Privacy Policy

DAMASOL LIMITED is a company providing digital services through an innovative online platform that enables users to create and manage events, event invitations, guest lists, RSVP responses and customisable templates. The platform is designed to offer a seamless and user-friendly experience for any user seeking efficient event organisation tools. On that end, DAMASOL LIMITED takes private information seriously and, therefore, has formed the present policy not only in compliance with the General Data Protection Regulation but also out of inherent respect of the right in privacy, as a key-factor of its business mentality.

The present Privacy Policy aims at providing all the necessary information regarding the private data processing procedure, in the context of using https://ethileo.com (the "Site"), including the data shared by the user himself or gathered by his interaction with the Site.

Some of the terms used in this policy have a legal meaning as specifically defined in Article 4 of the General Data Protection Regulation (GDPR). Key terms include:

Personal data:

Any information relating to an identified or identifiable natural person.

Processing:

Any operation carried out on personal data, including collection, recording and organisation.

Consent:

Any freely given, specific, explicit and informed indication of intent by which a natural person agrees to the processing of personal data.

Data Controller:

The entity that determines the purposes and means of processing personal data — DAMASOL LIMITED in the context of this Site.

Data Processor:

A natural or legal person that processes personal data on behalf of the controller.

Personal data breach:

A breach of security leading to accidental or unlawful destruction, loss, alteration, or unauthorised access to personal data.

We collect personal data in three ways:

• Directly from you, when you create an account or use our Services.
• Indirectly through our users when they enter personal data relating to their event guests.
• Automatically through cookies and similar technologies, server logs and technical files (see our Cookies Policy).

In order to register to our services, we require your full name and email address. If you link your Google account, we also receive information from that account depending on your settings and its privacy policy. If you register for our newsletter, we collect your name and e-mail.

Data collected through the Guest Management Service

When you use the Guest Management features, you may upload or manually enter personal data of your guests, including: first and last name, email address, phone number, number of attendees, guest group or category, special categories or notes, table assignment and RSVP status.

DAMASOL LIMITED processes this data solely to enable you to organise and manage your event. You acknowledge that you are responsible for ensuring your guests have been properly informed about the processing of their personal data. DAMASOL LIMITED does not contact your guests directly.

Information collected automatically

Upon visiting our Site we automatically collect information about how you use our services (website that linked you to us, date of visit, frequency and duration of activities). Our servers also collect cookies, IP addresses, browser data and browser version identification data.

• To enable the purchase of services, manage your account, and perform our contractual obligations. Legal basis: Article 6(1)(b) GDPR.
• To provide Guest Management functionalities including guest lists, RSVP tracking and seating arrangements. Legal basis: Article 6(1)(b) GDPR.
• To send newsletters and promotional communications. Legal basis: your explicit consent.
• To respond to pre-registration enquiries. Legal basis: your explicit consent.
• To improve Site performance and set default options. Legal basis: legitimate interest.
• For statistical purposes (IP address, geographic location, duration of visit etc.). Legal basis: legitimate interest.

We only collect and process data that is absolutely necessary, relevant and appropriate for the purpose of each processing.

We do not share your personal data with third parties except as necessary for the operation of the Site. Recipients may include:

• Our authorised personnel, developers, technical partners and agents, to the extent necessary for the provision and improvement of our services.
• Professional service providers such as hosting providers, IT support teams, email delivery services and website administrators.
• Third-party services approved by you (e.g. social networking platforms or other integrated tools).

We do not disclose your personal data to third parties outside the European Union in countries without an appropriate data protection regime. Any such transfer is made in full compliance with GDPR.

We retain your personal data for as long as you maintain an account with DAMASOL LIMITED, unless a different retention period is required by applicable legislation. Guest data entered through the Guest Management features is retained only for as long as necessary for the relevant event. Once the event is completed or deleted by the user, the associated guest data is also deleted, unless a longer retention period is required for legal reasons.

We have taken all appropriate security measures to prevent accidental loss of personal data or unauthorised access. We store all personal data on secure cloud servers protected by passwords and firewalls. However, sending information over the internet presents inherent security risks and we cannot guarantee the security of data transmitted over it.

Under the GDPR, you have the following rights:

• Access — request access to your personal data (Article 15 GDPR).
• Rectification — request correction of inaccurate or incomplete data (Article 16 GDPR).
• Erasure — request deletion of your data where it is no longer needed (Article 17 GDPR).
• Restriction — request restriction of processing under certain conditions (Article 18 GDPR).
• Objection — object to processing based on legitimate interests (Article 6(1)(e)(f) GDPR).
• Withdrawal of consent — withdraw consent at any time without affecting prior lawful processing.
• Data portability — receive your data in a portable format or request transfer to another controller (Article 20 GDPR).
• Complaint — lodge a complaint with the competent Data Protection Authority.

We will respond to your requests within one month (extendable by two further months in exceptional circumstances). Exercise your rights by emailing: info@ethileo.com.

The competent supervisory authority is the Hellenic Data Protection Authority (DPA), 1–3 Kifissias Street, Athens, P.C. 11523, tel. 210 647 5600, email: contact@dpa.gr.

The Services may contain links to other websites not operated or controlled by us. This Privacy Policy does not apply to those sites. We suggest contacting them directly for information on their privacy practices.

We may update this Policy from time to time by posting a new version on the Site. We encourage you to check this page regularly. We will notify users of significant changes through notices on our Site or by email.

For questions or comments regarding this Policy, contact us at: info@ethileo.com.