Privacy Policy
How Microns Hub handles your personal data under the General Data Protection Regulation (Regulation (EU) 2016/679)
This Privacy Policy explains how MICRONS HUB DV Ε.Ε. ("we", "us", "our") processes personal data when you visit micronshub.eu, request a quote, place an order, or otherwise interact with our platform. It is written to meet the requirements of Regulation (EU) 2016/679 (General Data Protection Regulation, "GDPR") as in force in Greece and the wider European Union. If you are resident in the European Economic Area, the United Kingdom, Switzerland, or a country with equivalent data protection law, you have specific rights described below and can exercise them by contacting info@micronshub.eu. This policy was last updated on 21 April 2026.
1. Controller Identification
The controller of personal data processed in connection with micronshub.eu is MICRONS HUB DV Ε.Ε., operated by Dimitrios Vardalachakis, registered in the Greek General Commercial Register (GEMI) under number 190254227000, VAT identification number EL803129638, with registered address at Industrial Area, Street B, Number 4, 71601 Heraklion, Crete, Greece. The controller can be reached at info@micronshub.eu or by phone at +30 210 444 7830 for any matter related to the processing of personal data, including the exercise of data subject rights.
No Data Protection Officer is required under Article 37 GDPR given the current scale and nature of processing, but all privacy matters are handled by a designated privacy contact reachable at the above email.
2. Categories of Personal Data Processed
We process the following categories of personal data:
| Category | Examples |
|---|---|
| Account data | Name, email, phone number, company, job title, country, preferred language |
| Authentication data | Hashed password, session tokens, MFA configuration, SSO identifiers if used |
| Order & quote data | CAD files uploaded, specifications provided, quoted prices, order history, delivery addresses, invoice records |
| Communication data | Email correspondence, support ticket content, chat transcripts where applicable |
| Technical data | IP address, browser type and version, device type, operating system, referrer URL, timestamps |
| Usage data | Pages viewed, actions performed on the platform, session duration, feature engagement |
| Cookie identifiers | Essential session cookies; analytics cookies only with consent (see Section 8) |
| Marketing data | Only if you explicitly opt in: email engagement with newsletter, campaign attribution |
3. Purposes and Legal Bases
For each processing purpose, the legal basis under Article 6 GDPR:
| Purpose | Legal basis (Art. 6 GDPR) |
|---|---|
| Providing the quoting, ordering, and delivery service | Art. 6(1)(b) — performance of a contract with you or pre-contractual steps at your request |
| Operating user accounts and authentication | Art. 6(1)(b) — contract performance |
| Invoicing, accounting, and tax record keeping | Art. 6(1)(c) — legal obligation (Greek and EU tax law) |
| Platform security, fraud prevention, abuse detection | Art. 6(1)(f) — legitimate interest in protecting the platform and customers |
| Service improvement, usage analytics (aggregated) | Art. 6(1)(f) — legitimate interest in improving the service |
| Non-essential analytics cookies | Art. 6(1)(a) — explicit consent (revocable at any time) |
| Marketing newsletters | Art. 6(1)(a) — explicit consent (opt-in only, revocable at any time) |
| Responding to inquiries that are not pre-contractual | Art. 6(1)(f) — legitimate interest in customer communication |
4. Data Retention Periods
Personal data is retained only as long as necessary for the purposes set out above. Concrete retention rules:
| Data category | Retention period |
|---|---|
| Active customer account data | For the duration of the account plus 6 months after deletion request for reversal |
| Closed / inactive accounts with no orders | Deleted after 24 months of inactivity |
| Invoice and accounting records | 10 years from end of fiscal year (Greek tax law requirement) |
| CAD files and order specifications | 7 years from last order activity for quality and warranty traceability |
| Email and support communications | 3 years from last message unless ongoing legal matter |
| Server logs (IP, user-agent, timestamps) | 90 days, then aggregated or deleted |
| Marketing subscriber list | Until unsubscribe; suppressed contact details kept for 2 years to honor opt-out |
| Analytics data (consented, non-aggregated) | 14 months maximum, as recommended by EDPB |
5. Third-Party Processors and Sub-Processors
We use carefully selected third-party processors to deliver the service. Each processor is bound by a Data Processing Agreement meeting the requirements of Article 28 GDPR. Current processors include: Vercel Inc. (platform hosting and edge infrastructure); Supabase Inc. (database, authentication, and storage); Google LLC (Google Workspace for email); shipping carriers (DHL, DPD, UPS) for delivery of manufactured parts; payment service providers for card and bank transfer processing.
Manufacturing partners in our supplier network receive the minimum data required to manufacture and ship your parts: CAD files, specifications, shipping address, and customer reference. Suppliers are contractually prohibited from using this data for any purpose other than fulfilling the specific order.
A current sub-processor list is available on request to info@micronshub.eu. We notify customers of material changes to our sub-processor list before those changes take effect where feasible.
6. International Transfers of Personal Data
Most processing takes place within the European Economic Area. Where a sub-processor involves data transfers to jurisdictions outside the EEA, we rely on lawful transfer mechanisms under Chapter V of the GDPR: EU Standard Contractual Clauses (SCCs) as approved by Commission Implementing Decision (EU) 2021/914, adequacy decisions where applicable (e.g. the EU–U.S. Data Privacy Framework where the sub-processor is certified), and supplementary measures where the European Data Protection Board has recommended them.
Specifically, transfers to the United States (Vercel Inc., Supabase Inc., Google LLC) are covered by SCCs and, where applicable, the EU–U.S. Data Privacy Framework. Copies of the SCCs in effect are available on request to info@micronshub.eu.
7. Your Rights Under the GDPR
Data subjects resident in the EEA, the UK, or Switzerland have the following rights, exercisable free of charge by contacting info@micronshub.eu:
| Right | Article GDPR | What it means |
|---|---|---|
| Right of access | Art. 15 | Obtain confirmation of processing and a copy of personal data held about you |
| Right to rectification | Art. 16 | Correct inaccurate or incomplete personal data |
| Right to erasure ("right to be forgotten") | Art. 17 | Delete personal data where legal grounds for retention no longer apply |
| Right to restriction of processing | Art. 18 | Suspend processing in specific circumstances |
| Right to data portability | Art. 20 | Receive personal data in a structured, machine-readable format |
| Right to object | Art. 21 | Object to processing based on legitimate interest or direct marketing |
| Right to withdraw consent | Art. 7(3) | Withdraw consent at any time for consent-based processing |
| Right not to be subject to automated decision-making | Art. 22 | Not applicable — we do not engage in Art. 22 automated decision-making |
| Right to lodge a complaint | Art. 77 | Complain to the Greek Data Protection Authority (DPA) or your local supervisory authority |
8. Cookies and Similar Technologies
The website uses a minimal set of strictly necessary cookies required for the platform to function (session management, authentication state, CSRF protection, language preference). These cookies are set under the exception in Article 5(3) of Directive 2002/58/EC (ePrivacy Directive) and do not require prior consent. They cannot be disabled without breaking core site functionality.
Non-essential cookies — analytics and marketing, where used — are only set with your explicit prior consent obtained through the cookie banner presented on first visit. Consent can be withdrawn at any time by clearing site data in your browser or using the in-platform privacy preferences panel (where available). Withdrawing consent does not affect the lawfulness of processing carried out before the withdrawal.
9. Security of Processing
We implement appropriate technical and organizational measures pursuant to Article 32 GDPR to ensure a level of security appropriate to the risk. These include: TLS encryption in transit for all website and API traffic; encryption at rest for databases and file storage; role-based access controls; audit logging on privileged operations; regular security patching of infrastructure; principle of least privilege for employee and contractor access; and incident response procedures. Personal data breaches, if they occur, are assessed against Article 33 GDPR notification thresholds and reported to the supervisory authority within 72 hours where the breach is likely to result in a risk to the rights and freedoms of individuals.
10. Children
Our platform is directed at business users and professionals in engineering, procurement, and manufacturing. It is not directed at children under 16. We do not knowingly collect personal data from children under 16. If you become aware that a child under 16 has provided us with personal data, please contact info@micronshub.eu and we will delete the data promptly.
11. Changes to this Privacy Policy
We may update this Privacy Policy to reflect changes in our processing activities, legal requirements, or service features. Material changes are notified to registered users by email and posted on this page at least 30 days before taking effect where feasible. The current effective date is shown at the top of this page. Earlier versions are available on request to info@micronshub.eu.
12. Contact and Complaints
For any matter related to the processing of your personal data — exercising rights, asking questions, or making complaints — contact info@micronshub.eu. We acknowledge requests within 72 hours and respond substantively within 30 days as required by Article 12(3) GDPR. For complex requests, the response period may be extended by up to two further months with explanation.
If you believe our processing of your personal data infringes the GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement. The Greek Data Protection Authority (Αρχή Προστασίας Δεδομένων Προσωπικού Χαρακτήρα, HDPA) is reachable at www.dpa.gr.
Related Services
MICRONS HUB DV Ε.Ε. · VAT: EL803129638 · GEMI: 190254227000 · Industrial Area, Street B, Number 4, 71601 Heraklion, Crete, Greece