Privacy Policy

The Data Controller for personal data collected through tethys.systems is Tethys.

For matters relating to data we process as a Data Processor on behalf of irrigation organization (ΤΟΕΒ) clients — such as member records and parcel data — the relevant Data Controller is the respective ΤΟΕΒ.

A. Website — Contact Form

When you submit the contact form, we collect:

• Full name
• Email address
• Phone number (optional)
• Organization / ΤΟΕΒ name
• Role within the organization
• Type of interest (walkthrough, proposal, pilot, support)
• Message (optional)
• Explicit consent for use of the provided details

B. Tethys Platform (for ΤΟΕΒ clients)

In the course of providing services to irrigation organizations, we process — as Data Processor — data that may include:

• Member details (name, contact information)
• Parcel information (location, area, crop type)
• Irrigation records and field visit logs
• Geographic location data (GPS) during Android app use
• Financial data (invoices, payments, balances)
• Audit logs with timestamps and user identifiers

This data is processed exclusively under the instructions of the respective ΤΟΕΒ, which bears responsibility as the Data Controller towards its own members.

We do not sell, rent, or share personal data with third parties for commercial purposes. We may transfer data to the following sub-processors solely for service delivery:

Transfers outside the EEA (where applicable) are made under the European Commission's Standard Contractual Clauses (SCCs).

• Contact form data: Retained for the period needed to respond to your request, then for up to 24 months for commercial/relational purposes, unless deletion is requested.
• Platform data (ΤΟΕΒ): Retained for the duration of the service agreement. After termination, data is deleted or returned to the ΤΟΕΒ within 90 days, in accordance with contract terms.
• Audit logs: Retained for 5 years for legal compliance and auditability purposes.

Under the GDPR, you have the following rights regarding your personal data:

• Right of access (Art. 15): Obtain a copy of the data we hold about you.
• Right to rectification (Art. 16): Correct inaccurate or incomplete data.
• Right to erasure (Art. 17): Request deletion ("right to be forgotten") where no lawful retention ground applies.
• Right to restriction (Art. 18): Temporarily limit processing.
• Right to data portability (Art. 20): Receive your data in a structured, commonly used format.
• Right to object (Art. 21): Object to processing based on legitimate interests.
• Withdrawal of consent: At any time, without retroactive effect.

To exercise any of these rights, send a request to Info@tethys.systems. We respond within 30 calendar days.

You also have the right to lodge a complaint with the Hellenic Data Protection Authority (HDPA): www.dpa.gr

tethys.systems does not use analytics or third-party advertising cookies. Only technical cookies strictly necessary for site operation (e.g. session maintenance) may be used; these do not require consent under GDPR.

We apply appropriate technical and organisational measures to protect your data against unauthorised access, loss, or destruction, including:

• Encryption in transit (TLS/HTTPS) and at rest
• Role-based access control (RBAC) with least-privilege principles
• Full audit logging with timestamps per user action
• Offline-first architecture that minimises network data exposure

We may update this Policy periodically. Changes take effect from the date of publication on this page. For material changes affecting our clients (ΤΟΕΒ), we will provide notice by email or within the platform.

For any questions about the processing of your personal data, or to exercise your rights: