Privacy Policy

Last update: 04/10/2024

The protection of personal data and the privacy policy of Nostus

Greek version can be found here

The protection of personal data is of primary importance for the company under the name “NOSTUS I.K.E” and the distinctive title “NOSTUS,” which is based in Thessaloniki and holds VAT number 802596403 and General Commercial Registry registration number 1792772026000. The company’s purpose is midterm property rentals in Greece. The Nostus website is fully compliant with the European General Data Protection Regulation (GDPR) and Law 4624/2019.

Our main goal is to create a safe environment while providing high-efficiency services so that browsing our website inspires confidence in the user/visitor while also serving them to the maximum extent through a unique personalised experience. To achieve these desired outcomes and provide a high-level personalised experience to the visitor, it is necessary to collect and store certain personal data from users.

In the context of processing personal data, we must briefly inform the user/visitor about the personal data and information we collect, how we operate using their data, and provide useful and necessary information about procedures that the user/visitor may use if at any point in the future they do not wish us to collect or further process the information and data provided during their visit/use of our website and services. This Privacy Policy applies only to the personal data and information of users/visitors directly provided on this website by themselves.

The data provided by users during their visit/use of Nostus or from any other source and deemed necessary for the smooth operation of the website and Nostus services are retained and protected by the company. To protect the personal data of our website users, we use an advanced data protection system. The user data and information are protected against any procedure that does not respect the normal operation of the company, such as malicious behaviour, unauthorised access, theft, interference, loss, alteration, or destruction. As will be extensively detailed below, we only grant access to all data and information of the users/visitors of our website to our employees and direct partners, whose access is strictly necessary for the implementation of the company’s purposes. These terms are updated and modified as needed, always in accordance with applicable laws. In any case, the company’s actions are in compliance with and will always comply with Greek, European, and international law as applicable.

The term “personal data” refers to all personal information that leads to an individual’s identification, such as name, residential address, email address, contact details, username, financial information, tax information, or other information provided by the user. This may also include unique numerical identifiers such as the user’s computer IP address and cookies.

Collection & Processing of Personal Data

During the visit to Nostus, users are not initially required to provide data related to themselves. Lessors who visit our platform to list their property must register on the platform. For registration, lessors must create an account, specify a username, provide an email address, phone number, and set a password.

Lessee users can browse properties on the platform without providing any personal information. Once they find a property of interest, they must complete their registration to proceed with a booking, which includes creating an account, specifying a username, providing contact details, and setting a password.

The user’s access to the platform also results in indirect identification, as Nostus is informed of the unique identification number of the connected device, the user’s IP address, the browser used, the operating system of the user’s device, the exact date and time of each call to our servers, and other similar information. The aforementioned information cannot directly and fully identify the user/visitor but is necessary to monitor the smooth operation of our servers and systems, optimise our services, and ensure we can provide information to authorities in the event of cyberattacks, as we are obligated to do. Furthermore, this method of identifying the website visitor facilitates measuring platform traffic, identifying user preferences and needs, and optimising the overall service provision by Nostus.

Our company and the website https://nostus.com are committed to continuously taking all necessary measures to ensure maximum protection of users’ personal data during processing. However, users of the internet must be aware that risks cannot be entirely eliminated. Nostus, therefore, employs organisational and technical measures to ensure the protection of the user’s data and information from any form of unwanted or illegal processing.

The recording of user/visitor data regarding the aforementioned procedures requires the user’s consent to collect, use, and transfer their personal data, based on the terms of this Data Protection Policy, which is provided only after the user’s/visitor’s confirmation. This agreement is governed by the provisions of Regulation (EU) 2016/679 (General Data Protection Regulation) and the provisions of Greek law, as currently applicable or as they will apply in the future.

The personal data collected by Nostus concerning the visitors/customers of our website are: (a) Identification data, which may include name, date of birth, identity card or passport details, etc. If interacting with Nostus through social media, this may also include processing of the social media username, (b) Contact data, which may include billing address, bank account or IBAN, residential address, email address, and telephone numbers, VAT number, and (c) Visit data, which may include any special requests, suggestions, or the visitor’s purpose of travel, etc.

Use of Data

The data and information provided directly to Nostus by the user can be freely used by the company to improve our services and achieve our company’s objectives. The information collected may come from the data that the user/visitor/customer has entered during the registration process, from data provided when customers request services via phone or email, and from data provided by connecting to our website through a third-party provider (iOS and Android apps, Facebook, Instagram, Tik Tok, Google). The absolutely necessary information used to facilitate and promote communication between users and the company includes the user’s/visitor’s name, phone number, and email address. The company ensures data security and may grant access to third parties only with the user’s prior explicit consent, regarding the disclosure and processing of their personal data, always in accordance with the terms of this Privacy Policy.

Specifically, for completing a booking, Nostus will exceptionally share the lessee’s basic contact details (name, phone number, and email address) with the lessor for further communication. For sending newsletters to registered users on the platform, the company may send informative material via email to the registered users after their registration on the platform. If a registered user no longer wishes to receive newsletters, they must contact the company to express their refusal or unsubscribe. Moreover, beyond the aforementioned instances, in certain cases and always under the conditions imposed by law or judicial order, Nostus may process personal data without the user’s prior consent.

Finally, the data subject is not subject to any decision made solely on the basis of automated processing, including profiling, which produces legal effects concerning them or significantly affects them in a similar manner.

Technical Measures for the Security of Personal Data

All electronic devices owned by the company are protected with a password. Digital data is encrypted, coded, or protected with a password on a disk drive, and regular backups are created. All members of the staff have their own secure login credentials, and each computer regularly requests users to change their password. Computers are protected by firewalls, intrusion detection systems (IDS), and other technological tools to prevent unauthorised access. Emails containing sensitive or confidential information are protected with a password if there are insecure servers between the sender and the recipient. The security of computers, storage systems, and access to them is constantly monitored.

Internal compliance audits are conducted periodically to determine whether all compliance procedures with the Regulation are ensured, and if deficiencies are identified, they are immediately addressed. The techniques and policies for personal data protection are reviewed and updated regularly, as well as adjustments for legislative changes.

Data Retention Period

Personal data of users is retained for as long as needed to achieve the purposes of the company, including the satisfaction of any legal, accounting, or reporting requirements. The retention period depends on the purpose of processing (legal basis), the nature of the personal data, potential risks of harm from third parties and unauthorised persons, and whether there are other means to achieve the purpose. For example, in the case of processing personal data to fulfil a contract, the data is stored for as long as necessary for the contract’s execution and for establishing, exercising, or defending any legal claims that may arise from the contract. In the case of indefinite processing of personal data for statistical purposes, anonymization of the personal data will occur. Should any dispute arise with the individual or corporate client, the company will retain personal data until the end of litigation, even if it exceeds a twenty-year period.

The data and information provided by users/visitors of Nostus may be processed in the cases expressly provided by law, following Greek, European, and/or international law. Additionally, it is possible to use users’ information and personal data if any criminal act is committed against the interests of the company or third parties, to protect both the interests of the company and those of our users/visitors. This Privacy Policy remains effective across all media used by the company (website, mobile application, etc.) and particularly through browsing Nostus.

In case of referral/redirection of users from Nostus to third-party websites through links provided/promoted by Nostus (e.g., links, hyperlinks, banners), the company is not responsible. After referral/redirection, the Personal Data is subject to the availability of third parties, following their own personal data protection policies.

Rights of the Personal Data Subject

Nostus provides users/visitors/customers the option to modify, supplement, restrict, update, object, transfer, and delete freely the data they have provided after contacting Nostus. To initiate this process, the user must first communicate with our company, which will start the modification process for the user’s data processing at the email address [email protected].

The personal data provided by users/visitors are retained only for a specific period required to fulfil the purpose for which they were collected and processed, as mentioned above. If the user/visitor chooses or requests the removal and deletion of their account from this website, the personal data collected and related to this account will be deleted within a reasonable time and, in any case, within three (3) months, unless there is a legal reason for further retention in our system. In that case, data deletion will be reconsidered. Bank account details that may be requested during the booking process are managed by the banking service provider and Nostus for the transactions necessary between Nostus and the property lessors. Data collected via cookies are retained for 12 months from the time consent is given when the user enters the website or uses our services generally, without a specific order or notice being issued, and then deleted.

The data subject has the right to be informed about how their personal data is used, and to manage the processing of their data. Specifically, the data subject has the right to access their personal data held on the website, object to how their personal data is processed, correct, update, and supplement their personal data if it is inaccurately recorded. They also have the right to request the deletion of their personal data, although some of it may be retained by the company for legal, tax, or commercial reasons. The data subject may unsubscribe at any time, refuse to receive direct marketing communications or newsletters, and may also revoke consent for data processing at any time. Processing that took place before consent withdrawal remains lawful.

The data subject also has the right to lodge a complaint with the Supervisory Authority or the Personal Data Protection Authority. Lastly, the data subject has the right to data portability, allowing for copying or transferring their data from the company’s database to another. This concerns personal data provided by the data subject for processing with consent.

For any information regarding personal data, the website user can contact us directly at [email protected]. If the user does not wish to receive newsletters, they must either contact the company directly or unsubscribe via the electronic newsletter. The rights of the personal data subject may be restricted if such a restriction is provided by law. The company is committed to responding to any request within 30 days from when it receives notice of it.

For any dispute that may arise, the courts of Thessaloniki are competent, and the governing law is Greek law.

Right to File a Complaint

If a data subject believes their rights are being violated, they can contact the Personal Data Protection Authority to file a complaint. The Authority is based at Kifisias Avenue 1-3, Athens, P.C. 11523, phone: 2106475600, and email: [email protected].

Cookies

Nostus may collect identification information from its website users by using corresponding technologies, such as cookies and monitoring Internet Protocol (IP) addresses.

Cookies are small text files stored on each User’s hard drive that do not collect any document or file from the user’s computer. They are used to facilitate user access regarding the use of specific services/pages of the website for statistical purposes and to determine which areas are useful or popular. The information stored in cookies will then be transferred to Nostus. Each cookie is unique for each user’s browser and contains certain anonymous information. The company uses cookies to improve visitors’ experience of using its website. Users can disable cookies at any time, but their browsing experience may be affected.

Use of Cookies by the Platform

Cookies are an important part of how Nostus operates. The main goal of cookies is to make the User’s browsing experience more comfortable and efficient. For example, cookies are used to track user preferences (language, country, etc.) during browsing and for any future visits. They may also be used to improve service provision on the platform and website, through personalised advertisements based on each User’s browsing habits or characteristics. The information collected in cookies also allows us to improve the website by assessing statistical data and usage patterns (number of visits, most visited sections, visit duration, etc.). Occasionally, cookies may be used to promote advertisements based on the analysis of user browsing habits and characteristics (properties visited, sections viewed, etc.). Sensitive information, such as passwords, credit or debit card details, is never stored in cookies.

Cookies are used to properly display advertising content relevant to the User, as well as for services that best match the User’s preferences and needs. Cookies are never used to store data identifying the user/visitor/authenticating identity, and in no case can they harm the platform’s operating system.

Furthermore, cookies do not in any way affect the user’s stored files, and access to the reading, modification, or deletion of stored information belongs exclusively to the website from which they were transferred. However, users/visitors have the ability to delete existing cookies via their browser settings (e.g., Chrome, Firefox, Safari, Edge, etc.). Therefore, cookies are temporarily stored on the User’s computer and transmitted to our server only when the User visits our website.

This Cookie Usage Policy forms an integral part and is directly linked to the current Privacy Policy as well as the Terms and Conditions of Use of Nostus. The company reserves the right to freely modify the Cookie Usage Policy without prior notice to the user/visitor. Any changes applied to the current Policy are considered valid from the moment of their publication on this website. It is highly recommended that all users/visitors/customers regularly check and carefully read the Cookie Usage Policy to stay informed about any modifications/revisions. Therefore, any user/visitor/customer entering and browsing the company’s website is presumed to agree and consent to the website’s Cookie Policy, including any future updates.

Nostus collaborates with other websites to provide our users/visitors/customers with the highest possible quality across all service areas. Hence, there is always the possibility that, when you use/visit the company’s website, different websites will store cookies on your computer/tablet/mobile device (e.g., youtube.com, facebook.com, twitter.com, google.com). Our company does not manage cookies stored by third parties or other companies with whom we collaborate and that are presented through our website, as these third parties and companies own and manage their own cookies, independent of the operation of their services on Nostus.

Types of Cookies That May Be Used by Nostus

Functionality and Navigation Cookies

These cookies are essential for the proper functioning of the platform. They allow the User to navigate the website and use its features. They are also used to collect aggregate statistical information.

Performance Cookies

These cookies are used to measure performance and improve functionality by anonymously logging usage data for the website, determining which parts of the website are most interesting to Users, and configuring the website according to User preferences. These cookies remain on the User’s computer during a single session (session cookies) or for an extended period (persistent cookies).

Google Analytics and Microsoft Clarity Cookies

These are performance/analysis cookies that allow Nostus to collect anonymous information regarding the use of the website by users. Specifically, these cookies allow Nostus to learn about the frequency of visits to the website and how visitors navigate through various areas of it. The collected information is anonymous and does not contain personal data. Information collected by Google Analytics and Microsoft Clarity cookies regarding our website is transferred to and stored on Google and Microsoft servers, respectively, in accordance with the privacy policies of both Google and Microsoft.

Social Media Cookies

Social media cookies allow users to connect to their social networks (e.g., Facebook, Twitter, YouTube, Instagram) and share content and material from the website. Advertising cookies (from third parties) collect information that contributes to better personalizing advertisements. These cookies remain on the User’s computer during a session (session cookies) or for an extended period (persistent cookies). Users should be aware that these social networks may place cookies on their device if they choose to share material from Nostus.

Use of Specialized Programs and Transfer of Data to Third Parties

The company uses the following programs to achieve its objectives and improve its services to users. Personal data collected from users, as described above, may be shared with or processed using these programs/parties:

a) Hostinger: The website hosting provider (server), 

b) Slack: Internal communication between the company’s partners and employees,

c) Freshdesk: Customer support services through a helpdesk,

d) Notion: Management of internal documents,

e) Modulus: VoIP provider for customer service phone calls,

f) Stripe: Financial institution for card payment processing,

g) Google Workspace: Used for communication and data storage,

h) Elorus: Program used directly by the company for managing invoices and receipts.

Additionally, our company collaborates with the accounting office under the name “Τσιομίδου Φαίδρα Μαρία” for fulfilling the company’s tax obligations.

These programs may change, be modified, or replaced as necessary to fulfil the company’s objectives. Therefore, users should frequently visit this privacy policy for timely updates.

Users can be informed in detail about our cookie policy at https://nostus.com/cookie-policy-eu.

Advertising and Promotional Content on the Website

This website may include and display data, such as advertisements or other content, for the purpose of promoting, advertising, and displaying material to the user. The company is not responsible for the exact content of the material displayed to users, nor for cases in which someone may feel aggrieved by any illegal act or omission, inaccuracy, or failure to comply with the laws and regulations of any country or the European Union in relation to the content of advertisements.

The company monitors the content of the advertisements displayed on this website and takes all possible measures to maintain the content displayed, considering equality and respect for human rights. Under no circumstances is the company liable for user actions that have resulted or may be considered to have resulted from the advertising material displayed on this website. The company is not obligated to continuously monitor and assess the legality of the advertising material appearing on its website (except for obvious cases where the rights of others are violated or situations where someone could be objectively offended). The company cannot be held liable in any way. Any liability arising from the aforementioned material, related to the advertising content displayed on the website, rests with the advertisers, sponsors, or creators of such advertising material, who are also responsible to the user/consumer for their products and services, as well as for the necessary guarantees, licences, registrations with authorities, and labelling of their products/services.

Data Protection Officer

The Data Protection Officer is designated as Mr. Georgios Karabasoglou, an attorney based in Thessaloniki (AM 11141), residing at 28 Katouni Street, Thessaloniki, with contact numbers 2310523800 and 6937029123, and email: [email protected].

Search

January 2025

  • M
  • T
  • W
  • T
  • F
  • S
  • S
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31

February 2025

  • M
  • T
  • W
  • T
  • F
  • S
  • S
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28

Compare listings

Compare

Compare experiences

Compare