Privacy Policy

Last updated: December 27, 2025

Socialty is committed to protecting your privacy and personal data. This Privacy Policy describes how we collect, use, share, and protect your personal information in accordance with the General Data Protection Regulation (GDPR) of the European Union.

1. Data Controller

Socialty
Address: Kazani 2
Tax ID: 12345678
Email: [email protected]
Phone: +30 6973722552

For any questions regarding the processing of your data, contact us at [email protected].

2. What Data We Collect

2.1 Data You Provide

When you create an account or use the platform, we collect:

For Consumers:

  • Basic information: First name, last name
  • Contact details: Email
  • Credentials: Password (encrypted)
  • Transaction data: Points history, redemptions, loyalty cards

For Merchants:

  • Business information: Business name, Tax ID, Tax Office, address
  • Contact details: Email, phone
  • Banking information: For payment processing (if required)

2.2 Automatically Collected Data

When you visit the platform, we automatically collect:

  • Technical data: IP address, device type, operating system, browser
  • Usage data: Pages visited, access time, referral source
  • Cookies: We use essential cookies for platform functionality (session cookies)

2.3 Data We DO NOT Collect

  • Analytics: We do not use Google Analytics or other third-party analytics tools
  • Advertising cookies: We do not use cookies for advertising purposes
  • Sensitive data: We do not collect health data, religious beliefs, political opinions

3. Legal Basis and Purpose of Processing

We process your data based on:

3.1 Contract Performance

  • Account creation and management
  • Provision of loyalty services
  • Point collection and redemption
  • Communication regarding your transactions

3.2 Consent

  • Sending informational or promotional emails (only with your consent)
  • User experience personalization

3.3 Legitimate Interest

  • Security and fraud prevention
  • Service improvement
  • Technical support

3.4 Legal Obligation

  • Maintaining tax records
  • Compliance with legal requirements

4. How We Use Your Data

We use your personal data to:

Service provision: Platform operation and account management
Communication: Updates about your account, points, rewards
Security: Protection from fraud and abuse
Support: Answering questions and resolving issues
Improvement: Usage analysis to improve the platform
Legal compliance: Fulfilling legal obligations
Marketing: Sending promotional content (only with your consent)

5. Sharing Data with Third Parties

5.1 Service Providers

We share data with trusted third parties who help us provide our services:

Bluehost (Hosting & Email Provider)

  • Purpose: Platform hosting and email management
  • Location: USA (outside EU)
  • Safeguards: Standard Contractual Clauses (SCCs) per GDPR
  • Privacy Policy: https://www.bluehost.com/privacy

5.2 Merchant Partners

Your basic information (name, email) is shared with merchants whose loyalty cards you use, to provide you with rewards.

5.3 Legal Obligations

We may share data if required by:

  • Court order or warrant
  • Public authority request
  • Protection of our legal rights

5.4 No Data Sale

We DO NOT sell, rent, or exchange your personal data with third parties for commercial purposes.

6. International Data Transfers

Your data is stored on Bluehost servers in the USA (outside the European Economic Area).

Safeguards:

  • We use Standard Contractual Clauses (SCCs) approved by the European Commission
  • Bluehost implements appropriate technical and organizational security measures
  • GDPR requirements for international transfers are met

7. Data Retention Period

We retain your personal data for:

| Data Type | Retention Period | |-----------|------------------| | Account information | While account is active + 1 year after deletion | | Transaction history | 5 years (tax obligation) | | Communication emails | Until consent withdrawal | | Technical logs | 6 months | | Support records | 2 years |

After these periods, data is deleted or anonymized.

8. Your Rights (GDPR)

Under GDPR, you have the following rights:

8.1 Right of Access

You can request a copy of the data we hold about you.

8.2 Right to Rectification

You can correct inaccurate or incomplete data.

8.3 Right to Erasure ("Right to be Forgotten")

You can request deletion of your data, unless we have a legal obligation to retain it.

8.4 Right to Restriction of Processing

You can request restriction of processing under certain circumstances.

8.5 Right to Data Portability

You can receive your data in a structured, commonly used format.

8.6 Right to Object

You can object to processing for legitimate interest or marketing purposes.

8.7 Right to Withdraw Consent

You can withdraw your consent at any time (does not affect the lawfulness of prior processing).

8.8 Right to Complaint

You can file a complaint with the Hellenic Data Protection Authority (HDPA):

How to Exercise Your Rights

Contact us at [email protected]. We will respond within 30 days.

9. Data Security

We take data security seriously and implement:

Encryption: SSL/TLS for data transmission
Password encryption: Bcrypt hashing
Firewalls: Protection from unauthorized access
Regular backups: To prevent data loss
Limited access: Only authorized personnel
Monitoring: Continuous monitoring for suspected breaches

In case of a data breach that poses a risk to your rights, you will be notified within 72 hours.

10. Cookies

We use only essential cookies for platform functionality:

| Cookie Type | Purpose | Duration | |-------------|---------|----------| | Session Cookie | Maintaining user session | Until browser closure | | CSRF Token | Protection from CSRF attacks | Session | | Preferences | Storing language/settings | 1 year |

We DO NOT use:

  • Third-party cookies (Google Analytics, ads)
  • Tracking cookies

You can disable cookies in your browser settings, but this may affect platform functionality.

11. Minors

The platform is intended for individuals 18 years and older. We do not knowingly collect data from minors. If we discover we have collected data from a minor, we will delete it immediately.

12. Automated Decision-Making

The platform does not use automated decision-making or profiling that would have legal effects on you.

13. Privacy Policy Modifications

We may update this Privacy Policy periodically. In case of significant changes:

  • You will be notified via email
  • The new policy will be posted on the platform
  • The "Last updated" date will be updated

We encourage you to review this policy regularly.

14. Contact

For questions, concerns, or requests regarding your personal data:

Email: [email protected]
Address: Kazani 2
Tax ID: 12345678
Phone: +30 6973722552

We will respond as soon as possible, and no later than 30 calendar days.

Thank you for trusting Socialty with your personal data.