Privacy Policy & Data Processing Agreement

At ByteTect Ε.Ε. ("ByteTect", "we", "our", "us"), compliance and data security form the core of our infrastructure. This privacy policy defines our obligations and your rights under the General Data Protection Regulation (GDPR) and related regulatory frameworks regarding data collected through our website, communications, and client engagements.

1. Data Governance & Accountability

ByteTect acts as the Data Controller for information you submit directly via our website, email communications, and business inquiries. For technical projects where we process data on your behalf within software infrastructure, ByteTect acts as a Data Processor under clearly defined Data Processing Agreements (DPA) conforming to ISO 27001 standards.

2. Client Communications & Email Management

Our handling of B2B client communications operates under strict data minimization and confidentiality protocols:

• Inquiry and Contact Forms: Data captured through our initial contact interfaces (e.g., booking discovery calls) is strictly limited to relevant business identity data (Name, Corporate Email, Technical Context).
• Email Retention: Project-related email communications are securely stored as business records for the duration of the engagement and the corresponding legal liability period. Extraneous marketing or unverified inbound communications are routinely scrubbed.
• Secure Channels: We do not ask for or process sensitive personal data (Special Category Data) or production credentials via standard email. We utilize secure out-of-band channels for technical payloads.

3. Categories of Data Processed

• Identity and Contact Data: Name, corporate email address, phone number, and company affiliations.
• Technical and Usage Data: Anonymized behavioral data strictly for operational functionality, performance tracking, and security monitoring, governed by your active consent (Consent Banner).
• Financial and Transactional Data: Invoicing and billing data held strictly in compliance with Greek tax and corporate legislation.

4. Legal Basis for Processing (GDPR Article 6)

We process your information based on one or more of the following legal grounds:

• Contractual Necessity: Processing required to initiate, manage, or conclude an engineering engagement or SaaS subscription.
• Legitimate Interests: To ensure the immediate security, uptime, and proper operational performance of our digital assets.
• Legal Obligation: To comply with local EU tax, accounting, and corporate governance laws.
• Explicit Consent: For tracking, non-essential cookies, or explicit opt-in communications.

5. Third-Party Disclosures & Security

We do not sell data. Sub-processors (e.g., cloud hosting, secure CRM platforms) are bound by equivalent zero-trust privacy agreements. As highlighted in our vendor risk management, our operations are additionally backed by AIG CyberEdge 2.0, affording liability protection against network security failures or privacy breaches.

6. Your Privacy Rights

Under the GDPR, you maintain comprehensive rights over your digital footprint:

• The Right to Access any personal data held by our systems.
• The Right to Rectification of incomplete or inaccurate data.
• The Right to Erasure ("Right to be Forgotten") where operational or legal mandates do not override this request.
• The Right to Restrict or Object to data processing.

7. Regulatory Contact Information

For any queries regarding this policy, to exercise your data rights, or to submit a Data Subject Access Request (DSAR), please contact our Compliance Team: