This policy-notice (hereinafter Policy) is addressed to natural persons (data subjects) and provides information and information regarding the collection, use, transfer and protection of personal data (hereinafter also referred to as data) as well as the rights of data subjects, as derived from national legislation and from the General Regulation for Data Protection (GDPR) of the European Union (EU).

1. Collection and processing of personal data

Personal data is considered as any information relating to an identified or identifiable natural person and may lead either directly or in combination with other data to the recognition/identification of the natural person. Therefore, an identifiable natural person is one whose identity can be ascertained, directly or indirectly, in particular by reference to an identifier, such as name, identity card number, e-mail address, location data, online identifier, etc., as well as any other information that allows identification according to the provisions of GDPR, the Greek legislation in force and the decisions of Hellenic Data Protection Authority.

STREAMLINE Trainining & Conslulting (hereinafter STREAMLINE or Company) collects and process personal data as Data Controller:

• In the context of concluding a contract regarding services.
• When you collaborate with the Company in the context of its business activities.
• When you submit requests-queries, complaints, comments, reviews or generally contact us about any issue.
• When you visit or navigate the Company's website. We use anonymous cookies to collect information about our website aggregated visiting activity. 

The information we collect about you is absolutely necessary for the processing and implementation of the contract between us as well as for informing you about the services of STREAMLINE which contractually concern you. The information we collect includes the following:

• Name, surface mail address, electronic address (e-mail), telephone, Tax identification number.

• Communication data (such as e-mails, letters in paper or any other form of communication you make).
• In addition, we collect information related to our website aggregated visiting activity.

We process your personal data for one or more of the following purposes:

• To carry-out business transactions and offer the services for which there is a contract with you as well as to inform you in the context of an existing contract.
• To comply with our regulatory and legal obligations.
• For invoicing our customers in the context of providing our services.
• To defend and secure the legal interests of the Company.

3. Data Retention

We will keep your data for as long as your relationship with the Company lasts and after its termination for as long as the relevant legislation requires or until the statute of limitations for relevant claims has expired. In any case, this time does not exceed twenty (20) years. In particular, we delete personal data immediately, when there is no legal basis for the processing. In cases where the retention of personal data is necessary for the exercise or defense/exercise of the Company's legal rights before judicial or other authorities foreseen by the current legislation, the above deadline is extended until the end of the period in which such data is no longer necessary for the above purposes.

4. Data Transfers outside the EU/EEA

Your personal data is not transferred to third countries (i.e., to countries outside EU/EEA).

5. Recipients of Personal Data 

The Company guarantees that it will not transmit or disclose in any way your data to third parties, except the recipients mentioned herein, for any purpose or use, unless it is mandatory under the applicable law or required by public / prosecutorial / judicial services / authorities. In fulfilling our contractual and legal/regulatory obligations, your personal data may be disclosed to:

• Supervisory authorities, administrative bodies, judicial or other public authorities to the extent we are legally bound to provide this information or they are authorized by law to request it.
• Service providers-subcontractors of the Company (data processors).
• Third parties authorized by you.
• Authorized external legal advisors.

In addition, access to your data is given to the Company's absolutely necessary personnel, who are bound by confidentiality and have been properly trained. Finally, we will process and disclose data if this is deemed necessary to protect against fraud, to defend our rights or to protect our customers.

6. Automated decision making - profiling

We do not use automated decision-making processes when conducting our business activities. 

7. Security of personal data

In STREAMLINE, we recognize the importance of data protection and constantly review and improve our safeguards (technical and organizational measures) against unauthorized access and use, accidental loss, dissemination or destruction of your data. Every persono the Company who has access to the above information, uses it to exclusively serve the purposes of processing. Also in cases where an organization, a company or an external partner provides services to us or on our behalf that include the processing of personal data, we ensure that appropriate protection measures (technical and organizational measures) are applied and the data is processed in accordance with Company's instructions. These organizations-partners cannot process your data for their own purposes, and are bound, by contract to ensure the confidentiality, integrity, availability and in general protection of personal data in accordance with national data protection legislation and the GDPR.

8. Your Rights

You can contact us to inform you about what data is retained by us and how we process it. In addition, you can at any time request a copy of your personal data (GDPR art. 15, under reservation to the provisions of art. 33 of Law 4624/2019).

If you think that your personal data are incomplete or inaccurate, please contact us to proceed with the appropriate rectification (GDPR art. 16).

In the event that you consider that your data is not subject to processing for a specific and legal purpose, you can ask us to proceed with its deletion, after consultation with us (GDPR art. 17, under reservation to the provisions of art. 34 of Hellenic Law 4624/2019).

You can ask us to suspend or object to the processing of your personal data for reasons relating to your particular situation. If you submit such a relevant request, we will no longer process your personal data, unless we demonstrate compelling and legitimate reasons for the processing, which override your interests, rights and freedoms or to establish, exercise or support legal claims (GDPR art. 21, under reservation to the provisions of art. 35 of Hellenic Law 4624/2019).

You may request to receive a copy of your personal data in a structured, commonly used and machine-readable format, in order to transmit that data to other organizations. You also have the right to request that your personal data be transmitted directly by us to other organizations that you will name (right to data portability, GDPR art. 20).

You can withdraw at any time the consent (GDPR art. 7) you have given to the processing of your personal data, in cases where the processing takes place on a consent basis and without any other legal basis. In this case, data processing by us will be stopped, without this affecting the legality of the processing that has already taken place until the withdrawal of your consent.

You can request the restriction of processing of your personal data, only for specific purposes, including in the case of questioning the correctness of the data or unlawful processing (GDPR art. 18).

You can ask us to satisfy any of your rights at the electronic address (e-mail):

contact@streamline-training-and-consulting.gr

STREAMLINE is committed to respond to your request within one month following its receipt. However, if it is not possible for us to satisfy your request within the period of one month, we will inform you of the reasons for the delay.

9. Your Right to Submit a Complaint

If you have exercised some or all of your rights regarding data protection and you still feel that your concerns about the way we process your personal data has not been duly addressed by the Company, you have the right to submit a complaint to the Hellenic Data Protection Authority, Kifissias 1-3, PC 115 23, Athens. On the relevant website (https://www.dpa.gr ) you will find information on how to submit complaints.

10. Changes to this policy

We may change or amend this Policy from time to time, and we will accordingly amend the revision date indicated at the end of this notice. We recommend that you review this Policy periodically so that you are always aware of the way we process and protect your personal data.

Date of latest revision: Dec 5th, 2025