PRIVACY POLICY

Last Updated: March 2026

DATA CONTROLLER

MGM ATHENS P.C. (Ι.Κ.Ε.)

G.E.MI.: 176324301000

Registered Address: Aiolou 89, Athens 10551, Greece

Contact: privacy@mgm.com.gr

1. INFORMATION WE COLLECT

MGM Athens P.C. collects personal data through the following methods:

Founding Member Checkout: Name, email address, phone number (optional), t-shirt size, and payment information
The Oracle's Registry (Waitlist): Email address
Contact Form: Name, email address, and message content
Cookies & Analytics: Browsing behavior, device information, and interaction data via Google Tag Manager and Vercel Analytics

2. PURPOSE OF DATA PROCESSING

We process your personal data for the following purposes:

Ticketing & Access Management: To process Founding Member registrations and provide lifetime museum access
Marketing & Communication: To send updates, launch announcements, and promotional content (with your consent)
Customer Support: To respond to inquiries and provide assistance
Analytics & Improvement: To analyze website performance and improve user experience

3. DATA RETENTION PERIOD

Founding Members: Your data is retained indefinitely to provide lifetime access and membership benefits. You may request deletion at any time, subject to legal obligations.
Oracle's Registry (Waitlist): Retained until museum opening (June 2026) or until you unsubscribe. Automatically deleted 3 months after launch unless you opt-in for continued marketing.
Contact Form Submissions: Retained for 2 years for customer service purposes, then deleted.
Analytics & Cookies: Anonymized data retained for 14 months (Google Analytics standard).

4. YOUR GDPR RIGHTS

Under the General Data Protection Regulation (GDPR), you have the following rights:

Right to Access: Request a copy of all personal data we hold about you
Right to Rectification: Correct inaccurate or incomplete data
Right to Erasure ("Right to Be Forgotten"): Request deletion of your data
Right to Restriction: Limit how we use your data
Right to Data Portability: Receive your data in a machine-readable format
Right to Object: Opt-out of marketing communications at any time
Right to Withdraw Consent: Revoke consent for data processing where applicable

To exercise any of these rights, contact us at: privacy@mgm.com.gr
We will respond to your request within 30 days as required by GDPR.

5. DATA SECURITY

We implement industry-standard security measures to protect your personal information, including:

SSL/TLS encryption for all data transmission
Secure payment processing through Stripe (PCI-DSS compliant)
Regular security audits and updates
Access controls and data minimization practices

6. COOKIES & TRACKING

We use the following tracking technologies:

Google Tag Manager: For analytics and marketing pixels
Vercel Analytics: For performance monitoring
Google Consent Mode v2: To respect your cookie preferences

You can manage your cookie preferences through our cookie banner, which appears on your first visit. By default, all non-essential cookies are denied until you provide consent.

7. THIRD-PARTY SERVICES

We share data with the following third-party processors:

Stripe: Payment processing (covered by Stripe's privacy policy)
Brevo (Sendinblue): Email marketing and CRM
Google: Analytics and advertising (with your consent)
Vercel: Website hosting and performance analytics

We never sell your personal information to third parties.

8. INTERNATIONAL DATA TRANSFERS

Your data may be transferred to and processed in countries outside the European Economic Area (EEA). We ensure such transfers comply with GDPR through Standard Contractual Clauses (SCCs) or adequacy decisions.

9. CONTACT & COMPLAINTS

For any privacy-related questions or to exercise your rights:

📧 Email: privacy@mgm.com.gr

Right to Lodge a Complaint: If you believe we have not handled your data properly, you have the right to lodge a complaint with the Greek Data Protection Authority (DPA):

Hellenic Data Protection Authority
Kifisias Ave. 1-3, 115 23 Athens, Greece
Website: www.dpa.gr