Privacy Policy

1. Introduction

YourWay CRM ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our customer relationship management (CRM) service.

We operate in compliance with the General Data Protection Regulation (GDPR) (EU) 2016/679 and Greek data protection laws.

2. Data Controller

The data controller responsible for your personal data is:

3. Information We Collect

We collect information that you provide directly to us, including:

• Account Information: Name, email address, phone number, and password when you register
• Business Information: Organization name, business details, and service offerings
• Customer Data: Information about your customers that you store in the CRM
• Payment Information: Billing details processed through our payment provider (Stripe)
• Usage Data: Information about how you interact with our service
• Communications: Messages you send to us or through our platform

4. Legal Basis for Processing

We process your personal data based on the following legal grounds (GDPR Article 6):

• Contract Performance: Processing necessary to provide our services to you
• Legitimate Interests: For business operations, security, and service improvement
• Legal Obligations: Compliance with applicable laws and regulations
• Consent: For optional features like marketing communications

5. How We Use Your Information

We use the collected information to:

• Provide, maintain, and improve our CRM services
• Process transactions and send related information
• Send technical notices, updates, and support messages
• Respond to your comments, questions, and requests
• Monitor and analyze trends, usage, and activities
• Detect, investigate, and prevent fraudulent transactions and abuse

6. Data Retention

We retain your personal data for as long as your account is active or as needed to provide services. Specifically:

• Account Data: Retained while your account is active and up to 30 days after deletion
• Customer Data: Retained according to your data management preferences
• Payment Records: Retained for 7 years as required by Greek tax law
• Usage Logs: Retained for up to 12 months

7. Data Sharing

We may share your information with:

• Service Providers: Third parties that help us operate our business (hosting, payment processing)
• Legal Requirements: When required by law or to protect our rights
• Business Transfers: In connection with a merger, acquisition, or sale of assets

We do not sell your personal information to third parties.

8. Your Rights (GDPR)

Under the GDPR, you have the following rights:

• Right of Access: Request a copy of your personal data
• Right to Rectification: Request correction of inaccurate data
• Right to Erasure: Request deletion of your data ("right to be forgotten")
• Right to Restrict Processing: Request limitation of how we use your data
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent

To exercise these rights, contact us at support@yourwaycrm.com

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

• Encryption of data in transit and at rest
• Regular security assessments and updates
• Access controls and authentication measures
• Employee training on data protection

10. International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA). When this occurs, we ensure appropriate safeguards are in place, such as:

• EU adequacy decisions
• Standard Contractual Clauses (SCCs)
• Data Privacy Framework certification

11. Cookies

We use essential cookies to provide our service functionality. These cookies are necessary for the website to function and cannot be switched off. For more information, see our cookie notice in the application.

12. Supervisory Authority

If you believe we have not handled your personal data properly, you have the right to lodge a complaint with the Hellenic Data Protection Authority (HDPA):

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. Significant changes will be communicated via email.