Legal · Privacy

Privacy Policy
& GDPR Notice

SOG Digital Services IKE takes the protection of your personal data seriously. This document explains what we collect, why, and how it is protected. Last updated: May 2026.

Contents
1. Data controller 2. Data we collect 3. Verification documents 4. How data is used 5. Sharing & third parties 6. Retention periods 7. Your rights 8. Security measures 9. Cookies 10. Contact & complaints

1. Data Controller

The data controller is SOG Digital Services IKE, a private company registered under Greek law.

Company
SOG Digital Services IKE
ΑΦΜ / Tax ID
801234567
Registered address
Athens, Greece
DPO contact
privacy@sog.gr

2. Data We Collect

Account data

  • E-mail address (used for login and notifications only — never displayed to other members)
  • Private alias (your chosen display name visible to verified members)
  • City of residence (shown at city level only — no precise geolocation)
  • Age bracket
  • Lifestyle disposition tags (self-selected)
  • Optional short bio

Usage data

  • Login timestamps and device type (for security purposes)
  • Pages visited within the platform (aggregated, not sold)
  • Correspondence metadata (who sent a note to whom, timestamps — content is end-to-end encrypted)

3. Verification Documents

Verification documents are handled under maximum protection and are never accessible to other members under any circumstances.

To verify your identity, we collect one of: Greek ID card, residence permit, or passport, along with a live selfie photograph. An optional short video greeting may also be submitted.

Storage

All identity documents are encrypted at rest using AES-256 and stored in an isolated vault, separate from the main platform database. Only two named operators have access to the verification vault.

Retention

Verification documents are retained only for the duration of active membership plus 30 days. Upon account closure or erasure request, all documents are cryptographically erased — not archived.

4. How Data Is Used

Your data is used solely to operate the SOG platform. Specifically:

  • To authenticate your identity and prevent duplicate or fraudulent accounts
  • To display your dossier to other verified members (alias, city, disposition, and optionally photos)
  • To facilitate private correspondence between members
  • To notify you of events and SOG communications you have opted into
  • To comply with Greek and EU legal obligations

Your data is never sold, never used for advertising, and never shared with third parties for commercial purposes.

5. Sharing & Third Parties

SOG does not sell or share personal data with third parties for commercial purposes. Limited sharing occurs only in these contexts:

  • SDC partnership: If you choose to activate SDC cross-linking, your alias and disposition tags are shared with SDC. This is entirely opt-in and can be revoked at any time from Account Settings.
  • Payment processor: Billing data is handled by a PCI-DSS compliant payment processor. SOG does not store card numbers.
  • Legal obligations: If required by Greek law or court order, we may be compelled to disclose specific data. We will notify you unless legally prohibited.

6. Retention Periods

  • Account data: retained for the duration of active membership plus 12 months
  • Verification documents: retained for active membership plus 30 days, then cryptographically erased
  • Correspondence: auto-deleted after 30 days (configurable in Account Settings)
  • Login/security logs: retained for 90 days
  • Billing records: retained for 7 years as required by Greek tax law

7. Your Rights Under GDPR

Under the General Data Protection Regulation (EU 2016/679), you have the following rights:

  • Right of access: Request a copy of all personal data we hold about you
  • Right to rectification: Correct inaccurate or incomplete data
  • Right to erasure: Request deletion of your data ("right to be forgotten")
  • Right to portability: Receive your data in a structured, machine-readable format
  • Right to restrict processing: Limit how we use your data in certain circumstances
  • Right to object: Object to processing based on legitimate interests

To exercise any of these rights, contact privacy@sog.gr. We will respond within 30 days. Erasure requests for account data are processed within 72 hours.

8. Security Measures

  • AES-256 encryption at rest for all sensitive data
  • TLS 1.3 in transit
  • End-to-end encrypted correspondence (content never readable by SOG operators)
  • Screenshot detection and alerts
  • Photo watermarking with member ID
  • Access to verification vault restricted to two named operators with audit logging
  • Automatic session expiry after 30 days of inactivity

9. Cookies

SOG uses only strictly necessary cookies for session management and security. No advertising cookies, no third-party tracking pixels. Preferences and language settings are stored in your browser's local storage and are not transmitted to our servers.

10. Contact & Complaints

For privacy enquiries: privacy@sog.gr

You also have the right to lodge a complaint with the Greek Data Protection Authority (ΑΠΔΠΧ): www.dpa.gr