Privacy policy

ELION (the brand) is operated by the Greek legal entity that publishes this site. References to "we", "us" and "our" mean that company. We are the data controller for personal data collected through elion.gr.

Contact: hello@elion.gr.

We collect only what we need to take and fulfil your order, support your account, and meet our legal obligations.

• Account data: email address, optional name, addresses you save.
• Order data: items you bought, prices paid, shipping and billing addresses, order status, communications about the order.
• Authentication data: a single-use magic-link token we email to you, plus a session cookie after you sign in.
• Reviews: any review you write — rating, title, body — and the verified-purchase link to the order it relates to.
• Diagnostics: minimal server logs (IP address, user agent, request path) used for security monitoring; rotated within 30 days.
• Analytics (only with your consent): anonymous traffic measurement via Google Analytics 4 — see the cookies policy.

Each piece of data has a single purpose: contracting with you (orders), keeping the contract performable (account access, shipping updates), meeting our legal obligations (tax, accounting, consumer law), or — only with your permission — improving the site (analytics).

• Contract performance (Article 6(1)(b) GDPR) — order, delivery, account, communications about your order.
• Legal obligation (Article 6(1)(c)) — tax retention, consumer-law records.
• Legitimate interests (Article 6(1)(f)) — fraud prevention, security logs, defending the site against abuse. We have weighed our interests against your rights and consider the processing proportionate.
• Consent (Article 6(1)(a)) — analytics cookies, marketing communications. Consent is freely given and withdrawable at any time.

We don't sell personal data. We share it only with processors strictly necessary to operate the service:

• Payment providers (Stripe, Viva, PayPal) — for the payment you make to us.
• Shipping carriers (ELTA, ACS, Speedex, etc.) — for the delivery you've ordered.
• Email provider (Postmark) — for transactional and any opted-in emails.
• Analytics (Google) — only if you grant analytics consent.
• Hosting infrastructure — under EU contractual safeguards.

We use written processor agreements with each. We do not transfer your data for any purpose outside these.

Where a processor (notably Google for analytics) is based outside the EU/EEA, we rely on the EU Commission's Standard Contractual Clauses or an adequacy decision. We do not knowingly transfer data outside the EU/EEA without one of those bases.

• Order records: 10 years (Greek tax law).
• Account data: until you delete your account, then deleted within 30 days unless retained for an active legal obligation (e.g. unfulfilled order).
• Magic-link tokens: 15 minutes from issuance, deleted on use.
• Reviews: indefinitely once approved (anonymised on account deletion).
• Server diagnostic logs: 30 days.
• Analytics: as long as the GA4 cookie lives in your browser (up to 2 years), or until you withdraw consent.

Under GDPR you have the right to access, rectify, erase, port, restrict and object to the processing of your personal data, and to withdraw consent at any time.

You can also exercise the right to access and the right to erasure directly from your account at /account/privacy/.

We aim to action requests within 30 days. To exercise any of these, email hello@elion.gr from the address associated with your account.

If you believe we have mishandled your data you can complain to the Hellenic Data Protection Authority (https://www.dpa.gr).

The ELION newsletter is a separate consent record from cookie consent. Subscribing to the newsletter does not affect your cookie choices, and accepting cookies does not subscribe you to the newsletter.

We use double opt-in: after you enter your email in the footer, we send a confirmation link. We only add you to the newsletter list once you click the link. Confirmation links expire after 7 days; if yours expires, simply subscribe again from the footer.

Every newsletter we send includes a one-click unsubscribe link (RFC 8058), and your email client may also display its own ‘Unsubscribe’ button using the same mechanism. You can also unsubscribe at any time by writing to hello@elion.gr.

Cookies and similar storage are documented in detail in our cookie policy.

Our site is not intended for children under 16. We do not knowingly collect data from minors. If you believe we have, contact us and we will delete it.

We update this policy when our processing changes. The "last updated" date at the top reflects the most recent change. Material changes are notified via your account or email where you have one.

Privacy questions: hello@elion.gr.