PRIVACY NOTICE

Welcome to EN PLO (https://en-plo.gr). Seeking to safeguard, to the extent attributable to us, your privacy and to adhere to the principles of the applicable Greek and European data protection legislation, and as part of an all‑round leisure experience on our premises, we provide you with information on how we collect, use and protect your Personal Data.

For this reason, before you use our website and our facilities, please read this Privacy Policy carefully. Even mere access to it constitutes your unconditional acceptance of its terms, as well as your unconditional consent to the processing of your personal data by us, as set out below. If you do not agree with the terms below, you should refrain from any further use of our website and our facilities.

Prelude

The company EVANGELOS HOULIARAS & CO. LLP, seated in Vouliagmeni, Attica (4 Poseidonos Avenue, PC 16671), email: info@en-plo.gr, tel.: +30 2109671770-1, duly represented, acting as Data Controller, and taking the protection of the visitors to its website and restaurant very seriously, informs you about the manner and purpose for which it generally processes your personal data, in accordance with EU Regulation 2016/679 and national legislation, as such data are made available through the use of the website https://en-plo.gr.

Sources of Data Collection

We collect personal data from the following sources:

• From your visit to https://en-plo.gr via the browser you use.
• From the contact form found in the “contact” sub‑section of the website https://en-plo.gr.
• From telephone calls, e‑mails and other means of correspondence and communication (such as cross‑platform voice over IP and instant messaging software applications – WhatsApp, Viber, etc.) for the purpose of informing you about our services.
• From your visit to our restaurant (we may collect personal data during your visit to our premises by asking you to complete certain documents/forms related to dietary habits/preferences, your experience at the restaurant and your satisfaction).
• From your transactions within our restaurant.
• From other sources (e.g. social media and your posts on them, such as Facebook, Instagram, regarding details you disclose, your choice to receive newsletters, questionnaires, offers).
• From third parties (such as corporate clients, third‑party operators and other business partners, sources that share your data with us in accordance with our legal or contractual obligations).

Types of Data Collection

We collect only those personal data that are absolutely necessary, relevant and appropriate for the purpose for which they are intended. Such data are subject solely to specified and lawful processing in order to inform you and to provide our services to our clients correctly and efficiently.

• Identification data: first name, last name, father’s name.
• Contact data: your e‑mail address, telephone number (landline and/or mobile), social media details and use of communication applications.
• Demographic data: nationality, communication language.
• Financial and payment data: credit card details, bank account numbers, billing address, proof of payment, data collected in the case of issuing an invoice for services rendered (company name, business address, type of activity, company VAT number, competent tax office).
• Financial booking data: only in cases of advance payment: payment information including credit/debit data, bank account and beneficiary details, total financial figures for the booking and advances/balances. It is noted that when you make a reservation through our website, if it is completed via a third‑party platform, we do not collect debit/credit card details and no advance payment is required. In exceptional cases of advance payment, when paying by card you will be redirected to the environment of a banking institution or the platform which records the credit card details (card number, cardholder’s name, expiry date). Card data are transmitted in encrypted form.
• Booking information: the location/table you reserve, the dates and times of your reservations, the number of persons included at the table, employer details (for business‑related reservations).
• Technical information regarding your computer or mobile device: necessary information about the device you use to visit our website, such as Internet Protocol address (IP), type of computer, screen resolution, operating system and type (and version) of browser, geographical location (geolocation), duration of the visit to each section of the site, etc.
• Website traffic and usage statistics: information collected from cookies in your browser. For more information, please refer to the Cookies Policy.
• Social media information: information you share publicly on social networks (comments, reviews, questions, etc.) or information that is part of your profile on a social network (e.g. Facebook, Instagram) which you publish and allow to be shared with us or third parties.
• Health data: information regarding the use of special services, amenities and accessibility, information about your diet and any food allergies, your illness and treatment, as well as any special health need during your visit.

PURPOSE FOR PERSONAL DATA PROCESSING

We process your personal data with absolute respect for them and for the personalized experience we offer you:

• For proper and effective information about our services, managing customer service requests, facilitating and addressing questions, comments and complaints regarding any of our services (in person, via telephone lines, e‑mail or social media). The lawful basis for processing is the performance of the contract for the provision of services and your consent.
• For serving our customers: We use your personal data to manage your general communication/service requests submitted via our website or in person (indicatively: facilitating reservations and related services and processing payments. Handling payments. Providing parking services. Arranging with third‑party providers on behalf of visitors. Managing and facilitating access to Wi‑Fi. Handling customer requests, inquiries and complaints, communicating with customers regarding events, communicating about service charges and debts, carrying out payments, deposits and settlements). The lawful basis for processing is the performance of the contract for the provision of services and your consent.
• For our compliance with the applicable legal framework: We use your personal data to comply with current legislation (tax law, legislation concerning catering businesses), to protect personal data and the rights of you and our company from malicious third parties and unlawful activities. The lawful basis for processing is legal obligation.
• For marketing and communication purposes relating to our products and services, our partners and third parties: We use your personal data to promote our products and/or services by sending newsletters via e‑mail, internet, SMS, via social media, through cross‑platform voice over IP and instant messaging software applications, concerning new products and offers. The lawful basis for processing is your consent and legitimate interest.
• For research and market analysis purposes: We use your personal data for business purposes related to the analysis of services or preferences, the effectiveness of advertising, the development/improvement of our business, as well as for customer satisfaction research and the improvement of the products and services we provide to you. The lawful basis for processing is your consent and legitimate interest.
• To improve the client experience of our website and restaurant and for statistical purposes. The lawful basis for processing is our legitimate interest.

PERSONAL DATA DISCLOSURE

Your personal data may be disclosed to:

• Employees and, in general, appointees of the company who are responsible for fulfilling and completing our contractual obligation to you, as well as for obligations imposed by law.
• Banking/Credit Institutions, headquartered in Greece or abroad, which you authorize to carry out your payment to us.
• Third external partners who provide restaurant management services and reservation systems.
• Third external partners who provide services aimed at completing your visit experience through actions related to our field of activity.
• Travel providers who offer services related to leisure and our line of business.
• Third parties providing accounting and tax services, for the purpose of fulfilling our tax obligations.
• Third‑party service providers who process personal data on behalf of the company, such as companies that host, manage, secure and maintain your data, companies that manage and host our website, host user accounts and generally deal with the development of the website, companies that undertake the distribution of newsletters (newsletter), as well as third‑party service providers engaged in market research and data analysis.
• Third legal or natural persons to whom we have contractually assigned/transferred the management of all or part of the business.
• Third entities to whom we are obliged to disclose data on the basis of prosecutorial orders, court decisions and applicable laws in general, for the purpose of protecting the legitimate interests of individuals or the State or in cases of investigating and preventing unlawful acts.
• Third parties to whom disclosure is necessary for the exercise of legal claims or for the defense of the company’s rights.
• Other third parties in the event that you have given your consent.
• Local or foreign regulatory authorities, governments, courts, health and safety authorities, law enforcement and relevant security authorities.

INFORMATION SECURITY

We implement appropriate physical, electronic, organizational and technical measures during the collection, storage and processing of personal data which ensure their security, safeguard the confidentiality of their processing and minimize (do not eliminate) accidental or unlawful destruction, accidental loss, alteration, prohibited dissemination or access and any other form of unlawful processing.

In addition, although there is no guaranteed security either within or outside the Internet, we protect the security of your data during their transmission to and from us by using physical, technical and organizational security measures, as well as encryption methods provided by security protocols. We apply TLS/SSL encryption to all data traffic and a need‑to‑know access minimization policy.

Furthermore, while we make every effort to ensure adequate contractual safeguards, we cannot guarantee the security of any personal information hosted in third‑party databases.

It is important to note that any form of communication, regardless of medium, is not absolutely secure. This is an inherent risk associated with the use of databases and physical or electronic communication.

PERSONAL DATA DISCLOSURE TO THIRD COUNTRIES

The personal data we collect, and process are stored in Greece and in EU countries. However, it may be necessary to transfer and store your data anywhere in the world, including countries where data protection laws may not be equivalent to or as protective as those of your country of residence.

In such a case, we check, to the extent possible, whether an adequate level of protection is ensured according to the European Commission by the said third country or whether appropriate safeguards have been provided for the processing of the data by the recipient, based on the law. This may include either the recipient’s adoption of EU Binding Corporate Rules or the conclusion of data transfer agreements that implement the standard contractual data protection clauses and ensure the transfer of data in accordance with the applicable legal requirements.

HYPERLINKS, SOCIAL MEDIA PLUG-INS AND THIRD-PARTY SITE AND ADVERTISEMENTS

Our website may include hyperlinks to other websites, plug‑ins, applications and third‑party advertisements. These third parties may collect and record information about you when you interact with their content, websites or applications in any way. We are not responsible for the incorrect and unlawful processing of your personal data by the above third parties, nor for any content posted on their websites. We bear no responsibility and have not assumed any responsibility in any way for them. Each such third party is governed by its own privacy policies, which you can consult by visiting their websites.

Please note that, in the event that the online booking process is managed by a third party via its own websites, we bear no responsibility or liability for the content, practices, policies and security measures implemented by them.

PERSONAL DATA RETENTION

We retain your personal data for as long as required in order to: (a) serve the need to inform you about the provision of our services, (b) fulfil our contractual obligations to you, (c) comply with our obligations arising from legislation in general, and (d) protect or pursue our rights.

With regard to your Personal Data whose processing is intended to inform you (e.g. communication regarding a request of yours, fulfilment of our contractual obligations to you, sending newsletters) about our services, such data are kept until you withdraw your consent.

The retention period of the data will be decreased or increased accordingly if a shorter or longer retention period for your data is provided for by law or regulatory acts.

PERSONAL DATA ACCESS

You have access to all data that you have already provided to us, a record of which you may receive following your written request.

RIGHTS ON YOUR PERSONAL DATA

• Right to be informed/Transparency. You have the right to know who processes your Data, what data are processed and for what purpose.
• Right of access. You can know the categories of your personal data that we keep and process, their origin, the purposes of processing them, the categories of their recipients, their retention period, as well as your related rights.
• Right to rectification. You can request the correction and/or completion of your personal data so that they are complete and accurate.
• Right to restriction. You can request the restriction of the processing of your data.
• Right to object and withdrawal of consent. You can object to any further processing of your personal data that we keep.
• Right to be forgotten. You can request the deletion of the personal data we keep about you, however only where your consent for us to retain them is the sole lawful basis.
• Right to data portability. You can request to receive your data in a readable format or the transfer of your data by us, to any other data controller.

In any case, we reserve the right to refuse your request for restriction of processing or deletion of your personal data if the processing or retention of the data is necessary for the establishment, exercise or defense of legal claims or for the fulfillment of our obligations.

The exercise of the right to portability does not entail the deletion of the data from our records.

The exercise of the above rights operates for the future and does not concern data processing already carried out.

In any case, you have the right to lodge a complaint with the competent supervisory authority (the Hellenic Data Protection Authority – HDPA) if you believe that the processing of your personal data is in breach of the applicable legislation. For more information you can visit www.dpa.gr.

EXERCISE YOUR RIGHTS

Any request concerning your personal data and the exercise of your rights must be addressed in writing and sent by post to: EVANGELOS HOULIARAS & CO. LLP, (4 Poseidonos Avenue, PC 16671, Vouliagmeni, Attica) or to the e‑mail address: info@en-plo.gr.

Every effort will be made to respond to your request within thirty (30) days from its submission. This period may be extended for an additional sixty (60) days if deemed necessary, taking into account the complexity of the request and the number of requests. We will inform you in any case where an extension is required within thirty (30) days.

The above service is provided free of charge. However, if a customer’s requests are manifestly unfounded, excessive or repetitive, we may either impose a reasonable fee on the customer, after informing them accordingly, or refuse to comply with the request(s).

AUTOMATED DECISION-MAKING AND PROFILING

“Automated decision‑making” means any processing of personal data based solely on automated processing by which personal aspects relating exclusively to the data subject (natural person) are evaluated, which produces legal effects concerning that person and is carried out for the performance of a purpose (decision‑making).

“Profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects of a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

We inform you that no automated decision‑making is carried out, nor profiling based on automated processing of your Data, with the exception of the “cookies” of our website, which takes place after you have been informed and have given your consent.

COOKIES AND RELEVANT TECHNOLOGIES

We or third‑party service providers may use cookies, invisible pixels, web beacons, scripts, Mobile SDKs and other similar technologies that store information about the user of our website, both to improve its functionality and to provide the best possible browsing experience on our website and delivery of our services. For more information about cookies, which ones we use and the purposes for which we use them, as well as how to configure their settings, please read the Cookies Policy.

Additionally, through third‑party cooperating providers, we collect information regarding statistical browsing data on our website and the means of communication between it and third‑party computer programs and software. This information is collected automatically via log files and similar technologies. Log files, in brief, maintain a record of events, activities, messages and communication between various communication software and the operating system.

These entries help us resolve technical problems and maintain the performance and security of our website, as well as detect or prevent fraud or other harmful activities.

We may use third‑party partners or technologies to collect this information. We, or our partners, may use all the aforementioned data collected via cookies and similar technologies to remember information about you in order to improve your overall experience.

For more information, you can refer to the Cookies Policy.

MINORS

Although we do not address minors and do not process their personal data without the consent of their parent or legal guardian, it is not possible for us to determine the age of persons who access and use our websites. If a minor provides us with personal data without the consent of the parent or guardian, we will not proceed with any processing of the data and will delete the relevant content. If you are a minor, we will need the consent of your parent or the person exercising parental responsibility/guardianship; otherwise, you must not use our services and must not grant us your personal data.

APPLICABLE LAW

The applicable law is Greek Law, as shaped in accordance with the General Data Protection Regulation (EU) 2016/679, and generally the current national and European legislative and regulatory framework for the protection of personal data.

The competent courts for the application and interpretation of this Policy and any amendment thereof, as well as any dispute arising in relation to Personal Data, are the Courts of Athens.

WAIVER

We bear no responsibility for the accuracy of the information (including personal data) you provide to us and any consequent incomplete or incorrect provision of our information or services; therefore you must ensure that the information you provide to us is true, accurate, complete and up to date.

Policy Updates

The company “EVANGELOS HOULIARAS & CO. LLP”, based on the applicable data protection policy and within the framework of the applicable legislative and regulatory framework, may revise or amend this Policy, which will always be available in updated form on the website (https://en-plo.gr), before any changes take place in the way we process your data.

23rd of June 2025 – ver. 1.1