1. GENERAL INFORMATION
WE ARE PLEASED THAT YOU ARE VISITING OUR WEBSITE. THE PROTECTION OF YOUR PERSONAL DATA IS VERY IMPORTANT TO US. BELOW, WE INFORM YOU ABOUT THE COLLECTION, PROCESSING, AND USE OF PERSONAL DATA WHEN USING OUR WEBSITE aronisvisions.com, IN ACCORDANCE WITH THE GENERAL DATA PROTECTION REGULATION (GDPR). PERSONAL DATA IS ANY INFORMATION RELATING TO AN IDENTIFIED OR IDENTIFIABLE NATURAL PERSON. ALL DATA ON THIS WEBSITE IS PROCESSED UNDER THE RESPONSIBILITY OF ELISABETH ARONIS.
2. CONTROLLER
THE CONTROLLER FOR THE PROCESSING OF PERSONAL DATA ON THIS WEBSITE IS:
ELISABETH ARONIS
ARONIS VISIONS
71307 HERAKLION, CRETE, GREECE
VAT IDENTIFICATION NUMBER: 178951797
ARONIS VISIONS
71307 HERAKLION, CRETE, GREECE
VAT IDENTIFICATION NUMBER: 178951797
A DATA PROTECTION OFFICER HAS NOT BEEN APPOINTED, AS THIS IS NOT LEGALLY REQUIRED.
3. PRIVACY POLICY
3.1 LEGAL FRAMEWORK
PERSONAL DATA IS PROCESSED IN ACCORDANCE WITH:
REGULATION (EU) 2016/679 (GDPR)
GREEK LAW 4624/2019 (IMPLEMENTING MEASURES FOR GDPR)
GREEK LAW 3471/2006 (ELECTRONIC COMMUNICATIONS & COOKIES)
DIRECTIVE 2002/58/EC (EPRIVACY DIRECTIVE)
3.2 CATEGORIES OF PERSONAL DATA
WE MAY PROCESS THE FOLLOWING CATEGORIES OF PERSONAL DATA:
IDENTIFICATION DATA (NAME, COMPANY NAME)
CONTACT DATA (EMAIL ADDRESS, PHONE NUMBER)
COMMUNICATION CONTENT
CONTRACTUAL AND SERVICE-RELATED DATA
BILLING AND TAX-RELATED DATA (WHERE APPLICABLE)
TECHNICAL DATA (IP ADDRESS, BROWSER TYPE, DEVICE INFORMATION)
USAGE AND ANALYTICS DATA (IF IMPLEMENTED)
COOKIE-RELATED DATA
SPECIAL CATEGORIES OF DATA UNDER ARTICLE 9 GDPR ARE NOT INTENTIONALLY COLLECTED.
3.3 LEGAL BASES FOR PROCESSING (ART. 6 GDPR)
PROCESSING IS BASED ON ONE OR MORE OF THE FOLLOWING LEGAL GROUNDS:
ART. 6(1)(A) GDPR – CONSENT
ART. 6(1)(B) GDPR – PERFORMANCE OF A CONTRACT OR PRE-CONTRACTUAL MEASURES
ART. 6(1)(C) GDPR – COMPLIANCE WITH LEGAL OBLIGATIONS
ART. 6(1)(F) GDPR – LEGITIMATE INTERESTS
LEGITIMATE INTERESTS MAY INCLUDE:
RESPONDING TO CLIENT INQUIRIES
ENSURING IT SECURITY AND WEBSITE FUNCTIONALITY
MAINTAINING AND DEVELOPING BUSINESS OPERATIONS
WHERE CONSENT IS REQUIRED, IT MAY BE WITHDRAWN AT ANY TIME WITH EFFECT FOR THE FUTURE.
WHERE PROCESSING IS BASED ON LEGITIMATE INTERESTS PURSUANT TO ARTICLE 6(1)(F) GDPR, AN ASSESSMENT HAS BEEN CARRIED OUT TO ENSURE THAT SUCH INTERESTS ARE NOT OVERRIDDEN BY THE RIGHTS AND FREEDOMS OF DATA SUBJECTS (RECITAL 47 GDPR).
3.4 PURPOSES OF PROCESSING
PERSONAL DATA IS PROCESSED FOR:
HANDLING INQUIRIES AND COMMUNICATION
PROVIDING LIFESTYLE, PHOTO AND VIDEO PRODUCTION SERVICES
CONTRACT INITIATION AND EXECUTION
ACCOUNTING AND TAX COMPLIANCE
WEBSITE SECURITY AND PERFORMANCE MONITORING
BUSINESS ANALYSIS AND IMPROVEMENT
NO NEWSLETTER OR ACTIVE MARKETING COMMUNICATIONS ARE CURRENTLY CONDUCTED.
3.5 RECIPIENTS OF PERSONAL DATA
PERSONAL DATA MAY BE SHARED WITH:
HOSTING PROVIDERS (E.G., ADOBE PORTFOLIO)
IT AND TECHNICAL SERVICE PROVIDERS
EMAIL AND COMMUNICATION PLATFORMS
ANALYTICS PROVIDERS (IF USED)
ACCOUNTING AND LEGAL ADVISORS
WHERE REQUIRED BY LAW, SERVICE PROVIDERS ARE BOUND BY DATA PROCESSING AGREEMENTS IN ACCORDANCE WITH ARTICLE 28 GDPR.
PERSONAL DATA IS NOT SOLD.
3.6 INTERNATIONAL DATA TRANSFERS
IF SERVICE PROVIDERS ARE LOCATED OUTSIDE THE EUROPEAN UNION OR EUROPEAN ECONOMIC AREA (EEA), PERSONAL DATA MAY BE TRANSFERRED TO THIRD COUNTRIES.
SUCH TRANSFERS ARE BASED ON:
EUROPEAN COMMISSION ADEQUACY DECISIONS (ARTICLE 45 GDPR), OR
STANDARD CONTRACTUAL CLAUSES (ARTICLE 46 GDPR).
WHERE REQUIRED, ADDITIONAL SAFEGUARDS ARE IMPLEMENTED IN LINE WITH THE COURT OF JUSTICE OF THE EUROPEAN UNION RULING IN CASE C-311/18 (SCHREMS II).
FURTHER INFORMATION REGARDING APPLIED SAFEGUARDS MAY BE REQUESTED VIA EMAIL.
3.7 DATA RETENTION
PERSONAL DATA IS RETAINED ONLY FOR AS LONG AS NECESSARY FOR THE RESPECTIVE PURPOSE.
CONTRACTUAL AND TAX-RELATED DATA: 5–10 YEARS (GREEK LAW)
INQUIRY-RELATED DATA: UP TO 3 YEARS AFTER LAST CONTACT
TECHNICAL AND LOG DATA: ONLY FOR SECURITY AND FUNCTIONALITY
ANALYTICS DATA: 14 MONTHS
UPON EXPIRATION, DATA IS SECURELY DELETED OR ANONYMIZED.
3.8 DATA SUBJECT RIGHTS
UNDER GDPR, USERS HAVE THE RIGHT TO:
ACCESS (ART. 15 GDPR)
RECTIFICATION (ART. 16 GDPR)
ERASURE (ART. 17 GDPR)
RESTRICTION OF PROCESSING (ART. 18 GDPR)
DATA PORTABILITY (ART. 20 GDPR)
OBJECT TO PROCESSING (ART. 21 GDPR)
WITHDRAW CONSENT AT ANY TIME
REQUESTS CAN BE SUBMITTED VIA EMAIL TO: info@aronisvisions.com
REQUESTS ARE HANDLED WITHOUT UNDUE DELAY AND WITHIN ONE (1) MONTH (ART. 12 GDPR).
REQUESTS ARE HANDLED WITHOUT UNDUE DELAY AND WITHIN ONE (1) MONTH (ART. 12 GDPR).
USERS HAVE THE RIGHT TO LODGE A COMPLAINT WITH THE HELLENIC DATA PROTECTION AUTHORITY (HDPA).
3.9 DATA SECURITY
APPROPRIATE TECHNICAL AND ORGANISATIONAL MEASURES ARE IMPLEMENTED (ART. 32 GDPR), INCLUDING:
ACCESS CONTROL
SECURE HOSTING
PASSWORD PROTECTION
SSL/TLS ENCRYPTION
3.10 AUTOMATED DECISION-MAKING
NO AUTOMATED DECISION-MAKING OR PROFILING (ART. 22 GDPR) TAKES PLACE.
3.11 PERSONAL DATA BREACH
IN THE EVENT OF A PERSONAL DATA BREACH:
THE COMPETENT SUPERVISORY AUTHORITY WILL BE NOTIFIED WITHIN 72 HOURS WHERE REQUIRED (ART. 33 GDPR).
AFFECTED DATA SUBJECTS WILL BE INFORMED WHERE A HIGH RISK EXISTS (ART. 34 GDPR).
INTERNAL PROCEDURES ARE IN PLACE TO ENSURE COMPLIANCE.
3.12 DATA PROTECTION OFFICER
A DATA PROTECTION OFFICER HAS NOT BEEN APPOINTED.
ARTICLE 37 GDPR DOES NOT APPLY, AS:
ARTICLE 37 GDPR DOES NOT APPLY, AS:
ACTIVITIES DO NOT INVOLVE LARGE-SCALE SYSTEMATIC MONITORING
ACTIVITIES DO NOT INVOLVE LARGE-SCALE PROCESSING OF SPECIAL CATEGORIES OF DATA
CONTROLLER IS NOT A PUBLIC AUTHORITY
APPROPRIATE INTERNAL DATA PROTECTION MEASURES ARE IMPLEMENTED.
4. HOSTING (ADOBE PORTFOLIO)
THIS WEBSITE IS HOSTED VIA ADOBE PORTFOLIO (ADOBE INC.).
WHEN YOU VISIT OUR WEBSITE, ADOBE AUTOMATICALLY COLLECTS AND STORES INFORMATION IN SERVER LOG FILES, WHICH YOUR BROWSER TRANSMITS AUTOMATICALLY. THIS MAY INCLUDE:
WHEN YOU VISIT OUR WEBSITE, ADOBE AUTOMATICALLY COLLECTS AND STORES INFORMATION IN SERVER LOG FILES, WHICH YOUR BROWSER TRANSMITS AUTOMATICALLY. THIS MAY INCLUDE:
IP ADDRESS
DATE AND TIME OF THE REQUEST
BROWSER TYPE AND VERSION
OPERATING SYSTEM
REFERRER URL
THIS DATA IS PROCESSED TO ENSURE TECHNICAL STABILITY, SECURITY, AND PROPER FUNCTIONING OF THE WEBSITE.
LEGAL BASIS: ART. 6(1)(F) GDPR (LEGITIMATE INTEREST)
DATA MAY BE TRANSFERRED TO THE USA UNDER STANDARD CONTRACTUAL CLAUSES.
FOR MORE INFORMATION: Adobe Privacy
LEGAL BASIS: ART. 6(1)(F) GDPR (LEGITIMATE INTEREST)
DATA MAY BE TRANSFERRED TO THE USA UNDER STANDARD CONTRACTUAL CLAUSES.
FOR MORE INFORMATION: Adobe Privacy
5. GOOGLE ANALYTICS
THIS WEBSITE USES GOOGLE ANALYTICS (GOOGLE IRELAND LIMITED).
GOOGLE ANALYTICS USES COOKIES TO ANALYZE YOUR USE OF THE WEBSITE. INFORMATION MAY INCLUDE:
GOOGLE ANALYTICS USES COOKIES TO ANALYZE YOUR USE OF THE WEBSITE. INFORMATION MAY INCLUDE:
PAGES VISITED
TIME SPENT ON PAGES
DEVICE AND BROWSER INFORMATION
APPROXIMATE LOCATION (REGION/CITY)
IP ANONYMIZATION IS ENABLED.
LEGAL BASIS: ART. 6(1)(A) GDPR (CONSENT VIA COOKIE BANNER)
DATA MAY BE TRANSFERRED TO THE USA UNDER STANDARD CONTRACTUAL CLAUSES (SCCs).
RETENTION: 14 MONTHS
CONSENT CAN BE WITHDRAWN AT ANY TIME BY CHANGING COOKIE SETTINGS OR DELETING COOKIES.
MORE INFORMATION: Google Privacy
LEGAL BASIS: ART. 6(1)(A) GDPR (CONSENT VIA COOKIE BANNER)
DATA MAY BE TRANSFERRED TO THE USA UNDER STANDARD CONTRACTUAL CLAUSES (SCCs).
RETENTION: 14 MONTHS
CONSENT CAN BE WITHDRAWN AT ANY TIME BY CHANGING COOKIE SETTINGS OR DELETING COOKIES.
MORE INFORMATION: Google Privacy
6. CONTACT FORM
IF YOU CONTACT US VIA THE WEBSITE CONTACT FORM, THE DATA YOU PROVIDE (NAME, EMAIL, MESSAGE) WILL BE USED ONLY TO RESPOND TO YOUR INQUIRY.
LEGAL BASIS: ART. 6(1)(B) GDPR (PERFORMANCE OF CONTRACT OR PRE-CONTRACTUAL MEASURES)
YOUR DATA WILL BE DELETED ONCE THE INQUIRY IS FULLY PROCESSED AND NO STATUTORY RETENTION OBLIGATIONS APPLY.
LEGAL BASIS: ART. 6(1)(B) GDPR (PERFORMANCE OF CONTRACT OR PRE-CONTRACTUAL MEASURES)
YOUR DATA WILL BE DELETED ONCE THE INQUIRY IS FULLY PROCESSED AND NO STATUTORY RETENTION OBLIGATIONS APPLY.
7. INSTAGRAM
WE MAINTAIN AN ONLINE PRESENCE ON INSTAGRAM (META PLATFORMS IRELAND LIMITED).
LEGAL BASIS: ART. 6(1)(F) GDPR (LEGITIMATE INTEREST IN MARKETING AND ONLINE PRESENCE)
DATA MAY BE TRANSFERRED TO THE USA UNDER STANDARD CONTRACTUAL CLAUSES (SCCs).
MORE INFORMATION: Instagram Help
NOTE: JOINT CONTROLLERSHIP MAY APPLY UNDER ART. 26 GDPR.
LEGAL BASIS: ART. 6(1)(F) GDPR (LEGITIMATE INTEREST IN MARKETING AND ONLINE PRESENCE)
DATA MAY BE TRANSFERRED TO THE USA UNDER STANDARD CONTRACTUAL CLAUSES (SCCs).
MORE INFORMATION: Instagram Help
NOTE: JOINT CONTROLLERSHIP MAY APPLY UNDER ART. 26 GDPR.
8. YOUTUBE VIDEOS
THIS WEBSITE EMBEDS YOUTUBE VIDEOS (OWN AND OTHER CHANNELS).
IMPORTANT: ALL EMBEDDED VIDEOS ARE LOADED ONLY AFTER USER CONSENT (2-CLICK / PRIVACY MODE).
BY VIEWING THEM, PERSONAL DATA (E.G., IP ADDRESS) MAY BE TRANSFERRED TO YOUTUBE / GOOGLE IN THE USA.
WE DO NOT CONTROL HOW YOUTUBE PROCESSES THIS DATA.
MORE INFORMATION: YouTube Privacy
IMPORTANT: ALL EMBEDDED VIDEOS ARE LOADED ONLY AFTER USER CONSENT (2-CLICK / PRIVACY MODE).
BY VIEWING THEM, PERSONAL DATA (E.G., IP ADDRESS) MAY BE TRANSFERRED TO YOUTUBE / GOOGLE IN THE USA.
WE DO NOT CONTROL HOW YOUTUBE PROCESSES THIS DATA.
MORE INFORMATION: YouTube Privacy
9. COOKIES
WE USE COOKIES, SMALL TEXT FILES STORED ON YOUR DEVICE:
ESSENTIAL COOKIES → REQUIRED FOR SITE OPERATION
ANALYTICS COOKIES → ONLY SET AFTER CONSENT
SOCIAL MEDIA COOKIES (INSTAGRAM/YOUTUBE) → ONLY SET AFTER CONSENT WHERE TECHNICALLY POSSIBLE
TYPES: SESSION, PERSISTENT, FIRST-PARTY, THIRD-PARTY
YOU CAN MANAGE OR DELETE COOKIES VIA YOUR BROWSER OR COOKIE BANNER.
YOU CAN MANAGE OR DELETE COOKIES VIA YOUR BROWSER OR COOKIE BANNER.
10. YOUR RIGHTS AS A DATA SUBJECT
YOU HAVE THE RIGHT TO:
ACCESS YOUR PERSONAL DATA (ART. 15 GDPR)
RECTIFICATION OF INCORRECT DATA (ART. 16 GDPR)
ERASURE OF DATA (ART. 17 GDPR)
RESTRICTION OF PROCESSING (ART. 18 GDPR)
DATA PORTABILITY (ART. 20 GDPR)
OBJECT TO DATA PROCESSING (ART. 21 GDPR)
LODGE A COMPLAINT WITH A SUPERVISORY AUTHORITY (ART. 77 GDPR)
WITHDRAW CONSENT AT ANY TIME
11. DATA RETENTION
PERSONAL DATA IS STORED ONLY AS LONG AS NECESSARY OR REQUIRED BY LAW:
CONTACT FORM → DELETED AFTER PROCESSING
ANALYTICS → STORED ACCORDING TO GOOGLE POLICY (14 MONTHS)
SOCIAL MEDIA → STORED ACCORDING TO META/YOUTUBE POLICIES
12. CHANGES TO THIS PRIVACY POLICY
WE RESERVE THE RIGHT TO UPDATE THIS PRIVACY POLICY TO REFLECT LEGAL OR TECHNICAL CHANGES.
LAST UPDATED: 30.03.2026
LAST UPDATED: 30.03.2026
13. SUPERVISORY AUTHORITY
FOR QUESTIONS OR COMPLAINTS, YOU CAN CONTACT THE HELLENIC DATA PROTECTION AUTHORITY (HDPA):
https://www.dpa.gr
https://www.dpa.gr