Privacy Policy

Privacy Policy of Legends DMC

Legends DMC (“us”, “we”, or “our”) operates the application Legends DMC (the “Service”). This Privacy Policy describes how we collect and process the personal information you provide on our site and/or app and informs you of your rights, in accordance to the national legislation and the nr. 2016/679 EU General Data Protection Regulation, also known as GDPR. It also describes the choices available to you regarding our use of your personal information and how you can access and update this information.

It is intended for natural persons who are existing or potential collaborators of Legends DMC, or for natural persons who had a business or employment relationship with Legends DMC in the past, and more generally for any natural person who willingly sends out data or comes into contact with Legends DMC through any available means.  

On 25 May 2018, the General Regulation for the Protection of Personal Data 2016/679 (hereinafter “the General Regulation”) entered into force. Legends DMC, as the Data Controller, informs its customers that Legends DMC and/ or third parties, by order and on its behalf (Data Processors), will process personal data concerning them, in the context of their transactional relationship for its products or services.

We respect privacy and ensure the protection of your personal data, by using high standards and security procedures. By using the Service, you agree to the collection and use of information in accordance with this policy.

  1. Personal Data

We collect and process:

Personal data which you have provided to us by using the Service or voluntarily enter in digital form and particularly:

  • Identification data: name, surname
  • Contact details: e-mail address, mobile or other telephone number, social media (Instagram, twitter)
  • Data related to the health of you and / or the dependent members of your family: allergies etc

It is mentioned that you are obliged to inform us in time for any change of the above data.

The user of our Service must be over eighteen (18) years old, therefore we do not collect personal data for individuals under this age.

  1. Legal bases for the processing of personal data

Unless otherwise specified in the collection of personal data, the legal basis for their processing is one of the following:

  • your consent to the processing of personal data (Article 6 (1) (a) of the General Regulation), as may be provided / requested in each case.

We collect and process your personal data with your consent and provided that you have previously been informed by this policy about the type of data, the purpose, the extent of processing and its recipients. Your consent may be revoked at any time. However, any processing of personal data that has taken place prior to receiving your revocation shall not be affected.

  • processing is necessary for the performance of our contractual relationship [Article 6 (1) (b) of the General Regulation].

We process your personal data in order to carry out business transactions and to offer and maintain our Service. The purpose of the processing of personal data depends on the requirements for each service.

  • This processing is necessary to comply with the company’s legal obligation (tax, insurance, accounting requirements etc.) [Article 6 (1)].

We may process your personal data to comply with our binding legal obligations, including, for example, accounting and tax requirements, which are implemented in accordance with our internal policies and procedures.

  • The above processing is necessary to comply with the company’s legal obligations (tax, insurance, accounting requirements by law, etc.) [Article 6 (1)]

We process personal data in order to secure the legitimate interests pursued by us or by third parties. Legitimate interest exists when we have a business or commercial reason for which we are using your information (i.e. measures and procedures which we undertake to ensure the security of the Service, the prevention of potential criminal acts, the security of our assets, the access control authorization and the measures against violations).

  1. Processing Purposes

We collect and process personal data for the following purposes:

  • Processing and managing requests for products and services for our optimal response to your needs
  • Providing the ability of digital payment and digital management of your account
  • Compliance with the obligations under the law (tax, insurance, accounting, etc.)
  • Establishment, exercise or support of all kinds of legal claims, directly or through its external legal partners
  • Fulfillment of a duty performed in the public interest
  1. In which ways do we share your data?

Access to your personal data may have our employees. We do not transmit or disclose your personal data to third parties, except from within the framework of fulfillment of our obligations, to provide the Service on our behalf, to perform Service-related services or to assist us in analyzing how our Service is used. We must emphasize that we may disclose data for any of the reasons mentioned above, or in case we are legally obligated to do so, or if you have given your consent. All parties contracted by us to process personal data on our behalf, are contractually bound to comply with the provisions of the GDPR.

Therefore, parties receiving personal data may be, for example:

  • Supervisory and other regulatory and public authorities, to the extent that a relevant legal obligation exists.
  • External legal counselors
  • Financial and business or other consultants
  • Auditors and accountants
  • Travel agencies
  • Hotels and villas owners
  • Yacht owners
  • Chefs
  • Masseuses
  • Security personnel
  • Credit and financial institutions, legally licensed Payment Institutions and Digital Money Institutions and Payment Service Providers (eg. Stripe). We do not hold any data, nor we are involved in any way with the payment process. The payment process is done securely by Stripe.

We may transfer some of the personal data to processors in third countries outside the European Union. In this case, we will provide the appropriate guarantees and all safeguards for the processing of personal data outside the European Union, and will provide full information to the Personal Data Protection Authority, if required, in full compliance with the relevant provisions of the Regulation and the current legislation in general.

  1. Links to other sites

Our Service may contain links to other sites that are not operated by us. If you click on a third party link, you will be directed to that third party’s site. We strongly advise you to review the Privacy Policy of every site you visit.

We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.

  1. For how long do we keep your personal data?

We shall maintain your personal data for as long as we have a business or other relationship with you [personally or in association with our transactions with a legal person, which you are authorized to represent].

After our business relationship with you is over, we may maintain your data for up to two (2) years. We may maintain your data for more than two (2) years if we cannot delete them for legal or regulatory reasons.

  1. How do we ensure the protection of your data?

We use technical, physical and organizational security measures to ensure the integrity and confidentiality of personal data. Implements security technologies to protect them from unauthorized access, improper use, conversion, illegal or accidental destruction, accidental loss and continues to strengthen its security procedures, including, inter alia:

  • Measures to ensure the confidentiality, integrity, availability and reliability of processing systems and services on an ongoing basis.
  • Measures to pseudonymize and encrypt personal data.
  • Measures to ensure that availability and access to personal data can be restored in due time in the event of a natural or technical event.
  • Procedures for regular testing, assessment and evaluation of the effectiveness of technical and organizational measures to ensure the safety of processing.
  • Measures for the identification and authorization of users.
  • Data protection measures during transmission.
  • Measures to protect data during storage.
  • Measures to ensure the physical security of establishments where personal data are processed.
  • Measures to ensure the recording of security incidents.
  • Measures to ensure data minimization.
  • Measures to ensure data quality.
  • Measures to ensure limited data retention.
  1. How we ensure that Data Processors respect your data?

We ensure that the Data Processors fulfill the conditions and provide enough assurances for the implementation of the appropriate technical and organizational measures, so that the processing of your personal data ensures the protection of your rights.

In particular, the Data Processors provide their members with access to the personal data processed only to the extent that is absolutely necessary for the execution, management and monitoring of the Service. They ensure that access to the data is strictly limited to a number of authorized people that are absolutely necessary for the purposes and execution of the Service. Furthermore, they ensure that people who are authorized to process the received personal data have undertaken a commitment of confidentiality or they are subjected to an appropriate regulatory obligation of confidentiality and particularly:

– provide adequate guarantees in terms of technical knowledge and personal integrity to maintain confidentiality,

– perform under the direct supervision of the Controller and observe the appropriate protection measures,

– have been informed and committed in advance to the confidentiality of the data,

– have been informed and follow the instructions of the Controller regarding the processing of the data and will be informed of any new instructions that the Controller will address to the Data Processor,

– have been informed of and comply with the applicable laws and regulations related to data protection,

– have been informed that any breach of their obligations may give rise to personal liability (civil and criminal).

  1. What are your rights?

Let us inform you that, according to the current legislation, you have and can exercise the following rights:

  • The right to information and access to data: you may have more and clearer information that we process your personal data in a legitimate manner.
  • The right of correction: you can correct inaccurate data as well as fill in incomplete data concerning you.
  • The right to restrict processing: you may request that we limit the processing of your personal data.
  • The right to object to the processing: you may refuse and object to any further processing of your personal data.
  • The right to be forgotten: you can request the deletion of your data, provided that it is not kept for a specific legal and declared purpose.
  • The right to data portability: you can ask us a copy of your personal data, in a structured, commonly used and machine-readable format, so that you can transmit such data to another Controller, or you can ask us to transmit them for you, under certain conditions.

The exercise of one of the above rights takes place by submitting a relevant document of your request to the email address , to which we undertake to respond within one (1) month of its receipt. It is mentioned that this deadline can be extended for two (2) additional months taking into account the complexity of your request, as well as the number of requests in general.

Additionally, we undertake the obligation to inform you, without undue delay, and in any case within 72 hours, of any violation of your personal data, which may endanger your rights and fundamental freedoms and provided that this violation does not fall under one of the exceptions expressly provided by law. In case you feel that the protection of your personal data is being violated, you have the right to appeal to the Hellenic Personal Data Protection Authority (hereinafter APDPX), which is located at 1-3 Kifissias Street, in Athens, PC. 11523, tel. 2106475600 and by e-mail address: .

We fully cooperate with the Personal Data Protection Authority on all issues related to personal data, in order to ensure the highest possible level of protection and to assist in cases of violations or unauthorized data processing.

  1. Who can you contact for any questions / issues?

In case of clarifications or information regarding the collection and processing of your personal data by us, you may send us an electronic message at

We reserve the right to make changes to the present policy and the general framework for the processing of personal data, in accordance with any changes in applicable law and the applicable regulatory framework. For this reason, you are invited at regular intervals to visit this page for your own information.