Last Revised: 2026-01-31

Privacy Policy

The company trading as "MAMFREDAS IOANNIS IKE", with registered office at PLANOS, ZAKYNTHOS (hereinafter the "Company"), through this Privacy Policy aims to inform the users of this website "https://mamfredaslaundries.gr/" (hereinafter the "Website") about the manner and purpose of processing their personal data. The Company, as Data Controller, collects and processes personal data of Website users only where strictly necessary, for clearly defined and lawful purposes, in accordance with the applicable personal data protection legislation.

Definitions

For the purposes of this Policy, the following terms have the meanings set out below:

"Personal Data": any information relating to an identified or identifiable natural person ("data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.
"Special categories of personal data": personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health, or data concerning a natural person's sex life or sexual orientation.
"Processing": any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
"Data Controller": the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
"Data Processor": a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
"Data Subject": the natural person whose personal data are being processed. In this case, the data subject is each user of our Website.
"Consent" of the data subject: any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
"Personal data breach": a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.
"Anonymisation": the processing of personal data in such a manner that the data can no longer be attributed to a specific data subject.
"Pseudonymisation": the processing of personal data in such a manner that the data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
"Applicable legislation": the applicable national and EU personal data protection legislation, specifically the General Data Protection Regulation (EU) 2016/679 (hereinafter "GDPR"), Law 4624/2019, as well as the Decisions, Guidelines and Opinions of the Hellenic Data Protection Authority (hereinafter "HDPA").

General Principles of Personal Data Processing

The Company collects and processes the personal data of data subjects in accordance with the following processing principles:

Lawfulness, fairness, transparency: The Company collects and processes such data lawfully and in a transparent manner in relation to the data subjects.
Purpose limitation: The Company processes personal data only for specified, explicit and legitimate purposes.
Data minimisation: The Company takes appropriate technical and organisational measures to ensure that the personal data it processes are adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
Accuracy: The Company ensures that the personal data it holds and processes are always accurate and up to date.
Storage limitation: The Company does not retain personal data for longer than is required by the purposes for which they were collected and processed. However, it may retain them for a longer period if the processing of such data is necessary:
- for compliance with a legal obligation requiring processing under a provision of law,
- for the performance of a task carried out in the public interest,
- for reasons of public interest,
- for archiving purposes in the public interest, or for scientific or historical research purposes, or for statistical purposes, subject to appropriate technical and organisational safeguards including pseudonymisation, and only where such purposes cannot be served through anonymisation of the data,
- for the establishment, exercise or defence of legal claims.
Integrity and confidentiality: The Company ensures that the collection and processing of personal data is carried out in a secure manner, using appropriate technical and organisational means, so as to protect them against any unauthorised or unlawful processing and against accidental loss, destruction or damage.

Personal Data We Collect and Process via the Website, Purpose of Processing and Legal Basis

Personal data collected via the contact form

Through the contact form, the user may contact the Company with questions, clarifications, complaints, etc., as well as to express interest in the services provided. If the user wishes to use this service, they must complete the relevant fields such as full name, telephone number, email, subject and the corresponding message.

Purpose of Processing and Legal Basis

The purpose of the collection and processing of such personal data is to facilitate optimal communication and information exchange between the user and the Company. The legal basis for processing the personal data is the user's consent (GDPR Article 6(1)(a)), which is given by accepting this Privacy Policy prior to submitting the message. Such consent may, in accordance with the applicable legislation, be withdrawn at any time without affecting the lawfulness of processing carried out prior to the withdrawal.

Personal data collected via log data

Each time a user accesses the Company's Website, personal data such as information about the browser and operating system used, the Internet Protocol address (IP address), the date and time of the server request, the volume of data transferred and the resource requested may be temporarily stored in a log file.

Purpose of Processing and Legal Basis

The purpose of the collection and processing of such data is to provide the service for technical and security reasons. These data are not personalised and are retained for a maximum of 6 months. IP addresses from which malicious activity originates are permanently stored in the Website's security system for safety purposes and to prevent further attacks. The legal basis for processing the personal data is the Company's legitimate interest in improving and safeguarding the services it provides to Website users [GDPR Article 6(1)(f)].

Personal data collected through the use of cookies

While browsing our website, we may collect certain necessary information related to traffic on the website, such as the Internet Protocol address (IP address) and the type of browser used by the user, etc. For more information about the use of cookies on our Website, please refer to our Cookie Policy.

Purpose of Processing and Legal Basis

The purpose of the collection and processing of such data is to improve the functionality of the Website and the services provided, as well as to analyse website traffic. The legal basis for processing the personal data is the user's consent (GDPR Article 6(1)(a)), which is given by accepting the relevant cookies, with the exception of strictly necessary cookies which are permanently installed and are essential for the operation of the Website, for which the legal basis is the Company's legitimate interest (GDPR Article 6(1)(f)).

Personal Data of Minor Users

This Website is not directed at minors and does not intend to collect or process the personal data of minors (i.e. persons who have not reached the age of 18). However, as it is impossible to verify the age of our Website users, we ask the parents/guardians of minors, should they become aware of any unauthorised disclosure of data by minors, to notify the Company immediately so that the necessary protective measures (e.g. deletion of the data) can be taken. In the event that the Company becomes aware that personal data of a minor have been collected, it undertakes to delete them immediately and to take all necessary measures to protect such data.

Transfers of Personal Data

The Company may transfer the above personal data to third parties to whom it has entrusted the processing of personal data on its behalf (such as service providers, website developers, etc.). In all cases, the third parties to whom user data may be transferred are contractually bound to the Company to ensure confidentiality obligations as well as all obligations provided for by the Applicable Legislation. At the same time, users' personal data may be transferred to public authorities, independent authorities, etc. (e.g. police departments, prosecutorial and judicial authorities, tax authorities, customs authorities, the HDPA, etc.) in the exercise of their duties, either on their own initiative or upon request by a third party invoking a legitimate interest, and in accordance with lawful procedures.

In the event of a transfer of users' personal data collected through this Website to a country outside the European Union (EU) or the European Economic Area (EEA), the Company first verifies whether:

The Commission has issued an adequacy decision for the third country to which the transfer is to be made.
Appropriate safeguards are in place in accordance with the Regulation for the transfer of such data.

Otherwise, the transfer to a third country is prohibited and the Company will not transfer users' personal data to that country, unless one of the specific derogations provided for by the Applicable Legislation applies (e.g. the explicit consent of the user after being informed of the risks involved in the transfer, the transfer is necessary for the performance of a contract at the request of the data subject, there are reasons of public interest, it is necessary for the establishment or defence of legal claims and vital interests of the user, etc.).

Data Retention Period

The personal data of users that are collected are retained for a predetermined and limited period, depending on the purpose of the processing, after which they are deleted from our records. Where processing is required as an obligation under the provisions of the applicable legal framework or where a specific retention period is prescribed, your personal data will be stored for as long as the relevant provisions require. Personal data of users collected and processed for the performance of a contract are retained for as long as is necessary for the performance of the contract and for the establishment, exercise and/or defence of legal claims arising from the contract. Personal data of users processed for marketing purposes on the basis of user consent are retained until the withdrawal of such consent, without the withdrawal affecting the lawfulness of the processing carried out prior to it.

Security of Personal Data

Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing, as well as the risks of varying likelihood and severity to the rights and freedoms of users arising from the processing, the Company takes the necessary technical and organisational measures to protect users' personal data. Although no method of transmission over the Internet or method of electronic storage is completely secure, the Company takes all necessary digital data security measures (antivirus, firewall, etc.).

Data Protection Officer (DPO)

In order to ensure the adequate protection of personal data, the Company has appointed a Data Protection Officer to whom data subjects may address their requests and questions regarding the protection of their personal data and this Policy, using the following contact details: dpo@mamfredaslaundries.gr or by telephone: +30 2695 048935.

Rights of Personal Data Subjects

The Company ensures that it is able to respond promptly to users' requests for the exercise of their rights in accordance with the Applicable Legislation.

In particular, each user has the following rights:

To request information about the processing of their personal data by the Company.
To request access to their personal data held by the Company. More specifically, they may request a copy of their personal data that are held and verify the lawfulness of the processing.
To request the rectification of their personal data in the event of inaccurate or incomplete recording by the Company.
To request the erasure of their personal data where their retention is not supported by any legal basis or legitimate interest.
To request restriction of the processing of their personal data, under specific conditions.
To request the portability/transfer of their personal data either to themselves or to third parties.
To withdraw at any time the consent they have given for the processing of their personal data, without such withdrawal affecting the lawfulness of the processing carried out prior to it.
To object to the processing of their personal data by the Company.
To object to a decision concerning them that is based solely on automated processing, including profiling.

To exercise your rights, you may contact the Data Protection Officer using the contact details provided above. In the event of the exercise of any of the above rights, the Company provides the data subject with information on the processing actions following the relevant request within one (1) month of receiving the request and verifying the identity of the data subject. This deadline may be extended by a further two (2) months where necessary, if the request is complex or there is a large number of requests. In such a case, the Company is obliged, within one month of receiving the request, to inform the data subject of the delay and the reasons for it. Within the above time period, it also informs the data subject of any refusal to satisfy the submitted request in whole or in part, as well as the reasons for the refusal.

For any complaint regarding this Policy or personal data protection matters, if we do not satisfy your request, you may contact the Hellenic Data Protection Authority www.dpa.gr, with registered office at 1-3 Kifisias Avenue, 115 23, Athens.

Disclaimer of Liability for Third-Party Websites

In the event that our Website contains links that redirect users to third-party websites, please be advised that the Company does not control and is not responsible for the content, actions or policies of such websites, nor for the manner in which they process users' personal data.

Updates to the Privacy Policy

This Privacy Policy may be amended or revised in the future as part of the Company's regulatory compliance efforts, as well as the optimisation and upgrade of our Website's services. We therefore recommend that you consult the updated version of this Policy each time, so that you remain fully informed.