Privacy
policy

The data controller for this website is Datatrek, VAT (ΑΦΜ): 140001020, registered at the Science & Technology Park of Crete, Heraklion, 70013, Greece. You can reach us at soc@datatrek.io.

This notice applies exclusively to the datatrek.io marketing website. The provision of SOC, SIEM, XEDR, and other managed-security services is governed by a separate written agreement between Datatrek and the client, which includes its own data-processing terms.

This site collects only the data you actively provide and the minimum technical metadata required to deliver and protect the service.

Contact form submissions — when you fill in the contact form we collect:

• Full name
• Work email address
• Company name (optional)
• Your message
• Preferred language (locale)

Technical metadata — stored automatically alongside every form submission:

• IP address (used for spam prevention and security logging)
• Browser user-agent string
• Timestamp of submission

We do not run analytics, track browsing behaviour, or set any third-party cookies. We do not collect data from visitors who do not submit the contact form.

We process your data on the following legal bases under the GDPR (Regulation (EU) 2016/679):

• Art. 6(1)(b) — performance of a contract / pre-contractual steps: processing your contact request and responding to your enquiry.
• Art. 6(1)(f) — legitimate interests: spam prevention (honeypot, rate limiting), server-side security logging, and protection of our infrastructure and other users. Our legitimate interests do not override your rights given the minimal, proportionate nature of the processing.

All personal data is processed and stored exclusively within the European Economic Area (EEA) on the following infrastructure providers, each acting as a data processor under a Data Processing Agreement (DPA):

• Hetzner Online GmbH — Germany
• Amazon Web Services EMEA SARL — Ireland
• Google Cloud EMEA Limited — Belgium

No personal data is transferred outside the EEA. No third-country transfers take place.

We share personal data only with the EU/EEA infrastructure providers listed above, strictly in their capacity as data processors. They have no right to use your data for their own purposes.

We do not sell, rent, or trade personal data. We embed no third-party analytics, advertising, or social-media trackers on this site. We do not share data with any other third party unless required by law or to protect the rights, property, or safety of Datatrek or others.

Contact form submissions — retained for 24 months from the date of last contact, after which they are permanently deleted automatically.

Server-side request logs (IP address, user-agent) — retained for up to 90 days for security and audit purposes, then deleted.

Rails session cookie — expires at the end of your browser session (or sooner if you close the browser).

This site sets one cookie only: the Rails session cookie (_datatrek_session). This cookie is strictly necessary for the contact form to function (CSRF protection) and expires at the end of your browser session.

Because this is a strictly necessary cookie, no consent banner is required under Art. 5(3) of the e-Privacy Directive. We do not set analytics, advertising, preference, or any third-party cookies.

As a data subject you have the following rights under the GDPR:

• Access (Art. 15) — obtain a copy of your personal data and information about how it is processed.
• Rectification (Art. 16) — have inaccurate data corrected.
• Erasure (Art. 17) — request deletion of your data ("right to be forgotten").
• Restriction of processing (Art. 18) — limit how we use your data in certain circumstances.
• Data portability (Art. 20) — receive your data in a structured, machine-readable format.
• Objection (Art. 21) — object to processing based on legitimate interests.
• Complaint (Art. 77) — lodge a complaint with the supervisory authority.

To exercise any of these rights, email soc@datatrek.io. We will respond within 30 days.

You also have the right to lodge a complaint with the Hellenic Data Protection Authority (HDPA) — Αρχή Προστασίας Δεδομένων Προσωπικού Χαρακτήρα — at www.dpa.gr.

We protect personal data using appropriate technical and organisational measures, including:

• TLS encryption for all data in transit
• Encryption at rest at the infrastructure layer
• Role-based access controls — only staff who need access to process your enquiry can see form submissions
• Multi-factor authentication (MFA) on all administrative access
• 24/7 SOC monitoring of our own infrastructure by the same NightWatch team that monitors clients

For any privacy-related question, to exercise your rights, or to contact our Data Protection Officer:

Datatrek
ΑΦΜ 140001020
Science & Technology Park of Crete
Heraklion, 70013, Greece
Email: soc@datatrek.io

We may update this privacy policy from time to time. When we do, we will update the "Last updated" date at the top of this page. For material changes that affect how we use your data, we will notify recent contacts by email where we hold a valid address.

Continued use of the website after an update constitutes acceptance of the revised policy.