Privacy Policy Greece, GDPR

This Privacy Policy covers tom-of-madnessdemo.gr and targets people in Greece. We follow GDPR and EU privacy standards. This text explains how we process personal data when you browse the site, open an account, contact support, or interact with entertainment content, including Tom of Madness. It also explains why we collect certain details, how long we keep them, and what choices you have.

Last updated: January 28, 2026

Data Controller and Contact

The Data Controller is the operator of tom-of-madnessdemo.gr. The operator decides the purposes and methods of processing. Send privacy questions or rights requests to [email protected]. We ask for identity checks before we complete a request. This protects your account and reduces unauthorized access.

Who This Policy Applies To

This policy applies to visitors, registered users, and customers in Greece who access the site or related services. The services target adults. We do not knowingly collect personal data from minors. If we learn that a minor provided data, we delete it and stop processing connected to it.

What Personal Data We Collect

We collect account and identity details, such as registration information and contact data. We collect verification and compliance records, including checks, documents, and responsible gaming settings. We keep records of account activity and transaction history linked to service operation. We collect device and usage data, such as IP address, browser details, and events on the site. We place cookies and similar technologies. We store customer support communications, including emails, chats, and issue reports.

Why We Process Personal Data

We process personal data to set up and manage accounts and to provide the services you request. We run eligibility checks and meet legal and regulatory duties. We handle support requests and service messages. We protect accounts and limit fraud and abuse. We apply responsible gaming protections, including limits, cooling off, and self exclusion. We improve site performance, fix errors, and refine features. We send marketing communications only where rules allow and where your choices support it.

Legal Bases Under GDPR

We rely on contract when we provide services through your account. We rely on legal obligation when laws require checks, record keeping, or reporting. We rely on legitimate interests for security, fraud prevention, and service improvement, while respecting your rights. We rely on consent for cookies that are not essential and for marketing preferences where relevant. In rare situations, we rely on vital interests to protect people.

Cookies and Similar Technologies

Essential cookies support login, security, and core site functions. Cookies that are not essential support analytics, preferences, and advertising where relevant. We ask for consent before we place cookies that are not essential. You change choices and withdraw consent through the cookie settings on the site.

Sharing Personal Data

We share personal data with service providers for hosting, analytics, support tools, verification, and security. Where payment flows apply, we share needed details with payment partners and risk checks. We share data with professional advisers for legal and compliance matters. If group companies exist, we share within the group for operational reasons. We share data with regulators and authorities where the law requires it. We do not sell personal data.

International Transfers

If we transfer personal data outside the EEA, we apply safeguards. These include Standard Contractual Clauses and extra technical or organizational measures when needed. Request more information by emailing [email protected].

Data Retention

We keep personal data only for as long as needed for the purposes in this policy and for legal duties. When we no longer need it, and no legal duty requires storage, we delete it or anonymize it so it no longer links to you. We review retention periods on a regular basis.

Your Rights Under GDPR

Send requests to [email protected]. We ask for identity checks before we complete a request.

  • Access
  • Rectification
  • Erasure
  • Restriction
  • Objection
  • Portability
  • Withdrawal of consent

Complaints in Greece

If you think our processing breaches data protection rules, you file a complaint with the Hellenic Data Protection Authority. For faster clarification, contact us first at [email protected].

Security Measures

We protect personal data with technical and organizational measures. These include access controls, role based permissions, monitoring, and incident response steps. We apply encryption in transit when it fits the data flow. We limit staff access on a need to know basis and train staff on privacy and security duties. No system is 100% secure, so we focus on risk reduction and quick response.

Automated Decisions and Profiling

We run automated checks to prevent fraud, protect accounts, and support responsible gaming protections. These checks look at signals such as login patterns, device data, and unusual activity. Where the law grants a right to human review, you request a review and share extra context for assessment.

Changes to This Policy

We update this policy when services, processes, or legal duties change. We post the latest version on the site and refresh the Last updated date. When changes materially affect how we process personal data, we communicate them through the site experience or through contact details linked to your account.

What cookies are

This site uses analytics cookies (Google Analytics 4) to improve content and performance. You can choose what to allow. See Cookie Policy and Privacy Policy