Policy for Protection of Personal Data

General

Domus NovaLux International Realty is committed in respecting your personal data and declares that is fully compliant with the provisions of the applicable Greek and Community legislation on the protection of personal data, including the General Data Protection Regulation 2016/679/EU General Data Protection Regulation (hereinafter “GDPR”).
Domus NovaLux International Realty having taken the appropriate technical and organizational security measures processes your personal data upon your explicit consent and only to the extent necessary for the purposes of its legitimate interests and for the fulfilment of your preferences and needs. Please be advised that you can exercise your rights (Article 7 par.3 and Articles 12 to 23 of the GDPR) by sending an email to ppcontroller@domusnovalux.com
Domus NovaLux International Realty operates in compliance with Estate Agency Law 4072/2012 and Law 4734/2020 (Government Gazette A’ 196/08.10.2020) titled “Amendment of Law 4557/2018 (A’ 139) for the prevention of the use of the financial system for the purposes of money laundering or terrorism financing – Transposition of Directive (EU) 2018/843 (L 156) and art. 3 of Directive (EU) 2019/2177 (L 334) and further provisions” enhances the legal framework for the prevention and combating against the phenomenon of the use of the financial system for the purposes of money laundering or terrorist financing, by expanding the cooperation and exchange of information ability between the competent authorities, as well as the access to registries and other available information.
In certain circumstances we will perform a prospective client due diligence in the form of an ID validation or we will require Proof of funds certified by a Class A International bank.

Responsible Entity

The company under the name “Domus NovaLux International Realty” and the distinctive title “Domus NovaLux”, as the Data Controller (Controller) for the data processing regulated in this Privacy Policy is “Domus NovaLux International Realty” (hereinafter “the company” “we” or “us“).
The responsible entity (Controller) recognizes and places paramount importance on its obligation to comply with the current regulatory and legislative framework regarding the protection of natural persons with regard to the processing of their personal data.

Our contact details are:

DOMUS NOVALUX
Vas. Irakliou 24
106 82 Athens – Greece
E-mail: info@domusnovalux.com

Data Protection Officer:

Vasiliki Kefalopoulou

E-mail: ppcontroller@domusnovalux.com

Privacy Policy – Data We Collect

We process your personal data based on legitimate interests and/or your consent.

Information You Provide

This includes personal information such as your name, email address, home address, and other details necessary to provide our services or enhance your experience with us. Where processing is required for entering into or fulfilling a contract, we use your personal data for the following purposes:

To identify you as a user or customer;
To provide services, communicate with you, or send you information and offers;
To comply with legal obligations or exercise rights granted under applicable law;
To anonymize personal data for analytical, statistical, or operational purposes.

Information automatically collected about you

We may automatically collect certain information when you use our services or visit our websites, typically through cookies and similar tracking tools. This may include, for example, your IP address, the device you use to access our services, its operating system, browser type, and applications connected to the services. Such information is used to improve and personalise your experience with us.

Your activities may also be logged when you interact with our services, such as:

Visiting our websites or other online presence;
Submitting a search request, entering into a marketing agreement, requesting a property exposé, or commissioning a property valuation;
Engaging in property searches through a licensed partner or referral.

Publicly Available Information

We may collect information about you that is publicly accessible.

With your consent, we process such personal data for the following purposes:

To send newsletters, updates, and offers in response to your inquiries, either from us or our partners;
For any other purposes for which you have explicitly provided your consent.

Data Protection Principles

We commit to complying with the following data protection principles:

Personal data shall be processed lawfully, fairly, and in a transparent manner in relation to the data subject, in accordance with Regulation (EU) 2016/679 (the “GDPR”).
Personal data shall be collected for specified, explicit, and legitimate purposes and shall not be further processed in a manner that is incompatible with those purposes, in accordance with Article 5(1)(b) GDPR.
Personal data shall be adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed (data minimisation), in accordance with Article 5(1)(c) GDPR.
Personal data shall be accurate and, where necessary, kept up to date; every reasonable step shall be taken to ensure that inaccurate personal data is erased or rectified without delay (accuracy), in accordance with Article 5(1)(d) GDPR.
Personal data shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed (storage limitation), in accordance with Article 5(1)(e) GDPR.
Personal data shall be processed in a manner that ensures appropriate security, including protection against unauthorised or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organisational measures (integrity and confidentiality), in accordance with Article 5(1)(f) GDPR.
In accordance with the accountability principle set out in Article 5(2) GDPR, we are responsible for, and shall be able to demonstrate, compliance with the principles relating to the processing of personal data set out above.
Information regarding the processing of personal data shall be provided to data subjects upon request, in accordance with the GDPR and applicable data protection laws.

How We Secure Your Data

Taking into account the state of the art, the costs of implementation, and the nature, scope, context, and purposes of processing, as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, we implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk. In accordance with Article 32(1) GDPR, these measures include, as appropriate, the use of secure communication and transmission protocols (such as HTTPS), pseudonymisation and anonymisation of personal data, and processes designed to ensure the ongoing confidentiality, integrity, availability, and resilience of processing systems and services. We also regularly monitor our systems for possible vulnerabilities and attacks. Despite the measures implemented, no system of transmission or storage of data can be guaranteed to be completely secure.
In the event of a personal data breach, we shall notify the competent supervisory authority without undue delay and, where feasible, not later than 72 hours after having become aware of it, unless the breach is unlikely to result in a risk to the rights and freedoms of natural persons.
Where a personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, we shall communicate the personal data breach to the affected data subjects without undue delay, in accordance with Articles 33(1), and 34(1) GDPR and applicable data protection laws.

Potential Recipients of your Data

Personal data that the Company is required or permitted to disclose pursuant to applicable laws or regulations, a court order, or in the context of the lawful performance of its transactional and contractual relationship with you, may be disclosed to third parties. Such third parties may include natural or legal persons, public authorities, services, or other entities, such as:

Any prospective or interested buyers or sellers, as applicable.
Service providers engaged by the Company, including affiliated entities and third-party providers, who perform services involving the processing of personal data, such as providers of storage, archiving, data and file management, IT and systems support, and other information systems or network services, as well as providers of services related to the relevant properties, including experts, engineers, property management consultants, and similar professionals, or providers of audit, accounting, and tax services (such as certified public auditors and accountants).
Third parties, whether natural or legal persons, acting on behalf of and in accordance with the instructions of the Company.
Partner or collaborating financial institutions.

Provisions for any Transfer of your Data to Third Countries (Cross-Border Data Transfer)

We are able to reach out to potential purchasers overseas through our international advertising and partnerships.
In the course of its business activities, and in compliance with applicable laws and regulations, the Company may transfer personal data to, or receive personal data from, its affiliated or related companies, and may interconnect certain files where necessary for operational purposes. All international transfers of personal data are carried out in accordance with Chapter V of Regulation (EU) 2016/679 (Articles 44–49 GDPR) and the relevant guidance issued by the European Data Protection Board (EDPB).
Where personal data is transferred to recipients established outside the European Economic Area (EEA), the Company ensures that such transfers are subject to an appropriate transfer mechanism in accordance with Article 44 GDPR, and that the level of protection guaranteed by the GDPR is not undermined.
Transfers to third countries that have been recognised by the European Commission as ensuring an adequate level of protection shall take place in accordance with Article 45 GDPR.
Where transfers are made to third countries that do not benefit from an adequacy decision, the Company shall rely on appropriate safeguards pursuant to Article 46 GDPR, such as standard contractual clauses or binding corporate rules. In such cases, and in line with EDPB guidance, the Company shall assess, on a case-by-case basis, whether the laws and practices of the third country may affect the effectiveness of the safeguards and shall implement supplementary technical, organisational, or contractual measures where necessary to ensure an essentially equivalent level of protection.
In the absence of an adequacy decision or appropriate safeguards, personal data shall be transferred only where one of the derogations set out in Article 49 GDPR applies, including, where applicable, the explicit consent of the data subject, and only where such transfers are occasional and strictly necessary.
The Company shall ensure transparency with respect to international data transfers and shall provide data subjects with information regarding the applicable transfer mechanisms and safeguards upon request, in accordance with the GDPR and relevant EDPB guidance.

Data Subject’s rights

Under the GDPR, you have the following rights regarding your personal data:

Access & Information: You can request information about your personal data and obtain a copy of it.
Rectification & Erasure: You can request correction of inaccurate or incomplete data, or request deletion where allowed.
Restriction & Objection: You can ask to limit processing or object to processing based on legitimate interests or direct marketing.
Data Portability: You can receive your personal data in a structured, machine-readable format and transfer it to another controller.
Consent Withdrawal: You can withdraw any consent at any time (e.g., unsubscribe from newsletters).
Supervisory Authority & Remedies: You have the right to lodge a complaint with a data protection authority and seek judicial remedies if your rights are violated.

To exercise any of these rights, contact us at ppcontroller@domusnovalux.com

Personal Data Retention Period

In accordance with Article 5(1)(e) GDPR (storage limitation), the Company retains personal data only for as long as necessary to fulfill the purposes for which it was collected, including compliance with legal, regulatory, or contractual obligations. Once personal data is no longer required, it will be securely deleted, anonymized, or otherwise rendered irreversibly inaccessible.

The following table provides typical retention periods for different categories of personal data:

Category of Data	Purpose	Retention Period
Contact information (name, email, phone)	Customer support, account management	5 years after last interaction or account closure
Transactional / contractual data	Fulfilling contracts, accounting, legal obligations	7–10 years (depending on local statutory requirements)
Marketing and newsletter subscriptions	Sending newsletters or promotional communications	Until consent is withdrawn
Website analytics and cookies	Website performance and improvements	Up to 2 years (or as specified in cookie consent)
Job application / recruitment data	Recruitment process	12 months after the end of the recruitment process
Audit, accounting, and tax records	Compliance with legal and regulatory obligations	7–10 years (depending on local statutory requirements)

To this end, a specific procedure has been established, which is applied after confirming that retention is no longer required for compliance with legal and regulatory obligations or for the protection of the Company’s interests, and is based on the guidelines issued by the Hellenic Data Protection Authority.

We reserve the right to disclose information about you if we are required to do so by law enforcement bodies or other lawful authorities. Legal basis: Art. 6 I sentence 1 lit. c GDPR (legal obligation).

If you have any questions regarding how long your personal data is retained, or wish to request erasure in accordance with your rights under Articles 16–17 GDPR, please contact us at ppcontroller@domusnovalux.com.

COOKIES POLICY

Cookies and other technologies

We use cookies and similar technologies to understand user behavior, manage and improve our website, track user activity, and collect information to personalise and enhance your experience.

What is a cookie?

A cookie is a small text file stored on your device. Cookies store information that helps websites function correctly. Only we can access the cookies set by our website. You can manage or delete cookies directly through your browser settings.

Necessary Cookies

These cookies are essential for the operation of certain website features, such as submitting inquiries or using the search function. They do not collect personal information.

Functionality Cookies

These cookies enable enhanced functionality and personalization, such as remembering your name and email in forms, so you don’t need to re-enter the information each time.

Analytics Cookies

Analytics cookies help us measure the performance and usage of our website and services. We use Google Analytics to monitor website traffic. Google’s own privacy policy applies, which you can review here. To opt out of Google Analytics tracking, please visit the Google Analytics opt-out page.

Managing Cookies

Disabling cookies may limit your ability to use certain website features. You can remove cookies stored on your device via your browser settings. For more information about cookies, visit allaboutcookies.org.

Privacy Notice for Website Use

When you visit our websites (company.com, company.gr, and their subdomains or landing pages**), we only collect personal data that you voluntarily provide. This data is used to deliver our online services, improve our website user experience, and for statistical purposes.

Our websites may contain links to third-party websites. Please note that we are not responsible for the privacy practices or data protection measures of these external sites.

You can learn more about how we handle your personal data, your rights, and how to manage cookies by reviewing our Privacy Policy.

Modification of the Personal Data Protection Statement

The Company may update, supplement, or amend this Personal Data Protection Statement at any time, in accordance with applicable laws and regulations and its operational requirements.
Any updated version of this Statement will be published immediately on the Company’s website, including the date of the most recent amendment or update.

Last Updated: 30-01-2026

Privacy Policy