Skip to content
logo mobile
Explore Omni
Home/Privacy Policy

Last updated: 23 April 2026

 

1. Who we are

The controller for the personal data processing covered by this Privacy Policy is MSTAT S.A. (“MSTAT”, “we”, “us”, “our”), with registered offices at 6 Sinopis Street and 11 Evinou Street, 11527, Athens, Greece.

For general enquiries regarding the Omni Messaging Platform, you may contact us at sales@m-stat.gr or +30 210 33 89 590. For privacy matters and for the exercise of data protection rights, you may contact us at dpo@m-stat.gr. MSTAT has appointed a Data Protection Officer (DPO), who may also be contacted through the same email address.

This Privacy Policy has been prepared in accordance with the General Data Protection Regulation (Regulation (EU) 2016/679 – GDPR), Greek Law 4624/2019 and, where applicable, Greek Law 3471/2006 on privacy in electronic communications

 

2. Who this Policy covers

This Policy applies to:

(a) Website visitors,

(b) individuals who contact us through the contact form, demo, free-trial or email channels,

(c) newsletter subscribers,

(d) representatives, officers, employees or other contact persons of existing or prospective corporate customers and partners,

(e) users who create an account or request access to the Platform in a pre-contractual or contractual context.

If you receive a message or campaign from an MSTAT customer through the Omni Messaging Platform, the specific notice in section 10 below also applies.

 

3. Categories of personal data we collect

Depending on how you interact with the Website or the Omni Messaging Platform, we may process the following categories of personal data:

 

3.1 Data you provide directly:

  • identification and business contact details, such as first name, last name, business email address, phone number, company, job title/role and country,
  • information about your interest in the Platform, communication channels or intended business use,
  • the content of your request, message or correspondence,
  • information required to enter into or manage a commercial relationship, such as billing details, company details and contract administration information,
  • account or trial data, if you request access to the service.

 

3.2 Data collected automatically

  • IP address,
  • device, browser, operating system and language data,
  • technical logs, timestamps, session identifiers and security-related data,
  • browsing information, referring URLs, pages visited and actions taken on the Website,
  • cookie preferences and related consent choices.

 

3.3 Newsletter and marketing data

When you subscribe to our newsletter or request marketing updates, we may process your email address, subscription/unsubscription timestamp, IP address or other data required to document your consent and to manage our communications with you.

 

3.4 Data obtained from third parties

We may receive business contact details from your employer, partners, public professional profiles or from people within your organisation who ask us to contact you, to the extent this is appropriate in the context of an existing or prospective business relationship.

Please do not send us special categories of data or other information that is not necessary for your request through open forms or ordinary email.

 

4. Why we process your data and the legal bases we rely on

We only process your personal data where we have an appropriate legal basis under Article 6 GDPR. In particular:

 

4.1 Website operation, security and technical administration

We process technical data, logs, device information and certain strictly necessary cookies in order to ensure proper Website operation, systems security, incident handling and the prevention of malicious activity.

Legal basis: our legitimate interests in the security, availability and integrity of our services.

 

4.2 Responding to contact, demo, free-trial and quotation requests

We process the data you submit so that we can communicate with you, assess your needs, organise a demo or trial, and take steps towards a potential business relationship.

Legal basis: taking steps at your request prior to entering into a contract and, where relevant, our legitimate interests in handling business enquiries.

 

4.3 Account, trial, contract and service management

Where an account is created or a customer relationship is established, we process relevant data for onboarding, authentication, access management, support, billing, contract administration and customer care.

Legal basis: performance of a contract and compliance with related legal obligations.

 

4.4 Newsletter, informational communications and direct marketing

Where you have given consent, or where applicable law allows us to contact you in the context of an existing business relationship, we may send you updates about MSTAT products, services, news and events.

Legal basis: consent or, where permitted, our legitimate interests in B2B communications. You may opt out at any time.

 

4.5 Analytics, Website improvement and optional features

Where you accept the relevant cookies or similar technologies, we may use usage data and statistics to improve the Website’s structure, content, performance and user experience.

Legal basis: consent, where required.

 

4.6 Legal compliance and the establishment, exercise or defence of claims

We may process your data for tax, accounting, regulatory or evidential purposes, or in order to establish, exercise or defend legal claims.

Legal basis: legal obligation and legitimate interests.

We do not use your data for purposes that are incompatible with the above without further notice or your consent where required. We do not make decisions producing legal or similarly significant effects concerning you solely by automated means in the context of this Website.

 

5. Cookies and similar technologies

The Website uses cookies and similar technologies. At the time of this Policy, the Website’s cookie management tool distinguishes at least the following categories:

  • strictly necessary cookies, required for core functionality and for storing consent preferences,
  • functional cookies, enabling optional features,
  • analytics cookies, helping us understand how the Website is used and how its content may be improved.

Strictly necessary cookies are used on the basis of our legitimate interests in the basic operation and security of the Website. Non-essential cookies are only used on the basis of consent where this is required.

You may at any time:

  • change your choices through the cookie banner or cookie settings,
  • delete cookies through your browser settings,
  • configure your browser to reject some or all cookies.

Disabling certain cookies may affect Website functionality.

 

6. Who we share your data with

We do not sell or lease your personal data to third parties for their own independent marketing purposes. We may, however, disclose data to:

  • authorised MSTAT personnel subject to confidentiality obligations,
  • hosting, cloud, infrastructure, technical support, cybersecurity and system maintenance providers,
  • Website management, analytics, forms, CRM, sales support, newsletter or other operational tool providers,
  • professional advisers, such as lawyers, auditors or accountants, where necessary,
  • competent administrative, judicial or law-enforcement authorities where required by law or lawful request.

Where third parties act as processors on our behalf, they are contractually bound to process data only under our instructions, to implement appropriate security measures and to maintain confidentiality.

 

7. International transfers

As a rule, we seek to have data covered by this Policy processed within the European Economic Area. If, by exception, a transfer outside the EEA is required, we will implement appropriate safeguards, such as an adequacy decision, Standard Contractual Clauses or another lawful mechanism under Chapter V GDPR.

 

8. Security

We implement technical and organisational security measures appropriate to the nature of the data and the relevant risks, including access controls, event logging, role-based access restriction, secure communication protocols, internal policies and incident management procedures.

MSTAT applies security and quality standards and holds, among other things, ISO 27001 and 27701 certification. However, no system can be considered absolutely immune from risk.

 

9. How long we keep your data

We keep personal data only for as long as necessary for the relevant purpose, unless longer retention is required or permitted by law. By way of example:

  • contact, demo, free-trial and quotation requests: up to twelve (12) months after our last substantive communication, unless a customer relationship is established in the meantime,
  • account and contractual data: for the duration of the relationship and thereafter for as long as required by tax, accounting, regulatory or evidential obligations, (on average 5 years)
  • newsletter and marketing data: until consent is withdrawn/unsubscription takes place and, in any event, for a reasonable period to maintain suppression records and demonstrate compliance,
  • security logs and technical files: for a limited period proportionate to security and incident investigation needs,
  • data relevant to legal claims: until the expiration of the applicable limitation periods.

After the relevant retention period expires, we delete or anonymise the data unless further retention is required by law.

 

10. Specific notice regarding data processed through the Omni Messaging Platform

This section is particularly important. Through the Omni Messaging Platform, MSTAT provides multi-channel communication, contact/CRM management, analytics, forms, landing pages and related functionalities. Where a corporate customer uploads contact lists, defines audiences, prepares campaigns or collects replies and submissions from end recipients, that customer will generally act as the controller for its recipient data and MSTAT will generally act as its processor/service provider under the applicable contract and, where required, a data processing agreement.

In that context, the customer generally determines the campaign purposes, the recipient categories, the content of the communication and the legal basis vis-à-vis its recipients. Therefore, if you are an end recipient of a message sent through the Platform, you should in principle consult the sender/customer’s privacy notice and exercise your rights primarily against that sender.

MSTAT may act as an independent controller for distinct activities relating in particular to:

  • the creation and security of Platform user accounts,
  • authentication and access management,
  • billing, accounting and tax compliance,
  • network and service security, abuse prevention and incident documentation,
  • the retention of necessary logs and compliance records,
  • support requests and customer relationship management.

Where we use aggregated or anonymised statistics for business analysis or service improvement, we do not seek to identify individuals.

 

11. Your rights

Subject to the conditions of applicable law, you have the following rights:

  • right of information and access,
  • right to rectification,
  • right to erasure,
  • right to restriction of processing,
  • right to data portability,
  • right to object to processing based on legitimate interests,
  • right to withdraw consent at any time, without affecting prior lawful processing,
  • right to lodge a complaint with the Hellenic Data Protection Authority.

If you wish to exercise any right, please contact us at info@m-stat.gr. We may ask for reasonable proof of identity before responding.

 

12. Links to third parties, social media and maps

The Website may contain links to third-party services or websites, such as social media, maps, partners or other external sites. When you follow those links or interact with such services, the relevant third parties process data under their own privacy notices. We recommend that you read those notices before using their services.

 

13. Children’s data

The Website and the Platform are primarily intended for businesses and professionals and are not directed to children. We do not knowingly collect children’s personal data through the above flows. If you believe such data has been provided to us, please contact us so that we can take appropriate steps.

 

14. Changes to this Privacy Policy

We may update this Policy from time to time to reflect changes in the Website, the Platform, our processing practices or applicable law. The updated version will be posted on the Website with a new “last updated” date.

 

15. Contact

For any question about this Privacy Policy or to exercise your rights, you may contact MSTAT as follows:

MSTAT S.A.

6 Sinopis Street and 11 Evinou Street, 11527, Athens, Greece

Privacy contact: dpo@m-stat.gr

General/sales contact: sales@m-stat.gr

Telephone: +30 210 33 89 590

Experience Omni in action.

Request your personalized demo.