Last updated: March 2026
ELFA S.A. (hereinafter “Company”, “we”, “us”) with registered seat in 40 Alkminis Street, 11853, Kato Petralona, Athens, Greece, Tax ID No. 094191647, is committed to protecting your personal data.
This Privacy Policy describes how we collect, use and safeguard your personal data when you visit our website www.elfa.gr or when we process your data for sending newsletters.
1. Data Controller
Controller: ELFA Α.Ε. (S.A.)
40 Alkminis Street, 11853, Kato Petralona, Athens, Greece
Tax ID: 094191647
Email:
2. Data we collect and purposes
a) Automatically collected (technical data)
- IP address
- Browser type/version
- Operating system
- Pages visited, time & duration of visit
- Referrer
Purpose: proper functioning of the website, network security, prevention of malicious actions (legitimate interest – Art. 6(1)(f) GDPR).
b) Data you provide via the Contact Form
Name, Surname, Email, Phone (if filled), Message
Purpose: replying to your request / inquiry (consent – Art. 6(1)(a) or pre-contractual measures – Art. 6(1)(b) GDPR).
c) Data for newsletters (email marketing)
Email address, Name/Surname (if available), customer details from our existing lists.
These data are not collected via the website, but originate from:
- Existing customers (from contracts/orders)
- Business contacts from our sales team
Purpose: sending informational/promotional emails about products, services, offers (legitimate interest – Art. 6(1)(f) GDPR, or consent where required).
We use the Mailchimp platform (Intuit Mailchimp) to send and manage newsletters. Mailchimp processes the data as our processor.
3. Cookies & similar technologies
We use only strictly necessary cookies required for the basic operation of the site.
We load Google Fonts from Google servers (USA). Google may receive your IP address and basic browsing metadata. This transfer is based on legitimate interest and EU Standard Contractual Clauses with Google.
We do NOT use:
- Google Analytics
- Meta/Facebook Pixel
- Marketing / advertising cookies
- Any third-party tracking tools
4. Recipients – Transfer outside EU/EEA
Your data is not sold or shared with third parties for commercial purposes.
Possible recipients:
- Hosting provider (server located in Germany – within EU)
- Google LLC (only for Fonts – USA, with SCCs)
- Mailchimp (Intuit Mailchimp, USA) for newsletter sending. Transfer is based on Mailchimp’s certification under the EU-US Data Privacy Framework (DPF) and, as fallback, Standard Contractual Clauses (SCCs) incorporated in Mailchimp’s Data Processing Addendum.
- Lawyers / accountants / public authorities when legally required
5. Retention period
- Server logs → up to 6–12 months (or as long as necessary for security purposes)
- Contact form data → kept for 12 months after last communication (or until you withdraw consent)
- Newsletter data → kept until you withdraw consent (if consent-based) or until legitimate interest ceases (e.g. removal from customer list), or at least as required by record-keeping obligations.
6. Your rights (GDPR)
You have the right to access, rectification, erasure, restriction, objection, data portability.
To exercise your rights →
You also have the right to lodge a complaint with the Hellenic Data Protection Authority (www.dpa.gr).
7. Security
We implement appropriate technical and organizational measures to protect your data.
8. Updates
This policy may be amended from time to time. The current version is always posted on the website
