Personal Data Protection Policy

Latest update: 21/05/2018


1.1 What categories of personal data do we collect and for what purpose?

In order to serve any request of yours for communication or termination arising from the respective online contact or termination forms, we collect the following data you provide us:

  • Full Name / Brand Name
  • contact phone and
  • contact email.


1.2 What is the amount of time we retain your personal data?

cosmoONE retains your personal data, as mentioned in paragraph 1.1 above for as long as it is necessary to respond to your communication or resolve any queries or complaints. In case you request to subscribe to the newsletter, your contact email will be added to the e-mail list and will be deleted upon your request.


1.3 Will cosmoONE process your personal data for other purposes?

cosmoONE will not process your personal data for purposes other than those listed above. In the event that cosmoONE wishes to use your personal information for other purposes, it will only do so after informing you and obtaining your explicit consent.


1.4 Who are the recipients and for what purpose personal data is transferred to them?

Recipients of personal data may be:

  • Sales and Marketing Managers in the event that your communication involves general information about our applications and services, or your subscription to the newsletter and other newsletters the company organizes or participates in any way (e.g. sponsor, co-organizer etc).
  • The Regulatory Compliance Officer when your communication concerns a termination or complaints relating to regulatory compliance issues.
  • The Customer Support Officers if your communication concerns application support (questions, problems, training, etc.) offered by cosmoONE.
  • The Data Protection Officer for any matters concerning the protection of your data.

Data processing takes place on the infrastructure of cosmoONE located in Greece.

In addition to the above recipients, cosmoONE does not disclose, process or publish your personal data to third parties except in cases where disclosure / transmission is required by applicable law.


1.5 What are your rights as a user of the Service regarding the processing of your personal data?

You have the right to submit a request to cosmoONE in order to request:

  • Access and correction of your personal data in the case of processing of inaccurate data concerning you.
  • Deletion of your personal data if it is no longer necessary for the Service provision.
  • Restriction of your data processing.
  • Opposing to the processing of your data.
  • Portability of your data to another controller, i.e. your right to receive your data in an appropriate format so that it is technically transferable to another controller.

In addition, you reserve the right to submit a written complaint to the competent supervisory authority regarding the protection of personal data, i.e. the Personal Data Protection Authority, 1-3 Kifissias Avenue, P.C. 115 23, Athens + 30 210 6475600, contact email


1.6 What is the identity and contact information of the personal data controller?

Personal data controller is the company “COSMO – ONE HELLAS MARKET SITE S.A.” (“cosmoONE”) headquartered in Heraklion, Attica (26 Olympias st.), with contact number +30 210 2723810.


1.7 Who can you contact with for personal data protection issues?

For any questions you may have, or for the exercise of your rights under the applicable privacy laws (art. 11-13 L. 2472/1997) contact us at +30 210 2723810 or fill in the Contact Form at or send a letter to cosmoONE, attention to: Data Protection Officer at 26, Olympias Street, 141 22 Heraklion, Attica.


1.8 What kind of measures are applied to protect your personal data?

cosmoONE takes appropriate organizational and technical measures for data security and protection from accidental or unlawful destruction, accidental loss, alteration, unauthorized disclosure or access and any other form of unfair processing.

It also has Security Policies and Procedures to protect your personal data. As a member of OTE Group, it has adopted Binding Corporate Rules for the protection of personal data during transmission of data between companies of the Group (Binding Corporate Rules Privacy of Deutsche Telekom-BCRP). The full text of BCRP can be found here:

Indicatively, some of the measures applied are listed below:

  • Authentication and access mechanisms to systems that process personal data
  • Personal data encryption
  • Restricting access to personal data based on the “need to know” principle
  • Recording and control of access to personal data
  • Implementation of a data leakage prevention system.


Other issues related to cosmoONE’s e-commerce services

1.9 cosmoONE shall not be liable for any personal data leakage due to your disclosure via third party or other web sites.

1.10 cosmoONE does not have the right to access, control or edit your data and content. By way of exception, access to them may be granted to authorized cosmoONE employees or third party partners to resolve technical problems or technical assistance to the service, who have been informed and bound by their obligation to maintain confidentiality, as well as to protect your privacy.

1.11 The terms of proper use of the Service continue to bind you upon termination of this and for as long as you retain the right to access the content in accordance with Article 1.2 above.