Skip to main content

Privacy Policy


MediTaste | The Greek Food Export Lab
102 Tatoiou Avenue, 144 52 Metamorfosi, Greece
Email: info@meditaste.gr

MediTaste respects your privacy and is committed to protecting personal data in accordance with the EU General Data Protection Regulation (GDPR) and applicable Greek data protection law. This Privacy Policy explains what personal data we collect, how we use them, on what legal basis, with whom we share them, how long we keep them, and what rights you have.


1. Data Controller

The data controller for the processing described in this Privacy Policy is:

MediTaste | The Greek Food Export Lab
102 Tatoiou Avenue, 144 52 Metamorfosi, Greece
Email: info@meditaste.gr

For questions about this Privacy Policy or to exercise your data protection rights, you may contact us at the email address above.


2. Personal Data We Collect

Depending on how you interact with our website and services, we may collect the following categories of personal data:


a. Contact and identification data


  • Full name
  • Email address
  • Phone number
  • Country
  • Company name


b. Business and assessment data


If you complete our Export Readiness Assessment, we may collect:

  • Annual turnover range
  • Approximate production capacity
  • Current export share
  • Export organisation structure
  • Certifications
  • Packaging / label compliance status
  • Product category
  • Target export region
  • Sustainability / ESG status
  • Main export challenge
  • Language preference
  • Assessment score, segment and readiness category
  • Report link assigned to your assessment outcome


c. Communication and preference data


  • Inquiry details or information you voluntarily provide
  • Whether you opted in to receive marketing communications
  • Subscription / unsubscribe status


d. Technical and usage data


  • IP address
  • Browser type
  • Device type
  • Basic page / referral / campaign data
  • Cookies or similar technical identifiers, where applicable
  • Security and anti-abuse signals


These categories reflect the GDPR principle that personal data processing must be transparent, limited to specified purposes, and minimized to what is necessary.


3. How We Collect Data

We collect personal data:

  • directly from you when you complete a form, contact us, subscribe, or communicate with us;
  • automatically through technical means when you use the website, such as analytics, security tools, cookies, server logs, or spam-protection services;
  • from your interaction with our campaign URLs and website entry paths, where relevant for attribution and service performance analysis.


4. Purposes of Processing

We process personal data for the following purposes:


a. To respond to inquiries and manage business communication


We use your data to respond to requests, manage professional communications, and assess possible collaboration opportunities.


b. To operate the Export Readiness Assessment


If you complete the assessment, we use the data you provide to:


  • process your submission;
  • calculate a structured readiness score;
  • assign a readiness segment or category;
  • generate and deliver a diagnostic follow-up or report;
  • store the lead in our CRM for handling the requested service;
  • evaluate whether a relevant next-step discussion may be appropriate.


c. To send service-related emails


We may send emails that are necessary to deliver the service you requested, including:


  • submission confirmation;
  • assessment-related follow-up;
  • diagnostic report delivery;
  • operational emails connected to your request.


d. To send marketing communications, only where you opt in


Where you give separate consent, we may send you updates, insights, invitations, news, and other MediTaste-related commercial communications. Valid consent under GDPR must be specific, informed, and freely given.


e. To improve website performance and user experience


We may use technical and usage data to understand website traffic, improve performance, and refine content, navigation, and campaign effectiveness.


f. To ensure security, prevent spam, and protect infrastructure


We process limited technical data to protect the website and forms against spam, abuse, fraud, and cyber threats.


5. Legal Bases for Processing

Under the GDPR, personal data may be processed only where there is a valid legal basis, including consent, contractual necessity, or legitimate interests, among others.

Depending on the purpose, we rely on the following legal bases:


a. Consent — Article 6(1)(a) GDPR

We rely on consent where required, including:


  • where you actively accept the Privacy Policy in order to submit the assessment or form request, to the extent consent is used as the basis for that submission flow;
  • where you separately opt in to receive marketing communications.


You may withdraw your consent at any time. Withdrawal does not affect the lawfulness of processing carried out before withdrawal. GDPR transparency rules require that this right be clearly communicated.


b. Pre-contractual steps / request handling — Article 6(1)(b) GDPR


Where you request an assessment, contact us for services, or ask us to review a business case, we may process personal data where necessary to take steps at your request prior to entering into a business relationship. The European Commission recognizes contract-related necessity as a valid legal basis where processing is needed for a requested service.


c. Legitimate interests — Article 6(1)(f) GDPR


We may rely on legitimate interests where necessary for:

  • managing business communications;
  • website analytics in a proportionate manner;
  • maintaining website functionality;
  • IT security;
  • spam prevention and abuse detection.


Where we rely on legitimate interests, we apply a balancing assessment and do not do so where your interests or fundamental rights override our interests.


6. Export Readiness Assessment

Our website may offer a structured Export Readiness Assessment for food producers, cooperatives, and export-oriented businesses.


When you complete this assessment, we process the data you provide to produce a rule-based diagnostic result, which may include:

  • a calculated readiness score;
  • a segment or category such as early, emerging, ready, or strategic;
  • a corresponding follow-up report or diagnostic material.


This processing is designed to provide the service you requested. It is not intended to produce legal, financial, employment, or similarly binding decisions, and it is not used as the sole basis for decisions that produce legal or similarly significant effects in the sense of Article 22 GDPR. Where transparency requires it, we inform you that structured categorisation and scoring logic is used to generate your diagnostic output. GDPR information requirements specifically include informing individuals, where applicable, about automated decision-making and the logic involved.


7. Marketing Communications

If you choose to opt in, we may use your contact details to send:

  • newsletters,
  • trade insights,
  • invitations,
  • updates about MediTaste services,
  • selected business communications related to our activities.


Marketing communications are optional and are separate from service-related emails connected to the assessment or a direct request. You can unsubscribe at any time by using the unsubscribe link in the email or by contacting us directly. The EDPB states that consent must be specific and separated by purpose.


8. Service Providers and Recipients of Data

We may share personal data with trusted service providers who process data on our behalf and under appropriate contractual safeguards.


a. Brevo


We use Brevo as a service provider for CRM, contact management, email delivery, and marketing / automation workflows related to website forms and communications. Brevo states that it acts as a data processor for its customers and provides a Data Processing Agreement (DPA) within its contractual documentation.


b. Hosting, technical, analytics, and security providers


We may also use hosting providers, website tools, analytics tools, security tools, anti-spam systems, and other technical vendors, where necessary for website operation and protection.


c. Legal and regulatory disclosures


We may disclose personal data where required by law, regulation, court order, or to protect our legal rights.

We do not sell your personal data.


9. Google Maps

Our website may use Google Maps to display business location information. When you use this feature, certain technical data, including your IP address, may be processed by Google in accordance with its own privacy documentation.


10. Spam Protection and Security Tools

To protect forms and website infrastructure from spam, fraud, and abuse, we may use anti-spam and security tools, including Google reCAPTCHA or similar services. These tools may process technical and behavioural data necessary to distinguish genuine users from abusive or automated traffic.


11. Social Media Links and External Platforms

Our website may include links to third-party platforms such as LinkedIn, Facebook and Instagram. If you visit those services, your data are processed under the privacy policies of those platforms, not under this Privacy Policy.


12. International Transfers

Some of our service providers may process or access personal data outside your country. Where personal data are transferred outside the EU / EEA, we seek to ensure that appropriate safeguards are in place, such as adequacy decisions, standard contractual clauses, or other lawful mechanisms recognized under EU data protection law. The European Commission explains that transfers to third countries require such safeguards where applicable.


13. Data Retention

We retain personal data only for as long as necessary for the purposes for which they were collected, including to meet legal, operational, contractual, compliance, and evidentiary requirements. The GDPR principles include storage limitation and accountability.


As a general approach:

  • Inquiry and assessment data are retained for as long as needed to manage the request, deliver the diagnostic result, conduct relevant follow-up, and maintain appropriate business records.
  • Marketing data are retained until you unsubscribe, withdraw consent, object, or until we determine through periodic review that continued retention is no longer justified.
  • Technical and security logs are retained for a limited period appropriate to security, performance, and fraud-prevention purposes.


We may retain limited information longer where necessary to establish, exercise, or defend legal claims, or where required by law.


14. Your Rights

Subject to the GDPR and applicable law, you may have the right to:

  • request access to your personal data;
  • request correction of inaccurate or incomplete data;
  • request deletion of your personal data;
  • request restriction of processing;
  • object to processing in certain cases;
  • receive a copy of your personal data in a portable format, where applicable;
  • withdraw consent at any time, where processing is based on consent;
  • lodge a complaint with the Hellenic Data Protection Authority (HDPA).


The European Commission lists these as core GDPR transparency and rights requirements that organizations must communicate to individuals.


To exercise your rights, please contact: info@meditaste.gr


You also have the right to lodge a complaint with the Hellenic Data Protection Authority.


15. Data Security

We take reasonable technical and organisational measures to protect personal data against unauthorized access, loss, misuse, alteration, or disclosure. No internet-based system is completely secure, but we seek to apply proportionate safeguards appropriate to the nature of the data and the risks involved.


16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect legal, technical, or operational changes. The most recent version will always be posted on this website with the updated effective date.


17. Contact


For any questions regarding this Privacy Policy or our processing of personal data, please contact:

MediTaste | The Greek Food Export Lab
102 Tatoiou Avenue, 144 52 Metamorfosi, Greece
Email: info@meditaste.gr


Last updated: March 2026