1. Data controller
The data controller is AIME ΤΕΧΝΟΛΟΓΙΚΕΣ & ΨΗΦΙΑΚΕΣ ΥΠΗΡΕΣΙΕΣ Ε.Ε.. For privacy or GDPR matters contact info@aime.gr.
2. Categories of data
- Account data, billing profile details and company information.
- Usage logs, IP, browser/device details, timestamps and service selections.
- Support messages, contact-form submissions and complaint history.
- AI prompts/inputs that you choose to submit through platform tools.
3. Legal bases
- Contract performance, Art. 6(1)(b) GDPR.
- Legitimate interest for security and service improvement, Art. 6(1)(f) GDPR.
- Consent for marketing communications and non-essential analytics, Art. 6(1)(a) GDPR.
- Legal obligation for tax and regulatory recordkeeping, Art. 6(1)(c) GDPR.
4. Processors
We do not sell data. We use the following providers only to operate the services:
| Provider | Role | Transfer basis |
|---|---|---|
| Identity and data infrastructure provider | Database, authentication, storage | Frankfurt, EU |
| Payment processing provider | Payments and billing | EU-US DPF / SCCs |
| AI model providers | AI output generation | EU-US DPF / SCCs |
| AI retrieval provider | AI search / retrieval | EU-US DPF / SCCs |
| Cloud hosting provider | Cloud hosting | Frankfurt, EU |
For non-EEA providers, transfers rely on the EU-US Data Privacy Framework or Standard Contractual Clauses, depending on the provider.
5. Retention and rights
- Account data: while the account is active and up to 3 years after deletion.
- Billing / invoicing data: up to 10 years.
- Support history: up to 3 years. Access logs: up to 12 months.
You have rights of access, rectification, erasure, portability, objection and consent withdrawal. We respond within 30 days. You may also complain to the Hellenic Data Protection Authority.
6. Security
We apply technical and organisational measures such as TLS, access controls, logging and processor due diligence. If an incident creates risk for data subjects, we follow the applicable 72-hour authority notification process.