Privacy Policy
Last updated: March 18, 2026
Nadia Zampioglou ("we", "us", "our") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal data when you visit our website nadiamarketing.gr (the "Website") and use our services, in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR"), the Greek Law 4624/2019, and other applicable data protection legislation.
1. Data Controller
The data controller responsible for your personal data is:
Nadia Zampioglou
Thessaloniki, Greece
nadiazampioglou@gmail.com
+30 6971656163
2. What Personal Data We Collect
We collect and process the following personal data:
- Email address — when you subscribe to our newsletter or request free resources (Knowledge Share)
- Name, email, phone number, business name, website — when you submit our contact form
- Technical data — your IP address, browser type, operating system, and browsing behavior (pages visited, time spent) as automatically collected by our hosting provider (Vercel)
- Language preference — stored locally in your browser to provide content in your preferred language
3. Purpose and Legal Basis for Processing
We process your personal data for the following purposes:
- Newsletter delivery: To send you digital marketing insights, brand tips, and growth strategies. Legal basis: Your explicit consent (Article 6(1)(a) GDPR)
- Knowledge Share / Free resources: To send you requested PDF guides and educational materials. Legal basis: Your explicit consent (Article 6(1)(a) GDPR)
- Contact form inquiries: To respond to your questions and business inquiries. Legal basis: Pre-contractual measures at your request (Article 6(1)(b) GDPR)
- Website functionality: To ensure the proper functioning of our website, including language preferences. Legal basis: Legitimate interest (Article 6(1)(f) GDPR)
- Website performance: Our hosting provider (Vercel) collects basic analytics data to ensure website performance and security. Legal basis: Legitimate interest (Article 6(1)(f) GDPR)
4. Recipients of Personal Data
Your personal data may be shared with the following third-party service providers who act as data processors on our behalf:
- Resend (Resend, Inc., USA) — email delivery service used to send newsletter emails and knowledge share resources. Resend processes your email address to deliver emails on our behalf.
- Vercel (Vercel Inc., USA) — our website hosting provider that processes technical data (IP address, request logs) to serve our website.
- Google (Google LLC, USA) — Google Search Console is used to monitor our website's performance in search results. This processes aggregated, anonymized search data and does not directly collect personal data from our website visitors.
- Google Fonts — we use Google Fonts (Open Sans, Montserrat) which are loaded from Google's servers. Your browser connects to Google's servers to download font files, which may result in the transmission of your IP address to Google.
We do not sell, rent, or trade your personal data to any third party for marketing purposes.
5. International Data Transfers
Some of our service providers (Resend, Vercel, Google) are based in the United States. When your data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, including:
- EU Standard Contractual Clauses (SCCs) as adopted by the European Commission
- The EU-US Data Privacy Framework, where applicable
- Adequacy decisions by the European Commission, where applicable
6. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:
- Newsletter email addresses: Retained until you unsubscribe or request deletion
- Knowledge Share email addresses: Retained for the purpose of delivering the requested resources, then deleted within 30 days unless you also subscribed to our newsletter
- Contact form data: Retained for up to 12 months to follow up on inquiries, then deleted
- Technical/server logs: Retained by Vercel according to their retention policy (typically up to 30 days)
7. Your Rights Under GDPR
Under the GDPR, you have the following rights regarding your personal data:
- Right of Access (Article 15): You have the right to obtain confirmation as to whether your personal data is being processed and to request a copy of your data.
- Right to Rectification (Article 16): You have the right to request correction of inaccurate personal data.
- Right to Erasure (Article 17): You have the right to request deletion of your personal data ("right to be forgotten") when it is no longer necessary for the purpose it was collected, or when you withdraw consent.
- Right to Restriction of Processing (Article 18): You have the right to request that we restrict the processing of your personal data under certain circumstances.
- Right to Data Portability (Article 20): You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller.
- Right to Object (Article 21): You have the right to object to the processing of your personal data based on legitimate interests, including direct marketing.
- Right to Withdraw Consent (Article 7(3)): Where processing is based on your consent, you have the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
To exercise any of these rights, please contact us at nadiazampioglou@gmail.com. We will respond to your request within 30 days, as required by GDPR.
8. Right to Lodge a Complaint
If you believe that the processing of your personal data infringes the GDPR, you have the right to lodge a complaint with the Hellenic Data Protection Authority (HDPA):
Hellenic Data Protection Authority (HDPA / ΑΠΔΠΧ)
Kifisias 1-3, 115 23 Athens, Greece
Tel: +30 210 6475600
Website: www.dpa.gr
9. Data Security
We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include encrypted data transmission (HTTPS/TLS), secure hosting infrastructure (Vercel), and access controls to personal data.
10. Children's Privacy
Our Website and services are not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at nadiazampioglou@gmail.com and we will delete such data.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable legislation. The updated version will be posted on this page with a revised "Last updated" date. We encourage you to review this page periodically.
12. Contact Us
If you have any questions about this Privacy Policy or our data processing practices, please contact us at: