GDPR Compliance

Last updated: March 2026

1. Our Commitment

Titanus is built with privacy by design and privacy by default at its core. We are fully committed to complying with the General Data Protection Regulation (EU) 2016/679 and ensuring that our platform helps your organization meet its own GDPR obligations.

Data controller: TITANUS PRIVATE COMPANY (IKE), VAT: 803209466, GEMI: 192180704000, 27 Georgikis Scholis Ave., 57001 Thessaloniki, Greece. Tel: +30 6973020501 | Email: info@titanus.gr

2. Data Processing

Titanus employs a multi-tenant architecture with complete data isolation between organizations. Each organization's data is logically separated at the application level, ensuring that no organization can access another's information. All data processing activities are documented and limited to what is strictly necessary for platform operation.

3. Data Location

All data is hosted within the European Union, specifically in European data centers. We do not transfer personal data outside the EU/EEA. This ensures your data remains under the protection of EU data protection laws at all times.

4. Sub-processors

We use a minimal set of sub-processors, all operating within the EU:

  • EU cloud hosting: Infrastructure services for platform operation, located in EU data centers.
  • EU email delivery: Transactional email service for notifications, invoices, and system communications.

We maintain an up-to-date list of sub-processors and notify customers of any changes.

5. Data Processing Agreement

A Data Processing Agreement (DPA) compliant with Article 28 GDPR is available upon request for all customers. Enterprise customers receive a DPA as part of their onboarding process. Contact info@titanus.gr to request a copy.

6. Security Measures

We implement comprehensive technical and organizational measures to protect personal data:

  • Encryption: All data is encrypted in transit (TLS 1.3) and at rest.
  • Access controls: Role-based access control with organization-scoped permissions ensures users only access data relevant to their role.
  • Audit logging: All data modifications are logged for accountability and traceability.
  • Regular backups: Automated daily backups with point-in-time recovery capability.
  • Security testing: Regular security assessments and vulnerability scanning.

7. Breach Notification

In the event of a personal data breach, we follow a strict incident response plan. We will notify affected organizations within 72 hours of becoming aware of a breach, as required by Article 33 GDPR. Notifications include the nature of the breach, likely consequences, and measures taken to address it.

8. Data Subject Rights

The Titanus platform is designed to help organizations fulfill data subject requests:

  • Data export: Organizations can export all their data at any time through built-in export functionality.
  • Data deletion: Complete data deletion is available upon request or automatically 30 days after account termination.
  • Data rectification: Users and administrators can update personal information directly through the platform.
  • Data portability: Data can be exported in standard, machine-readable formats.

9. Data Protection Officer

For any questions regarding data protection or GDPR compliance, please contact us at info@titanus.gr. We are committed to responding to all inquiries within 30 days.