Privacy Policy
1. Εισαγωγή | 2. Συλλογή Προσωπικών Δεδομένων | 3. Κατηγορίες και χρήσεις των δεδομένων που συλλέγουμε | 4. Αποκάλυψη Προσωπικών Δεδομένων | 5. Για πόσο χρονικό διάστημα διατηρούμε τα δεδομένα σου | 6. Ανάλυση Προφίλ | 7. Τα δικαιώματα προστασίας των προσωπικών σου δεδομένων | 8. Ασφάλεια | 9. Αλλαγές στην Πολιτική Απορρήτου | 10. Επικοινωνήστε μαζί μας | 11. Γλωσσάριο
1. Introduction
This Privacy Statement is intended to help you understand why we collect your personal data and how we use it. We hope you will all take the time to read it carefully.
1.1. Who we are
STOIXIMAN LTD, (“Stoiximan”), a company with registered office at 35, TRIQ ID-DEJQA, Valletta, VLT 1434, Malta and registration number C 95597 (hereinafter the “Company”), which maintains a branch in Greece, at 268 Kifissias Avenue, P.C. 15232, Chalandri – Attica, is the owner and operator of this website. The Company offers online gaming services to customers in Greece and Cyprus under the name Stoiximan.
1.2. Mission Statement
Recognizing the rapid pace of technology and its continuous evolution, protecting an individual’s online privacy is a key concern in today’s digital economy. Our mission is to provide a safe and secure environment for our users to enjoy our services, while ensuring that their privacy is respected and protected at all times.
The following principles form the basis of Stoiximan’s stance on privacy:
- Access: As the owner of the information, you have control over the privacy of the data provided and processed by our Company.
- Transparency: We will be transparent about the data collected and how this information is used, to allow you to make an informed decision.
- Data Minimization : We collect and use only personal information that is necessary to provide our services and improve the user experience. We limit the collection of personal information to what is necessary and relevant.
- Security : Using strong security and encryption techniques, our Company will protect the data you entrust to us when using the current page or our services in local markets, committed to ensuring the confidentiality, integrity and availability of your data.
- Compliance : Our Company respects local privacy laws and will work with you to ensure that your legal privacy rights are respected and upheld.
By adhering to these privacy principles, we aim to provide our users with the highest level of privacy protection possible. We continually review and update our privacy practices to ensure they remain consistent with best practices and evolving privacy regulations.
Providing our products and services to our customers, while creating an excellent working environment with the aim of providing the best and most reliable online gaming experience, requires us to maintain and continuously strengthen the trust of our existing and potential customers, job candidates, employees, affiliated businesses and third parties.
1.3 Scope of the Privacy Statement
This Privacy Statement describes how we collect, protect and use the personal data you may provide to us either through our website (iroes.gr) or in the context of the related services we offer. It also describes the choices you have regarding this information and guidance on how you can exercise your rights in relation to this data. Our website is provided by the Company as defined below and this Company is the controller of your information. This Privacy Statement applies equally whether you access the website via a personal computer, mobile device or any other technology or device. For definitions of terms commonly used in data protection and privacy, you can refer to our Glossary.
2. Collection of Personal Data
We use different methods to collect data from and about you, including:
- Direct interactions: you may provide us with information about your name, surname, email address, contact phone number, sponsorship description or idea for the area of support that would interest you, the program in which you wish to participate, by completing the relevant Contact or Participation forms, which are available on our Website. This includes the personal data that you will provide in your written message when you contact us.
- Automated interactions: as you interact with our Website, we will automatically collect Technical Data about your actions and browsing patterns (Cookies).
3. Categories and uses of the data we collect
| Purpose of processing your data | Personal data | Possible consequences of failure to provide personal data | Legal basis for processing | |
| 1 | Questions, complaints & troubleshooting | Country, first name, last name, email address, message | We may not be able to handle/respond to your question/complaint. | Legitimate Interest (Optimal experience for our online visitors and troubleshooting, brand awareness and reputation)* |
| 2 | Access to our Website, Activation of basic functions, optimal experience of our visitors on the Internet and personalized content/advertising | Cookies (Essential Cookies, Functional Cookies, Performance/Analysis Cookies) | Basic website features may not work properly/ We may not be able to offer you a customized online experience when you visit our website. | Consent** |
| 3 | Evaluation of eligibility criteria for the allocation of sports sponsorships | Name, Surname, Father’s name, Date of birth, Gender, Email, Contact person, Telephone, Sponsorship description, Idea, Topic or area of support, Sponsorship duration, Communication plan, Benefits to the sponsor, Cost and type of sponsorship, Other Sponsors | Unable to participate in sponsorship | Legitimate Interest* |
| 4 | Communications Management | Name, Surname, Father’s name, Date of birth, Gender, Email, Sector of support, links, testimonials | Your request cannot be processed. | Consent** |
| 5 | Eligibility criteria for the allocation of sponsorship for the “Young Heroes Learn” program | Name, Surname, Father’s name, Date of birth, Gender, Email, County, Municipality, School, Contact person, Telephone, Number of students | Unable to participate in sponsorship | Legitimate Interest* |
| 6 | Promoting the Heroes brand and contributing to the public | Name, photo, and voice that can identify you as an individual | Unable to participate in sponsorship | Consent** |
| 7 | Participation in the “Empower Forward” program | Name, Surname, Father’s Name, Date of Birth, Nationality, Gender, Place of Residence, Country of Residence, Contact Phone Number, Email | Unable to participate in the program | Consent** |
| 8 | Participation in the “Stoiximan Wheels of Change” program | Name, Surname, Father’s Name, Date of Birth, Nationality, Gender, Place of Residence, Country of Residence, Contact Phone Number, Email | Unable to participate in the program | Consent** |
*In case we base the processing of your data on “legitimate interest”, we would like to inform you that we have first carried out an assessment of the balance of our interests with your interests, rights and freedoms regarding your privacy and data protection (“balancing test”) and have concluded that this processing is necessary and proportionate to the purpose of the processing. For more information, please contact us.
**Your consent means any freely given, specific, informed and unambiguous indication of your wishes by which, by a statement or by a clear affirmative action, you agree to the processing of your personal data. To the extent required/permitted by applicable data protection legislation and in accordance with the specified conditions, Stoiximan will obtain the lawful consent for the collection, use or disclosure of your personal data. The form of consent used may vary from case to case, to be appropriate based on the sensitivity of the information and your reasonable expectations. Consent may be withdrawn at any time. However, such withdrawal will not affect the validity of the processing that has been carried out so far.
4. Disclosure of Personal Data
4.1 We will not transfer, disclose or rent your personal data to any third party/entity in ways other than those described in this Privacy Statement. We will only share your data with the following recipients:
- The company named RUNAWAY GATE IKE, which has its headquarters in Nea Kifissia, at 53 Georgiou Lyra Street, with the aim of implementing the action “Stoiximan Wheels of Change”.
- The company with the name “W2STRATEGY IKE”, which is headquartered in Chalandri, at 9 Paparrigopoulou Street, 15232, with the aim of implementing the actions “Young Heroes Learn” and “Empower Forward”.
We also reserve the right to disclose your personal information to third parties, only in the event of a sale or purchase of any business, asset or share, we reserve the right to disclose your personal data to the prospective seller or buyer of the business, asset or share.
4.2 Finally, we reserve the right to disclose certain personal information to third party/independent service providers, agents or independent contractors who help us maintain our website and who provide us with other administrative services (including but not limited to processing and fulfilling orders, customer service, data retention and analysis, communicating with customers on our behalf and collecting information for the purpose of submitting entries to competitions and other promotions, selecting winners and delivering prizes). We seek to ensure that these third party/independent service providers will not use your personal data for any purpose other than to provide the services for which they are contractually bound. We also create contracts with these third parties that oblige them to comply with the standards of personal data protection required by law and to use the data only for the purposes for which it was transferred to them. Third parties provide the public with details of how they process data through their websites or other appropriate means.
4.3 We will not disclose your personal data to third parties outside the European Union, to countries where there is no adequate data protection regime. However, in the event that such a data transfer occurs, we will take all reasonable steps to ensure that your data is treated with the same security as within the EU/EEA and in accordance with this Privacy Statement and applicable law. In addition, we will update the current Privacy Statement to reflect the cross-border data transfer and the related safeguards for your privacy.
4.4 In the event that our website provides links to other websites created and maintained by other public and/or private sector organizations, we provide these links solely for your information and convenience. Stoiximan is not responsible for the privacy practices of websites that are not operated by or on behalf of Stoiximan.
5. How long do we keep your data?
It is our policy to retain your personal data only for as long as is necessary for the purpose for which it was originally collected, in accordance with the principles of Data Minimization and Storage Limitation. In accordance with our personal data retention program, your data will be retained for a period of two (2) years from the date of collection. In addition, we align the retention of your data with potential variations arising from the exercise of your personal data protection rights.
6. Profile analysis
We do not conduct automated decision-making or profiling when processing the personal data you provide to us through the current website (iroes.gr).
7. Your personal data protection rights
At any point, during the retention or processing of your data, you retain the following rights, while you can also submit the corresponding requests via email to [email protected]:
- Right of access – you have the right to access the personal data we hold about you
- Right to rectification – you have the right to correct any inaccurate or incomplete data we hold about you.
- Right to erasure – you can request that the data we hold about you be deleted from our records and we are obliged to comply with your request in certain cases.
- Right to restriction of processing – you have the right to request that the processing of your personal data be restricted and we are obliged to comply with this request where certain conditions apply.
- Right to data portability – you have the right to request that the data we hold about you be transferred to another organization
- Right to object – you have the right to object to the processing of personal data concerning you, under certain conditions.
- Right to withdraw consent – in cases where we base processing activities on your consent, you have the right to withdraw your consent at any time by sending an email to [email protected], without this negating the lawfulness of the processing, which preceded the withdrawal and was based on prior consent.
We will assess your request and respond to you regarding its progress and outcome (request approval, partial request approval, request rejection), as soon as possible and in any case within one month from the date of its submission. In case the Company rejects your request regarding the aforementioned Personal Data Protection Rights, we will respond to you justifying the reason for the rejection. You have the right to file a complaint directly with the local supervisory authority (Personal Data Protection Authority) and the Data Protection Officer.
We reserve the right to reject requests that are unreasonably repetitive, require disproportionate technical effort or have disproportionate technical consequences, risk the privacy of others, or are impossible to implement.
8. Security
The protection of your data is extremely important to the Company and in this regard, we constantly strive to provide all possible means to ensure the safekeeping of your personal data, to limit unauthorized access and/or possible changes. Such means include information security measures in accordance with current best practices for the protection of our customers’ privacy. These measures include technical and procedural actions and monitoring and detection actions aimed at protecting data from misuse, unauthorized access or disclosure, loss, alteration or destruction.
9. Changes to the Privacy Policy
We strive to continually review and update this Privacy Statement in order to comply with legal and regulatory requirements, while providing the best possible protection for your personal data. Any updates will be communicated to you via the current website.
10. Contact us
If at any time you believe that we are not complying with the provisions set out in this Privacy Statement or with any other matter related to data protection, please contact us by email at [email protected].
11. Glossary
Below you can find a list of frequently used data privacy terms and their definitions, to help you understand this Privacy Statement.
Personal Data: Any information that can directly or indirectly identify an individual (“Data Subject”). Simply put, personal data is a piece of data or a set of data that can distinguish an individual from a group of people. We, at Stoiximan, are legally responsible for our customers’ data and their storage, protection and use are governed by the General Data Protection Regulations and relevant laws.
Processing: Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means. Processing operations may include collection, storage, access/use, disclosure, erasure.
Data Subject: Any natural and living person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Data Controller: A natural or legal person, Public Authority, Organization or other body which, alone or jointly with others, determines the purposes and means of the Processing of personal data.
Consent: Any freely given, specific, explicit and unambiguous indication of the Data Subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the Processing of personal data concerning him or her.
Data Protection: The process of protecting personal data from unauthorized or unlawful disclosure, access, modification, processing, transfer or destruction.
Processor: Natural or legal person, Public Authority, Service or other body that Processes personal data on behalf of the Data Controller.
Profiling: Any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning the natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
Personal Data Breach: A breach of security that leads to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed.
Special Categories of Data: Personal data concerning or revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, data concerning health or sex life and sexual orientation, genetic data or biometric data.
Third Party: An external organization with which Stoiximan collaborates and is also authorized, under the direct supervision of Stoiximan, to process the personal data of individuals on its behalf.
Third Country: Any country not recognized as having an adequate level of legal protection for the rights and freedoms of Data Subjects with regard to the Processing of Personal Data.
[V2.1 – 01/2026]