Home / Legal / GDPR Policy

GDPR Policy

Last updated: March 2026

1. Introduction

Snapium (GEMI No.: 145744403000) is committed to compliance with the General Data Protection Regulation (GDPR - EU Regulation 2016/679) and Greek data protection legislation (Law 4624/2019).

2. Processing Principles

We adhere to the core principles of the GDPR:

  • Lawfulness, fairness, transparency: We process data in a lawful and transparent manner
  • Purpose limitation: We collect data only for specific, explicit purposes
  • Data minimization: We collect only the necessary data
  • Accuracy: We keep data accurate and up to date
  • Storage limitation: We retain data only for as long as required
  • Integrity and confidentiality: We implement appropriate security measures

3. Legal Bases for Processing

Each data processing activity is based on one of the following legal bases:

  • Consent (Article 6.1.a): For marketing emails, analytics cookies, remarketing
  • Contract performance (Article 6.1.b): For providing photography services
  • Legal obligation (Article 6.1.c): Tax records, invoices
  • Legitimate interest (Article 6.1.f): System security, service improvement

4. Data Subject Rights

As a data subject, you have the following rights:

  • Right of access (Article 15): Request a copy of your data
  • Right to rectification (Article 16): Request correction of inaccurate data
  • Right to erasure (Article 17): Request deletion of data ("right to be forgotten")
  • Right to restriction (Article 18): Request restriction of processing
  • Right to portability (Article 20): Receive your data in a machine-readable format
  • Right to object (Article 21): Object to processing
  • Right to withdraw consent (Article 7): Withdraw your consent at any time

To exercise any right, send an email to legal@snapium.gr. We will respond within 30 days.

5. International Data Transfers

Your data is stored within the European Economic Area (EEA). In case of transfer outside the EEA, we ensure appropriate safeguards in accordance with Article 46 of the GDPR.

6. Security Measures

We implement technical and organizational security measures:

  • Data encryption (SSL/TLS)
  • Role-based access control
  • Regular backups
  • Staff training
  • Breach response procedures

7. Data Breach

In case of a data breach, we will notify:

  • The Hellenic Data Protection Authority (HDPA) within 72 hours
  • Affected data subjects without undue delay

8. Records of Processing Activities

We maintain records of processing activities in accordance with Article 30 of the GDPR, including purposes, data categories, recipients and retention periods.

9. Supervisory Authority

You have the right to lodge a complaint with the Hellenic Data Protection Authority (HDPA):

  • Website: www.dpa.gr
  • Phone: +30 210 6475600
  • Email: contact@dpa.gr

Data Protection Officer (DPO)

+30 210 4404411 · legal@snapium.gr