Privacy Policy

The present Privacy Policy aims to inform you about the information collected from you when you visit this website, the manner in which such information may be used, the manner in which you can control the use and disclosure of the information concerning you, as well as the measures that have been taken for the protection of such information. This Policy constitutes an integral part of the Terms of Use, which are incorporated by reference.

The website of the companies “GEORGIOS M. TSAKOUMIS AND Co L.P.” with the distinctive title “CONSORTIS” and “CONSORTIS GEOSPATIAL L.P.” with the distinctive title “CONSORTIS GEOSPATIAL” (hereinafter jointly the “Companies”) constitutes their informational web space. The Companies act as Joint Controllers pursuant to Article 26 GDPR to the extent that they jointly determine the purposes and means of the processing of personal data, in particular within the framework of the operation of common organizational units (indicatively: HR, IT, Legal, Accounting, Marketing, Contracts Directorate, Tenders and Secretariat), the use of common information systems and technical infrastructures, and the provision of unified administrative and business services.

The Joint Controllers have determined through an internal Joint Controllership Agreement: the allocation of their responsibilities regarding compliance with the GDPR, the procedures for safeguarding the rights of data subjects, the appropriate technical and organizational security measures, and the manner of their cooperation with supervisory authorities. The essence of the above allocation is made available to data subjects upon request.

The Companies, as joint controllers of your personal data, inform you as the person to whom the respective personal data relate (hereinafter the “Data Subject”) that, during the visit or use of the Website, the processing of your personal data is governed by the applicable European and national legislation on the protection of personal data, including Law 4624/2019, Regulation (EU) 2016/679 of the European Parliament and of the Council adopted on 27 April 2016 and applied from 25 May 2018 (hereinafter the “GDPR”), as well as the decisions, guidelines and regulatory acts of the Hellenic Data Protection Authority.

  1. Personal Data collected and processed by the Website

The Website ensures the fair and lawful collection and processing of personal data. Personal data are information that identify the Data Subject directly or indirectly, in particular by reference to an identity identifier, such as full name, contact telephone number and electronic mail address (e-mail). The above personal data that are collected are strictly necessary for the implementation of the action requested by the Data Subject.

The Data Subject ensures that the personal data provided are correct and accurate and undertakes to notify the Companies of any change or modification thereof. Any loss or damage caused to the Website or to any third party through the disclosure of incorrect, inaccurate or incomplete information in the contact form is the sole responsibility of the Data Subject.

  1. Use of the Website by minors

According to the provisions specifically set out in Article 8(1)(a) GDPR in conjunction with Article 21 of the Law, minors under fifteen (15) years of age are prohibited from disclosing their personal data through the Website without the prior consent of their guardian.

  1. Purpose of data processing

The purpose of the collection and processing of personal data by the Website is the communication of the Companies with the Data Subject for the best possible service of the request sent to the electronic mail address and/or through the contact form. Furthermore, the Website collects personal data necessary for its basic functions, such as navigation and access to secure areas of the website (necessary cookies). When the Data Subject enters the Website, Consortis may, following his/her explicit consent, also collect browsing data for analysis purposes (e.g. traffic monitoring), and for statistical purposes (Browser Type, Operating System, Internet Protocol Addresses (IP)), in order to understand the manner in which the Data Subject interacts with the Website and to improve it accordingly. More information regarding this specific category of personal data can be found in the Website Cookies Policy.

The Companies collect and process personal data exclusively for the aforementioned purposes and only to the extent strictly necessary for the effective service of such purposes. Such data are each time relevant, appropriate and not more than required in view of the above purposes, and are accurate and, where necessary, kept up to date.

  1. Data retention period

The personal data collected are kept and stored in a secure environment exclusively for the fulfilment of the purposes of their collection and processing (see paragraph no. 3) and only for as long as required to achieve such purposes, subject to the more specific provisions of the applicable legislation. After the expiry of the above periods, the data are deleted/destroyed in a secure manner, unless their continued retention is provided for by the applicable legislation, such as, for example, in the event of the emergence of civil cases or investigation of a criminal offence, tax audit, etc.

  1. Data security

The process of personal data processing by the Companies is carried out in a manner that ensures its confidentiality. The Companies take all appropriate organizational and technical measures for data security and protection against accidental or unlawful destruction, accidental loss, alteration, prohibited dissemination or access and any other form of unlawful processing.

  1. Data breaches

The Companies undertake that, in the event of a breach of their database, they will notify the Data Subjects as well as the Hellenic Data Protection Authority within 72 hours from the breach.

  1. Data recipients

Recipient of the personal data are the Companies themselves, as Joint Controllers, as well as the processors acting on their behalf. The Companies guarantee that they will not transfer, disclose or make available the personal data of the Data Subject to third parties for any purpose or use. However, they reserve the right to disclose information concerning the Data Subject if the legislation introduces a relevant obligation or if such disclosure is required by court decision, prosecutor’s order or decision, or by order or decision of another person or administrative body legally competent to require the disclosure of such information.

  1. Processors acting on behalf of the Joint Controllers

The Companies use third-party service providers (accountant, web hosting provider and lawyer) to manage one or more aspects of their activities, including the processing of personal information. When the Companies make use of an external company or partner, they use contractual commitments and other appropriate means to ensure that the personal data of the Data Subject are used in a manner consistent with the applicable legislation and this Policy.

  1. Use of Cookies

The Website uses cookies necessary for its basic functions. Furthermore, it may use cookies in order to analyze visitor behaviour, monitor preferences and collect information about the Data Subject. It uses cookies to manage session periods and to provide personalized webpages so that the Website reflects the particular needs and interests of each Data Subject. In this way, the Website remembers the actions and preferences of the Data Subject (such as display preferences, language, etc.) for a certain period of time, so that the Data Subject does not need to re-enter such preferences each time he/she visits the Website, unless he/she wishes to do so.

For more detailed information about the cookies collected by the Website, see the Cookies Policy.

  1. Links to third-party websites

Any connection of the Website through special links (links, hyperlinks, banners) with any other third-party website does not imply any assumption of responsibility on the part of the Website for the policy followed on such website regarding the protection and management of personal data. The Data Subject should ensure that he/she is informed about the protection and management of his/her data by the above websites.

  1. Rights of Access, Rectification and Erasure

According to the GDPR (Articles 15-18, 20-21 GDPR), the Data Subject has the right of access to the data, rectification, erasure, restriction of processing, data portability and objection. Data subjects may exercise the above rights against any of the Joint Controllers, through the single contact point: dpo@consortis.gr,from the electronic mail address through which the initial e-mail was submitted, in order for the identification of the Data Subject to take place.

The Joint Controllers cooperate for the timely and full satisfaction of each request.

In the event that the Data Subject considers that the protection of his/her personal data is infringed in any way, he/she may lodge a complaint with the Hellenic Data Protection Authority at the following contact details: Hellenic Data Protection Authority, www.dpa.gr , Kifisias 1-3, P.C. 115 23, Athens, Telephone 210 6475628, E-mail: complaints@dpa.gr

Because the present notice and the personal data protection terms contained herein may be modified, the Data Subject must regularly be informed about the content hereof and check for any changes.

Last update: 30.01.2026