users' needs.
4.5. We do not correlate this information with any of your personally identifiable data.
4.6. The above information is used strictly as statistical data and only for the time period absolutely necessary.
5. Personal Data or Personally Identifiable Information We Collect as Data Controllers
We use your personal data or process personal information you provide to us based on:
5.1. Contractual Obligations
5.1.1. We must use personal data to enter into an Agreement/Contract with you
5.1.2. If you accept one of our services or products, the related information will be used in accordance with the specific Terms of the Agreement/Contract or to offer you other benefits as defined by the agreement governing our relationship with registered Users or Accounts, to respond to your requests, and to support the selected service. This may occur during our communication, when you contact an advisor or an authorized partner, for processing, executing, and monitoring transactions related to our products and services, for support and training, handling any of your requests for information or advice, managing inquiries, complaints, and feedback from you and our partners
5.1.3. We retain this information for as long as we have an active contract with our clients, and for 5 years after contract termination, unless required to keep certain records for tax or other legal purposes.
5.2. Legitimate Interests
5.2.1. DATAWAYS may use personal data to protect its legitimate interests, such as:
5.2.2. In such cases, we process the data only for as long as necessary to protect our interests.
5.3. Legal Obligation
5.3.1. We retain certain information to comply with applicable legal provisions. We reserve the right to contact you if required during legal proceedings or in the event of license, warranty, or service agreement violations.
5.3.2. Personal data will be processed only for the time required by law, or, if not clearly defined, for a duration that allows our company to comply with legal obligations
5.4. Consent
5.4.1. Where there is no legal or contractual obligation, and we have no other lawful basis, we may request your consent to process your personal data for:
5.4.2. We may periodically contact you by email about offers and promotions from DATAWAYS or trusted third parties with whom we have marketing agreements, if we believe the content may interest you.
5.4.3. If we use a third-party email service, that provider is not allowed to use your email for any other purpose than sending communications related to DATAWAYS.
5.4.4. You can unsubscribe at any time by emailing https://www.dataways.gr/contact/. Every promotional email will include instructions for opting out of future communications.
5.4.5. Data will be processed only while your consent remains active, which we check periodically. After withdrawing consent, we will delete the relevant data per your instructions, except for minimal data required for proof purposes.
5.5. Statistical Data
DATAWAYS may use aggregate, non-identifiable data for statistical analysis, marketing, or similar promotional purposes to improve our customer offerings, diagnose server issues, manage the website, or enhance your browsing experience. These data will be as anonymous as possible.
6. Disclosure of Personal Data to Third Parties
6.1. DATAWAYS may, in some cases, use third-party services, such as email or hosting providers, who act as independent third parties on behalf of DATAWAYS. We will not share your data with any third party for direct marketing purposes. We have contracts with processors, subcontractors, and sub-processors making it clear they must use the data only as instructed by us and for no other purpose. They will take appropriate security measures and retain the data only for the period we specify.
6.2. In most cases, personal data is processed within the European Union.
6.3. DATAWAYS stores client data only in controlled databases and upon request, deletes client data unless otherwise required.
6.4. We may be required to provide data to regulatory or judicial authorities. If so, DATAWAYS will comply only after verifying the legitimacy of the request and in accordance with the law to protect its or third-party interests.
6.5. We may disclose data if we believe in good faith it's necessary to comply with legal obligations, subpoenas, or legal processes, or to protect our rights or the rights/safety of others, as well as to comply with license agreements or contracts with third-party service providers.
6.6. In the event of a merger, acquisition, or asset sale, DATAWAYS may transfer personal data to the acquiring entity. If the data will be used in a materially different way, you will be given the opportunity to opt out, in line with our data disclosure policy.
7. Personal Data Processed by DATAWAYS as a Data Processor
7.1. When DATAWAYS processes personal data, we never claim ownership of that data.
7.2. If you act as a Data Controller, it's your responsibility to ensure our technical and organizational measures are adequate, and that our processing activities meet all legal and regulatory obligations, particularly with regard to the data subject’s rights.
7.3. We process only the data you provide us, and only under the terms of our Agreement/Contract.
7.4. We will not use other subcontractors without your prior specific or general written authorization, as per our Agreement.
7.5. We process personal data only based on documented instructions from you, including any transfers to third countries or international organizations, unless required to do so by EU or Greek law. In such cases, we will inform you in advance unless the law prohibits disclosure for important public interest reasons.
7.6. We ensure all persons authorized to process personal data are bound by confidentiality obligations, either contractually or by law.
7.7. Taking into account the latest technological developments, implementation costs, nature, scope, context, and purpose of processing, and the risk level to individuals’ rights, we apply appropriate technical and organizational measures to ensure a security level appropriate to the risk. See our Security Policy for more details.
7.8. We will assist you with technical and organizational measures to help fulfill your obligations in responding to data subjects' requests.
7.9. We will support your compliance with legal or contractual obligations, considering the nature of the processing and the data available to us.
7.10. Upon termination of our services, we will delete or return all personal data, unless EU or national law requires us to retain them.
7.11. We will provide you with all necessary information to demonstrate compliance with legal obligations and allow or contribute to audits or inspections conducted by you or your authorized auditors.
7.12. We will promptly inform you if, in our opinion, any instruction violates Greek or European data protection laws.
7.13. NOTE: ANY SPECIAL TECHNICAL AND ORGANIZATIONAL MEASURES YOU MAY REQUIRE FROM US IN THE CONTEXT OF DATA PROCESSING WILL BE SUBJECT TO A SEPARATE AGREEMENT AND MAY INCUR ADDITIONAL CHARGES.
8. Where We Process Personal Data
8.1. The processing of Personal Data that we carry out as Processors takes place within the European Union. If and when we use third-party service providers, as data processors or sub-processors, they will process the relevant information only on our behalf and under our instructions within the framework of supporting our business activities, e.g., email distribution, payment services provision, or advertising on the Website. These providers will also operate within the European Union.
8.2. The processing of Personal Data that we carry out as Processors is conducted according to the instructions of the Data Controller. If you, as the Data Controller, request that we send or process data outside the EU, anywhere in the world, such as the United States of America, you should be aware that these countries may not provide an equivalent level of privacy and personal data protection as in the EU. Different privacy laws may apply in these countries, and you understand that if these transfers are necessary for the execution of the agreement between you and DATAWAYS, you must take all necessary measures to ensure that adequate levels of protection exist for the information in the country to which the data will be sent and provide us with the necessary instructions and guidance on how to process the relevant data according to the applicable privacy legislation.
9. Rights
9.1. DATAWAYS complies with the laws of the EU and Greece concerning the processing of personal data, and under these laws, data subjects have the following rights regarding the processing of their personal data:
9.1.1. Right of Access: The right to request information, including copies of their personal data.
9.1.2. Right to Rectification: The right to request correction of information if a data subject believes it is inaccurate or to request completion of information they believe is incomplete.
9.1.3. Right to Erasure: This right applies when one of the following is true:
9.1.4. Right to Restrict Processing: If processing is restricted, personal data will be stored but not further processed.
9.1.5. Right to Data Portability: The right to receive personal data in a structured, commonly used, and machine-readable format and to transmit those data to another controller if processing is based on consent or contract and is performed by automated means.
9.1.6. Right to Object: For reasons related to the data subject’s particular situation.
9.1.7. Right to Withdraw Consent: At any time.
9.1.8. Right to Lodge a Complaint with the Supervisory Authority: Data Protection Authority, Kifisias 1-3, P.C. 115 23, Athens, Phone: 210 6475600, Email: contact@dpa.gr
9.2. If we are the data controller of your personal data, you can exercise your legal rights by contacting us via email at: https://www.dataways.gr/contact/ Your request must include at least the following information: your full name, your contact address, a copy of your ID card or passport if necessary to verify your identity, and an explanation of the right you are exercising. We will respond to your requests within all applicable timeframes. IF WE ACT AS PROCESSOR, YOU MUST CONTACT THE CONTROLLER; we will provide you with information on how to contact them.
10. Information Regarding Children
10.1. We do not knowingly collect personal information from children under the age of 15 without the consent of the child’s legal guardian. Parents and legal guardians can email us at https://www.dataways.gr/contact/
11. ISO 9001 and ISO/IEC 27001 Certifications
11.1. DATAWAYS’ commitment to security is certified with ISO 9001 Quality Management Systems and ISO/IEC 27001 Information Security Management. For more technical information, please refer to our security policy.
12. General
12.1. DATAWAYS takes and handles customer privacy concerns with the utmost respect and care. If you believe there has been non-compliance with this Privacy and Personal Data Policy regarding your personal information or if you have other related questions or concerns, you can write or contact DATAWAYS at the email: https://www.dataways.gr/contact/
12.2. Please describe in as much detail as possible the nature of your inquiry or how you believe the Privacy and Personal Data Policy has not been followed. We will promptly investigate your question or complaint.
12.3. Please note that if you provide inconsistent privacy preferences (e.g., accepting that third parties may contact you for marketing offers but also indicating that they cannot), DATAWAYS cannot guarantee that your most recent privacy preference will be respected.
12.4. DATAWAYS operates in accordance with Greek and European Law, and the courts of Thessaloniki, Greece, have general jurisdiction for dispute resolution.
12.5. You can exercise your legal rights by contacting us via email at: https://www.dataways.gr/contact/
12.6. Copyright © 2025 DATAWAYS, Inc. All rights reserved. DATAWAYS and the related logo, as well as all related product and service names, trademarks, and trade names, are trademarks and/or registered trademarks of DATAWAYS S.A.
Privacy and Personal Data Policy version 2025
