Privacy Policy Greece, GDPR Overview

This Privacy Policy covers tom-of-madnessdemo.com and focuses on users in Greece. We follow GDPR requirements and EU privacy principles. This page explains how we process personal data when you browse the site, register an account, contact support, or interact with entertainment content such as Tom of Madness. You will also read why we collect certain data, how long we keep it, and which choices you control.

Last updated: January 28, 2026

Data Controller and Contact

The Data Controller for personal data linked to tom-of-madnessdemo.com is the operator running the site and setting the purposes and means of processing. For privacy questions, rights requests, or concerns, contact our privacy team at [email protected]. We request identity confirmation before we act on a request. This step protects your account and reduces unauthorized access.

Who This Policy Applies To

This policy applies to visitors, registered users, and customers in Greece who access the site or related services. The services are for adults only. We do not knowingly collect personal data from minors. If we learn a minor provided personal data, we remove the information and stop related processing.

What Personal Data We Collect

We collect account and identity data, including registration details and contact information. We collect verification and compliance records, including checks, documents, and responsible gaming settings. We keep transaction and activity records linked to account history and service operation. We collect device and usage data such as IP address, browser details, and on site actions. We place cookies and similar technologies. We store support communications, including emails, chat transcripts, and issue reports.

Why We Process Personal Data

We process personal data to create and manage accounts and to provide requested services. We run eligibility checks and meet legal duties. We answer support requests and send service messages. We protect accounts, prevent fraud, and maintain security. We apply responsible gaming protections, including limits, cooling off options, and self exclusion. We improve performance, fix errors, and refine site features. We send marketing communications where rules allow and where your preferences permit.

Legal Bases Under GDPR

We rely on contract when we provide services through your account. We rely on legal obligation when law requires checks, record keeping, or reporting. We rely on legitimate interests for security, fraud prevention, and service improvement, while respecting your rights. We rely on consent for non essential cookies and for certain marketing preferences. In rare situations, we rely on vital interests to protect people in urgent circumstances.

Cookies and Similar Technologies

Essential cookies support core functions such as login, security, and stable operation. Non essential cookies support analytics, preferences, and advertising where relevant. We request consent before we place non essential cookies. You change your choices and withdraw consent through cookie settings on the site.

Sharing Personal Data

We share personal data with processors providing hosting, analytics, support systems, verification services, and security services. Where payment processing applies, we share required data with payment partners and risk controls. We share data with professional advisers for legal and compliance support. If group companies exist, sharing within the group supports operational needs. We share data with regulators and authorities when law requires it. We do not sell personal data.

International Transfers

If we transfer personal data outside the EEA, we apply safeguards to protect it. Safeguards include Standard Contractual Clauses and added technical or organizational measures where needed. You request more information through the privacy contact.

Data Retention

We keep personal data only for as long as needed for the purposes described here and for legal duties. When retention no longer serves a purpose and no legal duty requires storage, we delete the data or anonymize it so it no longer links to you. We review retention on a regular basis.

Your Rights Under GDPR

Send requests to [email protected]. We request identity confirmation before we complete a request.

  • Access
  • Rectification
  • Erasure
  • Restriction
  • Objection
  • Portability
  • Withdrawal of consent

Complaints in Greece

If you believe our processing breaches data protection rules, you file a complaint with the Hellenic Data Protection Authority (HDPA). You also contact us first if you want a faster route to clarification and resolution.

Security Measures

We protect personal data with technical and organizational controls, including access controls, role based permissions, monitoring, and incident response procedures. We apply encryption in transit where it fits the data flow. We limit staff access to a need to know basis and train staff on privacy and security duties. No system is 100% secure, so we focus on risk reduction and prompt response.

Automated Decisions and Profiling

We run automated checks for fraud prevention, account security, and responsible gaming protections. Checks review signals such as login patterns, device data, and unusual activity. Where law grants a right to human review, you request review by a person and provide additional context for assessment.

Changes to This Policy

We update this policy when services, processes, or legal duties change. We post the latest version on the site and update the Last updated date. If a change materially affects personal data processing, we communicate it through the site experience or through contact details linked to your account.

What cookies are

This site uses analytics cookies (Google Analytics 4) to improve content and performance. You can choose what to allow. See Cookie Policy and Privacy Policy