Skip to content
BiduniQ
Legal

Privacy Policy

How BidUniq collects, uses, and protects your personal data in accordance with the GDPR and applicable Greek and EU law.

Last updated · December 2024

1. Data Controller

The data controller responsible for processing your personal data is "BID UNIQ SINGLE MEMBER P.C." (GEMI: 181910903000), Leoforos Alexandras 76, Athens, 11473, Greece. For any privacy-related inquiries, contact us at [email protected].

2. Personal Data We Collect

  • Account information: name, surname, email address, phone number, date of birth.
  • Identity verification data: identification documents required to confirm winners and comply with anti-fraud and tax obligations.
  • Transaction data: bidding history, won auctions, payment records, billing and shipping addresses.
  • Payment data: processed by certified payment providers; we do not store full card details on our servers.
  • Technical data: IP address, device identifiers, browser type, operating system, language preference.
  • Usage data: pages visited, features used, session duration, referral source.
  • Communications: messages exchanged with our support team, including content and metadata.

3. Legal Bases and Purposes

  • Contract performance (GDPR Art. 6(1)(b)): creating and managing your account, processing bids, completing auctions, processing payments, and delivering won products.
  • Legal obligation (GDPR Art. 6(1)(c)): fulfilling tax, accounting, anti-money laundering, and consumer protection obligations under Greek and EU law.
  • Legitimate interests (GDPR Art. 6(1)(f)): preventing fraud, ensuring platform security, improving services, and conducting business analytics.
  • Consent (GDPR Art. 6(1)(a)): marketing communications, optional cookies, and other processing where consent is explicitly required.

4. Data Sharing and Recipients

  • Payment processors (e.g. Nexi Payments Greece S.A.) for secure transaction handling.
  • Shipping and logistics partners for product delivery to auction winners.
  • Identity verification and anti-fraud service providers.
  • Cloud hosting and infrastructure providers operating under data processing agreements.
  • Analytics providers (e.g. Google Analytics, Google Tag Manager) for service improvement.
  • Legal, tax, and regulatory authorities when required by applicable law.

5. International Data Transfers

Where personal data is transferred outside the European Economic Area, we ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission and other mechanisms required under GDPR Chapter V.

6. Data Retention

  • Account data: retained for the duration of your active account, plus a reasonable period after deletion to comply with legal obligations.
  • Transaction and tax records: retained for the period required by Greek tax legislation (typically 10 years).
  • Communications with support: retained for up to 3 years after the last interaction.
  • Marketing preferences: retained until you withdraw consent.
  • Technical logs: retained for up to 12 months for security and audit purposes.

7. Your Rights

  • Right of access — obtain a copy of personal data we hold about you.
  • Right to rectification — correct inaccurate or incomplete data.
  • Right to erasure — request deletion of your data (subject to legal retention obligations).
  • Right to restriction — limit how we process your data in specific circumstances.
  • Right to data portability — receive your data in a structured, machine-readable format.
  • Right to object — to processing based on legitimate interests, including profiling.
  • Right to withdraw consent — at any time for consent-based processing.
  • Right to lodge a complaint with the Hellenic Data Protection Authority (www.dpa.gr) or your local supervisory authority.

8. How to Exercise Your Rights

Send your request to [email protected] from the email address registered to your account. We respond within one month, with possible extensions for complex requests as permitted under GDPR Art. 12(3).

9. Security

We implement technical and organisational measures appropriate to the risk, including encryption in transit (TLS), restricted access controls, monitoring, and regular security reviews. No system is completely secure; we encourage strong, unique passwords and prompt reporting of suspicious activity.

10. Cookies

BidUniq uses cookies and similar technologies as described in our Cookies Policy, which explains the categories, purposes, and controls available.

11. Children's Privacy

BidUniq services are not intended for individuals under the age of 18. We do not knowingly collect personal data from minors. If we become aware that such data has been collected, we will delete it without delay.

12. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated through the platform or via email where appropriate. The 'last updated' date at the top reflects the most recent revision.

13. Contact

BID UNIQ SINGLE MEMBER P.C., Leoforos Alexandras 76, Athens, 11473, Greece. Email: [email protected]. Registration Number: 181910903000.