Privacy Policy, Cookie Policy and Terms of Use

Last updated: 16 July 2026

Effective from: 16 July 2026


1. Introduction

This document describes how NAMA CONSULTING ENGINEERS AND PLANNERS S.A. ("NAMA", "we", "us" or "our") processes personal data of visitors to the website www.namanet.gr (the "Website"), which cookies and similar technologies the Website uses, and the terms under which you may use the Website.

We process personal data in accordance with Regulation (EU) 2016/679 (the "GDPR"), Greek Law 4624/2019, and Greek Law 3471/2006 on the protection of personal data in the electronic communications sector.

This policy applies only to the Website. It does not apply to processing carried out by NAMA in the context of its professional activities, its contractual relationships, or its recruitment procedures, nor to third-party websites that may be linked from the Website.

2. Data controller

Legal nameNAMA CONSULTING ENGINEERS AND PLANNERS SOCIETE ANONYME
Legal formSociété Anonyme (Α.Ε.)
Registered office30–32 Perrikou Street, Athens, Central Athens Sector, 11524, Greece
G.E.MI. number005060001000
VAT number (ΑΦΜ)094284920
Emailekontak@namanet.gr
Telephone+30 210 6974600
Websitewww.namanet.gr

NAMA has not appointed a Data Protection Officer, as it is not required to do so under Article 37 GDPR. Please direct any privacy-related enquiry to the contact details above.

3. Summary — what this Website does and does not do

The Website is an informational presentation of NAMA's work and services.

The Website does not:

  • contain any contact form, registration form, newsletter subscription, or any other form through which you may submit data to us;
  • offer user accounts, log-in, or any personalised area;
  • process payments or accept orders;
  • operate a booking or appointment system;
  • carry out advertising, retargeting, or the building of marketing profiles;
  • carry out profiling or automated decision-making producing legal or similarly significant effects on you (Article 22 GDPR);
  • transfer or sell personal data to third parties for their own commercial purposes.

NAMA itself does not maintain any database of Website visitors. All personal data described in this policy is processed on our behalf, or in their own capacity, by the third-party providers listed in Section 5, on their own infrastructure. We access only aggregated or pseudonymised reports.

Even though the Website collects no data from you directly, the mere act of visiting a website necessarily involves the processing of certain data — above all, your IP address, which is personal data under the GDPR.

4.1 Technical delivery, hosting and security

Provider: Cloudflare, Inc. (Cloudflare Pages)

To transmit the Website to your device and to keep it secure and available, the following are processed automatically: your IP address, the date and time of the request, the pages and files requested, the HTTP status code, the volume of data transferred, the referring URL, your browser type and version, and your operating system.

  • Purpose: delivering the Website, ensuring network and information security, defending against attacks, abuse and bot traffic, diagnosing faults.
  • Legal basis: Article 6(1)(f) GDPR — our legitimate interest in operating a secure, functional and available website. Recital 49 GDPR expressly recognises network and information security as a legitimate interest.
  • Cookies: where Cloudflare's bot-management or rate-limiting protections are active, a strictly necessary cookie may be set (see Section 6). Under Article 4(5) of Law 3471/2006, strictly necessary cookies do not require consent.

4.2 Aggregated audience measurement

Provider: Cloudflare, Inc. (Cloudflare Web Analytics)

We use Cloudflare Web Analytics to obtain aggregate statistics on Website traffic. This service does not use cookies, does not use localStorage, and does not employ device fingerprinting to track visitors across sites or over time. It derives a page-view signal from the request itself and reports data only in aggregate (page views, referrers, country, browser and device category).

  • Purpose: understanding overall Website traffic in aggregate form.
  • Legal basis: Article 6(1)(f) GDPR — our legitimate interest in understanding the use of our Website. As no information is stored on or read from your device, no consent is required under Article 4(5) of Law 3471/2006.

4.3 Behavioural analytics and session replay — Microsoft Clarity

Provider: Microsoft Corporation / Microsoft Ireland Operations Limited

We partner with Microsoft Clarity to understand how visitors use and interact with the Website through behavioural metrics, heatmaps and session replay, in order to improve our Website and our services. Website usage data is captured using first-party and third-party cookies and other tracking technologies in order to determine the popularity of content and to analyse online activity. We additionally use this information for site optimisation and for security and fraud-prevention purposes.

In concrete terms, Clarity may record: pages viewed and the order in which they were viewed; mouse movements, clicks, taps and scrolling; session duration; screen resolution and device type; browser and operating system; referring URL; approximate geographic location derived from the IP address; and a pseudonymous identifier assigned to your browser. Clarity reconstructs this into a replay of your visit.

Clarity masks sensitive content by default, and the Website contains no input fields. We do not use Clarity to identify individual visitors, and we make no attempt to link Clarity data to any other information.

Microsoft acts both as our processor and, for certain purposes described in the Microsoft Privacy Statement, as an independent controller of the data collected through Clarity — including for its own analytics and advertising purposes. For more information about how Microsoft collects and uses your data, please see the Microsoft Privacy Statement.

  • Purpose: analysing user behaviour, optimising the Website, security.
  • Legal basis: Article 6(1)(a) GDPR — your consent, given through our cookie banner, and Article 4(5) of Law 3471/2006. You may withdraw your consent at any time, as easily as you gave it, via the cookie settings link on the Website. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.
  • Opt-out: independently of our banner, you may opt out of Clarity's telemetry at any time via Microsoft's opt-out mechanism at https://choice.microsoft.com/.

4.4 Video hosting — Wistia

Provider: Wistia, Inc.

Videos on the Website are hosted and delivered by Wistia. When a page containing a Wistia video loads, or when you play a video, your IP address, browser data, and information about your interaction with the video player (plays, pauses, watch duration, progress) are transmitted to Wistia. Wistia stores identifiers on your device (cookies and/or localStorage) for this purpose.

  • Purpose: delivering video content and measuring engagement with it.
  • Legal basis: Article 6(1)(a) GDPR — your consent, and Article 4(5) of Law 3471/2006. Until you consent, the video player is not loaded.

4.5 Map display — Mapbox

Provider: Mapbox, Inc.

We use Mapbox to display an interactive map. When the map loads, your IP address and technical request data are transmitted to Mapbox's servers, and Mapbox may collect telemetry data relating to your interaction with the map (such as pan and zoom events).

  • Purpose: displaying our location on an interactive map.
  • Legal basis: Article 6(1)(a) GDPR — your consent, and Article 4(5) of Law 3471/2006. Until you consent, the map is not loaded and a static placeholder is shown instead.

4.6 Fonts and icons — Google Fonts and Google Material Icons

Provider: Google LLC / Google Ireland Limited

The Website uses typefaces and icons supplied by Google. Where these are loaded from Google's servers (fonts.googleapis.com and fonts.gstatic.com), your IP address and browser data are transmitted to Google at the moment the page loads. Google Fonts does not set cookies.

  • Purpose: the consistent typographic presentation of the Website.
  • Legal basis: Article 6(1)(a) GDPR — your consent. Because this transmission of your IP address to a third country is not strictly necessary for the delivery of the Website — the same fonts can be served from our own infrastructure — we treat it as requiring consent. Until you consent, system fonts are used instead.

4.7 Content management — Contentful

Provider: Contentful GmbH, Berlin, Germany

The editorial and blog content of the Website is stored in Contentful and retrieved through its GraphQL API. Where this retrieval takes place in your browser, your IP address and request data are transmitted to Contentful's infrastructure. Contentful does not set cookies for this purpose and does not track you.

  • Purpose: delivering the editorial content you have requested.
  • Legal basis: Article 6(1)(f) GDPR — our legitimate interest in operating the Website using a content management system; and, where the retrieval is a direct consequence of your request for the content, Article 6(1)(b)/(f) as applicable. No information is stored on or read from your device.

4.8 If you contact us directly

The Website publishes an email address and a telephone number. If you choose to contact us, we will process the data you provide (your name, contact details, and the content of your message) in order to respond to you.

  • Legal basis: Article 6(1)(f) GDPR — our legitimate interest, and yours, in responding to your enquiry; or Article 6(1)(b) GDPR where your enquiry concerns a prospective contract.
  • Retention: for as long as necessary to handle your enquiry and, thereafter, for the period necessary to establish, exercise or defend legal claims. Where a contractual or commercial relationship results, the general limitation period under Greek law (Article 249 of the Greek Civil Code — twenty years, or five years for the claims listed in Article 250) and the record-keeping obligations of tax legislation (Article 13 of Law 4174/2013 — generally five years from the end of the year in which the relevant tax year expires) apply.

The Website contains a plain hyperlink to our LinkedIn page. It is not a plugin or an embed: no data is transmitted to LinkedIn unless and until you click the link, at which point LinkedIn's own privacy policy applies.

5. Recipients of personal data

We do not disclose personal data to any recipient other than the providers below, each of which processes data solely in the context of the corresponding function.

ProviderFunctionEstablishmentCapacity
Cloudflare, Inc.Hosting, CDN, security, aggregate analyticsUSAProcessor
Microsoft Corporation / Microsoft Ireland Operations LtdBehavioural analytics, session replayUSA / IrelandProcessor and, for its own purposes, independent controller
Wistia, Inc.Video hostingUSAProcessor
Mapbox, Inc.Map displayUSAProcessor
Google LLC / Google Ireland LtdFonts and iconsUSA / IrelandIndependent controller for data it receives
Contentful GmbHContent managementGermanyProcessor

We may also disclose personal data to public authorities where we are required to do so by law, and to our legal or other professional advisers where necessary to establish, exercise or defend legal claims.

6. Cookies and similar technologies

Cookies are small text files placed on your device by a website. Similar technologies (localStorage, pixels, SDKs) achieve comparable results. Under Article 4(5) of Law 3471/2006, which transposes the ePrivacy Directive, storing information on or accessing information already stored on your device requires your prior consent, except where this is strictly necessary to provide a service you have expressly requested.

6.1 Categories

  • Strictly necessary — required for the Website to function and to be secure. These are set without consent, as the law permits.
  • Analytics / behavioural — used to understand how the Website is used. Consent required.
  • Functional (third-party content) — set by embedded content such as video and maps. Consent required.

Strictly necessary

NameProviderDomainPurposeDurationType
__cf_bmCloudflarenamanet.grDistinguishes human visitors from automated traffic (bot management). Necessary for the security of the Website.30 minutesFirst-party
cf_clearanceCloudflarenamanet.grStores the result of a security challenge you have passed, so that it is not repeated. Set only if a challenge is issued.Up to 1 yearFirst-party
_cfuvidCloudflarenamanet.grSupports rate limiting. Set only where rate-limiting rules are active.SessionFirst-party
nama_consent *NAMAnamanet.grStores your cookie preferences, so that we do not ask you on every page.6 monthsFirst-party

* The name and duration of the consent cookie will depend on the consent management platform selected; this row is to be finalised on implementation.

Analytics / behavioural — Microsoft Clarity (consent required)

NameProviderDomainPurposeDurationType
_clckMicrosoftnamanet.grStores a pseudonymous Clarity user ID and preferences, so that returning visits can be recognised.1 yearFirst-party
_clskMicrosoftnamanet.grGroups multiple page views into a single Clarity session.1 dayFirst-party
CLIDMicrosoftclarity.msIdentifies the first time Clarity encountered this browser on any website using Clarity.1 yearThird-party
ANONCHKMicrosoftc.clarity.msIndicates whether the MUID identifier is passed to another Microsoft cookie used for advertising performance. For Clarity it is always set to 0.10 minutesThird-party
MRMicrosoftc.clarity.msIndicates whether the MUID identifier should be refreshed.7 daysThird-party
MUIDMicrosoftclarity.msMicrosoft user identifier, used to recognise unique browsers across Microsoft sites, for analytics and advertising.1 yearThird-party
SMMicrosoftc.clarity.msSynchronises the MUID identifier across Microsoft domains.SessionThird-party

Functional third-party content (consent required)

NameProviderPurposeDurationType
wistiaWistiaIdentifies the visitor to the video player and stores playback state.2 yearsFirst-party
wistia-video-progress-*WistiaStores your playback position, so that a video resumes where you left it. Stored in localStorage.PersistentlocalStorage
Mapbox telemetryMapboxRecords interaction with the map. May use localStorage.Session / persistentlocalStorage

Note. This table reflects the services in use at the date above and the documentation published by the respective providers. Cookie names and durations are determined by those providers and may change. We recommend that the table be verified against an automated scan of the Website at implementation and reviewed at least annually.

6.3 Your control over cookies

  • Consent banner. When you first visit the Website, a banner allows you to accept or reject each non-essential category. Rejecting is as easy as accepting. Non-essential cookies are not set unless and until you consent.
  • Withdrawing consent. You may change or withdraw your choices at any time via the "Cookie settings" link in the footer of the Website.
  • Browser controls. You may also block or delete cookies through your browser settings. Blocking strictly necessary cookies may cause the Website to malfunction.

7. Transfers outside the EEA

Some of our providers are established in, or process data in, the United States, which is a third country for the purposes of Chapter V GDPR: Cloudflare, Microsoft, Wistia, Mapbox and Google.

These transfers are safeguarded as follows:

  • EU–US Data Privacy Framework. Where the provider is certified under the EU–US Data Privacy Framework, transfers are covered by the European Commission's adequacy decision of 10 July 2023 (Article 45 GDPR). Microsoft, Google and Cloudflare are certified under the Framework. You may verify the current status of any organisation on the official list at https://www.dataprivacyframework.gov/list.
  • Standard Contractual Clauses. For providers not covered by an adequacy decision, transfers are based on the Standard Contractual Clauses adopted by the European Commission by Implementing Decision (EU) 2021/914 (Article 46(2)(c) GDPR), supplemented where necessary by additional technical and organisational measures following a transfer impact assessment.

Contentful GmbH is established in Germany; however, its infrastructure and sub-processors may involve transfers to third countries, subject to the same safeguards.

You may request a copy of the relevant safeguards by writing to us at the address in Section 2.

8. Retention

NAMA does not itself store any personal data relating to your visit to the Website. Retention is determined by each provider and by the duration of the cookies listed above.

DataRetained byPeriod
Server and security logsCloudflareIn accordance with Cloudflare's retention policy; generally a short period (a matter of days) for security logs.
Aggregate analyticsCloudflareAggregated data only; no individual-level retention.
Clarity session replaysMicrosoft30 days from recording. Favourited recordings and a randomly selected sample are retained for up to 9 months.
Clarity heatmaps and labelled sessionsMicrosoftUp to 9 months.
CookiesYour browserFor the durations stated in Section 6.2, or until you delete them.
Correspondence you send usNAMAAs set out in Section 4.8.

Where personal data is processed on the basis of your consent, it is deleted or anonymised once you withdraw consent, subject to the provider's technical deletion cycles.

9. Your rights

Under Articles 15 to 22 GDPR, you have the right to:

  • Access — obtain confirmation as to whether we process your personal data and, if so, a copy of it and information about the processing;
  • Rectification — have inaccurate data corrected and incomplete data completed;
  • Erasure — have your data deleted where one of the grounds in Article 17 applies;
  • Restriction — have the processing restricted in the cases set out in Article 18;
  • Data portability — receive, in a structured, commonly used and machine-readable format, data you have provided to us which we process on the basis of consent or contract by automated means (Article 20);
  • Object — object at any time, on grounds relating to your particular situation, to processing based on our legitimate interest (Article 21);
  • Withdraw consent — at any time, without affecting the lawfulness of prior processing (Article 7(3)).

Please note an important limitation. The identifiers used by the analytics services described above are pseudonymous. We hold no additional information capable of linking those identifiers to you. Under Article 11(2) GDPR, where we are not in a position to identify you, the rights of access, rectification, erasure, restriction and portability do not apply unless you provide additional information enabling your identification. If you wish to exercise those rights in relation to analytics data, please supply, so far as possible, the relevant identifier and the approximate date and time of your visit.

How to exercise your rights. Write to ekontak@namanet.gr or to the postal address in Section 2. We will respond without undue delay and in any event within one month of receipt, which may be extended by a further two months where necessary, taking account of the complexity and number of requests; we will inform you of any such extension within one month. Exercising your rights is free of charge, unless a request is manifestly unfounded or excessive.

Right to lodge a complaint. If you consider that the processing of your personal data infringes the GDPR, you may lodge a complaint with the Greek Data Protection Authority:

Hellenic Data Protection Authority (Αρχή Προστασίας Δεδομένων Προσωπικού Χαρακτήρα) 1–3 Kifissias Avenue, 11523 Athens, Greece Tel: +30 210 6475600 Web: https://www.dpa.gr

You also have the right to an effective judicial remedy under Article 79 GDPR.

10. Children

The Website is aimed at professional and business audiences and is not directed at children. We do not knowingly process the personal data of children. Under Article 8 GDPR as implemented by Article 21 of Law 4624/2019, in Greece the processing of a child's personal data on the basis of consent in relation to information society services is lawful where the child is at least 15 years old; below that age, consent must be given or authorised by the holder of parental responsibility. If you believe that a child has provided us with personal data, please contact us and we will delete it.

11. Security

We and our providers apply appropriate technical and organisational measures under Article 32 GDPR, including encryption in transit (HTTPS/TLS), protection against automated and malicious traffic at the network edge, and minimisation of the data collected. No transmission over the internet can be guaranteed to be entirely secure; we cannot therefore guarantee absolute security, but we take reasonable steps to protect your data.

12. Changes to this policy

We may amend this policy to reflect changes in the Website, in the services we use, or in the applicable law. The current version is always available at https://www.namanet.gr/privacy-policy and is identified by the date at the head of this document. Where a change materially affects processing carried out on the basis of your consent, we will seek your consent again.


Terms of Use

13. Acceptance

By accessing and using the Website, you accept these terms. If you do not accept them, please do not use the Website.

14. Purpose and content of the Website

The Website presents NAMA's activities, projects and services for information purposes only. Its content does not constitute an offer, a proposal, a technical study, professional or engineering advice, or a recommendation of any kind, and must not be relied upon as a substitute for professional advice appropriate to your specific circumstances. Any professional relationship with NAMA arises only from a written agreement.

15. Intellectual property

The Website and its content — including texts, photographs, drawings, plans, videos, graphics, logos, trade marks, distinctive features and software — are the property of NAMA or of its licensors and are protected by Law 2121/1993 on copyright and related rights, by industrial property legislation, and by the corresponding EU and international provisions.

You may view the content and reproduce it for your personal, non-commercial use. Any other use — in particular reproduction, republication, adaptation, translation, distribution, public performance, or commercial exploitation, in whole or in part — is prohibited without our prior written consent. Third-party trade marks appearing on the Website are the property of their respective owners.

16. Permitted use

You agree not to use the Website in any manner that is unlawful, that may damage or impair its operation or security, that involves unauthorised access to it or to any connected system, or that involves the automated collection of its content (scraping, data mining) without our permission.

17. Accuracy and availability

We make reasonable efforts to keep the content of the Website accurate and current, but we give no warranty, express or implied, as to its accuracy, completeness or timeliness. The Website is provided "as is" and "as available". We do not warrant uninterrupted or error-free operation, nor that the Website or the servers on which it is hosted are free of harmful elements. We reserve the right to modify, suspend or discontinue the Website or any part of it at any time.

The Website may contain links to third-party websites, including our LinkedIn page. These are provided for your convenience. We exercise no control over their content, their privacy practices or their availability, and we accept no responsibility for them. Following such a link is at your own risk and the terms and privacy policy of the destination site will apply.

19. Limitation of liability

To the fullest extent permitted by law, NAMA shall not be liable for any indirect, incidental, consequential or special damage arising from your access to or use of, or inability to use, the Website or its content. Nothing in these terms excludes or limits liability which cannot lawfully be excluded or limited, including liability for wilful misconduct and gross negligence.

20. Governing law and jurisdiction

These terms and any dispute arising out of or in connection with the Website are governed by Greek law. The courts of Athens shall have exclusive jurisdiction, without prejudice to any mandatory provision conferring jurisdiction elsewhere, and without prejudice to your right to lodge a complaint with the Hellenic Data Protection Authority or to a judicial remedy under Article 79 GDPR.

21. Severability

If any provision of these terms is held invalid or unenforceable, that provision shall be severed and the remaining provisions shall continue in full force and effect.

22. Contact

NAMA CONSULTING ENGINEERS AND PLANNERS S.A. 30–32 Perrikou Street, 11524 Athens, Greece Email: ekontak@namanet.gr — Tel: +30 210 6974600