GDPR Compliance

Last updated: July 13, 2026

RAS BioHacker is committed to protecting the personal data of every user in accordance with the EU General Data Protection Regulation (Regulation (EU) 2016/679, "GDPR") and Greek Law 4624/2019.

1. Data Controller

The Service is operated and maintained by Pixelab (VAT: EL100843320), Greece — the data controller for the personal data collected through RAS BioHacker. Contact: info@pixelab.gr.

2. Principles We Follow

  • Lawfulness, fairness and transparency.
  • Purpose limitation — data is collected for specified, explicit purposes.
  • Data minimization — only what we truly need.
  • Accuracy — data kept up to date.
  • Storage limitation — retained only as long as necessary.
  • Integrity and confidentiality — appropriate security in place.
  • Accountability — we document and evidence our compliance.

3. Your Rights Under the GDPR

  • Right of access — request a copy of your data.
  • Right to rectification — correct inaccurate data.
  • Right to erasure ("right to be forgotten").
  • Right to restrict processing.
  • Right to data portability — receive your data in a structured format.
  • Right to object to certain processing, including direct marketing.
  • Right not to be subject to automated decision-making that produces legal effects.
  • Right to withdraw consent at any time, where processing is based on consent.

4. How to Exercise Your Rights

Send a request to info@pixelab.gr from the email address associated with your account. We respond within one month, as required by Article 12(3) GDPR. There is no fee unless requests are manifestly unfounded or excessive.

5. Data Breach Notification

In the unlikely event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Hellenic Data Protection Authority within 72 hours and inform affected users without undue delay, in accordance with Articles 33–34 GDPR.

6. International Transfers

Where personal data is transferred outside the European Economic Area, we rely on adequacy decisions or Standard Contractual Clauses approved by the European Commission.

7. Sub-processors

We work with vetted sub-processors (hosting, database, authentication, email delivery, payment processing) bound by data-processing agreements. A current list is available on request.

8. Supervisory Authority

You have the right to lodge a complaint with the Hellenic Data Protection Authority (Αρχή Προστασίας Δεδομένων Προσωπικού Χαρακτήρα), Kifisias 1–3, 115 23 Athens, Greece — www.dpa.gr.