1. Introduction We, DATING STARS OÜ, respect your privacy and undertake to protect it in accordance with this Privacy Policy (hereinafter – the Privacy Policy). The Privacy Policy is addressed to persons who visit the website https://www.eroclub.gr/ belonging to EroClub.gr. The Privacy Policy also provides information about the processing of personal data of Visitors of EroClub.gr in the course of EroClub.gr carrying out its activities and providing services. We undertake to be transparent by providing clear information about which of your personal data is processed, the purposes of processing, the period for which personal data is stored, as well as the legal basis for data processing and your rights and other information which we are required to provide under applicable legislation. 2. Definitions 2.1. Personal data – any information relating to a natural person whose identity is established or can be established (data subject). 2.2. EroClub.gr - DATING STARS OÜ, Harju County, Tallinn, Kesklinna district, Narva mnt 7, 10117, Estonia, company code 11918310, tel. +370 646 08 218, e-mail [email protected]. 2.3. Data processing – any operation or set of operations performed on personal data or sets of personal data by automated or non-automated means, such as collection, recording, sorting, organisation, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, as well as alignment or combination with other data, restriction, erasure or destruction. 2.4. Data controller – a natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of data. In this Privacy Policy, the Data controller is EroClub.gr. 2.5. Data processor – a natural or legal person, public authority, agency or other body which processes personal data on behalf of the data controller. 2.7. Data recipient – a natural or legal person, public authority, agency or other body to which personal data is disclosed, whether a third party or not. 2.8. Data subject's consent – any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her. 2.9. EroClub.gr website – the EroClub.gr website https://www.eroclub.gr/.‒ Visitor - any natural person who visits the website www.eroclub.gr/, regardless of whether they are registered, logged in to their account, or only using the publicly available information and functionality of the website. 2.10. Regulation – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). 2.11. Direct marketing – activity aimed at offering goods or services to persons by mail, telephone or other direct means, and/or seeking their opinion regarding the goods or services offered. 3. Bases for the processing of personal data by EroClub.gr 3.1. EroClub.gr collects and processes personal data in accordance with the legislation of the European Union and other legal acts governing the protection of personal data. 3.2. EroClub.gr processes your personal data on the following bases: ‒ Your consent. 3.3. Which is expressed through your active actions, i.e. by contacting us and providing personal data, or by other active actions. We also send information about our services, offers and advertising upon receiving your consent. ‒ The pursuit of EroClub.gr's legitimate interests. 3.4. For example, in administering the EroClub.gr website and ensuring its proper functioning. In the course of EroClub.gr's commercial activities. In order to protect our rights, e.g. to recover debts and/or other amounts owed, etc. ‒ For the conclusion, performance, administration and amendment of contracts, agreements and similar documents. ‒ In order to comply with legal obligations applicable to EroClub.gr or to protect your or another natural person's vital interests. 4. Categories, purposes and scope of personal data processed 4.1. EroClub.gr processes personal data for the purposes of registration, account administration, provision of services, payment administration, ensuring system security, fraud prevention, dispute resolution, defence of legal claims and direct marketing. 4.2. For the purpose of registration and account administration, the Visitor's registration data is processed, including the email address, the Visitor's name, date of birth, gender and other profile information voluntarily provided by the Visitor. This data is processed in order to conclude and perform the agreement on the use of the EroClub.gr website. 4.3. For the purpose of providing services, the Visitor's profile data, communication and correspondence data, activity information and other information related to the use of the EroClub.gr website may be processed. 4.4. For the purpose of payment administration, payment information and accounting data may be processed. Such data is processed in order to perform the contract and legal obligations. 4.5. For the purpose of system security, fraud prevention, detection of unauthorised use and investigation of incidents, IP addresses, technical login records (logs), login history and other technical identifiers may be processed. This data is processed on the basis of EroClub.gr's legitimate interest in ensuring system security and the proper functioning of the EroClub.gr website. 4.6. For the purpose of resolving disputes and asserting, exercising or defending legal claims, administrative data and other information related to the use of the EroClub.gr website may be processed. 4.7. For direct marketing purposes, personal data is processed only after obtaining the Visitor's consent or on other grounds permitted by law. 4.8. During registration and use of the EroClub.gr website, the following may be processed: ‒ name or nickname; ‒ email address; ‒ date of birth or age; ‒ gender; ‒ place of residence; ‒ profile photos; ‒ interests and other information voluntarily provided by the Visitor; ‒ communication and correspondence data; ‒ login records; ‒ IP addresses; ‒ technical identifiers; ‒ technical system log data. 4.9. EroClub.gr may also process: ‒ account administration data; ‒ account status information; ‒ facts concerning account creation, inactivity and deletion; ‒ technical system administration metadata; ‒ Portal usage metadata; ‒ information about Visitor interactions on the Portal. 4.10. The scope of data processed may vary in each specific case depending on: ‒ the information provided by the Visitor; ‒ the functions used; ‒ the technical architecture of the systems; ‒ the account status; ‒ the data retention periods. 4.11. EroClub.gr may process information about: ‒ the device used; ‒ the browser; ‒ the operating system; ‒ the date and time of the visit; ‒ website usage statistics; ‒ login history; ‒ technical system records. 4.12. Technical data is processed for the purposes of: ‒ ensuring system operation; ‒ security; ‒ fraud prevention; ‒ incident investigation; ‒ prevention of unauthorised use; ‒ protection of legitimate interests. 5. Sources of personal data received and processed by EroClub.gr 5.1. We receive personal data when you: ‒ Register on the EroClub.gr website; ‒ use the functions of the EroClub.gr website; ‒ contact EroClub.gr; ‒ use paid services; ‒ data may be collected automatically while using the EroClub.gr website. 5.2. Certain data may be received from infrastructure providers, server hosting providers, payment providers, communication providers and other technical service providers. 6. Terms of personal data processing by EroClub.gr 6.1. We will process and store your personal data for no longer than is necessary to achieve the purposes for which the data was collected, or for such period as is established by legislation. 6.2. We determine the period of storage of personal data based on the following principles: ‒ how long such information is needed for the purposes for which it was collected and processed; ‒ how long such information is needed for us to comply with the legal requirements applicable to us; ‒ how long such information is needed for us to fulfil our contractual obligations; ‒ how long you allow us (by your consent or otherwise) to use such information about you. 6.3. The scope and retention periods of different categories of technical, administrative and operational data may vary depending on the nature of the data, the purpose of processing, the architecture of the systems, security needs, legal requirements and the protection of legitimate interests. 6.4. Data of registered accounts is stored for as long as the account remains active. 6.5. If the Visitor does not use the account for a long period of time, the account may be marked as inactive. 6.6. Inactive accounts may be deleted during automated administration processes. 6.7. After the account is deleted, active processing of the account's content data is discontinued. 6.8. After the account is deleted: ‒ account content data may be removed or no longer stored in active systems; ‒ communication history and technical usage data may no longer be accessible; ‒ the full historical login (log) and IP address information may no longer be stored. 6.9. After the account is deleted, EroClub.gr may retain only a minimal set of administrative data necessary for: ‒ system administration; ‒ compliance with legal obligations; ‒ handling of inquiries; ‒ fraud prevention; ‒ protection of legitimate interests; ‒ resolution of potential disputes. 6.10. Such administrative data may include: ‒ the Visitor's identifier (ID); ‒ the Visitor's name; ‒ the Visitor's email address; ‒ metadata relating to the Visitor's account administration; ‒ facts concerning account creation, inactivity and deletion. 6.11. Technical logs, IP addresses and system records are stored for a limited period necessary to ensure system operation, investigate security incidents, prevent fraud, and assert, exercise or defend legal claims. 6.12. Communication history may be stored for up to 2 years from the last communication. 6.13. Data of registered accounts is generally stored for as long as the account is active, while certain minimal administrative data may be stored for a longer period if necessary for the exercise of legal claims, dispute resolution, system security or the protection of legitimate interests. 6.14. We will store your payment-related data for no longer than 5 (five) years from the date the transaction was carried out. 7. Cases and grounds for the transfer and disclosure of personal data processed by EroClub.gr to third parties 7.1. We want to gain and maintain your trust, therefore your personal data is disclosed to third parties only to the extent necessary for the provision of services, compliance with legal obligations, protection of legitimate interests or on other grounds established by law. 7.2. Certain personal data may be transferred to partners engaged for the purpose of providing services, for example: ‒ infrastructure service providers; ‒ server hosting service providers; ‒ payment service providers; ‒ technical systems maintenance service providers; ‒ IT service providers; ‒ auditors and consultants; ‒ email sending service providers; ‒ state authorities and law enforcement; ‒ debt administration or collection service providers; ‒ data protection officer service providers. 7.3. Such data is transferred only to the extent necessary for the provision of services, ensuring the operation of systems, ensuring security, and compliance with legal obligations. 7.4. We only engage service providers who have implemented/undertake to implement appropriate technical and organisational measures that would ensure an adequate level of data processing security, corresponding to the risk of infringement of the rights or freedoms of natural persons whose data will be processed under the data processing agreement, and such data processing would comply with the requirements of the Regulation. 8. Jurisdiction and territory of personal data processing 8.1. Except for the exceptions specified below, we process your personal data within the territory of the European Union. We currently have no intention to transfer, and do not transfer, your personal data to third countries. 8.2. Please be informed that certain data relating to your visit to the EroClub.gr website, or data generated by visiting the EroClub.gr website, specified below, may be processed, transferred to, or made accessible to entities operating both within the European Economic Area (EEA) and outside it (e.g. where we use Google Analytics, Facebook Ads and similar services, functionalities or products, such data processors or recipients are companies operating in the United States of America or other non-EEA states). 8.3. We assure you that, in order to ensure an adequate level of data security and lawful data transfer for transfers outside the EU and EEA, we conclude the Standard Contractual Clauses approved by the European Commission or rely on other bases and conditions set out in the Regulation. 9. Security of personal data processed by EroClub.gr We use technical and organisational security measures to protect your data. Data is stored securely and is accessible to a limited number of persons. We also require our business partners to use appropriate technical and organisational measures to ensure data security. 10. Rights of the data subjects whose personal data is processed by EroClub.gr 10.1. The Regulation and other legal acts grant you rights which you may freely exercise. In this Privacy Policy, we set out the rights guaranteed to you by law and the main ways of exercising them. 10.2. Your rights: ‒ The right to receive information about the processing of personal data. 10.3. We provide information about the processing of your personal data at the time the data is collected. You may always find it in this Privacy Policy or obtain it by contacting us at [email protected]. ‒ The right to access the personal data we process about you. 10.4. You have the right to access the personal data being processed and information about its processing, such as the purposes of processing, categories of personal data, recipients of personal data, etc. We will provide you with a copy of your personal data. You have the right to receive your personal data in a structured, commonly used and machine-readable format. However, you will not be able to exercise this right in cases where it could adversely affect the rights and freedoms of others. We have the right to refuse to provide the data we process about you if circumstances specified in legislation, under which personal data is not provided, are established. ‒ The right to request rectification of the personal data we process about you. 10.5. You have the right to have inaccurate personal data concerning you corrected and, taking into account the purposes of processing, to have incomplete personal data completed. ‒ The right to request that we erase your personal data ("the right to be forgotten"). 10.6. You may exercise this right when: ‒ the personal data is no longer necessary for the purposes for which it was collected or otherwise processed; ‒ you withdraw your consent and there is no other legal basis for processing the data; ‒ you object to the personal data being processed for the purpose of a legitimate interest of ours or a third party; ‒ the personal data is processed for direct marketing purposes; ‒ the personal data has been processed unlawfully. 10.7. Personal data must be erased in accordance with the requirements of the legislation applicable to us. In certain cases, you will not be able to exercise this right due to applicable exceptions. These exceptions cover cases where the processing of personal data is necessary in order to: ‒ exercise the right of freedom of expression and information; ‒ fulfil our legal obligations; ‒ assert, exercise or defend legal claims. 10.8. The exercise of this right may be limited if the retention of certain minimal administrative or technical data is necessary for the exercise of legal claims, dispute resolution, fraud prevention or ensuring system security. ‒ The right to restrict the processing of your personal data. 10.9. This right may be exercised in the following cases: ‒ when you contest the accuracy of the personal data; ‒ when the personal data is processed unlawfully, but you do not want it to be erased; ‒ when the personal data is no longer needed for our data processing purposes, but you require it for the assertion, exercise or defence of legal claims. 10.10. Where you have objected to the data being processed on the basis of a legitimate interest of ours or a third party, until the grounds for your objection have been verified. 10.11. Please be informed that, once the processing of personal data has been restricted, we may continue to store your personal data, but will not otherwise process it, except: ‒ with your consent; ‒ for the assertion, exercise or defence of legal claims; ‒ in order to protect the rights of other natural or legal persons; ‒ for reasons of important public interest. ‒ The right to object to the processing of your personal data. 10.12. You have the right to object to the processing of personal data where the personal data is processed on the basis of our legitimate interests. To exercise the right specified in this section, please submit a written request to [email protected]. ‒ The right to object to your personal data being processed for direct marketing purposes. 10.13. If you object to the processing of your personal data for direct marketing purposes, we will no longer process your personal data for this purpose. ‒ The right to data portability. 10.14. You may exercise this right in cases where we process your personal data by automated means (computers, etc.) and the legal basis for the processing of personal data is: ‒ your consent; ‒ the performance of a contract or actions taken at your request prior to entering into a contract. 10.15. At your request, and where technically feasible, we will transmit the data directly to another data controller specified by you. ‒ The right to withdraw consent to the processing of your personal data. 10.16. Where we process your data on the basis of your consent, you have the right to withdraw your consent at any time, and the processing of data based on your consent will be discontinued. The withdrawal of consent will not affect the lawfulness of processing carried out prior to its withdrawal. ‒ The right to lodge a complaint with a supervisory authority. 10.17. If you believe that we are processing your data in violation of the requirements of data protection legislation, we always first ask that you contact us directly. If you are not satisfied with the solution or measures we propose, you may always lodge a complaint with the supervisory authority (the State Data Protection Inspectorate (https://vdai.lrv.lt/lt/), L. Sapiegos g. 17, Vilnius, Lithuania, tel. +370 527 12804, e-mail [email protected]). 11. EroClub.gr contacts and means of communication If you have any questions, requests or comments about the processing of personal data, please contact us: DATING STARS OÜ, Harju County, Tallinn, Kesklinna district, Narva mnt 7, 10117, Estonia, company code 11918310, tel. +370 646 08 218, e-mail [email protected]. 12. Automated and marketing notifications 12.1. EroClub.gr may send system notifications, notifications about account administration, notifications about Visitor activity and interactions between Visitors, security notifications, as well as direct marketing notifications. 12.2. Automated system notifications may operate on the EroClub.gr website, sent in connection with the functionality of the EroClub.gr website, interactions between Visitors, system settings and account administration processes. 12.3. Automated system notifications may also be sent to inactive or previously registered Visitors, where such notifications relate to the functionality of the EroClub.gr website, Visitor activity, account administration, security, or similar services of the EroClub.gr website. 12.4. System notifications may be sent to inactive Visitors where this is necessary for account administration, ensuring the functionality of the EroClub.gr website, security purposes, or the protection of legitimate interests. 12.5. Direct marketing notifications are sent to Visitors upon obtaining their consent or on other grounds established by law. 12.6. Electronic communication means may be used for direct marketing notifications on the grounds established by law, including cases where the Visitor's contact details were obtained during registration on the EroClub.gr website and the Visitor was given a clear, free and simple opportunity to object to the receipt of such notifications. 12.7. Every marketing-related electronic notification must provide the Visitor with the opportunity to opt out of receiving such notifications. 13. Protection of minors 13.1. EroClub.gr pays particular attention to the protection of the rights and interests of minors and takes all reasonable measures to ensure that the EroClub.gr website and the services provided on it are used only in accordance with the procedure established by legislation. Given that the content and functionality of the EroClub.gr website are intended exclusively for an adult audience, all parts of the EroClub.gr website are deemed unsuitable for minors. 13.2. The services of the EroClub.gr website are intended only for adults, i.e. natural persons who are not younger than 18 (eighteen) years of age. Persons who have not reached the age of 18 are strictly prohibited from registering on the EroClub.gr website, creating accounts or otherwise using the services provided in any way. 13.3. By registering on the EroClub.gr website, the Visitor confirms and warrants that they are of legal age and have the right to use the EroClub.gr website and its services. EroClub.gr has the right, at any time, to request proof of the Visitor's age or to take additional verification measures where there are reasonable doubts as to the accuracy of the data provided by the Visitor. 13.4. In the event that it transpires that a minor is using the EroClub.gr website, or that incorrect or misleading data about age was provided during registration, EroClub.gr has the right to immediately suspend or terminate such an account, delete the related data, and restrict further access to the EroClub.gr website. 13.5. EroClub.gr also reserves the right to take additional technical and organisational measures aimed at restricting access by minors, including but not limited to content filtering, the provision of warning notices, access restrictions and other control measures, to the extent that this is reasonable and proportionate. 13.6. Minor visitors are strictly prohibited from visiting the EroClub.gr website or using its content, and parents or other legal representatives of minors are urged to supervise minors' use of the internet and to take measures to prevent minors from visiting websites of this nature. 13.7. EroClub.gr assumes no liability for unauthorised access by minors to the EroClub.gr website where such access was obtained by circumventing the established rules or by providing false information; however, upon receiving information about such a violation, it undertakes to take prompt action to eliminate the violation. 14. Cookies and their use 14.1. A cookie is a small text file that is saved on your computer or mobile device when you visit the EroClub.gr website. Through it, the website can "remember" your actions and preferences (e.g. login name, language, font size and other display preferences) for a certain period of time, so that you do not need to re-enter them each time you visit the website. 14.2.The EroClub.gr website uses the following cookies: ‒ Necessary cookies. 14.3. Necessary cookies are essential for the proper functioning of the EroClub.gr website. They allow the Visitor to browse the EroClub.gr website and use its basic functions, including secure account login, session retention and protection against unauthorised access. These cookies store information about the current visit, and without them the EroClub.gr website would not be able to function properly; therefore their use is mandatory. ‒ Behavioural (analytical) cookies. 14.4. Behavioural cookies are used to collect information about how Visitors use the EroClub.gr website, including pages visited, browsing duration, actions taken and other statistical data. This information is aggregated and anonymised (to the extent possible) and is used to improve the functioning of the EroClub.gr website, enhance content and optimise the Visitor experience. ‒ Functional cookies. 14.5. Functional cookies allow the Visitor's choices and settings, such as language selection, login details (if this feature is enabled), individual settings or other personalisation preferences, to be remembered. Thanks to these cookies, the EroClub.gr website can be tailored to a specific Visitor, ensuring more convenient and faster use of the services. 14.6. Necessary cookies are used on the basis of a legitimate interest in ensuring the functioning of the EroClub.gr website, while behavioural and functional cookies may only be used upon obtaining the Visitor's consent, except for exceptions established by law. The Visitor has the right, at any time, to change their cookie settings, refuse non-essential cookies, or delete them through their browser settings. 14.7. Cookies may be stored only for as long as is necessary to achieve the purposes for which they are used, taking into account the type of cookie, or until the Visitor deletes them or withdraws their consent. 14.8. You can opt out of cookies on the home page of our website by changing your cookie settings again. 15. Final provisions 15.1. We may periodically amend this Privacy Policy so that it adequately reflects how we process your personal data. Where we make significant changes, we will notify you of this on the EroClub.gr website or through other appropriate means of communication, such as email, so that you may review such changes before continuing to use the EroClub.gr website. If any provision of the Privacy Policy is found to be invalid or unenforceable, this shall not affect the legality and validity of the remaining provisions of the Privacy Policy. 15.2. This Privacy Policy shall apply from ____________ __, 2026. |