Privacy policy

This Privacy Policy describes how personal data is collected and processed when you visit and use https://energyexchanges.gr/ (the “Website”), in accordance with the General Data Protection Regulation (GDPR, Regulation (EU) 2016/679) and applicable Greek law.

Contact email for privacy-related requests: info@energyexchanges.gr

1. Definitions

Personal data: any information relating to an identified or identifiable natural person.
Processing: any operation performed on personal data (collection, storage, use, disclosure, etc.).
Controller: the entity that determines the purposes and means of processing personal data.
Processor: an entity that processes personal data on behalf of the controller.

2. Controller

For personal data collected through the Website’s contact form and newsletter subscription, the Website operator acts as the data controller.

For ticket purchases performed inside the embedded Eventora environment, Eventora acts as an independent controller for the processing that takes place in its platform.

3. What data we collect and why

3.1 Contact form

Data collected: full name, email address, and message content.

Purpose: to receive and respond to your inquiry and to communicate with you about your request.

Legal basis: consent (Article 6(1)(a) GDPR). You provide your data voluntarily when you submit the form.

3.2 Newsletter (Brevo)

Data collected: email address only.

Purpose: to send you conference-related announcements and updates.

Legal basis: consent (Article 6(1)(a) GDPR). You can withdraw consent at any time by using the unsubscribe link included in each newsletter message.

3.3 Ticket purchases (Eventora embedded iframe)

Ticket purchases are carried out via an embedded iframe that loads the Eventora ticketing platform. Any personal data you enter there (including payment-related data) is processed by Eventora under its own terms and privacy policy. We do not receive or store your payment card details.

3.4 Analytics and measurement (Google Analytics)

We use Google Analytics to understand how visitors use the Website (e.g., pages visited, approximate location, device/browser information, and interaction statistics). This helps us improve the Website and evaluate the effectiveness of content.

Legal basis: consent, collected and managed via Cookiebot (Article 6(1)(a) GDPR), where required.

4. Cookies and consent management

The Website uses Cookiebot to obtain and record user preferences regarding cookies and similar technologies. You may change or withdraw your consent at any time through the consent banner or its settings.

5. Recipients of personal data

We may share or disclose personal data only where necessary for the purposes described in this policy, including to:

Brevo (newsletter delivery), acting as a processor.
Google (Google Analytics), acting as a provider of analytics services.
Eventora (ticketing), acting as an independent controller within its platform.
Hosting/IT providers to the extent required for operating and securing the Website.

We do not sell your personal data.

6. International data transfers

Some service providers may process data outside the European Economic Area (EEA). Where applicable, transfers are safeguarded by appropriate mechanisms under GDPR (such as Standard Contractual Clauses or equivalent measures implemented by the provider).

7. Data retention

Contact form submissions: retained until you request deletion.
Newsletter subscription data: retained until you unsubscribe (or otherwise request deletion).
Analytics data: retained according to the configuration and retention controls of Google Analytics.

8. Security

We apply reasonable technical and organizational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. However, no method of transmission over the internet is completely secure.

9. Your rights

Subject to GDPR conditions and limitations, you have the right to:

Access your personal data;
Rectify inaccurate or incomplete data;
Request erasure of your data;
Restrict processing;
Object to processing (where applicable);
Data portability (where applicable);
Withdraw consent at any time (without affecting the lawfulness of processing before withdrawal).

To exercise your rights, contact: info@energyexchanges.gr

10. Supervisory authority

If you consider that the processing of your personal data infringes GDPR, you have the right to lodge a complaint with the Hellenic Data Protection Authority (HDPA).

Website: https://www.dpa.gr

11. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. The updated version will be published on this page.