Legal
This Privacy Policy explains how CafePilot (“we“, “us“, “our“) collects, uses, stores, and protects information about you when you visit cafepilot.eu or contact us through any channel. CafePilot is operated by a team based in Thessaloniki, Greece, and all processing of personal data is governed by the General Data Protection Regulation (GDPR) (EU Regulation 2016/679) and applicable Greek data protection law.
We take your privacy seriously. We collect only what we need, we do not sell or rent your data to anyone, and we do not use advertising networks or tracking pixels on this website.
The data controller responsible for your personal data is:
For any data protection enquiry, you may contact us directly at the email address above.
When you submit the contact form on our website, we collect:
Why: To respond to your enquiry, assess your infrastructure requirements, and provide you with a relevant service proposal. The legal basis for this processing is Article 6(1)(b) GDPR β processing necessary to take steps at your request prior to entering into a contract β and Article 6(1)(f) GDPR β our legitimate interest in responding to business enquiries.
Retention: Enquiry records are retained for a maximum of 24 months. If an enquiry leads to a client relationship, the relevant data is retained for the duration of the contract and for 5 years thereafter in accordance with Greek accounting and commercial law obligations.
When you become a CafePilot client, we process additional data necessary to deliver our services, including venue technical specifications, network configurations, and billing software settings. This data is processed under a separate Data Processing Agreement provided at the time of onboarding.
Our web hosting provider automatically records standard server access logs when you visit the website. These logs may include your IP address, browser type, operating system, referring URL, and the date and time of your visit. This data is used solely for security and operational monitoring purposes and is not linked to any personal identity. Logs are retained for a maximum of 30 days.
Legal basis: Article 6(1)(f) GDPR β our legitimate interest in maintaining the security and integrity of the website.
This website uses only strictly necessary cookies β specifically the WordPress session cookie required for the contact form’s security nonce (spam protection). We do not use analytics cookies, advertising cookies, or any third-party tracking technologies.
You do not need to consent to cookies to use this website. No cookie banner is displayed because no non-essential cookies are set.
We use the personal data we collect for the following purposes only:
We do not use your data for automated decision-making or profiling. We do not send unsolicited marketing emails. We do not sell, rent, or trade your personal data to any third party.
We do not share your personal data with third parties except in the following limited circumstances:
We use the following categories of service providers who may process your data on our behalf, under contractual data processing agreements:
| Provider Type | Purpose | Data Shared |
|---|---|---|
| Web hosting provider | Hosting the cafepilot.eu website and storing form submission emails | Server logs, form submission emails |
| Email delivery (SMTP) | Delivering contact form notifications to our inbox | Contact form data (name, email, message) |
All service providers are contractually bound to process your data only on our instructions, maintain appropriate security measures, and not use your data for any other purpose.
For clients who use Gizmo billing software as part of their CafePilot package, certain configuration data is processed in connection with Gizmo’s platform. Gizmo is operated by a separate entity. Please refer to gizmopowered.com for Gizmo’s own privacy terms.
We may disclose your personal data if required to do so by law, court order, or a competent regulatory authority.
CafePilot operates from Greece, which is a member state of the European Union. Your personal data is processed within the EU/EEA. If any service provider we use processes data outside the EEA, we ensure that appropriate safeguards are in place (such as Standard Contractual Clauses) in accordance with GDPR Chapter V requirements.
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, accidental loss, destruction, or disclosure. These measures include:
No method of electronic transmission or storage is 100% secure. If you believe your data has been compromised, please contact us immediately at info@cafepilot.eu.
| Data Type | Retention Period | Reason |
|---|---|---|
| Contact form enquiries (non-client) | 24 months | Reasonable period to follow up on business enquiries |
| Client service data | Duration of contract + 5 years | Legal and accounting obligations under Greek law |
| Server access logs | 30 days | Security monitoring only |
| Auto-reply confirmation emails | Until deleted by recipient | Sent to your inbox β we retain no copy beyond our standard email retention |
Under the GDPR, you have the following rights regarding your personal data:
To exercise any of these rights, contact us at info@cafepilot.eu. We will respond within 30 days. We may need to verify your identity before processing your request.
If you believe we have not handled your data correctly, you have the right to lodge a complaint with the Hellenic Data Protection Authority (HDPA) β the supervisory authority for Greece:
Our website and services are directed exclusively at businesses and business professionals. We do not knowingly collect personal data from individuals under the age of 16. If you believe a minor has submitted personal data through our website, please contact us and we will delete it promptly.
Our website contains a link to gizmopowered.com. We are not responsible for the privacy practices of third-party websites. We encourage you to read their privacy policies when visiting external sites.
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. The “Last updated” date at the top of this page indicates when it was last revised. Continued use of the website following any update constitutes your acceptance of the revised policy. For significant changes, we will make a visible notice on the website.
For any questions, requests, or concerns regarding this Privacy Policy or our handling of your personal data, please contact us: