Phone
(+30) 210 89 46 186
Address
32 Vouliagmenis Av., Voula
16673 Athens - Greece
Email
info@blissprojects.com

Privacy and Personal Data Protection Policy

The lawful processing of an individual’s personal data constitutes a fundamental right of paramount importance in today’s information society.

«FILIPPOU ANASTASIOS – ALEVRAS ARIS G.P.» – d.b.a. BLISS PROJECTS (hereinafter the “Company”) places great importance on the lawful processing, security, and protection of your personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”), Law 4624/2019 (which supplements and implements the GDPR in Greece) and any other data protection regulations applicable to countries in which the Company operates. regardless of the capacity in which you communicate or cooperate with us, including, without limitation, as prospective or existing clients, website visitors, employees, self-employed professionals, private individuals, or third parties cooperating with an affiliated company.

  1. What Your Personal Data Is

The term “personal data” means any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one whose identity can be established, directly or indirectly, in particular by reference to an identifier such as a name, ID Card number, location data, online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person, in accordance with the provisions of the General Data Protection Regulation (EU) 2016/679 (GDPR), Greek Law 4624/2019, the applicable Greek legislation in force from time to time, and the decisions of the Hellenic Data Protection Authority (HDPA).

  1. What Personal Data We Collect

Our Company actively applies the principle of data minimisation by collecting and retaining only such personal data as is strictly necessary, relevant, and appropriate for the specific purposes of processing, as required under the General Data Protection Regulation (GDPR). Our primary objective is to foster an environment of constant trust and security in which personal data protection is ensured not only through appropriate technical measures but also through the continuous promotion of a culture of accountability and data minimisation throughout our operations. In this way, we ensure that all personal data entrusted to us by our employees and business partners is processed with due care and respect, while adopting processing practices that support a corporate environment where security and privacy constitute fundamental and non-negotiable values.

The Company collects and processes the following categories of personal data.

For individuals employed by the Company:

  • Full name;
  • National identity card or passport number;
  • Greek Tax Identification Number (TIN);
  • Social Security Registration Number (AMKA);
  • Residential address;
  • Bank account details (IBAN) for payroll purposes;
  • Contact details (telephone number and email address).

For the provision of our services to third parties:

  • Full name of the authorised contact person;
  • Position or role within their organisation;
  • Contact details (email address, telephone number and, where applicable, business address).

Furthermore, we process the personal data collected from visitors (“you”) of our corporate website, blissprojects.com, and we may also collect anonymous usage data concerning the manner in which you use our website for optimisation and performance analytics purposes.

In addition, the Company operates a closed-circuit television (CCTV) system at its business premises. Where individuals enter the monitored areas, the Company may collect and process video recordings that may include identifiable images of visitors, employees, contractors and other persons entering the premises. The CCTV system records video images only and does not record audio.

  1. Purposes of Processing

We use and process the personal data you provide to us only to the extent necessary for the following purposes:

  • Performance of our contractual relationship – to ensure the proper and efficient provision of our services and the fulfilment of our obligations arising from any contractual relationship entered with you. This also includes processing carried out in response to expressions of interest at the pre-contractual stage, including through online forms, email or SMS communications.
  • Internal business operations – for the recruitment of employees, the management of employee leave and termination of employment, the administration of payroll for employees and contractors, and the publication of photographs on the internet, where applicable and in accordance with the applicable legal basis.
  • Responding to enquiries – to respond to requests or enquiries submitted through our communication channels.
  • Security of persons and property – to protect the Company’s employees, visitors, assets and premises, prevent and investigate unlawful acts, and ensure the overall security of the Company’s facilities through the operation of a CCTV surveillance system.
  1. Lawful Basis for Processing

The Company processes your personal data in accordance with Article 6 of the General Data Protection Regulation (GDPR). Depending on the circumstances, the processing of your personal data is lawful where it is based on one or more of the following legal bases:

  • Your consent to the specific processing activity;
  • The necessity of processing for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract;
  • Compliance with a legal obligation to which the Company is subject;
  • The legitimate interests pursued by the Company, provided that such interests are not overridden by your interests or fundamental rights and freedoms.

Processing carried out through the Company’s CCTV system is based on Article 6(1)(f) GDPR, namely the Company’s legitimate interest in ensuring the security of its personnel, visitors, property and business premises.

  1. Principles Governing the Collection and Processing of Personal Data

This Privacy and Personal Data Protection Policy is intended to inform you of the terms governing the collection, processing and disclosure of your personal data that we may process in our capacity as either a Data Controller or a Data Processor.

The Company and its appropriately trained personnel apply the principles of personal data processing set out in Regulation (EU) 2016/679 (GDPR), namely: lawfulness, fairness and transparency; purpose limitation; data minimisation; accuracy; storage limitation; integrity and confidentiality; and accountability.

The Company is committed to protecting and safeguarding your rights in relation to the processing of your Personal Data, including your rights to information, access, rectification, erasure, restriction of processing, data portability, objection, and the right not to be subject to a decision based solely on automated processing, including profiling, as further described below and under the applicable provisions of Greek law.

These principles apply without discrimination and govern all personal data processing activities carried out by the Company, as well as all services provided by it.

  1. Data Minimisation, Retention and Erasure

The Company will always request only the minimum personal data required by law and necessary to achieve the purposes set out in Section 3 above.

Personal data will be retained by the Company only for as long as is strictly necessary to fulfil those purposes, including, where applicable, to comply with legal, accounting and regulatory obligations, as well as to perform any tasks carried out in the public interest.

With respect to personal data processed for the provision of our contractual services, the Company may retain such data for a longer period where necessary to protect its legitimate interests, including for the establishment, exercise or defence of legal claims or in connection with any potential liability arising from the provision of the relevant services.

In certain circumstances, we may anonymise your personal data so that it can no longer be associated with you and you can no longer be identified. You may inquire and contact us at any time to request information regarding the personal data we hold about you and to request its rectification or erasure by submitting the relevant request form made available by the Company, unless the retention of such data is required by law, including for tax, evidentiary, judicial or law enforcement purposes.

CCTV recordings are retained for a maximum period of thirty (30) days. The recordings are stored locally on the Company’s recording equipment and are automatically overwritten by newer recordings once the retention period expires, unless a specific recording must be retained for a longer period where necessary for the establishment, exercise or defence of legal claims, or where required in connection with the investigation of a security incident or by applicable law.

  1. Cookie Policy

What are cookies?

Cookies are small text files that are downloaded to your device when you access certain websites. They are accessible by the server and enable a website to recognise users and understand how they navigate across websites.

Types of cookies we use

  • Strictly Necessary Cookies: These cookies are essential for the operation of our website and cannot be disabled in our systems.
  • Targeting Cookies: These cookies may be used to provide personalised content and advertisements.
  • Analytics Cookies: These cookies help us understand how visitors interact with our website and enable us to improve its performance.

Managing Cookies

You may configure your browser to block or notify you about these cookies. However, if you choose to block certain cookies, some parts of our website may not function properly.

The Company is also adapting to the emerging cookieless future, driven by the gradual phase-out of third-party cookies by web browsers, and is focusing on alternative privacy-friendly technologies and approaches that better protect users’ privacy.

Obtaining Your Consent

To manage users’ cookie preferences and obtain consent for non-essential cookies where required by applicable law, the Company uses the CookieYes Consent Management Platform (CMP), which automatically collects, records and manages users’ consent regarding the use of cookies through the cookie banner displayed on our website.

  1. Disclosure of Your Personal Data to Third Parties

The Company may disclose your personal data to:

  • Third-party service providers acting on our behalf under appropriate contractual safeguards and data processing agreements;
  • Business partners and affiliated service providers for the provision of advertising and marketing services;
  • Public authorities, regulatory bodies or other competent authorities where disclosure is required by applicable law or a lawful request.
  • Law enforcement authorities, judicial authorities or other competent public authorities where disclosure of CCTV recordings is required by law or is necessary for the investigation of criminal offences or security incidents.
  1. Security of Your Personal Data

In all cases, we implement appropriate technical and organisational measures to ensure the confidentiality, integrity and availability of your personal data. Our objective is to ensure that your personal data is transmitted, stored and processed in accordance with internationally recognised security standards and best practices.

To achieve this, we maintain appropriate information security policies and employ suitable technical and organisational safeguards, including, where appropriate, anonymisation, pseudonymisation, encryption, tokenisation, firewalls, role-based access controls, access by authorised personnel only, regular staff training, periodic security assessments, and compliance with internationally recognised information security and business continuity standards.

Any employee, contractor or service provider who has access to your personal data is authorised to use such information solely for the purposes described in Section 3 of this Policy and is subject to appropriate confidentiality and data protection obligations.

We disclose your personal data only in the manner described in this Privacy Policy and, where consent constitutes the applicable legal basis for processing, only on the basis of your freely given, specific, informed and unambiguous consent, which you may withdraw at any time by contacting us.

Access to CCTV recordings is strictly limited to authorised personnel with a legitimate business need to access such recordings. Appropriate technical and organisational measures are implemented to protect CCTV footage against unauthorised access, alteration or disclosure.

  1. CCTV Surveillance

The Company operates a CCTV system for the protection of persons and property.

During normal business hours, the system records only the entrance to the Company’s premises. Outside normal business hours, the CCTV system monitors the premises through motion-triggered recording covering the external areas for security purposes.

The CCTV system records video images only and does not record audio.

CCTV recordings are retained for thirty (30) days, after which they are automatically overwritten unless their retention is required for the investigation of an incident, the establishment, exercise or defence of legal claims, or to comply with a legal obligation.

Access to CCTV recordings is restricted to authorised personnel and, where necessary, recordings may be disclosed only to competent public authorities or other recipients where required by law.

  1. Your Rights

In accordance with the General Data Protection Regulation (GDPR), you have the following rights in relation to your personal data:

  • The right of access to your personal data;
  • The right to rectification of inaccurate or incomplete personal data;
  • The right to erasure (“right to be forgotten”);
  • The right to restriction of processing;
  • The right to data portability;
  • The right to object to processing;
  • The right to withdraw your consent at any time, where processing is based on your consent.

To exercise any of your rights, or if you have any inquiries regarding the processing of your personal data, please contact us using the contact details provided below.

  1. Contact Information

If you have any questions or comments regarding this Privacy and Personal Data Protection Policy, or if you believe that we have not complied with the principles set out herein, please contact us by email at: info@blissprojects.com

Alternatively, you may contact us by post at:

«FILIPPOU ANASTASIOS – ALEVRAS ARIS G.P.» – d.b.a. BLISS PROJECTS
32 Vouliagmenis Av., Voula, 16673 Athens, Greece

You may also contact us by completing the contact form available on our website.

  1. Right to Complain to a Supervisory Authority

If you believe that we have not responded to your request or handled your personal data in accordance with the law, you have the right to lodge a complaint with the Hellenic Data Protection Authority (HDPA), which is the supervisory authority in Greece.

Hellenic Data Protection Authority (HDPA) Address:

Kifisias 1-3, PC 115 23, Athens, Greece

Contact Center: +30 210 647 5600

Website: www.dpa.gr

  1. Updates to this Privacy Policy

This Privacy and Personal Data Protection Policy has been published by the Company on its website and is subject to periodic review, amendment and improvement in order to ensure continued compliance with applicable data protection legislation and best practices.

 

Last updated: July 2026

Designed & developed by Blissprojects our f@ck!n' selves