Privacy Policy

1. Introduction and Purpose

EPI Systems S.A., based in Thessaloniki, Greece, is committed to protecting and respecting your privacy. This Privacy Policy describes in detail how we collect, use, store, process and protect your personal data when using EPI Beach service.

The EPI Beach service is a comprehensive beach management platform that includes an umbrella booking system, smart locks, food and beverage ordering system, as well as various other services aimed at improving the beach visitor experience.

This policy fully complies with the General Data Protection Regulation (GDPR) 2016/679 of the European Union and Greek legislation on personal data protection.

2. Categories of Personal Data We Collect

Personal Identification Information

• Full name (first and last name)
• Email address
• Mobile phone number with international country code
• Identity documents (when required for verification)
• Language and localization preferences

Booking and Transaction Data

• Booking dates and times
• Type and duration of services booked
• Payment information (transaction codes, not full card details)
• Food and beverage order history
• Dietary preferences and allergies
• Service usage statistics

Technical Data and Usage Data

• IP address and network information
• Device type, operating system, and browser version
• Cookies and similar tracking technologies
• Timestamps and usage patterns
• Location data (with your consent)
• System log files for security purposes

3. Processing Purposes and Legal Basis

Service Provision and Improvement

Legal basis: Contract performance and legitimate interest

• Processing and managing umbrella and smart lock bookings
• Providing access to food and beverage services
• Managing user accounts and preferences
• Improving and customizing user experience
• Developing new features and services

Communication and Customer Support

Legal basis: Contract performance and legitimate interest

• Sending booking confirmations and updates
• Providing technical support and customer service
• Notifying about changes to our services
• Conducting customer satisfaction surveys

Security and Compliance

Legal basis: Legal obligation and legitimate interest

• Fraud protection and abuse prevention
• Ensuring platform security
• Compliance with legal obligations
• Resolving disputes and legal issues

4. Data Sharing with Third Parties

We do not sell, trade, or rent your personal data to third parties. However, we may share information in the following cases:

Service Providers (Processors)

• Payment service providers (Viva Payments) for transaction processing
• Cloud hosting and data storage services
• Email and SMS service providers for communication
• Analytics and performance monitoring systems
• Technology partners for smart locks (TTLock)

Legal Obligations

• Government authorities when required by law
• Tax authorities for tax law compliance
• Judicial authorities in case of legal disputes

All third-party service providers are contractually bound to maintain strict data protection measures and use the data exclusively for their assigned purposes.

5. Security Measures and Data Protection

Technical Security Measures

• Data encryption in transit and at rest (AES-256)
• Secure communication protocols (HTTPS/TLS 1.3)
• Firewall and intrusion detection systems
• Regular security updates and patches
• Secure backup and disaster recovery procedures

Organizational Measures

• Restricted access to personal data (principle of least privilege)
• Staff training on data protection matters
• Regular security audits and controls
• Security incident response procedures
• Non-disclosure agreements (NDAs) with all staff

Despite all security measures we take, no method of data transmission over the internet or electronic storage is 100% secure. We are committed to protecting your personal data, but we cannot guarantee their absolute security.

6. Your Rights under GDPR

Basic Rights

• Right to Information: Right to receive clear information about the processing of your data.
• Right of Access: Right to request a copy of the personal data we hold about you.
• Right to Rectification: Right to request correction of inaccurate or completion of incomplete data.
• Right to Erasure: Right to request deletion of your personal data under certain conditions.
• Right to Restriction: Right to request restriction of processing of your data.
• Right to Portability: Right to receive your data in a structured, commonly used format.

How to exercise your rights: You can exercise any of the above rights by contacting us via email at [email protected]. We will respond to your request within 30 days.

7. Cookies and Similar Technologies

We use cookies and similar technologies to improve your experience on our platform. Cookies are small text files stored on your device when you visit our website.

Types of Cookies We Use

• Essential Cookies: Essential for website functionality
• Functional Cookies: Remembering preferences and settings
• Analytics Cookies: Understanding how the website is used
• Marketing Cookies: Providing relevant advertisements (with consent)

You can manage cookie preferences through your browser settings. Note that disabling certain cookies may affect website functionality.

8. Contact Information and Data Protection Officer

Data Controller

EPI Systems S.A.

Michail Kalou 6

Thessaloniki 546 29, Greece

VAT: 123456789

Email: [email protected]

Phone: +30 2310 567600

Data Protection Officer (DPO)

Email: [email protected]

Phone: +30 2310 567600

Address: Michail Kalou 6

Right to Complaint: You have the right to file a complaint with the Hellenic Data Protection Authority (www.dpa.gr) if you believe that the processing of your personal data violates applicable legislation.