IONOS Single Member Private Company

As a data controller, our company defines the purposes and tools of managing personal data independently or with others and manages personal data as a data processor on behalf of the data controller.
The processing of personal or file data in any function or set of tasks performed in an automated or non-automated means such as collecting, recording, organizing, dividing, storing, adjusting or modifying, consulting information, using, disclosing , transmission, dissemination, or otherwise, of disposal, coordination or association, restriction, erasure or destruction.
Data processing does not have technical data management, no data availability or decision making.
Personal information is any information about a recognized or identifiable natural person (“affected”). You can identify any natural person who, directly or indirectly, in particular on the basis of an identifier such as your name, number, location data, online identifier, or one or more factors associated with physical, biological, genetic, psychological, economic, cultural or social identity of the person identified.
As a data controller and data processor, our company respects the privacy of all individuals to whom personal data are transferred and is committed to protecting them.


Our company provides the following information to stakeholders according to the General Data Protection Regulation – GDPR:
Data administrator data:
Company name: Ionos Single Member P.Co.
Headquarters: Dim.Kyriakou 3, 71409, Heraklion.
Contact person: Christodoulou Stelios
Phone: 030-6978083973

Data processing:
data processor is not used
persons processing data:
Christodoulou Stelios

The data processor can only execute written instructions.
A written contract is required between the data controller and the data processor, which must contain the data that the controller transmits to the data processor and the data processing activities performed by the data controller.
Confidentiality requires staff engaged in the processing of personal data.
In order to ensure data security, the data processor implements organizational and technical measures.
The data processor helps the data controller to fulfill its obligations.
At the discretion of the controller, the processor will return all personal data to the data controller or delete, delete existing copies, with one exception if the EU Member State or legislation requires data storage.
The data controller shall facilitate and allow audits and on-the-spot checks by the controller or an inspector appointed by him.
If the processor uses the help of a data processor, the same obligations apply to those originally created between the data processor and the controller.

Privacy Policy:
– Our Company is not required to designate a Data Protection Officer under Article 37 of the GDPR.
– Data Protection Officer: Christodoulou Stelios

Personal Data Requests: If you have any requests or queries regarding data management, the mailing application is at Dim. Kyriakou 3, 71409, Heraklion. You can also send it electronically to We will send you your replies without delay but within a maximum of 30 days for your specified address.

Foreign data transfer:
– no data transfer abroad



Purpose, legal basis and duration of our company’s data management:

Data management goals:
Our company manages data for the following purposes in accordance with the law:
(a) dealing with public relations and communication relating to the provision of services to users of information in order to fulfill legal obligations and to maintain customer relationships.
(b) marketing activities for potential customers;
(c) the management of the data of workers and applicants (under the conditions laid down in separate rules);
(d) managing the parties’ contact details for the performance of the contract;
(e) fulfillment of client orders,
(f) property protection, personal security,
(g) fulfill a statutory obligation

Legal basis for data management:

Article 6 (1) (a) GDPR: consent of the data subject
GDPR Article 6 (1) (b): necessary for the performance of the contract
Article 6 (1) (c) GDPR: necessary to fulfill a legal obligation
GDPR Article 6 (1) (a): legitimate interest, always a balancing of interest

      Legal basis for each data management activity:
(a) issue of an invoice in accordance with accounting legislation: legal basis: Article 6 (1) (c) GDPR
(b) Relationships: legal basis (for data collectors in data management) Legal basis: Article 6 (1) (f). The legitimate interest of the data controller: the continuity of the business.
(c) Personal data management: Article 6 (1) (b) and (c) of the GDPR.
(d) data management of the contracting partners: legal basis Article 6 (1) (b) GDPR
(e) Marketing activity: legal basis: Article 6 (1) (a) GDPR.
There is also a Facebook page for marketing activities, but no separate database is created and profile creation is not possible.
(f) electronic registration base: Article 6 (1) (a) GDPR
(g) operation of the security camera legal basis: Article 6 (1) (f) GDPR. Auditor legitimate interests: security, legal interest of the employer for employees, as defined in the Labor Code.

When managing the data subject’s personal data based on a legitimate interest, we are interested in weighing, in which:
– Identify and record the legitimate interest
– identifies and records the interests and rights of the data subject
– Examination based on necessity and proportionality, purpose limitation, data savings, limited storage
– to inform the person concerned of the balancing of interests

The data subject has the right to complain that personal data is not processed further unless the processing of the data is justified by compelling reasons (eg. In case of need to receive treatment for employee data)
There is no compelling reason for direct marketing, in case of protest the data should be deleted. (Direct Marketing includes advertising, which comes in direct contact with prospective customers.This can be done electronically, telephone calls, mail, via etc. Special rules apply to any method.The issue here is the advertisement is addressed, that is person in which the personal data of the person concerned can be dealt with, for example, by a website or a web store manager.)

Data Management Duration:

We keep the invoices for at least 8 years due to legal obligations. The retention period for the documents in which the invoice is issued is 8 years.
Document retention period: 50 years.
The retention period for the contact information is 1 year after the relationship expires.
Retain data on performance of the contract: 5 years



Related Rights:

In relation to your personal data, the data subject has the legal rights.

(a) access rights (knowledge of data, data management event);
(b) if an item is outdated or inaccurate, adjust it.
c) cancellation (only for data-based consent-based management);
(d) limitation of data management;
(e) prohibiting the use of personal data for direct marketing purposes;
(f) transmission or prohibition of personal data to a third party service provider.
(g) request a copy of the personal data managed by the auditor. or
(h) protest against the use of personal data.




Damage to data security resulting in the unintentional or unlawful destruction, loss, alteration, unauthorized disclosure or unauthorized access to managed personal data.
Our company ensures the correct degree of risk associated with data management, data security, in the event of failure without delay, at the latest, the controller / processor or the representative of the DPO notification, or, failing that, within 72 hours of at the moment immediately or by the supervisory authority and informs the data subject as well.
Our company will immediately take the necessary security measures to eliminate the injury that is the primary data protection incident once the privacy incident is noticed.
The person concerned will be informed of the measures taken and their results.



Legal Note:

In Greece, the Data Protection Supervisor: Data Protection Authority (hereinafter referred to as “DPA”, address: Kifisias 1-3, PC 115 23, Athens, email: The complainant may file a complaint with the DPA if he considers that the processing of the personal data he is submitting does not comply with the legal obligations.
The judicial review may be initiated against the decision of the DPA.



Information about the registers:

Our company processes, processes and processes data in a legal, transparent and verifiable manner in order to achieve its objectives and maintains the following:

1. Data processing files
– until the entry into force of the GDPR. On the basis of Module 65, the DPA defines the
– serial number
– activity
– managed data
– data management purpose
– legal basis for data management
– how and when to store
– name and contact details of the auditor
– the name and contact details of the Data Protection Officer
– data transfer, recipients
– technical and organizational measures
data management files must be kept separate for each activity.

2. Data transmission recording
– serial number
– date
– recipient
– transfer to a third country
– personal information
– the purpose of processing and processing data
– legal basis for data processing and processing
– name and contact details of the auditor
– the name and contact details of the Data Protection Officer
– technical and organizational measures
– Deadline for deleting data
– other legitimate data (eg identity of the auditor’s room)

3. Record data management
– serial number
– Implementation Date
– the name of the person affected, the identification data
– Content of the application
– the name of the measure
– Date of action
– name and contact details of the auditor
– the name and contact details of the Data Protection Officer

4. Data Protection Incident Register
– serial number
– Time of the event
– the name of the event
– stakeholders
– personal data involved
– Impact of the event
– meters
– name and contact details of the auditor
– the name and contact details of the Data Protection Officer

5. Archives for investigations and responses to infected persons and authorities
– serial number
– the subject and the time of the application
– stakeholders
– personal data involved
– meters
– name and contact details of the auditor
– the name and contact details of the Data Protection Officer

6. record the activities of the Data Protection Officer
– serial number
– Time of activity
– activity
– compliance check
– impact assessment
– cooperation of supervisory authorities
7. Files for “lost” data and requests
– serial number
– arrival time
– the subject of the application
– measure (eg refund)
– name and contact details of the auditor
– the name and contact details of the Data Protection Officer

8. recording of the preliminary data protection impact assessment
– serial number
– impact assessment time
– description of transactions, purpose of data management, legitimate interest
– Examination of necessity and proportionality
– risk analysis and management
– the name and contact details of the Data Protection Officer
– the opinion of the Data Protection Officer

Ionos Single Member P.Co. As a data processor / data processor
represented by Christodoulou Stylianos.