Privacy · GDPR

Privacy policy.
Plain answers.

How HELIOS BRAIN SOCIETE ANONYME collects, uses, and protects personal data. Written in plain language, aligned with the obligations of the General Data Protection Regulation (EU) 2016/679 and Greek law 4624/2019.

§ 01

Who we are

HELIOS BRAIN SOCIETE ANONYME ("Helios Brain", "we", "us") is a Greek Société Anonyme registered in ΓΕΜΗ under number 190904001000, with registered office at Kifisias Avenue 265, 14561 Kifisia, Greece. We are the data controller for personal data processed through this website and in the course of our customer engagements, unless explicitly stated otherwise.

§ 02

What we collect

On this website we collect: (a) data you voluntarily provide through forms (name, email, organisation, message); (b) minimal technical data necessary to deliver the site (IP address, browser type, referrer, timestamp); and (c) optional analytics signals only where we have your consent through the cookie banner. We do not run third-party advertising trackers. We do not mine the messages you send us.

§ 03

Why we process it

Lawful bases under GDPR Article 6: contact-form submissions are processed under Article 6(1)(b) (steps prior to entering into a contract) and Article 6(1)(f) (our legitimate interest in responding to inquiries); minimal technical data under Article 6(1)(f); analytics where applicable under Article 6(1)(a) (consent). Customer-engagement data is processed under contract.

§ 04

Customer data inside Helios substrates

Where Helios Brain operates a substrate inside a customer institution, that customer is the data controller for the personal data processed by that substrate. Helios Brain acts as a data processor under a Data Processing Agreement. Customer data does not leave the European data perimeter of the deploying institution. We do not aggregate customer data across institutions. We do not use customer data to train shared models.

§ 05

How long we keep it

Contact-form submissions: up to 24 months from last interaction, then deleted or anonymised. Technical logs: up to 90 days. Analytics: as defined per provider, never beyond 14 months. Customer-engagement data: as per the Data Processing Agreement with the relevant customer. You may request earlier deletion at any time.

§ 06

Who we share it with

Service providers acting under our written instructions: email infrastructure, website hosting, customer-relationship tooling. All processors are bound by Article 28 GDPR data-processing agreements and operate inside the EU/EEA, or transfer data under EU Standard Contractual Clauses with documented safeguards. We do not sell personal data. We do not share personal data for third-party marketing.

§ 07

Your rights

Under GDPR you have the right to access, rectify, erase, restrict, port, and object to the processing of your personal data, and to withdraw consent at any time. You also have the right to lodge a complaint with the Hellenic Data Protection Authority (Αρχή Προστασίας Δεδομένων Προσωπικού Χαρακτήρα), Kifisias 1-3, 11523 Athens, Greece. To exercise your rights, write to hello@heliosbrain.com. We respond within 30 days.

§ 08

Cookies

We use a minimal set of strictly necessary cookies for site delivery. Analytics or preference cookies, where applicable, are loaded only after your consent through the cookie banner. You can change your choice at any time by clearing cookies in your browser or contacting hello@heliosbrain.com.

§ 09

Security

We apply technical and organisational measures appropriate to the risk: TLS in transit, encryption at rest for sensitive data, least-privilege access controls, periodic adversarial review, and a documented incident response procedure. Vulnerability reports are welcome at hello@heliosbrain.com.

§ 10

Changes

We may update this policy. The effective date is shown at the foot of the page. Material changes affecting your rights will be communicated by email where we have your address, otherwise by a clear notice on this site.

Last updated · 20 February 2026