Privacy Statement

Current version posted on: 23/01/2023
The company “code4thought P.C.”, with registered seat at Patras, Greece, with Tax Identification Number 800917220, General Commercial Registry No. 144877216000, hereinafter the “Company”, in its capacity either as a Data Controller or as a Data Processor on behalf of the Controller in the context of the General Data Protection Regulation EU 2016/679 in force since 25/05/2018 and as currently in force, including any national implementing laws and regulations such as Greek law 4624/2019, hereinafter collectively “GDPR”, hereby provides you with the following information concerning the processing of your personal data and your rights as a data subject.

Obligation to protect Personal Data

The Company undertakes to comply with the provisions of the legislation in force concerning the protection of personal data and to protect the personal data of the visitors and/or users (registered or not) of the Company’s website (,,,,, as well as the personal data provided to the Company in its capacity as Data Processor from its customers, in the context of the Company’s business activities and for the provision of the Company’s services to its customers. The Company does not collect information relating to visitors’/users’/customers’ personal data unless they themselves provide or consent to the collection of such information. Personal data are requested by the Company only for the special and specific purposes mentioned herein and are communicated by any appropriate means at the time of their communication.

Personal and business Data
that Company may collect

Information which we may collect and may constitute personal data is the following:
  • IP (cookies), visitors preferences from our website visitors. Purpose: making offers to visitor on the basis of visitor’s preferences, cookies for specific functions of a webpage, essential for its proper functioning and cookies for anonymous webpage traffic statistics. Retention time: Until the end of session on the website. Following the end of session, the data are kept anonymized for statistical purposes.
  • First name, last name, e-mail from website visitors interested in receiving more information about the Company. Purpose: Providing additional information and seeking new business opportunities. Retention time: For 12 months from the last contact and/or communication.
  • First name, last name, e-mail from third parties-data controllers and individuals whose personal data is collected by such third parties-data controllers. Purpose: Control the operation of their applications (sound level, video quality, etc.) and perform business activities such as Software Quality & Risk Services, Software Security & Privacy Services, IT Due Diligence, Enterprise Architecture Mapping, AI Governance Advisory, AI Testing & Audit, AI Technology Due Diligence. Retention time: Depends on Contract duration.
The information mentioned above is provided either by the data subjects, or by third parties-data controllers who possess and lawfully process it, (a) when they make contact or when we contact them for the first time; (b) when they transact with us or with third parties through the websites and the web pages of the Company and through the services, programs and tools provided therein; (c) when they visit and browse the websites and web pages of the Company; or (d) in the context of our business activities and for the purpose of providing our services to our customers in accordance with the respective contractual obligations. The provision of the information mentioned above may take place at various instances and by different means, such as via printed or online forms, telephone or email, online delivery or providing access to such information remotely or online, through a member of our personnel or of a business partner, through the employer or a member of the personnel of the data subject or a third-party data controller or their business partner. We may also collect information concerning the data subject, for example when, either the data subject, or the third party-data controller who possesses and lawfully processes personal data of the data subject:
asks for information or submits a request, a query etc. through our websites or by other means way using the contact information of the Company;
registers with an update service (newsletter etc.) or any promotional activity or research of the Company;
registers and/or creates an account for the use of the services provided by the Company through its websites and web pages, whereby a registered user is able to post content (where applicable);
enters into a contractual agreement with our Company for the provision of services which require the processing of personal data which is lawfully in the possession of the third party-data controller;
the personnel of the Company visits web pages on which the information mentioned above has been lawfully posted and made publicly available.

Purpose for collecting and processing
personal data by the Company

The Company uses the personal data it collects for the following purposes:
Mail and contact on behalf of the Company in order to perform its business activities and conduct all of its transactions.
Entering into and executing agreements.
Sending of promotional material and marketing activities.
Developing and marketing software, applications, tools etc. and providing services to its customers in the area of Artificial Intelligence and/or Machine Learning technology and Software Quality, under the Company’s contractual obligations. Such services include (a) Software Quality & Risk Services (b) Software Security & Privacy Services (c) IT Due Diligence, (d) Enterprise Architecture Mapping, (e) AI Governance Advisory, (f) AI Testing & Audit, (g) AI Technology Due Diligence.

Legal basis for processing

The Company processes the personal data it collects under any of the following legal bases:
Processing is a legal or contractual obligation of the Company.
Processing is necessary for the Company to enter into or execute an agreement, or to carry out, complete transactions and provide services in the context of its commercial activities.
Processing serves the operational needs as well as the business and commercial interests of the Company, such as compliance with legal and contractual obligations, the defense – legal protection and exercise of its rights, or the provision of information about and the promotion of the Company’s services.
The data subject has in advance expressly, explicitly and specifically consented to the processing of personal data in a specific way and for a specific purpose.

Disclosure of personal data

The Company may disclose the personal data it collects to third parties only in the following cases:
To the personnel or to business partners of the Company on a need-to-know basis in order for them to perform their tasks and/or to provide their services to the Company, in the context of the business activity of the Company and under a relevant contract which includes specific terms and conditions, covenants and obligations concerning the protection of personal data by such persons.
If disclosure is obligatory by law or results from an order, a decision, an investigation or an inspection by any competent administrative, judicial, police or other authority etc.
The data subject has in advance expressly and specifically consented to the disclosure of the personal data in a specific way anWed for a specific purpose.
Your personal data may be stored and processed both within and outside of the EU and/or the United States.We use the following GDPR compliant subcontractors (data processors):
We use Google Cloud (GDPR Compliant) to store your data. You may read more information on Google Cloud’s GDPR compliance here:
Our website is hosted by DigitalOcean. You may read more information on DigiatalOcean’s GDPR compliance here:
We use ProfitSoft (EXPANDI.IO) for advertisement purposes. You may read more information on ProfitSoft’s GDPR compliance here: .
We use Microsoft’s Office 365 tools in order to perform our business activities (e.g. reporting, online meetings, etc.). You may read more information on Microsoft’s GDPR compliance here:
We use LinkedIn for our Company’s campaigns. You may read more information on LinkedIn’s GDPR compliance here:

Retention of Personal Data

The Company retains the personal data it collects for as long as necessary to fulfill the purpose of their collection as well as any for additional period of time required by any applicable legislation or following a prior written and specific consent of the data subject.

Security of Personal Data

The Company takes all necessary organizational and technical measures to protect the data from accidental or unlawful destruction, accidental loss, alteration, prohibited dissemination or access and any other form of unlawful processing.

Rights of the Data Subject

In brief, the data subject has the following rights towards the Company:
  1. Right to information: To request information, in addition to the above-mentioned in this Privacy Notice, regarding the way in which the Company uses his/her personal data and his/her rights.

  2. Right of access: To obtain access to his/her own personal data and to related information such as the processing purposes, the data categories, their origin and their recipients, if any.

  3. Right to rectification: to rectify his/her personal data if they are inaccurate or incomplete.

  4. Right to erasure: To request the erasure of his/her personal data when (a) they are no longer necessary for the purposes for which they were collected or (b) there is no lawful justification for the Company to continue using them or (c) if the data subject has withdrawn his/her consent.

  5. Right to restriction of processing: To restrict, in some cases, further processing of his/her personal data.

  6. Right to data portability: To receive his/her personal data and/or request that the Company transmits them to another data controller.

  7. Right to object: to object at any time to the processing of his/her personal data for reasons relating to the performance of a duty carried out for reasons of public interest or in exercise of public authority or the existence of a legitimate interest, following the balancing of interests, including profiling.
For any further questions or queries concerning the use of personal data, the Company shall make best efforts to respond in writing to the data subject within thirty (30) days from the date of the request. Within the same period of time the Company will inform the subject of any important reasons which do not allow the Company to respond to such request.
In any event, the information will be provided free of charge except for profoundly groundless, exaggerated or repeated requests, for which a reasonable fee may be charged for Company’s administrative costs.
In all cases mentioned above, as well as in case of contact for any of the topics mentioned above, you may send us your request at

Cookie policy

The Company uses cookies to improve the services offered from its website and the browsing experience of the visitors. Most browsers offer choices that allow or prevent the use of cookies. If you opt to restrict or block the use of cookies, your browsing experience on the Company’s website may be affected.
The Company uses cookies as described here.

Changes to the Privacy Notice

The Company reserves its right to amend this Privacy Notice at any time in order to adapt it to adjust it to the Company’s personal data protection policy of the Company and the applicable legislation as in force. The date of the latest version will be first written above.


*in partnership with SIG