Data Management Agreement

This Data Management Agreement ("Agreement") is entered into between CodeCard.Cloud as data administrator and the User as data controller, in compliance with Article 28 of the General Data Protection Regulation (GDPR).

This Agreement governs the processing of personal data that may be collected through websites created by the User with CodeCard.Cloud services and outlines the responsibilities of both parties regarding the protection of this data.

The Management Object

We will process the data you store on our servers. This may include personal data of persons visiting websites created by you with CodeCard.Cloud in accordance with the rules set out in this Agreement.

Management Time Interval

CodeCard.Cloud manages personal data for the entire duration of the contract until the User cancels his/her account, or for the period of time necessary for the security of the service and the fulfillment of obligations arising from specific legal regulations.

Then all stored user data is deleted.

Nature and Purpose of Management

The purpose of administration is to fulfill the obligations arising from the Contract, and in particular the provision of storage space for the purpose of storing user data through CodeCard.Cloud.

Type and Category of Personal Data Handled

We manage the personal information you store on our servers.

Our Responsibilities as Data Controllers

We undertake to:

Process personal data only on the basis of the user's documented instructions
Ensure that our authorised personnel who come into contact with personal data, undertakes to maintain confidentiality
Provide appropriate technical and organisational safeguards to ensure a level of security commensurate with the risk involved
In assessing an appropriate level of security, take into account, in particular, the risks of processing, accidental or unlawful destruction, loss, alteration, unauthorised disclosure of or access to personal data transferred, stored or otherwise processed

The security of technical data is described in the Privacy Policy.

We further commit to:

Take into account the nature of the management and assist the user through appropriate technical and organisational measures to fulfil the user's obligation to respond to requests to exercise the rights of the persons referred to in Chapter III of the GDPR (Rights of Data Subjects providing Data)
Help the User to comply with the obligations arising from Articles 32 to 36 of the GDPR (Personal Data Protection), taking into account the nature of the management of the information available to CodeCard.Cloud
Report to the User any breach of his/her personal data without undue delay
Provide the User with all the information necessary to prove that the above obligations have been fulfilled and to enable the User to verify compliance with the above obligations

All information about the processing of personal data by CodeCard.Cloud is set out in the Privacy Policy.

Sub-Processors

The User acknowledges and agrees that CodeCard.Cloud may engage the following sub-processors for the processing of personal data in the course of providing its services. Each sub-processor operates under a data processing agreement consistent with Article 28 GDPR.

Sub-Processor	Purpose	Location
Synapsecom S.A.	Datacenter & infrastructure provider — hosts the servers where customer and registrant data is stored and processed	Greece
Stripe, Inc.	Payment processing — handles credit/debit card transactions for service and domain registration payments	USA (EU data stored in EU)
ICS-FORTH / GRNET	.gr / .ελ domain name registry — receives registrant personal data for domain registration, renewal, transfer, and modification actions via the EPP protocol	Greece
Google LLC	Website analytics (Google Analytics) — collects anonymized usage data	USA (EU data via EU servers)
Meta Platforms, Inc.	Marketing & advertising — tracking pixels for advertising effectiveness measurement	USA (EU data via EU servers)

CodeCard.Cloud will notify the User of any intended changes to the above list, giving the User the opportunity to object to such changes. A full description of data sharing practices is available in our Privacy Policy.

Domain Name Registration Data Processing

CodeCard.Cloud operates as a licensed .gr and .ελ domain name registrar (EETT Registry No: 23131) under the Domain Name Management and Assignment Regulation (GG B' 2908/2024). In the context of domain registration services, the following applies:

Data Controller: The Hellenic Telecommunications & Post Commission (EETT) acts as the data controller for personal data processed in connection with the registration and management of .gr / .ελ domain names.
Data Processor: CodeCard.Cloud acts as a data processor on behalf of EETT, processing registrant personal data (name, organization, address, email, telephone) for the purpose of domain name registration, renewal, transfer, and modification.
Legal Basis: Processing is carried out in accordance with the GDPR (Regulation EU 2016/679), Greek Law 4624/2019, and Law 5160/2024, as well as the obligations set out in the Domain Name Regulation.
Data Retention: Registrant data is retained for the duration of the domain registration and for the period required by the applicable regulation and legal obligations thereafter.
Data Transfers: Registrant personal data is transmitted to ICS-FORTH / GRNET (the .gr/.ελ registry) via the EPP protocol for the execution of domain registration actions. Payment data is processed by Stripe, Inc. under its own GDPR-compliant data processing terms.

For any requests regarding the exercise of your data subject rights (access, rectification, erasure, restriction, portability, or objection) in relation to domain registration data, please contact us at support@codecard.cloud or the EETT directly.