Σύνοψη Πολιτικής Απορρήτου

Σύντομη ενημέρωση στα ελληνικά — η πλήρης πολιτική ακολουθεί στα αγγλικά

Τελευταία ενημέρωση: 2 Μαΐου 2026

How we collect, use, and protect your personal data

Last updated: 2 May 2026  |  Effective date: 2 May 2026

Quick summary

This is a short overview of how we handle your data. The full policy below has all the details required by law.

1. Who we are

This Privacy Policy applies to edrink Private Company (“edrink”, “we”, “us”, or “our”), a private company registered in Greece with the following details:

• Registered office: 11–13 Aristotelous Street, Athens, Greece, P.C. 10432
• Tax ID (ΑΦΜ): 802281720
• GEMI Number: 173565201000
• Contact email: support@edrink.gr
• Website: www.edrink.gr

edrink is the data controller for the personal data described in this policy, meaning we determine why and how your data is processed. We have not appointed a Data Protection Officer (DPO) as we are not legally required to do so. For any privacy-related question or request, please contact us at support@edrink.gr.

2. Scope of this policy

This policy applies to personal data we process when you:

• Create or use an edrink account through our mobile app or website
• Make a reservation through edrink, our website widgets, or third-party channels we operate (such as Google Reserve)
• Communicate with us by email or through customer support
• Visit our website www.edrink.gr
• Receive emails, SMS messages, or push notifications from us

This policy does not cover the privacy practices of the venues you book with, or third-party services we link to (such as Google, Stripe, Apple, Meta). When the venue receives your reservation details, it acts as an independent data controller and is responsible for its own privacy practices. We explain this further in Section 6.

3. What personal data we collect

We collect different types of data depending on how you use edrink. Below is a complete list.

3.1 Information you give us directly

Account information

When you create an edrink account, we collect:

• First and last name
• Email address
• Mobile phone number
• Password (stored encrypted; we never see your plaintext password)
• Date of birth or age confirmation (to verify you are 18 or over — see Section 11)
• Profile photo, if you choose to upload one
• Communication and notification preferences

Reservation information

When you make a reservation, we collect:

• Date, time, and party size
• Venue selected
• Special requests or notes (e.g., dietary requirements, allergies, occasion)
• Reservation status (confirmed, completed, cancelled, no-show)

Payment information (prepaid reservations)

If you make a reservation that requires a deposit or prepayment, payment is processed by Stripe, our payment processor. You enter your card details directly into Stripe’s secure forms. We do not store your full card number, CVV, or expiry date. We receive only:

• Confirmation that payment was authorised or captured
• The amount charged
• The last four digits and card brand (e.g., Visa ending 1234)
• Refund or chargeback information, if applicable

Payments for prepaid reservations are made directly to the venue’s Stripe Connected Account. edrink does not hold or transfer these funds. For more information on how Stripe handles your data, see https://stripe.com/privacy.

Customer support and live chat

If you contact us by email, in-app live chat, or any other support channel, we collect the contents of your messages, your contact details, and any information you choose to share with us. Our live chat is provided by Intercom; messages may be retained in Intercom’s systems as well as ours.

3.2 Information collected automatically

Device and technical data

• Device type, operating system and version, browser type and version
• Device identifiers (e.g., advertising ID, push notification tokens, mobile attribution identifiers)
• IP address and approximate location derived from it
• Language and region settings
• App version and crash diagnostics
• App install attribution data (which marketing source led you to install the app), collected via AppsFlyer

Usage data

• Pages and screens you view
• Venues you search for, view, or favourite
• Reservations you start but don’t complete
• Time and frequency of app/website use
• Referral source (how you arrived at edrink)

Precise location (only with your permission)

If you grant our mobile app permission to access your location, we use your GPS coordinates to show you nearby venues. You can revoke this permission at any time through your device’s operating system settings. Granting location access is optional and not required to use edrink.

Cookies and similar technologies

Our website uses cookies for essential functionality, analytics (Google Analytics), and other purposes. Where required, we ask for your consent through a cookie banner before setting non-essential cookies. For full details, see our separate Cookie Policy.

3.3 Information from third parties

Social and third-party login

If you sign up or log in using Facebook Login, Google Sign-In, or Apple Sign-In, we receive limited information from those services as authorised by you, typically your name and email address, and a unique identifier. We do not receive your password to those services.

If you delete your edrink account, we revoke our access to those third-party login services. This does not delete your account with the third party itself — you manage that directly with them.

Reservations from external channels

If you book through Google Reserve (“Reserve with Google”), Google passes your reservation details (name, contact information, reservation details) to edrink so we can transmit the booking to the venue. Google’s own privacy practices apply to data you provide to Google. See https://policies.google.com/privacy for more information.

4. How we use your personal data and on what legal basis

Under the GDPR, we must have a valid legal basis for each way we use your personal data. The table below sets out our processing activities, the purpose, and the legal basis we rely on.

Where we rely on legitimate interests, we have assessed that our interests do not override your fundamental rights and freedoms. You have the right to object to processing based on legitimate interests at any time (see Section 9).

5. Personalised coupons and automated decisions

We use information about your activity on edrink (such as your reservation history, the types of venues you book, and how often you use the app) to offer you coupons and promotions that may be relevant to you.

This involves a limited form of profiling, but it does not produce legal effects on you or significantly affect you in any similar way. The coupons are offers — you are free to use them or ignore them — and there is no automated decision-making in the sense of Article 22 of the GDPR.

You can object to this processing at any time by emailing support@edrink.gr. If you object, we will stop offering you personalised coupons but you may still receive generic ones.

6. Who we share your data with

We do not sell your personal data. We share your data only as described in this section.

6.1 Venues you book with

When you make a reservation through edrink, we share the following information with the venue you booked:

• Your name
• Your email address and phone number
• Reservation date, time, and party size
• Special requests or notes you included
• Reservation status and any cancellation/no-show information
• For prepaid reservations: payment status and amount

The venue is an independent data controller for the data it receives. This means the venue is responsible for how it uses your data after the booking, including its retention, security, and any further processing. Each venue should provide its own privacy information.

Under our agreement with venues, they may only use your data to:

• Manage and fulfil your reservation
• Communicate with you about that reservation
• Handle no-shows, cancellations, and refunds in line with their stated policies
• Maintain reservation history and guest records relating only to their own venue
• Comply with applicable laws (such as tax and accounting obligations)

Venues are contractually prohibited from sending you marketing communications based on data received through edrink unless they have your separate, valid consent.

6.2 Service providers (processors)

We use carefully selected third-party service providers to operate edrink. These providers process your data on our instructions and under written contracts that require them to protect your data. The categories and providers are:

We may update this list as our service providers change. The current list is always available in this policy.

6.3 Legal and regulatory disclosures

We may disclose your data when required by law, court order, or a binding request from a competent authority, or where necessary to:

• Comply with legal obligations or respond to lawful requests
• Protect the rights, property, or safety of edrink, our users, our partners, or others
• Detect, prevent, or address fraud, security, or technical issues
• Enforce our Terms of Use or other agreements

6.4 Business transfers

If edrink is involved in a merger, acquisition, sale of assets, or similar transaction, your data may be transferred as part of that transaction. We will notify you and provide you with options regarding your data, where required by law.

7. International data transfers

Your personal data is primarily stored on servers located in Frankfurt, Germany (within the European Union). However, some of our service providers are based outside the European Economic Area (EEA), particularly in the United States. This applies to:

• DigitalOcean (US-based company, EU-based data centres)
• Stripe (US)
• Google (Analytics, Firebase, Reserve with Google)
• Apple, Meta (for social login services)
• SendGrid / Twilio (email and SMS delivery, US-based)
• BulkerSMS (SMS delivery)
• Intercom (US-based, with EU data residency options)
• AppsFlyer (US/Israel-based, with EU data centre options)

When we transfer your data outside the EEA, we ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission, which contractually require recipients to protect your data to EU standards.
• EU–US Data Privacy Framework certifications, where applicable.
• Supplementary technical and organisational measures such as encryption in transit and at rest.

You can request a copy of the safeguards in place by emailing support@edrink.gr.

8. How long we keep your data

We keep your personal data only for as long as necessary to fulfil the purposes for which it was collected, and to comply with applicable legal obligations. Specific retention periods are set out below.

After the applicable retention period, we either delete your data or anonymise it (so it can no longer be linked to you). Anonymised data may be retained for statistical and analytical purposes.

9. Your rights under the GDPR

As a data subject under the GDPR, you have the following rights regarding your personal data:

• Right of access (Art. 15) — request a copy of the personal data we hold about you and information about how we process it.
• Right to rectification (Art. 16) — ask us to correct inaccurate or incomplete data.
• Right to erasure (“right to be forgotten”, Art. 17) — request that we delete your personal data, subject to certain legal exceptions.
• Right to restriction of processing (Art. 18) — ask us to limit how we process your data in certain circumstances.
• Right to data portability (Art. 20) — receive your data in a structured, commonly used, machine-readable format and transmit it to another controller.
• Right to object (Art. 21) — object to processing based on legitimate interests, including profiling for personalised coupons.
• Right to withdraw consent (Art. 7(3)) — where we rely on your consent, you may withdraw it at any time. This does not affect the lawfulness of processing before the withdrawal.
• Rights related to automated decision-making (Art. 22) — we do not make decisions about you based solely on automated processing that produce legal effects or similarly significantly affect you.

How to exercise your rights

To exercise any of these rights, please contact us at support@edrink.gr. You can also use the in-app account deletion feature for erasure requests (see Section 10).

We will respond to your request within one (1) month of receipt. We may extend this period by up to two additional months for complex or numerous requests, in which case we will inform you within the first month of the reasons for the delay.

To protect your data, we may need to verify your identity before acting on your request. We will explain what additional information is needed if so. If we cannot verify your identity, we may decline the request.

Exercising your rights is free of charge. However, where requests are manifestly unfounded or excessive (in particular, due to their repetitive character), we may charge a reasonable fee or refuse the request, in line with Article 12(5) of the GDPR.

Right to lodge a complaint

If you believe we have not handled your personal data in line with the law, you have the right to lodge a complaint with a data protection supervisory authority. The competent authority in Greece is:

• Hellenic Data Protection Authority (Αρχή Προστασίας Δεδομένων Προσωπικού Χαρακτήρα)
• Address: 1–3 Kifisias Avenue, 11523 Athens, Greece
• Phone: +30 210 6475600
• Email: contact@dpa.gr
• Website: www.dpa.gr

You may also lodge a complaint with the supervisory authority in your country of residence or place of work, if different.

10. Data deletion and account removal

This section explains how any edrink user (app or website) can request deletion of personal data we process. It also reflects requirements from third-party platforms such as Apple, Google, and Meta.

10.1 How to request deletion

• In-app: Open the edrink app → Profile → Account Details → Account Deletion. This permanently deletes your account and starts removal of your personal data from our production systems.
• Web form: Submit a request at https://www.edrink.gr/account-deletion/. We will verify your identity (registered email/phone) and confirm completion by email.
• Email: Write to support@edrink.gr with subject “Data Deletion Request – edrink” and include the email or phone linked to your account. We will guide you through identity verification and complete the request.

10.2 What we delete

• Account/profile data (name, contact details, preferences, saved places)
• User-generated content stored on edrink (e.g., reviews, content you uploaded)
• Reservation history visible in your edrink profile
• Marketing consents and notification tokens
• Access tokens and permissions for any connected third-party accounts; we revoke access and disconnect those accounts

10.3 What we anonymise instead of deleting

Reservation records held by venues you booked with are not fully deleted, because:

• Greek tax and accounting law requires venues and edrink to retain transaction records (typically up to 10 years)
• Pending or recent disputes, chargebacks, and refunds may require the underlying record
• Fraud prevention requires retaining patterns of activity

In these cases, we anonymise the records by replacing your name, email, phone number, and any notes with non-identifying placeholders. The transactional details (date, party size, status, amount) remain in the venue’s records, but they can no longer identify you from those records.

10.4 What may remain temporarily or by law

Even after account deletion, certain data may be retained:

• Records necessary to comply with legal, tax, or accounting obligations
• Security and system backups that are automatically overwritten on a rolling basis (normally within up to 90 days)
• Anonymised or aggregated data that can no longer identify you
• Records related to ongoing legal claims, disputes, or regulatory investigations

10.5 Third-party login

If you created or accessed your edrink account using a third-party login service (such as Facebook Login, Google Sign-In, or Apple Sign-In), deleting your edrink account also revokes our access to that login service. This does not affect your third-party account itself, which you manage directly through that service.

10.6 Timing

We acknowledge requests promptly and complete them without undue delay and within 30 days (extendable to 60 days for complex requests, with notice), consistent with the GDPR.

10.7 Identity verification

For your security, we may ask for information to confirm your identity before acting on your request. If we cannot verify your identity, we will explain what additional information is needed.

11. Age requirement and children

edrink is intended for users aged 18 and over. Many venues listed on edrink serve alcohol, and you must be of legal age to consume alcohol in Greece (18 years) to use the service.

We do not knowingly collect personal data from anyone under the age of 18. If we become aware that we have collected personal data from someone under 18, we will take reasonable steps to delete that information without delay.

If you are a parent or guardian and believe your child has provided us with personal data, please contact us at support@edrink.gr.

12. How we protect your data

We implement appropriate technical and organisational security measures to protect your personal data against unauthorised access, disclosure, alteration, or destruction. These measures include:

• Encryption of data in transit (HTTPS/TLS) and at rest where appropriate
• Access controls limiting personal data access to authorised personnel only
• Secure password storage using industry-standard hashing
• Regular security reviews and monitoring
• Contractual data-protection commitments with our service providers
• Logical separation of personal data from public-facing systems

No system can guarantee 100% security. If we become aware of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Hellenic Data Protection Authority within 72 hours and, where required, notify you directly without undue delay.

You also play a role in protecting your data. Please keep your password secure, do not share your account, and notify us immediately if you suspect unauthorised access.

13. Special categories of data

We do not intentionally collect special categories of personal data (such as data revealing racial or ethnic origin, political opinions, religious beliefs, trade union membership, genetic or biometric data, health data, or data concerning your sex life or sexual orientation).

However, you may voluntarily share such information in special requests during a reservation (for example, dietary requirements related to allergies or religious observance). When you do so, you give the venue and us your explicit consent to process this information for the purpose of accommodating your reservation. You can withdraw this consent at any time, but doing so may affect our or the venue’s ability to accommodate the request.

14. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons.

When we make material changes, we will notify you in advance by email and/or through a prominent notice in the app or on our website. The “Last updated” date at the top of this policy reflects when it was last changed. The most current version is always available at www.edrink.gr.

Your continued use of edrink after the effective date of any change constitutes your acceptance of the updated policy. If you do not agree with the changes, you may delete your account.

15. Contact us

A Greek-language summary of this Privacy Policy is included at the top of this page. The full policy is published in English. For clarification of any section in Greek, please contact support@edrink.gr.