Updated: 19/03/2026

The protection of your personal data is a priority for SIGMAPRO. This Privacy and Data Protection Policy (hereinafter "Policy") describes the purposes, legal bases and procedures for the collection, storage and general processing of your personal data by SIGMAPRO, when you visit our website, use our services or communicate with us.

This Policy is applied in accordance with:

    - Regulation (EU) 2016/679 (GDPR), as applicable.

    - Law 4624/2019 (national data protection legislation).

    - Law 3471/2006 (data protection in electronic communications), as amended from time to time.

    - Regulation (EU) 2024/1689 (EU AI Act), to the extent that SIGMAPRO uses artificial intelligence systems.

    - The decisions and guidelines of the Hellenic Data Protection Authority (HDPA) and the European Data Protection Board (EDPB).

1. CONTROLLER DETAILS

Data Controller:
SIGMAPRO CONSULTING ECONOMIC ACCOUNTING Societe Anonyme 350 Syngrou Ave., 176 74, Kallithea, Attica
Tel.: +30 2821600450 | Email: info@sigmapro.gr
Company Registration No. (GEMI): 157839301000

Data Protection Officer (DPO):
For any matter relating to the processing of your personal data, you may contact our Data Protection Officer at: support@sigmapro.gr              (Subject: "Data Protection").

2. DEFINITIONS

Personal Data: Any information relating to an identified or identifiable natural person, in particular by reference to an identifier such as a name, identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person.

Processing: Any operation or set of operations performed on personal data or sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

3. WHEN AND WHAT DATA WE COLLECT

3.1 When you browse our website

When you visit our website, technical data may be collected (IP address, browser type, pages visited, time spent) through cookies and similar technologies. For details, please refer to our Cookie Policy. The legal basis is your consent (Article 6(1)(a) GDPR) for non-essential cookies, and our legitimate interest (Article 6(1)(f) GDPR) for strictly necessary technical cookies.

3.2 When you submit an enquiry via the contact form

We collect: full name, telephone number, email address, company and professional capacity. The purpose is to respond to your enquiry. Legal basis: performance of a contract or pre-contractual steps (Article 6(1)(b) GDPR) or legitimate interest (Article 6(1)(f) GDPR). Data is retained for as long as required to serve your request and thereafter for as long as required by applicable law.

3.3 When you subscribe to our newsletter

We collect: email address. The purpose is to send newsletters. Legal basis: consent (Article 6(1)(a) GDPR) via a double opt-in process. Data is retained until you withdraw your consent. You may unsubscribe at any time via the link included in every newsletter or by sending a request to support@sigmapro.gr.

3.4 When you attend conferences, seminars and events

We collect: full name, title, telephone number, email address, company name. In the event of photography or video recording, we may process your image, subject to your consent. Legal basis: consent (Article 6(1)(a) GDPR) or legal obligation where a participation fee is paid (Article 6(1)(c) GDPR). Data is retained for as long as required to prevent the statute of limitations on any related claims, in accordance with applicable law.

3.5 When you submit your curriculum vitae

Your CV data (full name, contact details, education, work experience) is processed exclusively for the purposes of candidate evaluation. Legal basis: consent (Article 6(1)(a) GDPR). Data is retained until the relevant position is filled or, if you so wish, for one (1) year. It is not disclosed to third parties. You may withdraw your consent and request deletion at any time.

3.6 In the context of accounting, tax and advisory services

In the context of performing the service agreement, we process:

    - Personal and identification details.

    - Financial and asset information.

    - Access credentials for tax and insurance platforms (TAXIS, e-EFKA, ERGANI II, etc.).

    - Contact details.

    - Any other data necessary for the fulfilment of contractual or legal obligations.

Legal bases: performance of a contract (Article 6(1)(b) GDPR), compliance with a legal obligation (Article 6(1)(c) GDPR), consent (Article 6(1)(a) GDPR) and, in exceptional cases, protection of vital interests (Article 6(1)(d) GDPR).

4. USE OF ARTIFICIAL INTELLIGENCE (AI) TECHNOLOGIES

SIGMAPRO may use artificial intelligence tools to support its services (e.g. automated document processing, data analysis). Such use is always carried out:

     - In compliance with Regulation (EU) 2024/1689 (EU AI Act).

     - Without automated decision-making with significant legal consequences for you, without human oversight.

    -With appropriate safeguards to ensure that your data is not entered into external AI systems without your approval or the necessary security measures.

In the event of automated processing that produces legal effects, we will inform you accordingly and provide you with the right to human review, in accordance with Article 22 GDPR.

5. RECIPIENTS AND DATA TRANSFERS

Your data is neither sold nor disclosed to third parties for commercial purposes. It may be transferred exclusively to:

       - Public authorities: AADE (Tax Authority), e-EFKA, DYPA, SEPE, tax offices, ERGANI II, HDPA, etc., where required by law.

    - Associates – Data Processors: External service providers (e.g. cloud, payroll software, communication platforms) acting under written Data Processing Agreements (DPA) and providing adequate GDPR compliance guarantees.

    - Legal or financial advisors: To the extent required for the performance of the contract or to support legal claims.

Transfers outside the EU/EEA: Where your data is transferred to a country outside the EU/EEA (e.g. via cloud services), SIGMAPRO ensures that appropriate safeguards are in place (e.g. Standard Contractual Clauses – SCCs, European Commission adequacy decision), in accordance with Chapter V GDPR.

6. DATA RETENTION PERIODS

We retain your data for the minimum period necessary, as follows:

    - Client data (accounting/tax services): Up to 10 years from the end of the engagement, in accordance with tax legislation.

    - Payroll data: Up to 10 years, in accordance with insurance and labor legislation.

    - Contact form: For as long as required to handle the request and, at most, 5 years for potential claims.

    - Newsletter: Until withdrawal of consent.

    - CVs: Until the position is filled or 1 year upon request.

    - Events / seminars: For as long as required to prevent the statute of limitations on related claims.

7. SOCIAL MEDIA

Via our website, you may connect with SIGMAPRO's pages on social media platforms (LinkedIn, Facebook, etc.). SIGMAPRO accepts no liability for the processing of data carried out by those platforms. To exercise your rights in relation to data managed by social media platforms, please contact them directly. The legal basis for any processing on our part (e.g. communication via messages) is your consent, which you may withdraw at any time in the same manner in which it was given (unlike/unfollow/block).

8. DATA SECURITY

SIGMAPRO implements appropriate technical and organizational measures to protect your data against unauthorized access, loss, alteration or disclosure, in accordance with Article 32 GDPR and the requirements of the NIS2 Directive (Directive EU 2022/2555). These measures include, amongst others: encryption, access controls, multi-factor authentication and regular security assessments.

Data Breach: In the event of an incident likely to result in a high risk to your rights and freedoms, SIGMAPRO will notify you without undue delay and will report the incident to the HDPA within 72 hours, in accordance with Article 33 GDPR.

9. DATA SUBJECT RIGHTS

You have the following rights, which you may exercise at any time:

Right of access (Article 15 GDPR): To obtain confirmation as to whether we are processing your data and to receive a copy thereof.

Right to rectification (Article 16 GDPR): To request the correction of inaccurate or the completion of incomplete data.

Right to erasure / "right to be forgotten" (Article 17 GDPR): To request the erasure of your data where the conditions set out in law are met.

Right to restriction of processing (Article 18 GDPR): To request restriction of processing under specific conditions.

Right to data portability (Article 20 GDPR): To receive your data in a structured, commonly used and machine-readable format, or to request its transfer to another controller.

Right to object (Article 21 GDPR): To object to processing based on reasons relating to your particular situation, where the legal basis is legitimate interest.

Right to withdraw consent (Article 7 GDPR): To withdraw your consent at any time, without affecting the lawfulness of processing carried out prior to withdrawal.

Right not to be subject to automated decision-making (Article 22 GDPR): To request human review in the event of automated decision-making with legal or similarly significant effects on you.

10. HOW TO EXERCISE YOUR RIGHTS

To exercise any of the above rights, please submit a written request:

    - Email: support@sigmapro.gr (Subject: "Exercise of right – [access / rectification / erasure / restriction / objection / portability]")

    - Post: SIGMAPRO SA, 350 Syngrou Ave., 176 74, Kallithea, Athens

We respond free of charge within one (1) month of receiving your request. In the case of complex or multiple requests, we may request an extension of up to two (2) additional months, notifying you within the first month. Requests that are manifestly unfounded or excessive may be subject to a reasonable fee or refused.

11. RIGHT TO LODGE A COMPLAINT WITH THE HDPA

If you believe that the processing of your data infringes the applicable regulatory framework, you have the right to lodge a complaint with the Hellenic Data Protection Authority (HDPA):

    - Website: www.dpa.gr

    - Tel.: 210 6475600

    - Email: contact@dpa.gr

    - Address: 1-3 Kifissias Ave., 115 23, Athens

12. COOKIES

Our website uses cookies and similar technologies. These are managed via the Consent Management Platform displayed upon your first visit. We distinguish the following categories:

    - Strictly necessary cookies: Do not require consent. Essential for the operation of the website.

    - Functional cookies: Activated only with your consent.

   - Analytical cookies: For statistical traffic analysis, subject to consent.

    - Marketing cookies: For personalized advertising, subject to explicit consent.

You may modify or withdraw your preferences at any time via the cookie management tool or your browser settings.

13. POLICY UPDATES

This Policy is updated whenever deemed necessary, due to legislative changes, new services or changes in processing practices. In the event of material changes, we will notify you via a prominent notice on our website or by other appropriate means (e.g. email), prior to the changes taking effect. Where we wish to process your data for a purpose other than that for which it was originally collected, we will inform you and, where required, seek your fresh consent.

For any queries regarding this Policy or the processing of your personal data, please contact us:
Email: support@sigmapro.gr | Tel.: +30 2821 600450