# Privacy Policy Last updated: **10th of January 2026** This Privacy Policy explains how the creator of this app, listed in Section 1, (which later will be referred to as "we", "us", "our") collects, uses, stores and shares personal data when you install or use the **BenzinApp** mobile application (the “App”), and what rights you have in relation to that data. By using the App you agree to the collection and use of data as described in this policy. ## 1. Who is the data controller SEIMENIS GEORGIOS EMMANOUIL - Sole-Proprietorship Company Address: Karaiskaki 31, Athens, 15341 Email: giorgosseimenis@gmail.com If you are based in Greece and wish to raise a complaint with the national supervisory authority, you may contact the Hellenic Data Protection Authority. ## 2. Which personal data we collect We collect the following categories of **personal data** when you use the App: ### Account data E-mail, Username, hashed password (we do not store passwords in plaintext). ### Vehicle & fuel data Car make/model/year, fuel-fill records (date, liters, cost, kilometers), service/malfunction reports (date, description, cost, location), repeated-trip templates (origin/destination coordinates and addresses, with description of the trip). ### Technical data IP address, timestamps, approximate location from GPS (only if the feature is used), and other diagnostic data. *Note: under the GDPR, location data and device identifiers are considered personal data if they can identify an individual. Art. 4 and the duty to inform apply whenever we collect personal data.* ## 3. Do we collect “special category” (sensitive) data? The App does not intend to collect special categories of personal data as defined in Article 9 GDPR (e.g., health, race, religion). The types of data we collect (fuel records, car data, usernames) are ordinary personal data, not Article 9 special categories. If you or a user voluntarily enters information that might be sensitive, please contact us immediately so we can treat it appropriately. ## 4. Purposes of processing and lawful basis We process personal data for the following purposes and on the following lawful bases: - To create/operate your account and provide the App’s functionality (e.g., save fuel entries, trips) — performance of a contract or consent, depending on the feature. - To comply with legal obligations (e.g., respond to lawful requests) — legal obligation. - To prevent fraud and secure accounts — legitimate interests (security). Before collecting sensitive or optional data, we will request explicit consent where required. You can always withdraw consent for optional processing (this will not make past lawful processing unlawful). For more on the required content of privacy notices and lawful bases, see GDPR Article 13 and guidance. ## 5. Recipients / third-party services We may share personal data with: - Hosting and backend providers (e.g., cloud provider, database). - Legal / regulatory authorities when required by law. We will only share the **minimum data necessary**. ## 6. International transfers If we transfer personal data outside the EU/EEA (for example to cloud providers with servers outside Europe), we will ensure **appropriate safeguards are in place** (standard contractual clauses, adequacy decisions, or other GDPR-compliant mechanisms). We will make this information available on request. ## 7. Data retention We retain personal data only as long as necessary for the purposes listed above, and in accordance with legal obligations. Typical retention periods: ## Account data Until account deletion + a short archival period for backups (e.g., up to 4 weeks). You can request erasure of your personal data (subject to legal exceptions). See section 10 for how to exercise rights. Guidance on retention and the duty to inform is set out in GDPR Article 13 and supervisory authority guidance. ## 8. Security measures We use appropriate technical and organisational measures to protect data, including (where applicable): - Password hashing and secure authentication practices (do not store passwords in plaintext). - Encrypted connections (HTTPS/TLS) for data in transit. - Access controls and least privilege for systems that store personal data. - Regular backups and secure deletion procedures. - Practical note: make sure you store passwords only after hashing with a modern algorithm (e.g., bcrypt/Argon2) and protect any API keys and credentials in server-side storage — if you want, I can give a short checklist for secure password handling. ## 9. Minors The App is not directed at children under 18. If you believe we have collected data from a minor without proper consent, contact us and we will delete it. ## 10. Your rights Under the GDPR you have the right to: - Access your personal data. - Request correction of inaccurate data. - Request erasure ("right to be forgotten") where applicable. - Request restriction of processing. - Object to processing (including for direct marketing/analytics where applicable). - Data portability (receive your data in a machine-readable format). - Withdraw consent (where processing is based on consent) without affecting lawfulness of prior processing. - Lodge a complaint with a supervisory authority (Hellenic DPA). To exercise any of the above rights, contact us at giorgosseimenis@gmail.com and we will respond within the timelines required by law. ## 11. Changes to this Privacy Policy We may update this Privacy Policy from time to time. The “Last updated” date at the top shows when it was last revised. Material changes will be notified via e-mail. ## 12. Contact / supervisory authority For questions about this policy or our processing practices contact: giorgosseimenis@gmail.com, or +302106545087. If you remain unsatisfied, you may lodge a complaint with the Hellenic Data Protection Authority.