Marketing Greece Tourism AI Playground
Back to App

Privacy Policy

Last updated: March 2, 2026

Introduction

The use of our App is subject to the Terms and this Privacy Policy that constitutes an integral part of the Terms. Capitalized terms not defined here have the meaning set out in the Terms.

Marketing Greece may modify the Privacy Policy from time to time without prior notice, for reasons of compliance with the regulatory and legislative framework, including any recommendations and guidelines of the Hellenic Data Protection Authority (hereinafter simply “HDPA”), as well as for operational purposes.

Any updated version of the Privacy Policy is posted with a date indication, so that you know which is the most recent and current version of it. We encourage you to regularly review the present terms, as the use of our App implies that you have accepted such amendments.

By using our App you unconditionally declare that you have reviewed, understood and accepted all the terms included in the Terms and this Privacy Policy. If you do not agree with any of the terms included in the Terms and/or the Privacy Policy, you must refrain from using our Services.

Marketing Greece is committed to respecting and protecting your privacy.

This Privacy Policy explains how our Company under the name “MARKETING GREECE ANONIMI ETAIRIA PROOTHISIS KAI ANAPTIKSIS TOY TOYRISMOY” (“Marketing Greece”, “we”, “Company”) processes as Controller the personal data in connection with the App and how the App uses trackers.

In case that you wish to be informed for other activities where our Company acts as a data controller according to applicable law you may refer to the Privacy Policy of our Company published in its website (available here: https://www.marketinggreece.com/politiki-aporritoy).

Controller Details

Controller: MARKETING GREECE ANONIMI ETAIRIA PROOTHISIS KAI ANAPTIKSIS TOY TOYRISMOY

Registered address: Voukourestiou 20, Athens, Greece

EUID: ELGEMI.125083101000

Email: admin@marketinggreece.com

Website: www.marketinggreece.com

1 Roles of Marketing Greece in Processing

Because the App is used both as a platform service and as a tool that processes User Content, the Company may act as either Controller or Processor in accordance with the terms of the applicable law.

As Controller

Marketing Greece acts as Controller in accordance with the applicable law (including EU Regulation 679/2016 or “GDPR”, Law 4624/2019 etc.) for personal data processed to operate and secure the App and meet compliance needs. We act as Data Controller only when we decide about the crucial parameters of data collection and processing (means of processing, retention period, transfer, recipients, categories of data etc.).

Especially, we act as Controller when we determine the purposes and means of processing for App operations, security, compliance and administration, including:

  • Operating, maintaining and securing the App
  • Authentication and authorization workflows (including domain verification where applicable)
  • Logging, telemetry
  • Fraud/abuse prevention and incident investigation
  • Customer support and communications
  • Compliance, legal obligations and recordkeeping

As Processor

According to the Terms, our Company does not own neither control the User Content. “User Content” means any information, data, or material that the User submits to the App, including but not limited to text, images, links (URLs), and domain names, in accordance with the Terms. User Content is owned and controlled by the User. Our Company processes the User Content acting on behalf of the User and under its mandates.

According to applicable law, our Company acts as Processor when processing the User Content that contains personal data. Regarding the processing of User Content containing personal data the Data Processing Agreement is applicable.

User Responsibility

You are responsible for ensuring you have a lawful basis to submit and process any personal data included in User Content, and for submitting only what is necessary for your purposes.

2 Categories & Sources of Data

As Data Controller

We will collect and process the following categories of data:

  • Technical, usage, telemetry, and security data: IP address, user-agent, device/browser information (type/version/language), operating system, time zone settings, approximate location based on IP, timestamps, request identifiers, response times, feature usage metrics, token/latency metadata (where applicable), error logs, security logs, abuse signals, and rate-limiting indicators.
  • Identification/account and verification data: Domain, email address, verification tokens/codes, timestamps, IP/user-agent, as well as logs evidencing verification attempts.
  • Communication/support data (where applicable): Information you provide when contacting us for support/to report a problem or when submitting a request, as well as relevant technical logs generated to investigate and resolve the request.

We may process anonymized and statistical data for any purpose, particularly for statistical reasons and for the improvement of the Application’s provided services and functions. Although such data may originate from the User’s personal data, they are not considered personal data, as they do not directly or indirectly reveal the User’s identity (for example, we may aggregate Application usage data in order to calculate the percentage of users accessing specific elements and features of the Application).

As Processor

We will process the User Content, including third-party data you request us to process according to the Data Processing Agreement and the Terms.

Sources

Most of the personal information we process as Data Controller is provided directly by you for one of the following reasons:

  • You access and use the App.
  • You directly contact us for whatever reason.

We also use Trackers and may collect information regarding how you use our App. In particular, the Application automatically collects certain information of a technical nature via the Trackers. This information helps us to ensure the operation and security of the Application, to address errors and to improve its performance. Indicatively, we may collect through the Trackers:

  • Connection/device data: date and time of access, IP address, user-agent, type/version of browser and operating system, language/time zone settings.
  • Navigation/usage data: referral website, pages/paths you visit in the Application, actions you perform and technical metrics of feature usage.
  • Performance & security data: request identifiers, response times, transmission status/errors, error and security logs, abuse signals and rate-limiting indicators.

We may collect aggregated or anonymized data, such as statistical information, for any purpose. While aggregated or anonymized data may derive from your personal data, it is not considered personal data because such data does not directly or indirectly reveal your identity (for example, we may aggregate usage data to calculate the percentage of users who have access to certain elements of the App).

Special Categories Prohibited

We do not collect through our App any special category of your personal data, such as information about your health, race or ethnicity, religious or philosophical beliefs, sex life, etc. Any User is prohibited from sharing special categories of personal data (Art. 9 GDPR) according to the Terms, as well as data relating to criminal convictions/offences (Art. 10 GDPR).

3 Purposes of Processing & Legal Bases

Where Marketing Greece acts as Controller, we process personal data for the purposes below on the following legal bases:

Provide and operate the App

Purpose: Provide core Service functionality, enable access, maintain sessions, administer accounts, deliver requested features.

Legal basis: Performance of a contract (Article 6(1)(b) GDPR) — performance of the Terms.

Security, fraud/abuse prevention and incident investigation

Purpose: Protect the App, users and our systems; detect and prevent abuse; maintain integrity, availability and confidentiality; investigate incidents.

Legal basis: Legitimate interests (Article 6(1)(f) GDPR). Our legitimate interests include ensuring network and information security and preventing misuse. Where required by law, processing may also rely on Article 6(1)(c) of GDPR.

Support and communications

Purpose: Respond to inquiries, troubleshoot, provide customer support and service communications.

Legal basis: Performance of a contract (Article 6(1)(b) GDPR) and/or legitimate interests (Article 6(1)(f) GDPR) depending on the context.

Compliance and enforcement

Purpose: Comply with legal obligations, respond to lawful requests, enforce the Terms, establish/exercise/defend legal claims.

Legal basis: Legal obligation (Article 6(1)(c) GDPR) and/or legitimate interests (Article 6(1)(f) GDPR).

4 Data Sharing

Marketing Greece may transmit data to third parties, when this is provided for by existing legislation as an obligation or alternatively in accordance with the guarantees and conditions provided by applicable law.

No Marketing Sharing · No AI Training

We do not share your personal data with third parties for the purposes of promoting products or services. Your personal data is not processed for AI training purposes.

Marketing Greece may engage external/third party service providers, who act as data processors of Marketing Greece and provide specific services to Marketing Greece, such as technical support. When providing such support services, external service providers may process your personal data as data processors of Marketing Greece only based on our instructions. The processing of your personal data by any data processor is governed by a contract that binds, among other obligations, each processor to the protection of your personal data.

Marketing Greece may transmit, in order to comply with the applicable data protection legislation, personal data to judicial and/or law enforcement authorities, independent authorities, governmental authorities.

The Application uses services of the Google Maps Platform by Google for the provision of specific functions. The use and transfer to the Application of data received from the aforementioned Google platform is governed by the terms of use of Google, available at: https://business.safety.google/controllerterms/ and at: Google API Services User Data Policy, and any other term applicable by the aforementioned provider (Google). The User declares and warrants that they will comply with all the terms of the aforementioned provider while using the relevant services.

5 International Transfers of Personal Data

Marketing Greece transfers personal data in accordance with applicable law. To the extent that, in the context of and for the needs of the above-mentioned purposes, your personal data need to be transferred outside the EU/EEA, such data transfer will take place in accordance with applicable law and Marketing Greece will ensure an adequate level of data protection.

By entering into appropriate data transfer agreements based on Standard Contractual Clauses, accessible upon request to admin@marketinggreece.com, or by taking other measures to provide an adequate level of data protection, Marketing Greece ensures or confirms that all data recipients will provide an adequate level of protection for your personal data.

6 How Long We Keep Your Personal Data

Your personal data will be retained for as long as necessary to fulfil the purposes we collected them for and for the maximum period provided by applicable law until the statute of limitations of related claims.

By way of example, the User Content is processed during the time you use the Application, with no possibility of processing after the end of use. Furthermore, technical data that we collect through Trackers are deleted automatically and immediately, such as the IP address (e.g., within a minute from the end of use of the Application), IP geolocation (within 24 hours from the end of use).

7 Your Rights as a Data Subject

In accordance with the data protection law, when we process your personal data you have certain rights that we need to inform you about. According to applicable law, under preconditions you have the following rights:

  • Right to be informed / Transparency

    You have the right to know who is processing your data, what categories of data they are using and why (Articles 12, 13 and 14 of the GDPR).

  • Right of access

    You have the right to request access to your personal data (Article 15 of the GDPR). You can exercise this right free of charge in most cases by making an access request in writing or verbally, if you wish to.

  • Right to rectification

    You have the right to have the data rectified, if your data is inaccurate and/or incomplete (Articles 16 & 19 of the GDPR).

  • Right to erasure

    You have the right to have your personal data erased under specific conditions, such as where your data is no longer necessary, you have withdrawn your consent, your data has been unlawfully processed etc. (Articles 17 & 19 of the GDPR).

  • Right to restriction of processing

    You have the right to obtain restriction of processing where the accuracy of your personal data is contested, the processing is unlawful, we no longer need the personal data for the purposes of the processing, you have objected to automated processing (Articles 18 and 19 of the GDPR).

  • Right to data portability

    You have the right to have your data transmitted to another data controller (Article 20 of the GDPR).

  • Right to object

    You have the right to object to the processing of your personal data provided that this is not contrary to the public interest (Article 21 of the GDPR).

  • Right to human intervention

    You have the right to object where a decision is based solely on automated processing, including profiling, which produces legal effects concerning you or significantly affects you (Article 22 of the GDPR).

  • Right to lodge a complaint

    You have the right to lodge a complaint before the HDPA (and any other competent authority) in case you consider that the aforementioned rights have been infringed.

8 How Can You Exercise Your Rights

We must reply to any request of yours for the exercise of your above rights within one month of receipt. This time limit may be extended by a further two months, if necessary at our discretion, taking into account the complexity of your request and the number of requests we handle at the same time, in accordance with the applicable law.

To exercise your rights, contact us at: admin@marketinggreece.com

9 Security

We implement appropriate technical and organizational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access, taking into account the state of the art, costs of implementation, and the nature, scope, context and purposes of processing.

Security measures may include access controls, encryption where appropriate, logging and monitoring, vulnerability management, and incident response procedures. Furthermore, the Application has been designed in such a way as to process only adequate, relevant, and necessary data of Users, adhering to the principle of data minimization.

11 Trackers

The App uses only necessary trackers. Necessary trackers are required for your access and use to the App and for the provision of Services.

Necessary trackers include, for example, trackers that are necessary to identify and/or maintain App content, to authenticate the user, to effectively operate App security measures. Necessary trackers are defined in the Tracker’s Banner.

Tracker’s Banner

Type Name Purpose Retention
Session Storage (8 keys) tap_session_id, analyticsAdminToken, autosave_* User/admin authentication, linking of requests in a session, automatic form saving, caching of AI results Automatic deletion upon closing the browser
Local Storage (12 keys) theme, lastView, termsAcceptedVersion UI preferences (theme, last tool), recording of Terms of Use acceptance, caching of tool outputs (briefs, schemas), chatbot history Automatic deletion upon closing the browser

No Non-Essential Trackers

We do not use other trackers (e.g., statistical, marketing or functionality trackers).

Because trackers of the App are used only for strictly necessary / essential purposes to provide and secure the App, the legal basis for the associated processing is generally performance of a contract (Article 6(1)(b) GDPR) and/or our legitimate interests in ensuring security and proper operation of the App (Article 6(1)(f) GDPR) and your consent is not required.

Return to Tourism AI Playground