Privacy Policy | Flowgeek

01. Introduction

Flowgeek (sole proprietorship — owner: Nikolaos Vlavianos, VAT No: [ΑΦΜ], GEMI: [ΓΕΜΗ], Athens, Greece) is committed to protecting your personal data in full compliance with the General Data Protection Regulation (GDPR — Regulation EU 2016/679), Greek Law 4624/2019, and all applicable legislation.

This Privacy Policy explains what data we collect through flowgeek.gr, why we collect it, how we use and protect it, and what rights you hold as a data subject.

The only personal data collected through flowgeek.gr is submitted voluntarily via the contact form. This data is transmitted to Flowgeek via email notification and is not stored in any database or third-party system. The Flowgeek AI chatbot processes messages in real-time without storing any user input permanently.

For personal data processed within systems and solutions delivered to Customers (chatbots, automations, web applications, integrations), a separate Data Processing Agreement (DPA) applies as incorporated in the applicable service contract.

02. Data Controller & Processor

For data processed through the flowgeek.gr website and direct business communications, the Data Controller is:

Flowgeek — Nikolaos Vlavianòs

VAT No (ΑΦΜ): [ΑΦΜ]

General Commercial Registry (ΓΕΜΗ): [ΓΕΜΗ]

Email: info@flowgeek.gr

Website: flowgeek.gr

Location: Athens, Greece

For personal data processed within systems and solutions delivered to Customers (chatbots, automations, web applications, integrations), the Customer is the Data Controller and Flowgeek acts exclusively as the Data Processor, operating solely on the Customer's documented instructions. This relationship is governed by a Data Processing Agreement (DPA) incorporated into the service contract.

03. Data We Collect

3.1 — Contact Form Data

When you submit the contact form on flowgeek.gr, the following information is collected:

• Full name
• Email address
• Company name
• Service category (selected from dropdown)
• Message (your inquiry or request)

This data is transmitted to Flowgeek via email notification only. It is not stored in any database, CRM, or third-party platform.

3.2 — Chatbot Interactions

Messages submitted through the Flowgeek AI chatbot are processed in real-time to generate a response. No user input is stored permanently. Messages pass through Flowgeek's private automation infrastructure and are not accessible to any third party.

04. How We Use Data

We process personal data strictly for the following purposes:

• Business communication: Responding to contact form inquiries and project-related communications.
• Legal compliance: Meeting tax, accounting, and regulatory obligations under Greek and EU law.
• Marketing: Sending promotional communications to prospects who have explicitly consented. You may withdraw consent at any time.

Flowgeek does not sell, rent, or trade personal data to any third party under any circumstance.

05. Legal Basis

Data processing is based on one or more of the following legal bases under Article 6 GDPR:

• Legitimate interests (Art. 6(1)(f)): To respond to contact form inquiries, ensure system security, and prevent fraud — where these interests are not overridden by your rights.
• Consent (Art. 6(1)(a)): For marketing communications and analytics cookies, where your explicit agreement is required.
• Legal obligation (Art. 6(1)(c)): To comply with Greek tax legislation and other applicable regulatory requirements.
• Contract performance (Art. 6(1)(b)): To deliver services contracted by Customers.

06. Technology Providers

No personal data submitted through flowgeek.gr is shared with third-party platforms. Contact form data is transmitted exclusively via email to Flowgeek's domain email address hosted within the European Union.

For the delivery of client projects, Flowgeek may engage technology providers covering the following categories:

• AI language model processing
• Text-to-speech and voice synthesis
• Cloud hosting and server infrastructure
• Workflow automation and API integrations
• Data storage and collaboration tools
• CRM, ERP, and business management platforms
• Social media and messaging platform integrations

All providers are selected for GDPR compliance and are bound by appropriate data processing agreements. Customers may request information about providers engaged in their specific project at any time by contacting info@flowgeek.gr.

07. Data Retention

Contact form data Not stored

Chatbot interaction data Not stored

Financial & billing records 5+ years (tax law)

Marketing data Until consent withdrawn

08. Data Security

Flowgeek implements appropriate technical and organizational measures to protect personal data, including:

• Encryption in transit: flowgeek.gr is served exclusively over HTTPS (TLS), ensuring all data submitted via the contact form is transmitted securely.
• Access control: Contact form submissions are received only by authorized Flowgeek personnel via a private domain email account.
• Breach response: In the event of a personal data breach, affected parties and the Hellenic Data Protection Authority (HDPA) will be notified within 72 hours, in accordance with Articles 33 and 34 GDPR.

09. International Data Transfers

Personal data submitted through flowgeek.gr is processed exclusively within the European Union. No international data transfers occur in relation to the flowgeek.gr website.

For client projects, certain technology providers may process data outside the EEA. In such cases, appropriate safeguards are applied including Standard Contractual Clauses (SCCs) and adequacy decisions in accordance with Articles 45 and 46 GDPR.

10. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

Right of Access (Art. 15)

Know what data we hold about you.

Right to Rectification (Art. 16)

Correct inaccurate or incomplete data.

Right to Erasure (Art. 17)

Request deletion of your data.

Right to Restriction (Art. 18)

Limit how we process your data.

Right to Portability (Art. 20)

Receive your data in a portable format.

Right to Object (Art. 21)

Object to specific processing activities.

Withdraw Consent

Revoke consent at any time without affecting prior processing.

Lodge a Complaint

File a complaint with the HDPA at www.dpa.gr.

To exercise any of these rights, contact us at info@flowgeek.gr. We will respond within 30 days.

11. Cookies

The flowgeek.gr website uses the following categories of cookies:

• Essential cookies: A session cookie is used by the Flowgeek AI chatbot to maintain conversation context during your visit. This cookie is strictly necessary for the chatbot to function and does not require your consent.
• Analytics cookies: Google Analytics 4 is used to understand how visitors interact with the website (pages visited, session duration, traffic sources). These cookies are activated only with your explicit consent via the cookie banner.
• Marketing cookies: Not currently used.

You may manage your cookie preferences at any time through the cookie banner on our website or via your browser settings.

12. AI Transparency (EU AI Act)

In accordance with Regulation (EU) 2024/1689 on Artificial Intelligence (EU AI Act), Flowgeek discloses the following:

• AI systems deployed by Flowgeek are classified as limited-risk systems under the EU AI Act.
• The Flowgeek AI chatbot is clearly identified as an artificial intelligence system. End users interacting with AI-powered systems built for Customers are informed that they are engaging with an AI, in compliance with Article 50 of the EU AI Act.
• AI-generated outputs may occasionally be inaccurate or incomplete. Critical decisions should always be verified by a human.
• The responsibility for ensuring EU AI Act compliance in the specific use case and sector of deployment rests with the Customer as the deploying entity.

13. Children

Flowgeek's services are designed for businesses and adult individuals. We do not knowingly collect personal data from individuals under the age of 18. If we become aware that data from a minor has been collected inadvertently, we will delete it promptly. If you believe we hold data relating to a child, please contact us immediately at info@flowgeek.gr.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our services, applicable law, or best practices. The version number and date at the top of this page indicate when the policy was last revised. In the event of material changes, we will notify Customers via email. Continued use of our services after notification constitutes acceptance of the updated policy.

Contact & Data Requests

For any questions, data subject requests, or concerns regarding this Privacy Policy:

Flowgeek — Nikolaos Vlavianòs | Athens, Greece | VAT: [ΑΦΜ]

info@flowgeek.gr

We will respond to all requests within 30 days in accordance with GDPR Article 12.