Privacy and Personal Data Protection Policy


The company under the name "MORE.GR ONLINE SERVICES SINGLE MEMBER SA," and the distinctive title "MORE.GR ONLINE SERVICES," which is established and operates under Greek Law, with its registered office in Marousi, Attica, at Arcania Business Center, 18-20 Amarousiou – Chalandriou Avenue, PC 15125, with VAT number 998988329, Tax Office KEFODE of Attica, and General Commercial Registry (GEMI) number 006549001000, hereinafter referred to as "more.com” or the “Company," acting as the Data Controller, considers the security and protection of your personal data a top priority, regardless of the capacity in which you communicate or cooperate with us, such as, indicatively but not limited to, prospective or active customers, employees, suppliers, professionals, individuals, consumers, or affiliated third parties.

Your personal data includes any information that can lead, either directly or in combination with others, to your unique identification or location as a natural person. This category includes, but is not limited to, details such as full name, Tax Identification Number (TIN / VAT), Social Security Number (SSN), physical and electronic addresses, landline and mobile phone numbers, bank/debit/prepaid card numbers, email addresses, transaction details, telephone and online communications, payment data, identifying details of your equipment or terminal devices such as POS, computers, smartphones, tablets, internet search history (log files, cookies, etc.), and any other information that allows your unique identification under the provisions of the General Data Protection Regulation (GDPR 2016/679), the applicable Greek legislation, and the decisions of the Hellenic Data Protection Authority (HDPA).

Please read this Security and Personal Data Protection Policy of the Company. By using our website and signing the relevant consent declaration where required, you unreservedly accept the practices described herein, the terms of which henceforth govern our contractual relationship and are incorporated into the terms of use of each service.

 

1. Scope

This Security and Personal Data Protection Policy aims to inform you about the terms of collection, processing, and transmission of your personal data that we may collect as Data Controllers or Processors.

The Company and its trained personnel apply the ten Processing Principles of GDPR 2016/679 (lawfulness, objectivity, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity, confidentiality, and accountability) to protect your eight Rights regarding the use of your Personal Data (information, access, rectification, deletion, processing restriction, portability, objection, and non-automated decision-making based on profiling, as specified in Greek law). The above apply without discrimination and are implemented in all processing activities and services provided by the group companies.

 

2. Methods of Collecting Personal Data

More.com will always request from you the minimum legally required personal data required by law in order for you to purchase event tickets or other services, to acquire other products or services, or to participate in competitions and promotional activities. Depending on the case, such personal data may include your name/username, password, card number, expiration date, and credit/debit/prepaid card security code, contact numbers, email address, postal address for issuing or sending invoices or service receipts, and delivery details of your order.

more.com retains your personal data only for as long as required by the contractual terms of each service, in conjunction with applicable financial, banking, tax, telecommunications, and other legislation, based on the processing purpose, after which it anonymizes or destroys such personal data.

3. Cases of Personal Data Collection

More.com collects your personal data in the following cases:

  • When you fill out an application/ form on our website in order to purchase a product and/or a service and so that we can verify your age to ensure you are legally allowed to enter into an agreement with us or if parental/guardian consent or signature is required.
  • When you voluntarily subscribe to printed or electronic mailing lists so as to receive informational material in print, electronically or via SMS, or other marketing material, or to update your preferences, or when you participate in competitions, questionnaires and surveys.
  • When you contact our offices or customer service department, recording the content of your calls and any communication with our call center, including any comments and purchase preferences, products you have searched for, and posted opinions or comments.
  • When you visit and browse our website, we collect information from your terminal device using appropriate data collection tools, such as cookies, your internet protocol (IP) address, operating system, browser type, and version, etc.
  • When we receive documents, pleadings, orders, reports, seizures orders, warrants, etc., from third-party entities, such as regulatory, prosecutorial, judicial, tax authorities, banking institutions, card issuing organizations, payment and credit control institutions, companies providing information on creditworthiness, for your protection against fraud or money laundering, or for combating financial and cybercrime.
  • For merchants: When we receive the necessary data for your identification [Know-Your-Customer (KYC)] in compliance with EU Regulation 2022/2065, the Digital Services Act (DSA), and Law 5099/2024, as well as in the context of exercising our legitimate interests, either directly from you or from trusted third-party organizations and sources.

4. Cookies Policy

Our website uses small files known as "cookies" to operate better and enhance your experience. These files are stored on your device when necessary for this website's functionality. For all other types of cookies, we obtain your required consent through an appropriate mechanism.

To learn more about how we use cookies, refer to our cookie policy.

 

5. Principles of Processing

We are committed to protecting your privacy and handling your data transparently. Therefore, we process your personal data under GDPR and Greek data protection laws for at least one of the following purposes:

A. For the execution of a contract
We process personal data in order enable you to carry out transactions and for us to provide our services based on our Terms of Service, as well as to complete the contracting process with prospective partners and customers. The purpose of personal data processing depends on the requirements of each service, and the contractual terms and conditions provide further details regarding the relevant purposes.

B. For compliance with legal obligations
There are certain legal obligations arising from the relevant laws and regulatory/legal requirements that apply to us, such as the Anti-Money Laundering Act, consumer protection legislation, tax legislation, e-commerce legislation, the Digital Services Act (DSA) and the relevant national legislation on digital services, and payment services legislation. There are also various supervisory authorities whose regulations we are required to comply with, such as the National Telecommunications and Post Commission (EETT). Such obligations and requirements necessitate essential personal data processing activities for identity verification, compliance with court decisions/orders, fraud reporting obligations, and anti-money laundering controls.

C. For protecting legitimate interests
We process personal data to safeguard the legitimate interests pursued by us or by third parties. A legitimate interest exists when we have a business or commercial reason to use your information. However, even in such cases, it must not unfairly contradict what is right and best for you. Examples of such processing activities include the following:

  • Installing surveillance systems (CCTV cameras) to prevent criminal activities and protect individuals and assets.
  • Establishing legal claims and preparing our defense in legal disputes.
  • Implementing measures and procedures to ensure the security of our systems and prevent potential criminal activities.
  • Taking measures and procedures for the development of new services and the expansion/management of our operations.
  • Communicating with and informing our customers about new services or offers.
  • Providing technical support.
  • Risk management of more.com.

D. Because you have given your consent
Where you have explicitly given us your consent for processing (other than for the purposes referred to above), the lawfulness of such processing is based on that consent. You have the right to withdraw your consent at any time. However, any processing of personal data carried out prior to receipt of your revocation will not be affected.

 

6. Transmission to third parties

 

When you use our website and provide us with personal information, we at more.com act as an intermediary and do not transmit or share your information, either between group companies or with third parties, except to the extent necessary to complete your order and fulfil requests regarding the services provided by us or to suggest ways to improve your overall experience in the context of the services provided. Such third parties may include theatre producers, travel service providers, ferry companies, telecommunications companies, reservation systems and other global distribution systems.

 

At more.com we choose trusted providers and try to place contractual restrictions on third parties who receive your personal data to ensure that they use it in accordance with this Policy and applicable European (GDPR 2016/679) and international data protection laws. However, we cannot guarantee that they will not use or disclose this data without your permission. Therefore, we recommend that you carefully review the privacy practices of any third-party providers/suppliers whose products you purchase through our websites. In addition, third party providers may contact you, when necessary, to obtain additional information about a potential service, payment or reservation.

 

In order to process your data, we may need to transfer your information to other countries, including countries mostly within and extremely outside the European Economic Area (EEA) based on EU adequacy decisions, corporate binding rules, standard contracts and approved codes of conduct.

 

In each case, we take appropriate technical and organisational measures to ensure that your personal information is transferred, stored and processed in accordance with appropriate security standards and in accordance with the terms of this Policy and any applicable data protection laws.

 

Finally, we may transfer or disclose your personal information to official, domestic or foreign, governmental and supervisory bodies (e.g. police, Bank of Greece, international tax authorities, etc.) when we are required to comply with the law and to prevent illegal actions against us and our customers (e.g. fraud, money laundering, etc.).

 

7. Security of Personal Data

 

At more.com, we employ trained and responsible personnel, and we recognize the importance of protecting your privacy and all your personal information. For this purpose, we have adopted appropriate security policies and use suitable technical and organizational measures, which include, indicatively and not exhaustively, the following: 

 

1. Technical Measures 


Secure Transmission 

  • Encryption of data during transmission using secure communication protocols (e.g. TLS). 

Secure Storage 

  • Encryption of personal data at rest using standardized encryption mechanisms. 

Access Control 

  • Role-based access control ensuring that users can access only the data necessary for their role. 
  • Multi-factor authentication for privileged users. 

System Security 

  • Enhanced security for servers and endpoints. 
  • System vulnerability detection and management. 
  • Malware protection and intrusion detection mechanisms. 

Logging and Monitoring 

  • Logging of access activities. 
  • Continuous monitoring and alerting for suspicious activities. 

Backup and Recovery 

  • Encrypted backups. 
  • Secure storage of backup data. 

Data Minimization and Configuration 

  • System configuration to collect and process only the data necessary for specific purposes. 

2. Organizational Measures 


Governance and Accountability 

  • Appointment of a Data Protection Officer (DPO). 
  • Clear allocation of responsibilities for data protection and information security. 

Policies and Procedures 

  • Documented information security and data protection policies. 
  • Procedures covering access management, incident response, data retention, and secure data deletion. 

Staff Awareness and Training 

  • Regular staff training on data protection and information security matters. 

Vendor and Third-Party Management 

  • Data processing agreements with vendors and service providers. 
  • Due diligence and periodic assessment of third-party security measures. 

Data Protection by Design and by Default 

  • Integration of data protection requirements into system design, development, and operational processes. 

Risk Management 

  • Regular risk assessments and reviews of processing activities. 
  • Conducting data protection impact assessments where required. 

Incident and Data Breach Management

  • Procedures for the identification, investigation, and communication of personal data breaches. 
Data Subject Rights Management 
  • Procedures to ensure the timely and secure handling of data subject requests. 

Data Retention and Deletion 

  • Defined personal data retention periods. 
  • Secure and controlled deletion procedures. 

These measures are implemented in accordance with the principles of data protection by design and by default and are reviewed on a regular basis to ensure an appropriate level of security, in compliance with Article 32 of the General Data Protection Regulation (GDPR). 

Any partner of ours who has access to the above information uses it solely in order to serve the purposes described above. We share the information you provide to us exclusively in the ways described in this Policy and in accordance with your explicit and specific consent per type of processing, which you may withdraw at any time and freely by contacting us.

 

8. Display of targeted advertisements

 

We may use your personal data together with other information we have collected, following human intervention by our commercial department, to display advertisements relevant to your apparent preferences on our website or on another website. Additionally, we may use your email address, which has been provided in the context of a transaction or registration, to create custom advertising audiences (Custom Audiences) on the Meta and Google platforms, without disclosing your personal data to third parties. This use is based on our prior relationship with you and is carried out in accordance with the data protection terms of the respective platforms.

 

However, we never automatically associate customer data of different more.com companies relating to your consumer profile and overall preferences with other personal information (such as your email address) to display advertisements or send you personalized offers based on profiling. In addition, we do not share your personal data with third parties to enable them to send you relevant advertisements.

 

If you would like us to stop sending you updates or offers, you can use the unsubscribe link at the bottom of the email you received from us.


9. Use of Artificial Intelligence (AI Chatbot) 

The platform uses automated artificial intelligence tools, such as chatbots, for the purpose of supporting users, providing information, and improving the user experience. 

When using the chatbot, data provided by the user may be collected and processed solely for the purpose of fulfilling the user’s request. Such data is not used for purposes other than those described in this Privacy Policy and is processed in accordance with applicable personal data protection legislation (GDPR). 

 

10. Links to third-party websites

The company's websites may contain links to other websites of third parties, independent entities, such as, indicatively, event producers, transport service providers, payment service providers, etc., which are operated and maintained exclusively by those entities, and which we do not control, as mentioned above.

We bear no responsibility whatsoever for the content, actions or policies of those third-party websites. Please read carefully the respective data and privacy policies of the different websites you visit, as they may differ significantly from ours.

 

11. Non-requested commercial communication

We do not allow the use of our website or of our services for the purpose of transfer, distribution or delivery of any mass or unwanted commercial e-mails (spam). Moreover, we do not allow the exchange of messages from and to our customers which use or contain non-valid or falsified titles, non-valid or non-existing domain names, message sender encryption techniques, false or misleading information or which violate the terms of use of each website.

We do not allow in any way the collection of e-mails or of general information of our customers and subscribers, via our website or our services. We do not allow, and we do not authorize any attempt of use of our services in any way that could harm, deactivate, burden any part of our services or to hinder anyone who wishes to use our services.

If we detect a non-authorized or improper use of any of our services, we may, without warning and upon our absolute discretion, take all appropriate measures to block messages by a specific web domain, an e-mail server or an IP address. We are entitled to immediately erase any account that uses our services and which we deem, at our absolute discretion, it transmits or is connected with the transmission of any messages that violate this policy.

 

12. Your data protection rights

You have the following rights in relation to the personal data we hold about you:

1. To have access to your personal data. This enables you, for example, to obtain a copy of the personal data we hold about you and to check that we are processing it lawfully. To obtain a copy, you can contact the Data Protection Officer of more.com at 2117609105 or at dpo@more.com .

2. This enables you to correct any incomplete or inaccurate data we hold about you.

3. To request the deletion of your personal information [known as the “right to be forgotten”]. This allows you to request that we delete your personal data when there is no good reason for us to continue to process it.

4. To object to the processing of your personal data [known as the “right to object”] where we have a legitimate interest but there is something specific about your situation that makes you want to object to the processing on this ground. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for processing that override your interests, rights and freedoms. You also have the right to object where we process your personal data for direct marketing purposes. This also includes profiling, insofar as it relates to direct marketing. If you object to processing for direct marketing purposes, we will stop processing your personal data for these purposes.

5. Request the restriction of the processing of your personal data. This allows you to ask us to restrict the processing of your personal data, i.e. to use it only for certain circumstances if:

a. it is not accurate;

b. it has been used unlawfully but you do not want us to delete it;

c. it is no longer needed but you want us to keep it for use in possible legal claims;

d. you have already asked us to stop using your personal data but you are waiting for us to confirm whether we have legitimate reasons to use it.

6. Request to receive a copy of personal data concerning you in a structured, commonly used and machine-readable format in order to transfer this data to other organisations. You also have the right to request that your personal data be transferred directly from us to other organisations you name [known as the right to data portability].

7. To withdraw the consent you have given us regarding the processing of your personal data at any time, directly and easily. Note that any withdrawal of consent does not affect the lawfulness of the processing based on the consent before it is withdrawn or revoked by you. To exercise any of your rights or if you have any other questions about our use of your personal data, you can contact our Data Protection Officer at dpo@more.com .

 

13. Right to lodge a complaint with the Data Protection Authority

If you have exercised any or all of your data protection rights and you still feel that your concerns about the way we use your personal data have not been satisfactorily addressed, you have the right to lodge a complaint with the Data Protection Authority (DPA) www.dpa.gr.

 

14. Validity of this Policy

This Policy was published by more.com on 4/2/2026 and is subject to periodic improvement and revision.

Any changes to this Policy will apply to the information collected as of the date the revised version is published, as well as to existing information we hold. Your use of the website following the publication of changes implies your acceptance of those changes.