Privacy notice

ΕΝΑRΤΙΑ Single Member S.A., lawfully incorporated under the laws of Greece with registration number EUID: ELGEMI.077785727000 (“We, us, Enartia, Company“), provides domain name registration services, web hosting, managed WordPress hosting, SSL certificates and other related services (collectively “Services”), mainly via its brands Papaki and Top.Host. The Company is committed to protecting and respecting your privacy.

“You” refers to the Customer or anybody who browses the website.

Enartia acts as the data controller for your Personal Data provided or collected to manage customer relationships and handle data necessary to deliver our products and services to you. This includes data processing for domain registration, in support of customer interactions, engagement with leads, and other forms of communication, such as customer support or inquiries.

In accordance with the provisions of Regulation (EU) 2016/679 (the General Data Protection Regulation – “GDPR”), Law 4624/20219 and Law 3471/2006, as amended and currently applicable (the ”data protection and privacy legal framework”), the processing carried out by Enartia is based on the principles of lawfulness, fairness, transparency, limitation of purpose and retention, data minimization, accuracy, integrity and confidentiality.

Enartia has appointed a Data Protection Officer (“DPO”). The DPO is available to provide any information regarding the Processing of Personal Data carried out by Enartia and can be contacted by sending an email to the email address dpo@enartia.com.

This Privacy Notice (together with our Terms and Conditions and any other documents/policies referred herein) sets out how we process the Personal Data we collect from you or that you provide to us. Personal Data is a term used to describe data that allows you to be directly or indirectly identified as set out in the General Data Protection Regulation (hereinafter “GDPR”).

Please read the following notice carefully to understand our views and practices regarding your Personal Data and how we treat it.

The Company is part of a wider organization called team.blue and together our vision is to provide reliable, best-in-class tools and products to better enable companies and entrepreneurs to grow their businesses digitally. Although this privacy policy is issued on behalf of Enartia, we have included details of where your Personal Data may be shared with other organizations within our wider group.

1. INFORMATION YOU PROVIDE US WITH

When you want to engage in our Services, we will collect and process the following data about you:

Reason for Processing	Information Processed	The Legal Basis for Processing
Making a purchase with us	The information needed to provide you with a product or service including name, address, email address, IP-address and phone number, as well as payment information.	The performance of a contract between you and us; and/or Taking the steps, at your request, to enter into such a contract.
Keeping our business records up to date	The information needed to provide you with a product or service including name, address, email address and phone number, as well as payment information.	Comply with a legal obligation.
To create an account on our Control panel and access it	Username and password	The performance of a contract between you and us; and/or
To handle any enquiries you make with us and/or correspondence we receive from you	Contact details including name address, email address, IP-address and phone number.	The performance of a contract between you and us; and/or Necessary for our legitimate business interests, if we do not have a contract in place with you or if the correspondence does not concern our contract.

1.a. DOMAIN NAMES REGISTRATION DATA

To learn in more detail about the personal data that we process for domain registration services, please visit our Domain Names Registration Privacy Notice.

1.b. RECORD KEEPING OF PHONE CALLS TO OUR SUPPORT DEPARTMENT

For telephone calls received by Enartia, we inform you that the calls are going to be recorded, according to our Phone Calls Privacy Notice, to ensure transparency and the best possible level of support. To be informed on the processing of personal data when you call our support call center, please visit our Phone Calls Privacy Notice.

1.c. NOTICE FOR PAYMENT INFORMATION

We use third party payment processors to process payments securely. We do not store or have access to your credit card details. All payment details are processed directly by our payment providers in accordance with PCI-DSS standards.

1.d. NOTICE FOR USERNAMES AND PASSWORDS

Where we have given you (or where you have chosen) a username and password which enables you to access certain parts of our site, you are responsible for keeping this username and password confidential. We ask you not to share this information with anyone.

1.e. VIOLATION REPORT OR DATA DISCLOSURE REQUEST

When you want to report a violation (including copyright, adult-offensive or violent content, phishing – identity theft, terms of use violation or other illegal activity) or exercise your right for data disclosure request under NIS II or Law 5160/2024, we will process the following data about you:

Reason for Processing

Information Processed

The Legal Basis for Processing

Report Violation

First Name, Last Name, Email

Phone Number (only for copyright violation reports)

Address (only for copyright violation reports)

Authorization of representation of the rightsholder if you act on its behalf (only for copyright violation reports)

Legal Obligation under Regulation 2022/2065

For the data supporting the request, we rely on the company’s legitimate interests in examining the lawfulness of the request.

Data Disclosure Request

First name, Last Name, Email

Phone number (optional)

Country/Region (optional)

Company name (optional)

Purpose of the Request

Supporting documentation

Authorization of representation if you act on behalf of the party that makes the request.

*If the Company decides to provide you with the data requested, provided that your request is lawful and duly substantiated, it may notify the data subject whose data has been disclosed, unless it is explicitly forbidden by law. The party that requested the disclosure acts hereinafter as a separate data controller for any related processing.

Legal Obligation under law 5160/2024 implementing NIS II Directive.

For the documents supporting the request, we rely on the company’s legitimate interests in examining the lawfulness of the request.

2. INFORMATION WE COLLECT ABOUT YOU

When you visit our website, with regard to each of your visits, we will also collect the following information:

Category of Information Collected	Type of Information	Lawful Reason for Processing
Device Information	The Internet protocol (IP) address used to connect your device to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform.	Necessary for our legitimate business interests. (Monitoring, Security and improving our website and Services.)
Traffic data	As part of the e-mail service, Enartia also processes certain data for the transmission of communications on the electronic communications network. These data are listed in Law 3471/2006: IP address used, e-mail address and any further sender ID; e-mail address and any further ID of the recipient of the communication; IP address and fully qualified domain name of the mail exchanger host (for SMTP technology), or any type of host (for a different technology used) that delivered the message; date and (GMT) time of the log-in and log-off of the user of an Internet-based e-mail service, along with the IP address used, irrespective of the technology and protocol applied; Internet service used	1. The performance of a contract between you and us; 2. Comply with a legal obligation for detecting and suppressing criminal offences, if requested to provide the data to the authorities.
Browsing Information	Full Uniform Resource Locators (URL), clickstream to, through and from our site (including date and time), products you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page, and any phone number used to call our customer service number.	Necessary for our legitimate business interests. (Monitoring and improving our website and Services.)

2.a. NOTICE FOR FRAUD DETECTION

For the purposes of security and detection of fraudulent behaviour, we have implemented an automated control system for preventing fraud and deception to its own detriment or to the detriment of its customers, pursuant to art. 6(1)(f) of the GDPR and on the basis of Recital 47 of the GDPR, which expressly provides that the processing of personal data strictly necessary for the purposes of preventing fraud also constitutes a legitimate interest of the Customer, as well as on the basis of various balances of interests carried out by the Controller which do not show that the processing operations in question are detrimental to the Customerʼs fundamental rights and freedoms.

This system makes use of cookies and other similar tracking technologies, to track and analyze certain behaviors of the users on the site associated with their IP addresses and other personal data associated with browsing on the site. For more information on our Cookies, please visit our Cookies Policy.

Moreover, we use:

anti-spam.Enartia reserves the right to refuse activation or to block email accounts or hosting of its customers from which spamming or phishing activities originate. Where possible, Enartia will proceed to verify the identity of the customer in order to carry out the necessary investigations and, only in the event of no response or where false documents are set, will implement the block.
checks onthe usage of hosting. If there is an exceptional increase in the disk space used by the customer, Enartia – limiting itself to external checks that neither have an impact on the Personal Data of the customer, nor include the identification of the content that has been uploaded – attempts to determine whether there are unlawful uses of the service (both in terms of contractual or regulatory provisions), in order to notify the customer, to protect its rights and to ensure the security of its systems.

The consequence of such processing activities for prevention of fraud is that, if a visitor or a customer attempts to engage in fraudulent conduct on the site or of the Service (for example in order to benefit several times from the same promotion without having the right to do so), we reserve the right to exclude such persons from the Service itself, or the promotion of the services, or to take any other appropriate measures for our own protection.

3. WHY WE PROCESS YOUR DATA

We process information held about you for the following purposes:

to help us identify you and the accounts you hold with us;

to provide customer care;

to enable us to review, develop and improve our Services and website;

to carry out our obligations arising from any contracts entered into between you and us and to provide you with the information, products and Services that you request from us;

to carry out marketing (see also below under 3.a) and statistical analysis and receive feedback for our services.

to provide you with information about other goods and Services we offer that are similar to those that you have already purchased or enquired about and to make personalized commercial suggestions;

to display targeted, or interest based, offers to you based on those Services already purchased;

to notify you about changes to our service;

to ensure that content from our site is presented in the most effective manner for you and for your device;

to comply with our legal obligations as digital intermediary;

to fulfill our legal, accounting and tax obligations;

to detect fraud and supress criminal offences.

3.a. DIRECT MARKETING COMMUNICATION

In order to contact you for marketing and promotional purposes, we shall need your clear consent and also inform you how we will process your personal data for these purposes.

Your personal data for marketing and communication purposes will be stored in our internal database and we shall not share your personal data with third parties, unless they act as our service providers and/or are part of our business operations or are companies of team.blue group. This means we have established collaboration, safeguarded by data protection and privacy provisions.

As part of our marketing efforts and in the legitimate interest of the Company, we may send marketing emails or texts promoting similar products or services to you, in compliance with the soft opt-in exemption (according to art. 11.3 Law 3471/2006). This exemption allows us to contact our existing customers with offers for products or services that are similar to those they have previously purchased from us.

The option to unsubscribe is available in all our communications for marketing purposes. Objections to this processing have no impact on the use of services.

3.b. INDIRECT MARKETING

We work with third-party companies, including but not limited to Google and Facebook, to place and track ads on third-party websites. Like most advertisers, we place ads, where we believe they will be most relevant to our customers. We place ads by developing and using our own marketing tools that can combine online and offline information about our current and prospective customers.

The above-mentioned third-party companies that provide these services have their own privacy policies and are not subject to our privacy notice. Many of these companies provide ways for you to avoid targeted advertising provided by or through them, so please be aware of them and read their relevant notices.

4. RECIPIENTS OF YOUR DATA

To administer the customer relationship, we may share your Personal Data with:

our departments internally, that are responsible for the provision of our service to you and for its proper and uninterrupted operation.

members of our wider group organization, including our subsidiary companies, our ultimate holding company and its subsidiaries.

the team.blue Group, consisting of several brands and subsidiaries, can improve coordination and resource allocation by sharing data internally. This allows for more efficient collaboration on product, campaign, and customer service improvements. Personal Data may be shared among team.blue Group companies for marketing statistics, internal administration, and reporting purposes, but only to the extent necessary for the intended use and with proper protective measures in place to prevent unauthorized access or disclosure.

selected third parties including:

Business partners, suppliers and sub-contractors for the performance of any contract we enter into with them or you;

Advertisers and advertising networks that require the data to select and serve relevant adverts to you on other websites. Our third-party partners may use technologies such as cookies to gather information about your activities on this Site and other websites in order to provide you with advertising based upon your browsing activities and interests, and to measure advertising effectiveness;

Analytics activities by means of tracking through the use of cookies and similar technologies, aimed at verifying and measuring the quality and effectiveness of our online advertising campaigns, in order to improve the performance of those campaigns, as well as the services offered by us;

Companies, or physical business entities engaged in accounting which are responsible for carrying out accounting operations;

Companies, or business IT technicians who are responsible for implementing IT administration and the development of software programs used by us;

Companies, or business-to-business individuals providing server services that are in charge of storing data;

Companies providing payment services;

Companies providing auditing services;

Companies providing e-mail messaging services;

Companies providing domain registration services;

We may disclose your Personal Data to third parties:

in the event that we sell or buy any business or assets, in which case we will disclose your Personal Data to the prospective seller or buyer of such business or assets to continue the processing;

if the Company or substantially all of its assets are acquired by a third party, in which case Personal Data held by it about its customers will be one of the transferred assets;

if we are under a duty to disclose or share your Personal Data in order to comply with any legal obligation, or in order to enforce or apply our Terms and Conditions and other agreements; or to protect the rights, property, or safety of the Company, our customers, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.

We engage with a range of trusted third-party contractors and suppliers who will provide services to us in the context of any of the purposes described above or elsewhere in this notice. Whenever we engage with third party service providers, we undertake appropriate due diligence and we impose contractual obligations to ensure that any personal data shared with them is appropriately protected (including in the context of any international transfer of data), including that it can only ever be used by the third party service provider for the purposes of the provision of services to us.

If you want to learn in more detail about our third-party contractors (either sub-processors or independent data controllers), please contact us at dpo@enartia.com.

5. WHERE WE STORE YOUR PERSONAL DATA

All information you provide to us is stored on our secure servers located within the EU/EAA. It will also be processed by colleagues operating within the EU/EEA. This includes colleagues engaged in, among other things, the fulfilment of your order and the provision of support services.

If we share your personal data with a third-party service provider based outside of the EU/EEA (or if an EU/EEA-based service provider will itself transfer data outside of the EU/EEA), we will ensure that measures are implemented to protect the relevant data in accordance with approved safeguards.

5.a SAFEGUARDS FOR NON-EU/EEA TRANSFERS

Whenever we transfer your Personal Data outside the EU/EEA, we ensure a similar degree of protection is afforded to your Personal Data, by ensuring at least one of the following safeguards is implemented:

We will only transfer your Personal Data to countries that have been deemed to provide an adequate level of protection for Personal Data by the European Commission.

Where we use certain service providers, we may use specific contracts approved by the European Commission which give Personal Data the same protection it has in Europe.

We will implement supplementary measures where appropriate, including additional security measures to ensure adequate protection for Personal Data in line with our obligations as a responsible data controller.

6. HOW LONG WE STORE YOUR PERSONAL DATA

We will retain your Personal Data for as long as our contractual relationship lasts, or as long as needed to fulfil the purpose for which the Personal Data was originally collected. We may also be required to retain certain information by law and/or for legitimate business purposes:

We will retain only the necessary personal data that refer to the provision of our Services, for 5 years after the end of service, which in general corresponds to the statutory limitation period for breach of contract proceedings, so as to protect our interests and be able to demonstrate that we have correctly fulfilled our contractual obligations.

Traffic data shall be kept for 1 year as indicated in the relevant legislation.

Website logs shall be retained for a maximum of two years, based on our legitimate interest in protecting your website, hosted by us.

We will keep payment records for 20 years to comply with our tax and accounting obligations and based on our legitimate interest to protect against any lawsuits for wrongdoing.

Personal data used for marketing purposes based on consent will not be upheld after you revoke your consent.

We will keep any records of our communications until you request us to delete them.

For more information regarding the retentions time of cookies, please refer to our Cookies Policy.

7. TECHNICAL MEASURES

To protect your personal data that may be processed when using our website and/or our services, we have applied a high level of physical, technical, and organizational measures. We update and test the security technologies we have implemented on an ongoing basis.

We use firewalls, encryption and two factor authentication for your account and data and all the necessary certificates (TLS) for the security of our websites.

We also implement an access policy internally so as to restrict access to your data on a need-to-know basis necessary for the provision of our services. Moreover, our personnel have specific contractual obligations regarding personal data protection and are periodically trained on privacy and security related issues.

8. YOUR RIGHTS

You are entitled to: a) the right of access; b) the right to rectification; c) the right to erasure; d) the right to restriction of processing; e) the right to object to processing; f) the right to data portability; g) the right to withdraw consent to the processing of personal data.

If, at any time, you would like to exercise your rights or ask any question regarding your personal data, please refer to the email address dpo@enartia.com. We will respond to you within 30 days from the reception of your request.

If you feel that the protection of your personal data has been violated, you may file a complaint with the Hellenic Data Protection Authority (dpa.gr).

Please note we reserve the right to charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we could refuse to comply with your request in these circumstances. We may additionally need to request specific information from you to help us confirm your identity.

9. LINKS TO OTHER WEBSITES

Our website may, from time to time, contain links to and from the websites of our partner networks, advertisers, and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before submitting any Personal Data to these websites.

10. AMENDMENTS

We may change this document at any time in order to reflect changes in the law or our practices. Keep an eye on our website for any updates. If we change anything major in this document, we will inform you.

In case of discrepancies between translations, the Greek version shall prevail.