PRIVACY POLICY (PERSONAL DATA PROTECTION)

Last updated: 4/2/2026

This Privacy Policy describes how NPG ENGINEERING SOLUTIONS E.E. (in a foreign language: NPG ENGINEERING SOLUTIONS L.P.) (hereinafter the “Company” or the “Controller”) collects, uses, stores and protects the personal data of visitors/users of the website npgsolutions.gr (hereinafter the “Website”), in accordance with Regulation (EU) 2016/679 (“GDPR”) and the applicable Greek legislation.

The Website does not operate as an electronic store (e-shop). The presentation of products and prices is for information purposes only, and any transactions/contracts are concluded outside the Website.

1. Controller Details – Contact

NPG ENGINEERING SOLUTIONS E.E. / NPG ENGINEERING SOLUTIONS L.P.

Registered seat: 103 Polytechneiou Str., Dionysos, Attica

VAT No. 802031508, DOY KIFISIAS, G.E.MI. 168518003000

Tel.: (+30) 6937477144 – E-mail: info@npgsolutions.gr.

For requests relating to personal data you may contact us at the above details.

2. What data we collect

2.1 Data you provide to us

• Contact details: full name, company/capacity, e-mail, telephone, address (if provided).

• Message/request content: information you include in contact forms, e-mail or telephone communication (e.g. request for quotation, technical requirements, installation details, photographs/files you send).

• Data for quotation/contract (pre-contractual stage): information necessary for the preparation of a quotation (e.g. site specifications, equipment use, quantities, timelines).

2.2 Data collected automatically (technical data)

• Connection and usage data: IP address, date/time of access, pages you visit, browser type/version, operating system, device identifiers (where available), security logs.

• Cookies/similar technologies

3. Purposes of processing and legal bases

We process your data only for specified purposes and on a lawful basis:

1) Responding to enquiries/communication (form, e-mail, telephone) – Legal basis: legitimate interest (communication management) and/or taking steps at the request of the data subject prior to entering into a contract.

2) Preparation of a quotation and pre-contractual assessment (e.g. installation/service, technical solution) – Legal basis: taking steps prior to entering into a contract.

3) Conclusion and performance of a contract (if pursued outside the Website) – Legal basis: performance of a contract and/or legal obligation (tax/accounting).

4) Systems security and prevention of misuse/attacks – Legal basis: legitimate interest (information security).

5) Statistical analysis of traffic / improvement of the Website.

6) Marketing/Newsletter

4. Recipients – Processors

Your data may be disclosed only to the extent necessary to:

• Employees/associates of the Company who need access (e.g. technical department, sales, support).

• Infrastructure/IT providers (hosting, e-mail, systems maintenance) as “processors”, under agreements ensuring confidentiality and security.

• Accountants/tax advisers, legal counsel where required for compliance or the exercise/support of legal claims.

• Manufacturers/suppliers only where necessary for technical support, warranty, spare parts or specific technical investigation (case by case).

We do not sell or “rent” personal data to third parties.

5. Transfers outside the EEA

As a rule, we seek to ensure that providers are located within the EEA. If, due to technical infrastructure (e.g. cloud/e-mail/analytics), a transfer outside the EEA is required, it will take place with appropriate safeguards (e.g. adequacy decision, Standard Contractual Clauses, supplementary measures), in accordance with the GDPR.

6. Retention period (retention)

We retain data for as long as required by the purpose of collection and/or legal obligations:

• Communication requests: up to 12 months, unless a longer period is required for documentation/management of a dispute.

• Quotations/pre-contractual information: up to 12 months from the last communication.

• Contracts/invoices and supporting documents: in accordance with tax and accounting obligations.

• Security logs: up to 12 months (depending on security needs/investigation of incidents).

• Marketing data: until withdrawal of consent or for as long as the list is lawfully retained.

After the retention period expires, the data are deleted or anonymised in a secure manner.

7. Data subject rights

You have, as applicable, the following rights: access, rectification, erasure (“right to be forgotten”), restriction of processing, objection, data portability, withdrawal of consent (where applicable), as well as the right to lodge a complaint with the competent supervisory authority (Hellenic Data Protection Authority).

To exercise your rights, send a request to info@npgsolutions.gr
. We may request reasonable proof of identity for your protection. We will respond within the statutory deadlines.

8. Cookies and tracking technologies

The Website may use:

• Strictly necessary cookies for basic functionality/security.

• Statistical/functional/marketing cookies only if you choose/consent via the relevant mechanism (cookie banner/settings).

9. Data security

We implement appropriate technical and organisational security measures (indicatively: access controls, password policies, restriction of permissions, encryption where appropriate, backups, event logging, confidentiality agreements).

NOTICE: Despite the measures, no system is absolutely secure; therefore, you are advised to avoid sending sensitive data via plain e-mail, unless absolutely necessary.

10. Special categories of data

Please do not send us “special category” data (health, biometric, political/religious beliefs, etc.) via the Website. If received, we will handle them only to the extent necessary and lawful.

11. Minors’ data

The Website is not addressed to minors and we do not knowingly seek to collect data relating to minors. If you believe that we have been provided with a minor’s data, please contact us for deletion.

12. Whether provision of data is mandatory

The provision of certain data is necessary in order to respond to a request/communication, prepare a quotation/pre-contractual assessment, or perform a contract and comply with legal obligations. If such data are not provided, we may not be able to service the request.

13. Third-party links

The Website may contain links to third-party websites. We do not control their practices and we bear no responsibility for their privacy policies.

14. Changes to this Policy

The Company may amend this Policy. The updated version is posted on the Website with a new “Last updated” date.

15. Contact

E-mail: info@npgsolutions.gr
 Tel.: (+30) 6937477144 By post: 103 Polytechneiou Str., Dionysos, Attica