Privacy Policy

Privacy Policy

1. Data Controller

This website is operated by:

The Reception Athens
Email: contemporaryoralities@gmail.com
Website: https://thereceptionathens.eu

We act as the Data Controller for the personal data collected through this website.

2. Website Hosting

Our website is hosted by Papaki (Top.Host / Plesk infrastructure), located within the European Union.

Server logs, including IP addresses and technical metadata, are processed for security monitoring, fraud prevention, and system integrity purposes.

Legal basis:
Article 6(1)(f) GDPR – Legitimate interest (website security and system administration)

3. Digital Purchases (WooCommerce)

When you purchase a digital product, we collect:

  • Full name
  • Billing address
  • Email address
  • Phone number (if provided)
  • Order details
  • IP address
  • Payment transaction metadata

We process this data to:

  • Deliver digital products
  • Provide invoices
  • Comply with Greek tax obligations
  • Prevent fraud
  • Provide customer support

We may also store download logs to ensure proper delivery and prevent unauthorized distribution.

Legal basis:
Article 6(1)(b) GDPR – Contract performance
Article 6(1)(c) GDPR – Legal obligation

Retention period:
Order and tax-related data are retained for 5–10 years in accordance with Greek accounting law.

Transactional emails related to purchases are sent based on contractual necessity.

4. Payments (Nexi & IRIS)

Payments are processed via:

  • Nexi (payment gateway provider)
  • IRIS Online Payments

We do not store card details on our servers.

Payment data is processed directly by the respective provider under their own privacy policies. We only receive payment confirmation and transaction identifiers.

For more information:

Nexi Privacy Policy: [Insert Official Nexi Link]
IRIS Privacy Policy: [Insert Official IRIS Link]

5. Newsletter (Mail Octopus)

Newsletter subscriptions are managed independently through Mail Octopus.

When you subscribe, the following data may be processed:

  • Email address
  • Name (if provided)
  • Engagement data (opens, clicks)

Legal basis:
Article 6(1)(a) GDPR – Consent

You may unsubscribe at any time via the unsubscribe link included in every email.

Mail Octopus may process data outside the EEA under appropriate safeguards.

Mail Octopus Privacy Policy: https://mailoctopus.com/legal/privacy

6. Google Analytics 4

We use Google Analytics 4 (GA4), provided by Google Ireland Limited.

Data collected may include:

  • Truncated IP address
  • Device and browser information
  • Pages visited
  • Interaction data
  • Approximate geographic location

IP addresses are truncated before storage and are not stored in full.

Google Analytics is activated only after explicit consent via our cookie banner.

Legal basis:
Article 6(1)(a) GDPR – Consent

Data retention: up to 14 months.

Google may process data outside the EEA under Standard Contractual Clauses.

More information: https://policies.google.com/privacy

You may withdraw consent at any time via cookie settings.

7. Cookies & Consent Management

We use Complianz Privacy Suite to manage cookie consent.

Cookies are categorized as:

  • Functional (necessary)
  • Statistics (activated only after consent)
  • Marketing (if activated in the future)

You may change or withdraw consent at any time.

8. International Data Transfers

Certain providers (Google, Mail Octopus, payment processors) may process data outside the European Economic Area.

Where applicable, transfers are protected under Articles 44–49 GDPR, including Standard Contractual Clauses.

9. Data Retention Summary

  • Order data: 5–10 years
  • Analytics data: up to 14 months
  • Newsletter data: until unsubscribe
  • Server logs: retained for security monitoring as required

10. Your Rights Under GDPR

You have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Request erasure
  • Restrict processing
  • Data portability
  • Withdraw consent at any time
  • Lodge a complaint with the Hellenic Data Protection Authority (HDPA)

To exercise your rights, contact:
[Insert Contact Email]

11. Automated Decision-Making

We do not engage in automated decision-making or profiling that produces legal effects.

12. Data Security

We implement appropriate technical and organizational security measures to protect personal data from unauthorized access, alteration, disclosure, or destruction.

13. Minors

This website is not intended for individuals under the age of 18.

  1. Embedded Audio Content (Transistor.fm)

This website embeds audio content hosted by Transistor.fm.

When you interact with the embedded player, your IP address and technical data (such as browser and device information) may be transmitted to Transistor.fm servers.

Transistor.fm may process this data in accordance with its own privacy policy.

Legal basis:
Article 6(1)(a) GDPR – Consent (where cookies or tracking technologies are used)
Article 6(1)(f) GDPR – Legitimate interest (content delivery)

More information: https://transistor.fm/privacy