PRIVACY
POLICY

1. Introduction

The purpose of this Privacy Policy is to help you understand why we collect your personal data and how we process them. We would like you to take some time to read it carefully.

1.1. Who we are

STOIXIMAN LTD, a company with registered office at Flat B8, The Atrium, West Street, Msida, MSD1731, Malta and registration number C 95597 (hereinafter referred to as "Stoiximan" or the "Company"), which maintains a branch in Greece under the name "STOIXIMAN LTD - YPOKATASTIMA ELLADAS" (G.E.M.I. No.: 155539301001), with its registered office at 111 Neratziotissis Street, Maroussi, Attica, Greece, P.C. 15124, VAT number: 996807447 - Tax office: Athens Tax Authority, is the owner and administrator of this website, through which it periodically organises contests (hereinafter referred to as "Stoiximan Nation").

1.2. Mission Statement

In recognition of the fast pace of technological advancement and its continuous evolution, the protection of an individual's personal data in the online environment is a key concern in today's digital economy. Our mission is to provide a safe and secure environment where our users can enjoy our services, all while ensuring the protection and security of their personal data at all times.

The following principles form the foundation of the Company's attitude towards personal data protection:

Access: As a data subject, you are in control of your personal data that is collected and processed by our Company.
Transparency: We will be transparent about the personal data collected and how it is processed to allow you to make an informed decision.
Data Minimisation: We only collect and use personal information that is necessary for providing our services and improving the user experience. We limit the collection of personal information to what is necessary and relevant.
Security: By using strong security and encryption techniques, our Company shall protect the personal data you entrust us with when using the current website or our services in local markets, and is committed to ensuring the confidentiality, integrity and availability of your personal data.
Compliance: The Company complies with the applicable European and national legislation on the protection of personal data.

By adhering to these principles, we aim to provide our users with the highest possible level of privacy protection. We continually review and update our privacy policies to ensure that they remain in line with the best practices and developments in the regulatory and legislative data protection framework.

1.3 Scope of the Privacy Policy

This Privacy Policy describes how we collect, protect and use the personal data that you may provide to us, either through our website(https://nation.stoiximan.gr/) or in the context of the relevant services we offer. It also describes your options regarding this information, as well as guidance on how you can exercise your rights in relation to this data. Our website administrator is the Company, as defined above, which acts as the data controller. This Privacy Policy applies equally whether you access the website using a personal computer, a mobile device or any other technology or device. For the definitions of the terms used in this Privacy Policy, you can refer to our Glossary.

2. Collection of Personal Data

We use different methods to collect data from and about you, including:

Direct interactions: you can provide us with information about your first name, last name, email address, contact phone number, date of birth, passport number, nationality, or gender by filling in a form relating to the Organised Trip.
Automated interactions: As you interact with our website, we will automatically collect technical data about your actions and browsing patterns (Cookies).

3. Personal Data Processing Details

	Purpose of processing your data	Personal data	Possible consequences of failure to provide personal data	Legal basis for processing
1	Submit an entry to the Stoiximan Nation contest	Email Address, Mobile Phone Number	It is not possible to participate in the contest	Consent**
2	Promotion and advertising of the Contest and the Prize	Audiovisual Material (Photos, Video, Audio)	It is not possible to accept the prize	Consent**
3	Winners' Announcement	Username	It is not possible to draw the winners	Consent**
4	Confirmation of participation in the Organised Trip	First Name, Last Name, Email Address, Mobile Phone Number	Cannot participate in the Organised Trip	Consent**
5	Questions, complaints & troubleshooting	First Name, Last Name, Email Address, Mobile Phone Number	We may not be able to handle/answer your question/complaint	Legitimate Interest* (Optimal experience for our online visitors and troubleshooting, brand awareness and reputation)*
6	Access to our website (Operation of certain website functions / Optimal experience for our visitors / Personalised content/advertisements)	Functional Cookies, Performance Cookies, Analysis Cookies, Advertising Cookies	We may not be able to provide you with a customised and optimal online experience when you visit our website	Consent**
7	Access to our website (Ensuring basic website functionality)	Necessary Cookies	Basic functions of the website may not work properly.	Legitimate Interest* (Proper and efficient operation of the website).

*In case we base the processing of your data on a "legitimate interest", we would like to inform you that we have first carried out an assessment to balance our interests with your interests, your rights and freedoms regarding your privacy and the protection of your data ("balancing test") and concluded that this processing is necessary and proportionate to the purpose of the processing. For more information, please contact us.

**Your consent means any freely given, specific, informed and clear indication of your wishes by which, through a statement or clear affirmative action, you agree to the processing of your personal data. To the extent required/permitted by the applicable personal data protection legislation and in accordance with the specified conditions, Stoiximan will obtain your legal consent for the collection, use or disclosure of your personal data. The form of consent used may vary on a case-by-case basis, to be appropriate based on the sensitivity of the information and your reasonable expectations. Consent may be withdrawn at any time. However, such revocation shall not affect the validity of the processing carried out so far.

4. Transfer/Disclosure of Personal Data

4.1 Only duly authorised employees of the Company will be able to access your personal data.

4.2 We may share your personal data with third party partners, service providers or independent contractors who help us to maintain our website and who provide us with other administrative services (including, but not limited to, processing and fulfilling orders, customer service, data retention and analysis, contacting customers on our behalf and collecting information to enter contests and other promotions, the selection of winners and the awarding of prizes, the management and organisation of the Organised Trip). The Company has signed a private agreement for the processing of personal data with each partner, according to which each partner is obliged to comply with the terms of personal data protection required by the applicable European and national legislation on personal data protection, and to use personal data only for the purposes for which it was communicated to them.

4.3 We will not disclose your personal data to third parties outside the European Union, in countries where there is no adequate data protection regime. However, in the event of disclosure of your personal data outside the European Union, the transfer will take place if: i) the transfer is made to a country for which an adequacy decision has been issued by the European Commission; or ii) the disclosure is made in accordance with the mechanisms and safeguards provided for in Chapter V of the European General Data Protection Regulation, as applicable (including, but not limited to, the Standard Contractual Clauses).

4.4 Where our website provides links to other websites created and maintained by other public and/or private sector organisations, we provide these links solely for your information and convenience. We encourage you to read the privacy policy and the terms and conditions of use of each website you visit and use, in order to be informed about how your personal data is processed, as the Company is not responsible for the policies and practices of third party websites.

5. How long we retain your data

It is our policy to retain your personal data only for the time period necessary for the purpose for which it was originally collected, in accordance with the principles of data minimisation and restriction of storage provided for in the European General Data Protection Regulation. According to the Company's data retention policy, your personal data will be retained for a period of five (5) years from the date of collection, subject to the necessary expiry of the retention period to satisfy any legal requirements and/or any extrajudicial and/or judicial actions to safeguard the Company's legitimate interests.

6. Your data protection rights

When retaining or processing your data, you retain the following rights at any time, and you can also submit relevant requests via email to dpo-office@stoiximan.gr:

Right of Access - You have the right to access the personal data we retain about you.
Right to Rectification - You have the right to rectify any inaccurate or incomplete data we retain about you.
Right to Erasure - You can request that the data we retain about you be erased from our records, and we are obliged to comply with your request in specific cases.
Right to Restriction of Processing - You have the right to request that we restrict the processing of your personal data, and we are obliged to comply with this request when certain conditions apply.
Right to Data Portability - You have the right to request that the data we retain about you is transferred to another organisation.
Right to Object - You have the right to object to the processing of the personal data that concerns you, under certain conditions.
Right to Withdraw Consent - Where we base our processing activities on your consent, you have the right to withdraw your consent at any time by sending an email to dpo-office@stoiximan.gr, without this undermining the lawfulness of the processing that preceded the withdrawal and was based on prior consent.

We will evaluate your request and reply with information on its progress and outcome (approval of the request, partial approval of the request, rejection of the request) as soon as possible and, in any case, within one month from the date of submission. In the event that the Company rejects your request in relation to the aforementioned data protection rights, we will reply to you, providing the reasons for the rejection. We reserve the right to reject requests that are unreasonably repetitive, require disproportionate technical effort or have disproportionate technical consequences, risk the privacy of others, or are impossible to implement.

You have the right to submit a complaint to the Greek Data Protection Authority through its online portal by filling in the corresponding online form, depending on the type of complaint (the offices of the Greek Data Protection Authority are located at 1-3 Kifissia Street, P.C. 11523, Athens, Greece and the telephone number is +302106475600.

7. Security

The protection of your personal data is extremely important to the Company and, in this regard, we constantly strive to take all possible measures to ensure the safeguarding of your personal data and the limitation of unauthorised access and/or possible changes. Such measures include information security measures in accordance with the current best practices to protect the privacy of our customers. These measures include technical, procedural, monitoring and tracking activities designed to protect data against misuse, unauthorised access or disclosure, loss, alteration or destruction.

8. Cookies

"Cookies" are small text files consisting mainly of letters and numbers, which are stored on the user's device and saved by the browser when the user visits a website. Our website uses Cookies to recognise the user's browser and analyse trends, making our website more friendly, efficient and secure.

For more information on the use of Cookies, as well as on how to manage and/or delete them, you can visit the Cookie Policy of Stoiximan.

9. Changes to the Privacy Policy

We aim to continually review and update this Privacy Policy in order to comply with legal and regulatory requirements, while providing optimal protection of your personal data. Any updates will be communicated to you via the current website.

10. Contact us

If at any time you believe that we are not complying with the provisions set out in this Privacy Policy or with any other personal data protection issue, please contact us by email at dpo-office@stoiximan.gr.

11. Glossary

Below, you can find a list of terms used within the Privacy Policy that can help you understand this Policy:

Personal Data: Any information that can directly or indirectly identify an individual ("Data Subject"). Simply put, personal data is a datum or a set of data that can distinguish an individual from a group of people.

Processing: Any operation or set of operations performed on personal data or sets of personal data, whether or not by automated means. Processing operations may include collection, storage, access/use, disclosure, erasure.

Data Subject: Any natural and living person that can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an ID card number, location data, a web identifier, one or more factors relating to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Data Controller: A natural or legal person, public authority, organisation or other body that, alone or jointly with others, determines the purposes and means of the Personal Data Processing.

Consent: Any freely given, specific, explicit and unambiguous indication of the Data Subject's wishes through which they, by declaration or by clear affirmative action, declare that they consent to the Processing of personal data that concerns them.

Processor: A natural or legal person, public authority, service or other body that processes personal data on behalf of the Data Controller.

Third Party: An external organisation which is a partner of Stoiximan and which is also authorised, under the direct supervision of Stoiximan, to process the personal data of individuals on its behalf.

[V.2 - 07/2025]

PRIVACYPOLICY