DATA PROTECTION POLICY

Regulation (EU) 2016/679 (GDPR) & Ν. 4624/2019

www.nuo.mobi

1. Processing Manager

Processing Manager: ANDERSONS MIKE48 Manolidis L., 16121 Kaesariani, 16121 Kaesariani, PO Box: 801163697. Email: sales@nuo.mobi, Tel: 210 882 1109.

2. Data We Collect

2.1. Registration & Order

  • Name, address, phone number, email.
  • Billing details (VAT number, company – only for invoice). Order history.

We do not store card details. These are managed exclusively by Nexi/PayPal.

2.2. NFC platform

  • User Content, subscription data, analytics (scans), Contact Vault.

2.3. Technical Data

  • IP, browser, OS, cookies, usage data.

3. Purpose & Legal Basis

Purpose

Data

Legal Basis

Order execution

Name, address, tel, email

Article 6(1)(b) – Convention

Provision of NFC Services

Content, subscription

Article 6(1)(b) – Convention

Analytics

Anonymous scans

Article 6(1)(f) – Legitimate interest

Contact Vault

Third party data

Article 6(1)(a) – Consent

Marketing

Email

Article 6(1)(a) – Consent

Tax

Pricing

Article 6(1)(c) – Legal obligation

Security

IP, logs, audit

Article 6(1)(f) – Legitimate interest

4. Recipients

Disclosure exclusively to: payment providers (Nexi, PayPal), couriers, hosting provider, public authorities (only when required). We do not sell, rent or transfer data to third parties for marketing purposes.

5. Retention time

Category

Time

Orders/pricing

10 years (tax)

Active account

As long as it is active

NFC content (expired subscription)

Right to be deleted after a reasonable period of inactivity (upon notification)

Contact Vault

As long as the subscription is active / on request

Analytics

Anonymous – no limit

NFC Devices

While the Platform is running

6. Rights of Subjects

  • Access (Article 15): Copy of data.
  • Correction (Article 16): Correction of inaccuracies.
  • Deletion (Article 17): Outside the legal obligation to maintain.
  • Restriction (Article 18): Restriction of processing.
  • Portability (Article 20): Structured format.
  • Opposition (Article 21): Opposition to a legitimate interest.
  • Recall: At any time.

Email: sales@nuo.mobi. Reply within 30 days. Complaint to the DPAA (www.dpa.gr).

7. Technical & Technical and Organisational Security Measures

7.1. Technical Measures

  • TLS/SSL on every connection (HTTPS).
  • bcrypt hashing codes.
  • CSRF nonce tokens.
  • Input validation & sanitization.
  • RBAC: each User sees only their own.
  • Rate limiting. Audit logging.

7.2. Restrictions & Disclaimer of Liability

No system is 100% safe. The User expressly acknowledges:

  • Password and account security is his/her responsibility.
  • The Platform is not designed for sensitive data (see Section 3.3 of the NFC Terms of Service).
  • The Company is not liable for violations if it has taken reasonable measures. The User waives all claims in this regard.
  • For sensitive data entered in violation, the responsibility is solely on the User.

8. cookies

Necessary (session, legal interest), operational (1 year, consent), detailed (2 years, consent). Managed via cookie banner or browser settings.

9. DPA – Contact Vault (Article 28 of the GDPR)

9.1. Roles

  • Controller: The User who activates Contact Vault.
  • Processor: H NUO / ANDERSONS M IKE.

9.2. NUO as Processor

  • Processing exclusively according to Controller instructions.
  • No marketing/profiling of its own.
  • Update Controller within 48 hours in breach.
  • Deletion/return upon request.

9.3. User’s obligations as a Controller

  • Ensuring a legal basis for collection.
  • Informing subjects, responding to deletion requests.
  • Non-spam via Contact Vault.

In the event of a breach of GDPR by the User, the User shall be solely responsible for. and shall fully compensate the Company for any fines or third party claims.

10. Transfers outside the EEA

We do not intentionally transmit outside the EEA. Providers (e.g. PayPal) under GDPR guarantees (SCCs).

11. Minors

We do not cater for under 18s. If a minor submitted data, please contact sales@nuo.mobi.

12. Breach Notification Procedure

  • Within 72 hours: notification to the CPVO (Article 33 of the GDPR).
  • Without delay: notification of affected Users (Article 34).
  • Immediate damage limitation measures.

The Company is not liable for violations due to the actions or omissions of the User. (weak password, credentials disclosure, sensitive data in breach of the Terms). The User waives any related claim.

13. Modifications

Right to amend at any time. Notification by email of material changes.

14. Contact

ANDERSONS MIKE – Manolidis 42-48, 16121 Kaesariani – 210 882 1109 – sales@nuo.mobi

APA: 1-3 Kifissias Street, 115 23 Athens – www.dpa.gr – 210-6475600

TERMS OF USE OF THE NFC SERVICE

Platform Terms – NUO NFC Cards, Cubes & Devices

www.nuo.mobi

1. Scope of application

These NFC Terms of Service (the “Terms of Service”) govern your use of the NUO platform:

  • NFC Cards: digital business cards with guest profile, Contact Vault, analytics.
  • NFC Cubes: experience rating cubes (hospitality).
  • NFC Devices: devices redirecting to external URLs (Google Reviews, Social Media, WiFi, etc.).

These form an integral part of the General Terms of Use. In case of conflict, these Terms of Use shall prevail for Platform matters.

2. Nature of the Service

NUO provides Software as a Service over the Internet (SaaS). The User does not acquire ownership of the softwarebut the right to use it for the duration of the active subscription.

Ownership of Natural Products: The User acquires full ownership of the physical NFC devices. However, their functionality depends on the availability of the Platform and the existence of an active subscription (with the exception of NFC Devices, see Section 5).

3. User Content & Responsibility

3.1. Content Ownership

The User retains the intellectual property of the Content he/she enters. He provides the Company with a non-exclusive license to use the Content exclusively for hosting and displaying it.

3.2. Exclusive User Responsibility

The User is solely and fully responsible for any Content that he/she enters on the Platform. The Company does not proactively control the Content and bears no responsibility for it, including damages to third parties. The User warrants that:

  • It has the necessary rights to use and publish any Content.
  • The Content does not infringe the rights of third parties.
  • URLs on NFC Devices do not lead to malicious or illegal websites.

In the event of a third party claim against the Company due to User Content, the User is obliged to fully compensate the Company. for all damages, fines and legal expenses.

3.3. Explicit prohibition of sensitive data

It is strictly forbidden to enter any sensitive personal data on the Platform, such as, but not limited to:

  • Social security number, VAT number, identity card or passport numbers.
  • Credit/debit card details, bank accounts (IBAN).
  • Medical data, biometric data.
  • Data on racial origin, political beliefs, sexual life.
  • Passwords to banking/government systems.
  • Data of minors without parental consent.

The Company did not design the Platform to store sensitive data. In case of registration in violation, the User bears sole responsibility, the Company fully disclaims any liability, and is entitled to immediate removal of the content.

3.4. WiFi & Network Data

The WiFi code is visible during the scan. The Company is not responsible for unauthorized use of WiFi.

4. Data Security & Breaches

4.1. Security measures

The Company applies:

  • SSL/TLS encryption (HTTPS).
  • bcrypt password hashing.
  • CSRF nonce tokens on each form and AJAX call.
  • Controlled access (RBAC): each User sees only his/her own data.
  • Regular software updates and audit logging.

4.2. Data Breach (Data Breach)

No system is 100% safe. The User expressly acknowledges that:

  • The Company is not liable for breaches if it has taken reasonable security measures.
  • The User is solely responsible for sensitive data entered in violation of Section 3.3.
  • The responsibility of the password belongs exclusively to the User.

Notice: In case of knowledge of a breach, notification of affected Users within 72 hours (Article 33 GDPR).

4.3. Disclaimer

The Company bears no responsibility for:

  • Unauthorised access due to theft, interception or weak password.
  • Loss of data due to Force Majeure or third party providers.
  • Damages from User Content.
  • Consequences of third-party NFC scanning.
  • Malfunction due to incompatibility of third-party devices.
  • Any kind of loss of profits, moral damage or indirect damage.

5. Subscriptions & Life Cycle

5.1. Free First Year

Each new NFC Product purchase includes 1 year of free access.

5.2. Plans

Plan

Devices

Price/Year

Note

Staff

1-5

€14,99

Business

6-30

€29,90

Per

31-100

€69,90

Enterprise

100+

Custom

By agreement

5.3. After the End – Cards & Cubes

  • NFC scans work for 180 days after expiry.
  • Processing, analytics, Contact Vault locked immediately.
  • After 180 days the scans stop. The data is not deleted.
  • Refresh anytime fully restores all functions.

5.4. After Expiration – NFC Devices

  • Scans work forever as long as the Website exists.
  • Edit URL locks after expiration.

5.5. Deletion of Inactive Accounts

The Company reserves the right to delete account data that remain inactive. for a reasonable period of time, upon notice (at least 30 days). NFC Devices are excluded.

6. Contact Vault & Third Party Data

6.1. Roles

  • The User acts as a Data Controller.
  • The NUO acts as a Data Processor.

The User bears sole responsibility for the lawful collection of data through Contact Vault, including obtaining consent, informing subjects and responding to deletion requests. The Company shall not be liable for any violations of GDPR attributable to the User.

7. Analytics

Anonymous data (number of scans, dates, device type). Available only with an active subscription.

8. Account Termination

8.1. From the User

Termination at any time via email. The subscription is non-refundable on a pro-rata basis.

8.2. From the Company

The Company is entitled to terminate an account without notice in case of: violation of the Terms, illegal activity, court order, abuse of services. No compensation, refund or claim is due.

8.3. Permanent Platform Termination

In case of permanent termination: 60 days notice, data export option, pro-rata return of active subscriptions. The User is not entitled to any further claim other than the proportional refund.

9. Amendments to the Terms of Service

The Company is entitled to amendments with 30 days’ notice to material changes. Continued use = acceptance.

10. Applicable Law

Greek law. Courts of Athens.

Last update: March 2026