Legal information

Privacy policy

Document version: 2026-05-23

Last updated: 23 May 2026

1. Introduction

This Privacy Policy explains how InfoLocal (“we”, “us”) collects, uses, stores, and protects personal data when you visit or use our informational discovery Platform, in accordance with the EU General Data Protection Regulation (GDPR) and Greek law.

2. Data controller

The data controller is the legal entity operating the Platform (name, postal address, VAT, and contact email should be completed in production settings and on the Contact page). For data protection requests, use the published contact email.

3. Personal data we collect

3.1 Visitors (browsing)

  • Technical data: IP address, browser type, device information, timestamps, and requested URLs in server or security logs.
  • Session and essential cookies: required for authentication, security (CSRF), language, and core functionality (see Cookie Policy at the end of this document).
  • Consent cookies: e.g. gdpr_cookie_accepted and preference for analytics, where applicable.
  • Analytics: we may use privacy-oriented or third-party analytics (e.g. aggregated visit statistics) to understand usage and improve the service. Where non-essential analytics are used, we rely on consent where required.
  • Visitor statistics: aggregated counters may be stored in application settings.

3.2 Registered users

  • Account data: name, email, phone (if provided), password (stored hashed), role, status.
  • Registration consent record: acceptance of Terms and Privacy Policy, timestamp, document versions, and IP at signup.
  • Billing and business profile fields you provide voluntarily.
  • Security and activity logs where enabled (e.g. login events, admin actions) for fraud prevention and audit.

3.3 Listings, reviews, and contact

  • Content you submit for business listings, reviews, or media may be displayed publicly according to publication rules.
  • Contact form: if you submit a message, we process name, email, subject, and message body to respond to your enquiry.

3.4 Email

Transactional emails (verification, password reset, notifications) are sent via configured mail providers. Outbound messages may be logged (recipient, subject, type, time) for support and compliance.

4. Purposes and legal bases

  • Contract: providing account, listing, and subscription features you request.
  • Legitimate interests: security, abuse prevention, service improvement, aggregated analytics, and defending legal claims—balanced against your rights.
  • Consent: non-essential cookies or marketing where applicable; you may withdraw consent without affecting lawfulness of prior processing.
  • Legal obligation: tax, invoicing, and regulatory retention where applicable.

5. Data sharing

We do not sell your personal data. We may share data with:

  • hosting and infrastructure providers;
  • email (SMTP) providers;
  • payment or banking processes you initiate outside the Platform;
  • map, font, or analytics providers when you use linked or embedded services (subject to their policies);
  • authorities when required by law.

Processors are engaged under appropriate contractual safeguards where required by GDPR.

6. International transfers

Where providers process data outside the EEA, we rely on appropriate safeguards (e.g. Standard Contractual Clauses) as required by law.

7. Retention

We retain personal data only as long as necessary for the purposes above, including:

  • account data: for the life of the account and a reasonable period after closure;
  • consent and security logs: as configured (e.g. up to 90 days unless longer retention is legally required);
  • invoices and financial records: as required by Greek tax law;
  • email logs: for operational and dispute resolution needs, then deleted or anonymised.

8. Your rights (GDPR)

Subject to conditions in GDPR, you have the right to:

  • access your personal data;
  • rectification of inaccurate data;
  • erasure (“right to be forgotten”) in applicable cases;
  • restriction of processing;
  • data portability for data you provided, in a structured, commonly used format where technically feasible;
  • object to processing based on legitimate interests;
  • withdraw consent where processing is consent-based;
  • lodge a complaint with the Hellenic Data Protection Authority (dpa.gr).

We will respond to requests within the timeframes required by law (typically one month).

9. Security

We implement reasonable technical and organisational measures (e.g. password hashing, HTTPS in production, access controls). No method of transmission or storage is completely secure; we cannot guarantee absolute security.

10. Children

The Platform is not directed at children under 16. We do not knowingly collect their data without parental consent where required.

11. Changes

We may update this Policy. Material changes will be communicated appropriately. The document version and date above indicate the current revision.


Last updated: 23 May 2026

1. What are cookies?

Cookies are small text files stored on your device when you visit a website. They help the site remember preferences, keep you signed in, and—where you consent—understand how the site is used.

2. How we use cookies on InfoLocal

2.1 Strictly necessary (essential)

These cookies are required for the Platform to function and cannot be switched off in our systems without breaking core features:

  • Session cookie (Laravel): maintains login state and security tokens.
  • CSRF protection: prevents cross-site request forgery on forms.
  • Remember me (optional): if you choose “stay signed in”.
  • Language / locale preferences where stored in cookies.

2.2 Preferences

  • gdpr_cookie_accepted: records your cookie banner choice (up to 365 days).
  • gdpr_analytics_consent: when set to 1, indicates consent to analytics cookies; when absent or 0, only essential cookies should be used for analytics purposes.

2.3 Analytics cookies

Analytics cookies help us understand aggregated traffic (pages viewed, general device type, approximate region). They are not essential and, under GDPR, should only be placed after you give consent via our banner (or equivalent browser settings where legally sufficient).

If third-party analytics (e.g. Google Analytics) are enabled by the operator, those providers may set their own cookies subject to their policies. We will update this Policy when such tools are activated.

3. Similar technologies

We may use local storage (e.g. for onboarding acceptance of Terms) that is not sent automatically with every request. You can clear it via browser settings.

4. Third-party content

Embedded or linked services (e.g. Google Fonts, Google Maps, social networks) may process technical data including IP address under their own policies when you interact with them.

5. Your choices

  • Use the cookie banner: Accept all or Essential only (reject non-essential analytics).
  • Change browser settings to block or delete cookies; blocking essential cookies may prevent login and forms from working.
  • Withdraw consent at any time by clearing cookies and revisiting the site to set a new choice.

6. Legal basis

Essential cookies rely on legitimate interests and necessity for service delivery. Analytics cookies rely on your consent where required by EU law.

7. More information

See our Privacy Policy and Terms of Use. For questions, contact us via the Contact page.

Under the EU General Data Protection Regulation you may exercise the following rights regarding your personal data, subject to legal conditions:

  • Right of access
  • Right to rectification
  • Right to erasure
  • Right to data portability (where applicable)
  • Right to object to certain processing
  • Right to lodge a complaint with your supervisory authority

Full details are in our Privacy Policy. Contact the operator using the details on the Contact page.