Privacy Terms

Legal Notice, Privacy Policy & Terms of Use

1. Legal Notice (Service Provider Information)

1.1 Brand and Legal Structure

This website (www.primetheagency.com) is operated under the commercial brand name:

PRIME THE AGENCY

PRIME THE AGENCY is not a separate legal entity, partnership, or registered company. It is a commercial collaboration between two independent self-employed professionals operating under a shared agency brand.

Each professional acts in their own legal capacity.

1.2 Independent Service Providers

Inessa Azoidou
VAT Number: 149736630
Email: info@primetheagency.com

Heraklion, 73150

Elisabeth Aronis
VAT Number: 178951797
Email: info@primetheagency.com

Heraklion, 71307

Both individuals are self-employed professionals registered and operating in Greece.

1.3 Supervisory Authority

The competent supervisory authority for data protection matters is:

Hellenic Data Protection Authority
Website: https://www.dpa.gr
Seat: Athens, Greece

2. Joint Controllership (Art. 26 GDPR)

Inessa Azoidou and Elisabeth Aronis jointly determine the purposes and means of processing personal data in connection with:

  • the operation of this website, and

  • the provision of services under the brand PRIME THE AGENCY.

They therefore act as Joint Controllers within the meaning of Article 26 GDPR.

2.1 Essence of the Joint Controller Arrangement

Pursuant to Article 26 GDPR, the Joint Controllers have entered into an internal arrangement defining their respective responsibilities.

In particular:

Compliance with transparency obligations under Articles 13 and 14 GDPR is ensured jointly.

Data subject rights under Articles 15–21 GDPR may be exercised against either Joint Controller.

Requests are coordinated and handled jointly via the common contact point.

Website-level technical and organisational measures (Article 32 GDPR) are implemented jointly.

Each Joint Controller remains individually responsible for personal data processed within the scope of her own professional services, client relationships, and internal systems.

Each Joint Controller maintains her own Records of Processing Activities pursuant to Article 30 GDPR for processing carried out in her individual professional capacity.

Personal data breaches relating to website infrastructure are handled jointly; breaches occurring within the individual professional systems of each Joint Controller are handled by the respective controller.

This allocation does not affect the joint and several liability of the Joint Controllers pursuant to Article 82 GDPR.

Each professional does not manage her client database independently. Instead, the professionals jointly manage client databases and jointly determine the purposes and means of processing of personal data, acting as joint controllers within the meaning of applicable data protection laws.

The professionals operate a common inbox for website inquiries (info@primetheagency.com), which is jointly accessed and managed for the purpose of handling communication requests and potential client inquiries.

In addition, the professionals share hosting services for the website, which constitutes a joint processing activity limited to the technical storage and availability of the website and related data.

No other joint processing activities are carried out beyond the joint management of client databases, the shared communication channel (common inbox), and the shared hosting infrastructure.

3. Privacy Policy

3.1 Legal Framework

Personal data is processed in accordance with:

Regulation (EU) 2016/679 (GDPR)

Greek Law 4624/2019 (implementing measures for GDPR)

Greek Law 3471/2006 (electronic communications & cookies)

Directive 2002/58/EC (ePrivacy Directive)

3.2 Categories of Personal Data

We may process the following categories of personal data:

  • Identification data (name, company name)

  • Contact data (email address, phone number)

  • Communication content

  • Contractual and service-related data

  • Billing and tax-related data (where applicable)

  • Technical data (IP address, browser type, device information)

  • Usage and analytics data (if implemented)

  • Cookie-related data

Special categories of data under Article 9 GDPR are not intentionally collected.

3.3 Legal Bases for Processing (Art. 6 GDPR)

Processing is based on one or more of the following legal grounds:

  • Art. 6(1)(a) GDPR – Consent

  • Art. 6(1)(b) GDPR – Performance of a contract or pre-contractual measures

  • Art. 6(1)(c) GDPR – Compliance with legal obligations

  • Art. 6(1)(f) GDPR – Legitimate interests

Legitimate interests may include:

  • responding to business inquiries

  • ensuring IT security and website functionality

  • maintaining and developing business operations

  • marketing to existing clients

Where consent is required, it may be withdrawn at any time with effect for the future.

Where processing is based on legitimate interests pursuant to Article 6 par. 1(f) GDPR, we have carried out an assessment to ensure that such interests are not overridden by the rights and freedoms of data subjects (in accordance with Recital 47 GDPR).

3.4 Purposes of Processing

Personal data is processed for:

  • Handling inquiries and communication

  • Providing agency and consulting services

  • Contract initiation and execution

  • Accounting and tax compliance

  • Website security and performance monitoring

  • Business analysis and improvement

  • Marketing communications (Where consent exists, subject to Article 11 Law 3471/2006)

  • Marketing Compliance (Article 11 Law 3471/2006)

Marketing communications are conducted on the basis of prior consent, OR under the “soft opt-in” exception of Article 11(3) Law 3471/2006, where applicable. Soft opt-in applies only where: contact details were obtained in the context of a prior client relationship, marketing concerns similar services and a clear opt-out mechanism is provided in every communication.

The professionals do not operate any newsletter services.

The professionals do not send promotional or marketing communications via email, nor do they engage in any form of direct marketing activities through electronic means.

3.5 Recipients of Personal Data

Personal data may be shared with:

  • Hosting providers

  • IT and technical service providers

  • Email and communication platforms

  • Analytics providers

  • Accounting and legal advisors

Where required by law, service providers are bound by data processing agreements in accordance with Art. 28 GDPR.

We do not sell personal data.

3.6 International Data Transfers

If service providers are located outside the European Union or European Economic Area (EEA), personal data may be transferred to third countries.

European Commission adequacy decisions (Article 45 GDPR), OR

Standard Contractual Clauses (Article 46 GDPR).

Following the Court of Justice of the European Union judgment in Case C-311/18 (Schrems II), Transfer Impact Assessments are conducted where required.Personal data collected through primetheagency.com may be processed by service providers located outside the European Economic Area (EEA), including the website hosting and infrastructure provider Squarespace.

Where such transfers occur, the Company ensures that appropriate safeguards are implemented in accordance with Chapter V (Articles 44-49) GDPR. Data transfers to providers established in the United States rely on the European Commission’s adequacy decision concerning the EU-US Data Privacy Framework, where applicable, or alternatively on Standard Contractual Clauses adopted by the European Commission pursuant to Article 46 GDPR, supplemented where necessary by additional technical and organizational measures.

Following the Court of Justice of the European Union judgment in Case C-311/18 (Schrems II), we have evaluated how well these providers protect data and ensured that any international data transfers are carried out in compliance with the above – mentioned legal framework and the relevant guidance of the European Data Protection Board.

Further information regarding the safeguards applied to international data transfers may be requested by contacting us at [info@primetheagency.com]

3.7 Data Retention

Personal data is retained only for as long as necessary for the respective processing purpose. Contractual and tax-related data are retained for a period of five to ten (5–10) years, as required by applicable Greek commercial, accounting, and tax legislation, including statutory limitation periods, audit powers of the competent tax authorities, and any applicable extensions thereof. Inquiry-related data is retained for up to three (3) years after the last contact. Marketing-related data is retained until consent is withdrawn or the data subject opts out. Log files and technical data are retained for a limited period necessary to ensure the security and proper functioning of the website. Upon expiration of the applicable retention periods, personal data is securely deleted or anonymised.

3.8 Data Subject Rights

Under GDPR, users have the right to:

  • Access (Art. 15 GDPR)

  • Rectification (Art. 16 GDPR)

  • Erasure (Art. 17 GDPR)

  • Restriction of processing (Art. 18 GDPR)

  • Data portability (Art. 20 GDPR)

  • Object to processing (Art. 21 GDPR)

  • Withdraw consent at any time

Requests for the exercise of data subject rights are handled without undue delay and in any event within one (1) month, in accordance with Article 12 GDPR. This period may be extended by up to two additional months where necessary, taking into account the complexity and number of requests. Where appropriate, we may request information necessary to verify the identity of the requesting individual, solely for the purpose of protecting personal data. Under article 77 GDPR users have the right to lodge a complaint with:

Hellenic Data Protection Authority.

PRIME THE AGENCY has implemented an internal, organized procedure for handling requests relating to the exercise of data subject rights, in accordance with Articles 12 to 22 of the General Data Protection Regulation (GDPR).

Data subjects may exercise their rights by submitting a request via email to info@primetheagency.com.

3.9 Data Security

Appropriate technical and organisational measures are implemented in accordance with Article 32 GDPR to ensure a level of security appropriate to the risk, including:

  • Access control

  • Secure hosting

  • Password protection

  • Encrypted communications (SSL/TLS where applicable)Appropriate technical and organizational measures are implemented in accordance with Art. 32 GDPR to ensure a level of security appropriate to the risk.

3.10 Automated Decision-Making

We do not conduct automated decision-making or profiling within the meaning of Art. 22 GDPR. Any processing of personal data does not involve decisions based solely on automated processing that produce legal effects or similarly significant effects for the data subjects.

3.11 Personal Data Breach (Articles 33–34 GDPR)

In the event of a personal data breach:

The competent supervisory authority will be notified within 72 hours where required (Article 33 GDPR).

Affected data subjects will be informed where a high risk exists (Article 34 GDPR).

Website-level breaches are handled jointly. Professional-system breaches are handled individually by the respective Joint Controller.

Furthermore, an internal personal data breach escalation procedure is in place. Any suspected or confirmed personal data breach is promptly assessed, documented, and escalated internally in order to determine the applicable notification obligations under Articles 33 and 34 GDPR.

Where PRIME THE AGENCY acts as a Joint Controller, the Joint Controllers coordinate without delay to assess the breach, allocate responsibilities, and ensure timely compliance with notification and communication obligations.

3.12 Data Protection Officer (Articles 37–39 GDPR)Χρειάζεται να γίνει αναφορά

A Data Protection Officer has not been appointed.

The criteria of Article 37(1) GDPR are not met, as:

  • the activities do not involve large-scale systematic monitoring of individuals

  • the activities do not involve large-scale processing of special categories of data

  • the Joint Controllers are not public authorities.

Nevertheless, appropriate internal data protection governance measures are implemented to ensure compliance with applicable data protection obligations, including the allocation of responsibilities, internal oversight, and procedures for handling data subject requests and personal data breaches.

4. Cookies

Pursuant to Articles 6 and 7 GDPR, Article 5 Directive 2002/58/EC and Article 4 of (Greek) Law 3471/2006, the Website uses cookies and similar technologies to ensure its proper functioning, enhance user experience and, where applicable, analyse website traffic and support marketing activities.

Strictly necessary cookies are used on the basis of the Company’s legitimate interests in ensuring website security and functionality, whereas all other cookies are deployed only with the user’s consent in accordance with applicable data protection and Privacy legislation.

Further detailed information regarding the types of cookies used, their purposes, retention periods and users’ choices is available in the Company’s Cookie Policy, accessible at [https://www.primetheagency.com/cookies].

5. Website Terms of Use

5.1 Application

These Terms of Use govern access to and use of this website.

By using this website, users acknowledge that they have read, understood, and agree to be bound by these Terms.This website is intended for users aged 18 or older.

5.2 Intellectual Property

All content available on this website, including but not limited to text, branding, logos, graphics, design elements, and media, is protected by applicable intellectual property laws.

Any reproduction, modification, distribution, or other use of the website content without prior written authorisation is prohibited.

5.3 Liability

Liability is excluded to the maximum extent permitted by applicable law, except in cases of intent, gross negligence, or injury to life, body, or health.

Nothing in these Terms limits or excludes liability that cannot be lawfully excluded under mandatory statutory provisions.

In cases of slight negligence, liability is limited to foreseeable and typical damages.

Mandatory statutory liability remains unaffected.

5.4 Third-Party Links

This website may contain links to external third-party websites.

No responsibility is assumed for the content, accuracy, availability, or privacy practices of such external websites.

Accessing third-party websites is at the user’s own discretion and risk.

5.5 Acceptable Use

Users must use the website in compliance with applicable law and these Terms.

Users must not engage in any activity that may compromise the security, integrity, or availability of the website, including attempts at unauthorised access or interference with website functionality.

Users are responsible for any damage caused by unlawful or improper use of the website.

5.6 Changes to the Website and Terms

The providers reserve the right to modify, suspend, or discontinue any part of the website at any time without prior notice.

These Terms of Use may be updated from time to time. The version published on the website at the time of use shall apply.5.4 Third-Party Links

We assume no responsibility for the content or privacy practices of external websites linked from this site.

5.7 No Professional Advice

The content of this website is provided for general informational purposes only and does not constitute professional, legal, financial, or other advice.

No client, advisory, or professional relationship is created solely through the use of this website or through contact initiated via the website.

6. Governing Law and Jurisdiction

This Legal Notice, Privacy Policy, and Terms of Use are governed by: 

  • European Union law

  • Greek law, including Law 2251/1994 (Consumer Protection), where applicable.

Jurisdiction lies with the competent courts of Greece, without prejudice to mandatory consumer jurisdiction rules under EU law.