Πολιτική Απορρήτου

Last updated: March 2026

1. Who We Are

NCP Media ("we", "us", "our") operates the NCP Media Πύλη Πελατών at https://www.ncp-media.com/portal. We are the data controller for personal data processed through this portal. Contact: info@ncp-media.com

2. What Data We Collect

• Account data: Όνομα, email address, company name, phone number
• Authentication data: Encrypted password hash, 2FA verification timestamps
• Usage data: Σύνδεση timestamps, IP addresses, browser user agent
• Ad performance data: Campaign metrics, spend, ROAS synced from your connected ad accounts
• Lead data: Contact information from Meta Lead Ads forms (stored AES-256 encrypted)
• Υποστήριξη data: Tickets, messages, attachments you submit
• Billing data: Invoice records (no card data stored — handled by Stripe)

3. Legal Basis for Processing

• Σύμβαση performance (Art. 6(1)(b) GDPR): To provide the services you have engaged us for
• Legitimate interests (Art. 6(1)(f) GDPR): Security, fraud prevention, service improvement
• Legal obligation (Art. 6(1)(c) GDPR): Invoicing, tax compliance
• Consent (Art. 6(1)(a) GDPR): Marketing communications (where applicable)

4. How We Use Your Data

• Providing access to the client portal and its features
• Αποστολήing transactional notifications (reports, invoices, support updates)
• SMS two-factor authentication for account security
• Syncing and displaying your advertising campaign performance
• Δημιουργία εβδομαδιαίων αναφορών
• Παρακολούθηση ασφαλείας

5. Data Storage & Security

Τα δεδομένα σας αποθηκεύονται σε διακομιστές στην Νυρεμβέργη, Γερμανία (EU) hosted by Hetzner Online GmbH, an EU-based provider. We implement the following security measures:

• AES-256-CBC encryption for personal lead data at rest
• TLS/HTTPS encryption for all data in transit
• Τείχος προστασίας με περιορισμένη πρόσβαση
• Brute force protection via fail2ban
• SMS two-factor authentication
• Audit logging από data access events

6. Data Retention

• Account data: Retained for the duration από the contract + 2 years
• Lead data: Retained for 12 months from collection date
• Ad metrics: Retained for 24 months
• Audit logs: Retained for 12 months
• Invoices: Retained for 7 years (Greek tax law obligation)

7. Third-Party Υπηρεσίες

• Brevo (Αποστολήinblue): Email & SMS delivery — Πολιτική Απορρήτου
• Meta (Facebook): Ad account & lead data sync — Πολιτική Απορρήτου
• Google: Ad account sync & OAuth login — Πολιτική Απορρήτου
• TikTok: Ad account sync — Πολιτική Απορρήτου
• Stripe: Payment processing — Πολιτική Απορρήτου
• Hetzner: Server hosting (EU) — Πολιτική Απορρήτου

8. Your Rights Under GDPR

As an EU data subject, you have the following rights:

• Right από access (Art. 15): Request a copy από your personal data
• Right to rectification (Art. 16): Correct inaccurate data
• Right to erasure (Art. 17): Request deletion από your data
• Right to restriction (Art. 18): Restrict processing από your data
• Right to data portability (Art. 20): Receive your data in a portable format
• Right to object (Art. 21): Object to processing based on legitimate interests

To exercise any από these rights, visit your Απόρρητο Πίνακας Ελέγχου or contact us at info@ncp-media.com. We will respond within 30 days as required by GDPR.

9. Cookies

We use strictly necessary cookies for session management and authentication. No tracking or advertising cookies are used in the portal. See our Πολιτική Cookies for details.

10. Complaints

Έχετε the right to lodge a complaint with the Greek Data Protection Authority (HDPA): www.dpa.gr, Tel: +30 210 6475 600.

11. Changes to This Policy

We may update this policy from time to time. We will notify you από significant changes via email. Continued use από the portal after changes constitutes acceptance.