Privacy & Data Protection Policy (GDPR)
This Privacy Policy describes how we collect, use, store, and protect the personal data of visitors and users of the website visagreca.com.
By accessing and using this website, you agree to the terms of this policy.
1. Who We Are
Our website address is: https://visagreca.com.
We are the data controller in accordance with the General Data Protection Regulation (GDPR).
2. Collection and Use of Data
2.1 User Comments
When visitors submit comments on the website, we collect the information provided in the comments form, as well as:
-
the visitor’s IP address
-
the browser user agent string
This data is used exclusively to protect the website from malicious activity and unwanted messages (spam).
In addition, an anonymised hash of your email address may be sent to the Gravatar service to check if you are using it.
Gravatar’s privacy policy is available here: https://automattic.com/privacy/.
After your comment is approved, your profile picture may be publicly visible.
2.2 Media Files
If you upload images to the website, we recommend removing location data (EXIF GPS).
Visitors may be able to download and extract location information from published images.
2.3 Cookies
We use cookies to improve user experience on our website.
Comment Cookies
If you leave a comment, you may choose to save your name, email, and website in cookies for convenience. These are retained for 1 year.
Login Cookies
When you visit the login page, we create a temporary cookie to check whether your browser accepts cookies.
Upon logging in, cookies are stored containing your login details and display preferences.
-
Login cookies are retained for 2 days (or 2 weeks if you select “Remember Me”).
-
Display preference cookies are kept for 1 year.
Content Editing Cookies
When editing or publishing an article, a cookie is stored that identifies the post ID. It expires after 1 day.
2.4 Embedded Third-Party Content
Articles may include embedded content (e.g., videos, images, articles).
Embedded content from third-party websites behaves as if you visited those websites directly.
These external websites may:
-
collect data about you
-
use cookies
-
employ third-party tracking technologies
-
monitor your interaction with embedded content, especially if you are logged in to their service
3. Who We Share Your Data With
If you request a password reset, your IP address may be included in the reset email for security purposes.
4. Data Retention
Comments and their metadata are stored indefinitely to automatically recognise and approve future comments.
Registered users have their profile information stored until it is modified or deleted.
All users can view, edit, or delete their personal data at any time (except for the username).
Website administrators can also access this information for maintenance purposes.
5. Your Rights
Under the GDPR, you have the right to:
-
Access the personal data we hold about you
-
Receive a copy of your data in an exportable format
-
Correct or delete your data
-
Withdraw your consent where applicable
-
Request restriction of processing
-
Object to processing
We cannot delete data that we are legally required to retain.
6. Where Your Data Is Sent
Visitor comments may be checked through an automated spam detection service.
7. GDPR Compliance
We take the protection of your personal data seriously and implement all necessary technical and organisational measures to ensure compliance with the General Data Protection Regulation (EU) 2016/679 – GDPR.
7.1 Legal Bases for Processing
The processing of your personal data is based on the following lawful grounds:
-
Consent — e.g., for cookies or contact forms
-
Performance of a contract — when processing is necessary for delivering services
-
Legitimate interest — for website functionality and preventing malicious actions
-
Legal obligation — when retention of data is required for tax, legal, or other regulatory reasons
7.2 Your GDPR Rights
In compliance with the GDPR, you have the following rights:
-
Right of access
-
Right to correct inaccurate or incomplete data
-
Right to erasure (“right to be forgotten”)
-
Right to restrict processing
-
Right to object to processing
-
Right to data portability
-
Right to withdraw consent at any time
To exercise any of these rights, you may contact us through the contact form or email provided on the website.
7.3 Data Security
We apply modern security measures, including:
-
HTTPS encryption
-
firewalls and anti-malware protections
-
restricted access to personal data
-
regular system updates
Our goal is to prevent unauthorised access, alteration, disclosure, or destruction of your data.
7.4 Data Disclosure to Third Parties
We do not sell, rent, or trade your data.
Data may be disclosed only:
-
to hosting providers
-
to spam-detection services
-
to analytics tools (if used)
and only to the extent necessary for website operation.
All partners comply with the GDPR and apply equivalent security measures.
7.5 Data Storage Inside and Outside the EU
Where possible, data is stored within the European Union.
If a transfer outside the EU is required, it is carried out only:
-
to countries with an adequate level of protection, or
-
based on Standard Contractual Clauses (SCCs) approved by the European Commission
7.6 Data Protection Officer (DPO)
If a DPO is appointed, their details should be listed here; otherwise, this section remains as follows:
For any issue related to personal data and GDPR compliance, you may contact us through the information provided on the Contact page.
7.7 Submitting a Complaint
If you believe that the processing of your personal data violates the GDPR, you have the right to file a complaint with the competent supervisory authority:
Hellenic Data Protection Authority (HDPA)
https://www.dpa.gr