UniOut

DERMITZAKIS MARKETING AND ADVERTISING SERVICES UniOut P.C.
Pano Chorio, Ierapetra
http://www.uniout.gr
— hello@uniout.gr

VAT: 802475943 | Tax Office: Ag. Nikolaos
Tel: +30 697 990 0060 — +30 690 886 4545

PRIVACY POLICY
ARTICLE 1: INTRODUCTION

This Privacy Policy (hereinafter the “Policy”) defines in detail the method of collection, processing, retention, protection, disclosure, and deletion of personal data related to the use of the “UniOut App” (hereinafter the “Application”) and any accompanying website.

The Data Controller, within the meaning of Regulation (EU) 2016/679 (“GDPR”) and Greek Law 4624/2019, is the company “DERMITZAKIS MARKETING AND ADVERTISING SERVICES UniOut P.C.”, located in Pano Chorio, Ierapetra, VAT: 802475943, Tax Office: Agios Nikolaos (hereinafter “UniOut” or “the Company”).

This Policy applies to all natural persons using the Application as end-users, to visitors of the website, and to partner businesses/store owners. Access to, registration for, and/or use of the Application constitutes acceptance of this Policy, provided that users have been adequately informed and have given their explicit consent where required.

ARTICLE 2: LEGAL FRAMEWORK

For the purposes of this Policy, the main terms are understood according to the General Data Protection Regulation (GDPR):
“Personal data” means any information relating to an identified or identifiable natural person (Article 4 GDPR).
The “Data Controller” is UniOut, which determines the purposes and means of processing.
The “Processor” is any third party acting under the written instruction of the Company and bound by a contract in accordance with Article 28 GDPR.

This Policy is governed by Regulation (EU) 2016/679 (GDPR), Greek Law 4624/2019, and, where applicable, other relevant legal bases.

ARTICLE 3: CATEGORIES OF DATA COLLECTED AND PROCESSED

Depending on the use of the Application, UniOut collects and processes the following categories of data:

a) Identification data: full name, username, demographic details (date of birth), gender (if provided), profile photo (if uploaded by the user).

b) Contact information: email address, mobile phone number.

c) Account and access data: encrypted password, account creation date, login dates/times, connection IP address, device/OS details.

d) Location data: location/signal (GPS/Wi-Fi/Bluetooth) when the user activates location-based features.

e) Behavioral and preference data: preferences, saved interests, “likes,” “saves,” visit/reservation history, participation in “UniOut Rewards” (points, redemptions), interactions with content (reels, posts), and any optional demographic details provided.

f) User-generated content: photos, videos, reviews, and comments uploaded by users or stores.

UniOut aims to collect only the minimum necessary data required to provide and improve its services.

ARTICLE 4: LEGAL BASES AND PURPOSES OF PROCESSING

Each data processing activity is justified under the legal bases defined in Article 6 GDPR.
Specifically, processing necessary for the performance of a contract between UniOut and the user and/or partner store (e.g., account creation, participation in UniOut Rewards, service provision) is based on Article 6(1)(b) GDPR.

The purposes of data collection and use include, but are not limited to:

Providing and operating the Application

Delivering personalized and geo-targeted recommendations

Operating “UniOut Rewards”

Facilitating social interaction features (e.g., “Never Go Alone”)

Managing subscriptions and store listings

Sending notifications and updates

Providing technical support

Detecting and preventing abuse and fraud

Performing analytics/statistical operations to improve the platform

ARTICLE 5: DATA RETENTION AND DELETION

UniOut retains personal data for as long as the user maintains an active relationship with the Application—i.e., as long as their account remains active and no explicit deletion or deactivation request has been made.

Specifically:

Core account data (name, email, birth date, phone number, preferences, rewards history) are stored in the active database while the account remains active.

Upon a deletion request, UniOut deletes the personal data from active systems within thirty (30) days, except where retention is required by law.

Security logs (e.g., access and safety logs) are kept for a short period—typically three (3) months—for security incident detection and investigation.

UniOut ensures retention periods are minimized and maintains documentation for each data category (records of processing activities, Article 30 GDPR).

ARTICLE 6: ACCOUNT DELETION AND DEACTIVATION PROCESS

Users have the right at any time to request account deletion, correction of inaccurate data, or temporary deactivation.

Requests are submitted electronically through the UniOut App or via email at support@uniout.gr
, accompanied by proof of identity if required to prevent fraudulent requests.

The Company processes requests in accordance with Articles 12 and 19 GDPR. UniOut informs users of the potential consequences (e.g., loss of UniOut Rewards points) and reserves the right to retain data when required by law or for a reasonable period to address legal claims.

ARTICLE 7: DATA SUBJECT RIGHTS

Data subjects have full rights under the GDPR, including:

Right of access (Article 15)

Right to rectification (Article 16)

Right to erasure (“right to be forgotten,” Article 17)

Right to restriction of processing (Article 18)

Right to data portability (Article 20)

Right to object to processing (Article 21)

Right not to be subject to automated decisions with significant effects (Article 22)

ARTICLE 8: DATA SECURITY

UniOut implements multilayered technical and organizational measures to protect data, including:

Encryption during transmission and storage (database encryption where required)

Secure networks and role-based access control

Regular backups

Security policies and audits

Employee training in data protection

All service providers are evaluated for security compliance and contractually bound to confidentiality and data protection.

In case of a personal data breach that may pose a risk to individuals’ rights and freedoms, UniOut commits to notifying the Hellenic Data Protection Authority (HDPA) within 72 hours (Article 33 GDPR) and, if necessary, informing affected users (Article 34 GDPR), providing full details and remedial actions.

ARTICLE 9: PERSONALIZED RECOMMENDATIONS

UniOut employs recommendation engines and algorithms that process user data—partly automatically—to provide personalized suggestions, targeted content, or notifications.

If such processing involves automated decision-making with legal or significant effects, UniOut provides safeguards such as:

Transparency about criteria used

Human review options

The right to object (Article 22 GDPR)

Users are informed and may request explanations or restriction of such automated profiling.

ARTICLE 10: CHILDREN’S DATA

The UniOut App is not intended for users under 18 years of age (the legal age of majority in Greece).

If it becomes known that data of a minor has been collected without parental/guardian consent, the Company will immediately delete such data and take all necessary steps to protect the child’s interests.

Where required, UniOut may request verification of parental consent.

ARTICLE 11: POLICY UPDATES

UniOut reserves the right to modify this Policy periodically.

Any material changes affecting users’ rights or data processing methods will be clearly announced (e.g., via in-app notification, email, or website notice), and renewed consent will be obtained where necessary.

The date of issue/update will appear at the top of this Policy, and all previous versions will remain available for reference.

ARTICLE 12: CONTACT AND DATA PROTECTION

For any question regarding data processing, exercising your rights, submitting a deletion request, or withdrawing consent, please contact:
Email: support@uniout.gr

Postal address: Pano Chorio, Ierapetra, Greece

Additionally, every individual has the right to file a complaint with the Hellenic Data Protection Authority (HDPA):
www.dpa.gr
| 1–3 Kifisias Ave., 115 23, Athens, Greece.

ARTICLE 13: LIABILITY, INDEMNITIES, AND LEGAL CONSEQUENCES

UniOut, acting as Data Controller under Article 4(7) GDPR, applies all necessary technical and organizational security measures (Article 32 GDPR) to ensure the integrity, availability, confidentiality, and lawfulness of personal data processing.

Nevertheless, users acknowledge that no internet transmission or electronic storage can be guaranteed completely secure. Therefore, UniOut shall not be held liable for damages or losses directly or indirectly resulting from security incidents due to force majeure, events beyond its control, or unauthorized acts/omissions of third parties.

ARTICLE 14: LIMITATION OF LIABILITY

The Company’s liability is limited solely to damages proven to result from willful misconduct or gross negligence during data processing, as per Article 82(2) GDPR.

Any compensation payable shall not exceed the total proven actual damage suffered by the data subject.

ARTICLE 15: LIABILITY FOR THIRD-PARTY ACTIONS

UniOut bears no responsibility for independent data processing by third-party controllers or for cases where users voluntarily share personal data with others or third-party platforms (e.g., links, chats, social interactions).

The Company is not liable for content posted by users, for misleading or false information they provide, or for unauthorized use of the services by third parties.

ARTICLE 16: USER LIABILITY AND INDEMNIFICATION

Users/data subjects are responsible for the accuracy, timeliness, and completeness of the information they provide, as well as for all activities performed through their account.

Users agree to indemnify and hold harmless the Company, its employees, officers, partners, and associates from any claim, loss, or expense arising from:

(a) Violation of this Policy

(b) False, misleading, or unlawful data submission

(c) Misuse of the Application or violation of laws/third-party rights

The Company reserves the right to seek compensation for any damage incurred.

ARTICLE 17: DATA BREACH PROCEDURE

In the event of a personal data breach, UniOut strictly follows the procedures set out in Articles 33 and 34 GDPR:
It notifies the Hellenic Data Protection Authority within 72 hours and, if the breach poses a high risk to individuals’ rights, promptly informs affected users in clear and timely language, describing the nature of the breach, consequences, and remedial actions.

If required, UniOut cooperates fully with the Authority and keeps a log of all data breach incidents, in compliance with Article 33(5) GDPR.

ARTICLE 18: CONSEQUENCES OF POLICY VIOLATION

Violation of this Policy by users or partner stores may, at the Company’s discretion, result in suspension or permanent termination of access to the Application, in addition to any other legal action deemed necessary to protect the Company’s interests.

ARTICLE 19: FORCE MAJEURE

UniOut bears no responsibility for delays or inability to fulfill its obligations due to force majeure events, such as (indicatively but not limited to) natural disasters, wars, government orders, telecommunication failures, large-scale cyberattacks, or pandemics, where such events could not reasonably have been foreseen or prevented.

ARTICLE 20: FINAL PROVISIONS AND GOVERNING LAW

This Policy and all related processing activities are governed by Greek Law and the General Data Protection Regulation (GDPR).

Any dispute arising from this Policy shall fall under the exclusive jurisdiction of the Courts of Athens, without excluding the possibility of alternative dispute resolution methods where mutually agreed.

THE COMPANY
DERMITZAKIS MARKETING AND ADVERTISING SERVICES UniOut P.C.