Privacy Policy

1. Introduction

PNO Creative Software (“PNO”, “we”, “us”, or “our”) is committed to protecting your privacy and handling personal data in a transparent and secure manner.

This Privacy Policy explains how we collect, use, store, and protect personal data when you visit our website, contact us, or use our services.

By using this website, you acknowledge the practices described in this Privacy Policy.

—

2. Data Controller

PNO Creative Software

Athens, Greece
Email: greece@pno.systems

California, USA
Email: usa@pno.systems

For privacy-related requests, please contact us using the subject line: “Data Protection Request”

—

3. Personal Data We Collect

We collect only the personal data necessary to operate our website and respond to enquiries.

Information You Provide

When you contact us through our contact form or email, we may collect:

• Name
• Company name
• Business email address
• Telephone number (if provided)
• Message content and project information
• Any information voluntarily included in your communication

Technical Information

When you visit our website, our servers automatically collect technical information, including:

• IP address
• Browser type
• Device information
• Referring page
• Date and time of access

This information is collected through standard server logs and is used for security and operational purposes.

We do not intentionally collect special categories of personal data as defined by Article 9 GDPR.

—

4. Purpose and Legal Basis of Processing

We process personal data for the following purposes:

Responding to Enquiries

To answer requests submitted through our contact form or email.

**Legal basis:** Article 6(1)(b) GDPR (pre-contractual measures) and Article 6(1)(a) GDPR (consent).

Business Communications

To communicate regarding potential projects, services, partnerships, or contractual relationships.

**Legal basis:** Article 6(1)(b) GDPR.

Website Security

To protect our website, infrastructure, and users against unauthorized access, abuse, fraud, and cyber threats.

**Legal basis:** Article 6(1)(f) GDPR (legitimate interests).

### Legal Compliance

To comply with legal, tax, accounting, and regulatory obligations.

**Legal basis:** Article 6(1)(c) GDPR.

—

5. Data Retention

We retain personal data only for as long as necessary for the purposes described in this Policy.

Typical retention periods are:

• Contact enquiries: up to 12 months after the last communication.
• Business and contractual records: as required by applicable legal and accounting obligations.
• Server logs: up to 30 days.
• Encrypted backups: up to 90 days.

Data may be retained longer where required by law or necessary to establish, exercise, or defend legal claims.

—

6. Data Sharing

We do not sell, rent, or trade personal data.

Personal data may be shared only when necessary with:

Hosting Provider

Our website is hosted by: Hetzner Online GmbH (Germany)

Email Infrastructure

Contact form submissions are processed through our website infrastructure and delivered via our hosting provider’s email services.

Competent Authorities

Where required by applicable law, court order, or regulatory obligation.

All service providers are required to implement appropriate technical and organizational safeguards to protect personal data.

—

7. Cookies

Our website uses only cookies that are necessary for its operation and functionality.

These may include:

• Cookie preference settings
• Security-related cookies
• WordPress administrative session cookies (for authenticated administrators only)

At the time of publication of this Policy, our website does not use:

• Google Analytics
• Meta Pixel
• Advertising cookies
• Marketing or profiling cookies

Should this change in the future, this Policy will be updated accordingly.

—

8. Your Rights

Under the General Data Protection Regulation (GDPR), you have the right to:

• Access your personal data
• Correct inaccurate data
• Request deletion of your data
• Restrict processing
• Object to processing
• Receive your data in a portable format
• Withdraw consent at any time where processing is based on consent

To exercise any of these rights, please contact: greece@pno.systems

Subject: “Data Protection Request”

We will respond within the timeframes required by applicable law.

—

9. Right to Lodge a Complaint

If you believe that your personal data has been processed unlawfully, you have the right to lodge a complaint with the competent supervisory authority.

For Greece:

“Hellenic Data Protection Authority (HDPA)”
Kifissias Avenue 1-3, 115 23 Athens, Greece

Website: https://www.dpa.gr

We encourage you to contact us first so that we can attempt to resolve any issue directly.

—

10. Information Security

PNO applies appropriate technical and organizational measures to protect personal data against unauthorized access, loss, alteration, disclosure, or destruction.

These measures include:

• Encryption in transit (TLS)
• Access control mechanisms
• Secure hosting infrastructure
• Regular security monitoring
• Backup and recovery procedures

PNO operates an Information Security Management System certified according to **ISO/IEC 27001:2023**.

—

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in legal requirements, business operations, or website functionality.

The most current version will always be available on this page.

For any questions regarding this Privacy Policy, please contact: greece@pno.systems