Privacy Policy

This Privacy Policy describes how the company "SAMOURIS M PASCHALIDIS A G.P.", with the distinctive titles "MyStates O.E.", "MySolutions by MyStates" and "Maran Creations by MyStates", collects, uses, stores and protects personal data through its website and in the context of its activities.

The company processes personal data in accordance with the GDPR (General Data Protection Regulation) 2016/679 and the applicable Greek legislation on personal data protection.

1. Data Controller

The Data Controller is the company:

SAMOURIS M PASCHALIDIS A G.P.
Distinctive titles: MyStates O.E., MySolutions by MyStates, Maran Creations by MyStates
Registered office: 12 Chrysostomou Smyrnis Street, Piraeus, Postal Code 18540
Tax Identification Number: 802916845
G.E.MI. (General Commercial Registry) Number: 185273003000
Contact email for personal data matters: tar-minardil@hotmail.com

2. What Data We Collect

The company may collect and process, depending on the use of the website and the type of communication or cooperation, the following data:

identity and contact details, such as full name, telephone number, email and address;
information submitted through contact forms, quotation request forms or interest forms;
information related to a property, project, renovation, technical work, product or order;
photographs, files or other material voluntarily sent to us;
billing and transaction details, where cooperation or an order takes place;
technical website usage data, such as IP (Internet Protocol) address, cookies, device information, browser and basic browsing data.

3. Purposes of Processing

Personal data is used exclusively for lawful and specific purposes, such as:

responding to contact requests;
sending quotations and technical or commercial information;
evaluating projects, renovations, technical works or product requests;
executing contracts, orders, projects or services;
invoicing, accounting and tax compliance;
customer service and after-sales support;
management of warranties, complaints or requests;
protection of the company's legal rights and interests;
improvement of the operation and security of the website;
promotion of services or products, only where legally permitted or where the relevant consent has been given.

4. Legal Bases for Processing

The processing of personal data is carried out only where there is an appropriate legal basis in accordance with the GDPR (General Data Protection Regulation) and the applicable legislation.

Depending on the case, processing may be based on one or more of the following legal bases:

the performance of a contract or the taking of steps prior to entering into a contract, such as communication regarding a quotation request, project evaluation, execution of works, product dispatch or provision of services;
compliance of the company with legal, tax, accounting, commercial or regulatory obligations;
the legitimate interest of the company, including indicatively:
communication with customers or prospective customers;
management of requests;
protection of persons, property and premises;
documentation of projects, transactions and communications;
management of complaints or disputes;
prevention of fraud, malicious acts or abusive use;
protection of the company's legal rights, claims and interests;
security and proper operation of the website and digital services;
improvement of services, user experience and the company's commercial presence;
the user's consent, where required by law, such as for certain forms of commercial communication, newsletters, non-essential cookies or promotional activities;
the need to establish, exercise or support legal claims of the company;
the need to protect vital interests of a natural person, where provided for by law.

The company reserves the right to process data voluntarily submitted by the user through the website, email, telephone communication, messaging applications or social media, to the extent necessary for the evaluation, management or servicing of the relevant request or cooperation.

The company may also keep records of communications, technical information, quotations, project photographs, messages, transaction evidence and other relevant data for documentation purposes, customer service, protection of legitimate interests, compliance with the law and management of possible disputes or claims.

5. Activities of MySolutions by MyStates

In the context of the activities of MySolutions by MyStates, the company may process personal data and information related to renovation services, technical works, repairs, inspections, assessments, quotations, coordination of work crews, supply of materials, technical support and related services.

The data that may be collected includes, indicatively:

contact details of the customer or representative;
details of the property or project site;
addresses, photographs, videos or technical information of the site;
plans, floor plans, descriptions of works and technical requirements;
access details for the site;
information regarding installations, defects or pre-existing conditions;
financial data, invoicing and payment details;
quotations, contracts, delivery protocols, warranties and invoices;
records of communication through email, telephone, contact forms or messaging applications.

This data is used exclusively for purposes such as:

evaluation of the request and communication with the interested party;
scheduling of an inspection or technical assessment;
preparation and sending of a quotation;
organization, execution and monitoring of the project;
cooperation with technicians, work crews, suppliers, engineers or external partners;
documentation of the progress and completion of works;
issuance of invoices and compliance with tax or other legal obligations;
support after delivery of the project;
management of warranties, complaints or disputes;
protection of the company's legitimate interests, rights and claims.

The company may keep photographic, technical or communication records of projects and transactions for documentation purposes, project history, proof of execution of works, warranty management, customer service and protection against possible claims or disputes.

The customer acknowledges that the provision of certain data is necessary for the evaluation, organization and execution of the project and that failure to provide such data may make cooperation or the proper provision of services impossible.

6. Activities of Maran Creations by MyStates

In the context of the activities of Maran Creations by MyStates, the company may process personal data and information related to the manufacture, presentation, promotion, distribution and sale of products such as candles, jewelry, stained glass items, decorative items, personalized creations and other related products or constructions.

The data that may be collected includes, indicatively:

contact and delivery details;
order and invoicing details;
delivery address;
preferences regarding products, colors, dimensions or designs;
special instructions or personalized requirements;
records of communication through email, telephone, contact forms or messaging applications;
photographs, logos, designs or other material sent by the customer for the purposes of a personalized creation or order.

This data is used exclusively for purposes such as:

communication with the customer;
processing and execution of the order;
manufacture or customization of products;
dispatch of products through transport or courier companies;
issuance of invoices and compliance with tax or other legal obligations;
customer support;
management of complaints, returns or order-related issues;
protection of the company's legitimate interests and rights.

The company may keep records of orders, communications, technical specifications, designs, photographs or transaction evidence for order history, documentation, customer support, compliance with the law and protection against possible disputes or claims.

Where the customer sends designs, images, logos, files or other material for use in a personalized creation or product, the customer declares and guarantees that they hold the necessary rights of use or permission for the disclosure and use of such material and that such material does not infringe third-party rights, copyrights, trademarks or any other applicable legislation.

The company shall not be liable for any infringement of third-party rights arising from material, instructions or content provided by the customer.

7. Data Recipients

Personal data may be disclosed or made accessible, only to the extent strictly necessary and exclusively for the purposes described in this Privacy Policy, to third parties or partners involved in the operation of the website, the provision of services, the execution of projects, the processing of orders or the company's compliance with legal obligations.

Indicatively, data recipients may include:

technicians, work crews, subcontractors, engineers, suppliers or external partners for the evaluation, organization and execution of projects or technical works;
transport, courier or logistics companies for the dispatch, delivery or return of products;
accountants, tax consultants, legal advisors, insurance advisors or other professional partners of the company;
providers of website hosting, technical support, email, CRM (Customer Relationship Management), telecommunications, cloud services, communication applications or other digital tools;
banks, payment providers, POS (Point of Sale) services or other transaction processing entities;
electronic communication platforms, social media or advertising tools, where the user communicates with the company through them or where a relevant legal basis exists;
public, tax, judicial, supervisory or other competent authorities, where required by law or necessary for the protection of the company's rights and legitimate interests.

The company discloses only the data necessary for each specific purpose and does not allow third parties to use such data for their own independent purposes, unless this is required or permitted by law.

Where required, partners and providers that process personal data on behalf of the company are bound by appropriate contractual or professional obligations of confidentiality and data protection.

The company does not sell personal data to third parties.

8. Retention Period

Personal data is retained only for as long as necessary for the purposes for which it was collected and processed, as well as for as long as required by the company's tax, accounting, commercial, contractual, regulatory or other legal obligations.

The retention period may differ depending on the type of data, the purpose of processing, the nature of the transaction or cooperation, as well as the existence of a contract, order, project, quotation, warranty, complaint, claim or possible dispute.

Indicatively, data related to quotations, contracts, projects, orders, invoices, payments, warranties, delivery protocols, technical documentation, communications, photographic project material, complaints, claims or disputes may be retained for as long as required for:

proof of transactions and agreements;
fulfilment of tax and accounting obligations;
management of warranties and after-sales support;
documentation of execution of works or orders;
protection of the company's rights, claims and legitimate interests;
exercise, establishment or defence of legal claims.

Data submitted through a contact form or quotation request that does not result in cooperation may be retained for a reasonable period of time, so that the company may respond, follow up the request, document the communication and protect its legitimate interests.

After the necessary retention period has expired, the data is deleted, anonymized or archived in a manner that limits its further use, unless further retention is required or permitted by law.

9. Cookies and Technical Data

The website may use cookies or similar technologies for its operation, security, improvement of user experience, statistical traffic analysis or commercial promotion.

Strictly necessary cookies are used for the operation of the website. Non-essential cookies, such as statistical or promotional cookies, are used only where consent is required and has been given by the user.

10. Photographs, Files and Material Sent by the User

If the user sends photographs, designs, floor plans, documents, videos, files, messages or any other material through the website, email, messaging applications, social media or any other means of communication, the user declares and guarantees that:

they have the right to disclose the specific material to the company;
the material does not infringe third-party rights;
and the sending of such material is carried out on their own initiative and responsibility.

The user accepts that this material may be used by the company for purposes such as:

evaluation of the request;
technical assessment;
preparation of a quotation;
execution of a project or order;
technical support;
documentation of works;
management of warranties, disputes or complaints;
protection of the company's legitimate interests.

The user must not send unnecessary personal data of third parties, identification documents, banking details, sensitive information or data that is not necessary for their request.

The company shall not be liable for personal data, documents, persons, license plates, screens, numbers, addresses or other details appearing in material sent by the user themselves without prior concealment or editing by the user.

The company may retain the submitted material for a reasonable period of time for documentation purposes, communication history, proof of transactions, customer support, project management, protection of rights and compliance with legal obligations.

Material sent by the user is not published or used publicly in a manner that directly identifies the user or third persons, unless:

relevant consent exists;
the material has already been made public by the user themselves;
or such use is permitted or required by law.

Where the submitted material is used for project presentation, portfolio or promotional material, the company takes reasonable measures to avoid the direct identification of natural persons, private information or sensitive details.

The company is not obliged to immediately return, delete or destroy technical, photographic or communication material related to projects, quotations, transactions or communications, where its retention is necessary for lawful professional, technical, tax, evidentiary or legal purposes.

11. Rights of Data Subjects

The user has, in accordance with the GDPR (General Data Protection Regulation), the rights of access, rectification, erasure, restriction of processing, objection and portability, where applicable.

To exercise their rights, the user may contact the company at the email stated in this Policy. The company may request additional identification details before responding to a request, in order to protect data from unauthorized access.

12. Right to Lodge a Complaint

The user has the right to lodge a complaint with the HDPA (Hellenic Data Protection Authority), if they consider that the processing of their personal data violates the applicable personal data protection legislation.

Before lodging a complaint, the user may contact the company so that their request may be examined and the necessary clarifications or responses may be provided.

The company undertakes to examine every relevant request in good faith and within the deadlines provided by law, while retaining the right to request the necessary identification details of the applicant and to reject requests that are unfounded, excessive, abusive or repetitive, in accordance with the applicable legislation.

13. Data Security

The company takes appropriate technical, organizational and operational security measures to protect personal data against unauthorized access, loss, alteration, destruction, leakage, misuse or unlawful processing, taking into account the nature of the data, the purpose of processing, technological capabilities and the relevant risks.

These measures may include, as applicable:

restriction of access to authorized persons;
use of passwords and access control measures;
secure storage and communication systems;
backup copies;
technical protection measures for the website and infrastructure;
internal management and confidentiality procedures.

Notwithstanding the above, no method of transmission or storage of data through the internet, email, communication applications or electronic systems can be considered absolutely secure or immune from risks.

Therefore, the company does not guarantee that unauthorized third parties will not be able to bypass security measures or unlawfully access data, to the maximum extent that this is not due to its proven fault.

The user acknowledges that the transmission of information through the internet is carried out at their own risk and must send only the strictly necessary information for their request, avoiding the transmission of sensitive data, passwords, full banking details or other information that is not necessary.

The company shall not be liable for incidents caused by:

the user's own fault;
unsafe use of devices or networks by the user;
acts or omissions of third-party providers;
malicious acts by third parties;
force majeure events;
or technical events that are not under the reasonable control of the company.

In the event of a security incident affecting personal data, the company will act in accordance with the obligations provided by the applicable personal data protection legislation.

14. Third-Party Links

The website may contain links, references, embedded content or the possibility of redirection to websites, platforms, applications, services or content of third parties.

These links are provided exclusively for convenience, information, presentation of collaborations, project promotion, commercial communication or technical functionality of the website and do not imply approval, acceptance, guarantee or adoption of the content or practices of third parties by the company.

The company does not control and shall not be liable for:

the content of third-party websites or services;
the accuracy, completeness or legality of third-party information;
the privacy policy or terms of use of third parties;
the security, availability or operation of external websites or services;
the data processing practices of third parties;
any damage, loss or problem that may arise from the use of third-party websites, services or applications.

The user visits and uses third-party websites or services exclusively at their own risk and must be informed about the respective terms of use and privacy policies before any use or disclosure of personal data.

The company shall not be liable for content, comments, posts, functions, services, advertisements or tools provided by social media platforms, communication services, payment services, map providers, video providers, analytics providers or other third-party providers that may be embedded in or linked to the website.

15. Commercial Communication

The company may send updates, offers, technical information, informative material, commercial communications or other content related to its activities, services, projects, products or offers, through email, telephone, SMS (Short Message Service), messaging applications or other means of communication, only where there is an appropriate legal basis in accordance with the applicable legislation.

The sending of such communications may be based on:

the user's consent;
previous communication or transaction;
a quotation request or expression of interest;
or the legitimate interest of the company, where permitted by law.

The company may use contact details provided by the user themselves in the context of communication, a request, cooperation, order, project or transaction.

The user may at any time request the cessation of commercial communications or withdraw any consent given, by following the relevant instructions included in the communication or by contacting the company directly.

The cessation of commercial communications does not affect:

communications necessary for the performance of a contract or order;
updates related to projects, services or transactions;
the sending of invoices, legal notices or customer service information;
or other communications required for lawful or contractual purposes.

The company reserves the right to keep a record relating to the user's consent, withdrawal of consent or communication preferences for compliance and documentation purposes.

16. Amendments to the Policy

The company reserves the right to modify, update, revise or replace this Privacy Policy at any time and without prior individual notice, especially for reasons of compliance with changes in legislation, regulatory requirements, the company's activities, services, products, technological infrastructure or the operation of the website.

The version of the Privacy Policy in force from time to time is posted on the website and takes effect from the moment of its publication, unless otherwise stated.

The user must periodically check the Privacy Policy for any changes. Continued use of the website, services or communication with the company after amendment of the Policy shall be deemed acceptance of the version in force at the time, to the extent permitted by law.

The company may, at its discretion, inform users of material changes through the website, email or another appropriate means of communication, without however being obliged to provide individual notice in every case.

Last updated: 01 April 2026.