O L Y M P I A C O S   1 9 2 5
O L Y M P I A C O S   1 9 2 5

Privacy Policy

Olympiacos FC (henceforth, “the FC” or “we”) takes very seriously the issue of protecting privacy of our website users (henceforth “you”) and makes all efforts possible to comply seamlessly with the applicable National and European Legal and Regulatory Framework on the protection of personal data.

  1. Scope

This Policy intends to describe the type of personal data we collect when you access our webpage, the reasons why we collect and process said data, the legal basis of their processing, as well as your rights as data subjects, in compliance with our transparency and consent obligations as provided by the General Data Protection Regulation (henceforth “GDPR”) and Greek law 4624/2019.

The FC reserves the right to amend and adjust this Policy, whenever deemed necessary, whereas any amendment shall take effect upon its communication to you by e-mail, or posting on the Internet, or by any other means the FC considers appropriate.

This Policy is to be read along with our webpage terms of use, which govern the use of our digital services. You may read our webpage terms of use on https://www.olympiacos.org/oroi-chrisis/.

  1. Data Collected

    While simply browsing our webpage:

The FC automatically collects data relating to the device you use to visit our webpage (“log data”). This data may include information, such as the IP Address you used to connect your device on the Internet, your web browser and its version, the URL, pages you visited, services or products you searched for, time and date of your visit, the time spent on these pages and other statistical information. For more, you may read the FC’s Policy on Cookies on https://www.olympiacos.org/politiki-cookies/.

While filling in the appropriate feedback form:

In case you use our webpage’s feedback form, the FC processes personal data completed by you and may include:

  • Your Name
  • Your Surname
  • Your e-mail
  • Your comment/message that you send to us

The abovementioned personal data are used exclusively and solely for the purposes of replying to your comment/message.

The personal data you provide us with via filling the relevant feedback form in, is processed by the FC until our final reply to your comment/message and stored in our database, only on the grounds of the establishment, exercise or defense of the FC’s legal claims.

When subscribing to our newsletter:

When you subscribe to our newsletter, we process the following personal data, in order to have the newsletter sent to you specifically:

  • Your Name
  • Your Surname
  • Your Cellphone number
  • Your email address

To subscribe to our newsletter, you have to be more than 15 years-old, which you will have to confirm when subscribing.

Subscribing to our newsletter is possible only subject to your consent. You may unsubscribe from our newsletter at any time via the link found at the end of our newsletter or by emailing us at info@olympiacos.org.

We use the above personal data of yours, in order to keep you posted on Club news and competitions, tickets and various actions and/or events and/or offers of new products and services by us and/or our official sponsors and partners, whom you may browse on our webpage.

The FC receives the above personal data by no other but you following your subscription to our newsletters and only subject to your consent.

When using add-ons (social plug-in)

The FC’s webpage uses social media plug-ins, such as Facebook, Twitter, Youtube, Instagram, Tik Tok and Viber, indicated with the relevant symbol.

When clicking on the symbol, your browser creates a direct link to the servers of above social networks. The add-on’s content is directly transmitted from the social network to your browser and integrated in the webpage. After embedding the plug-in, the social network receives that information accessed by the browser on our website’s relevant page, even if you have no account in this social network or you are not logged in. This information (including the IP Address) is transmitted by your browser directly a social network’s server that might be located in a third country (i.e. in countries outside the European Union and the European Economic Area) and stored there.

In case you are logged in with the respective social network, then by activating the plug- in, you will connect to our webpage directly via your personal account in the social network. If you are using this network, then, e.g. by clicking the “Like” button on Facebook or when writing a comment on Instagram, this information is also sent to a server of this social network and stored there. Said information will appear on the social network and be visible to your contacts therein. The social network may use said information for advertising, market research and webpage design based on user requirements. If you do not wish for the social network to collect you data and relate them to your profile when visiting our webpage, you have to log out before visiting our webpage.

For more details on the purposes and extent of data collection and further process and use by the social network, as well as your rights and deactivation options to protect your personal privacy, we advise you to read carefully the respective Personal Data Protection Policies of social networks and adjust settings on protection of your personal data according to your personal account’s requirements.

  1. Purposes of processing

The FC collects and processes your personal data mentioned above, for the following purposes:

  • To provide you with information following your request.
  • To send you information on Club news, competitions, tickets and various actions and/or events and/or offers of new products and services by us and/or our official sponsors and partners, subject to your prior consent.
  • To personalize and improve your experience with our digital platforms.
  • Toreview, improveandconfigurethesuggestedproductsandservicestoyourpreferencesandoptions.
  • For customer profiling and market research.
  • To establish, exercise or defend the FC’s legal claims
  • To comply with its obligations as provided by applicable laws.

The FC collects and processes your personal data exclusively and solely for the abovementioned purposes and solely to the extent necessary for effectively serving them. This data is relevant, appropriate and adequate for the above purposes; moreover, they are accurate and, if needed, subject to update.

  1. Legal basis

The FC legally processes your personal data and for every processing instance carried out, one of the following legal basis applies:

(a) Processing is necessary for the purposes of the legitimate interests of the FC.

As specified in GDPR, article 6, par.1 (f), the FC may process personal data when said processing “is necessary for the purposes of the legitimate interests pursued by the FC, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data”.

In fact, establishment, exercise or defense of the FC’s legitimate claims is a telling example of a legitimate interest pursued by the FC to fulfil successfully its corporate goals.

(b) You provide us with your consent to process your personal data.

OLYMPIACOS FC, should it first secure your consent by opt-in, may process your personal data, in order to send informational or promotional material on various actions and/or events and/or offers and promotional actions by the Club, its sponsors and/or its partners, that may be of interest to you and better serve your needs.

(c) Processing is necessary for the FC’s compliance with its legal obligations

The FC is obliged to comply with various obligations deriving from the applicable legal framework. As specified in GDPR’s article 6, par. 1 (c), the FC may process personal data when said processing “is necessary for the FC’s compliance with its legal obligation”.

  1. Storage period

The FC maintains your personal data according to applicable legal provisions and only for the period required to fulfil its purposes as mentioned in previous Sessions or for the period required by law or for purposes of defending the FC against possible litigations on claims. If the purpose for which personal data has been collected is met and this is mentioned in this privacy policy and after the storage period elapses, the FC erases said data.

  1. Information Security

Processing of personal data by the FC is performed in a way that secures its privacy. In particular, it is performed exclusively and solely by mandated FC staff, whereas all proper organizational and technical measures are taken to secure and protect data from accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data transmitted, stored or otherwise processed. The FC uses most sophisticated and state of the art methods to ensure maximum data security.

Despite the fact that the FC responds appropriately to safeguard confidentiality, integrity and availability of your personal data, online data transfer via the internet is never totally safe. Henceforth, the FC may not guarantee its security when transmitted via any electronic means, so the sender is responsible for any such kind of data transfer.

  1. Transmission to third parties

In no way does the FC transmit the webpage users’ personal data against fee to any third private entities, natural or legal persons, public authorities or agencies or other organizations.

The FC may provide access or transmit your personal data to third service providers who, on behalf of the Company, perform several functions, (including site security and insurance) and to external consultants, partners, lawyers, accountants, auditors and providers of technical and and IT consultants.

Processing of personal data by the above providers working with us is performed under our control and only subject to our mandate and is governed by the same privacy protection policy or a policy of the same level of protection.

Moreover, the FC may transmit your data in the context of its statutory obligations to:

  • Tax, auditing and other public authorities when we consider, in good faith, that the Law or other statutory act obliges us to grant access or transfer this data.
  • Police or other competent law enforcement agencies or administrative authorities, if so required by Law or any other legally implementing act or mandate.

Any transmission of your data to third countries not belonging to the European Economic Zone (i.e. non-EU member states, Norway, Iceland and Lichtenstein) will be performed in compliance with the legal framework on data protection and only if adequate guarantee of data protection is provided.

Moreover, our webpage may include links to other webpages not operated by us. If you click on a third party link, then you will be directed this third party’s webpage. We recommend that you read the Terms and Conditions, as well as the Privacy Policies of all third party webpages or services you visit. The FC has no control on and assumes no responsibility for the contents, privacy policies or other practices of any third party webpages/websites or services.

  1. Storage

Your personal data is stored in servers located in countries that belong to the European Economic Zone and not transferred to third countries (non-EU/EEZ countries).

The EEZ countries are considered to offer the same level of personal data protection with Greece. In case the FC transfers your personal data outside the EZZ, it has to inform you by law for the scope of said transfer and to provide you with all proper guarantees for the protection of the personal data transferred.

  1. Your rights as Data Subjects

One of GDPR’s main principles is the protection of the rights of natural persons with respect to their personal data processing. In this context, you have a set or rights pertaining to your personal data under process by the FC. In particular and according to the GDPR, you have the right:

  • Of being informed, of access, to rectification and to erasure. At any moment, you may ask to be informed on the personal data that the FC keeps on you and ask for their amendment, rectification, update or erasure of said information. Perhaps, we may ask you some additional information in order to process your request; however, if we grant you access to the information we keep on you, this will be done free of charge, unless your request is “manifestly unfounded or excessive”. If you request more copies of this information by us, then we may charge you with a reasonable fee based on administrative costs. If we have the legal right to refuse to act on the request, in case of such refusal, we will inform you on the grounds of said refusal.
  • To object: You may object at any moment to processing your personal data, mainly when such processing is performed for reasons of the FC’s legitimate interests. If said processing is performed to serve its legitimate interests, the FC shall comply with your objection and cease this processing, unless the FC may demonstrate compelling and legitimate grounds for the processing, that override your interests, rights and freedoms or said processing is performed to establish, exercise or defend the FC’s legal claims.
  • Restriction of processing: In some cases, you have the right to “ban” or to preclude any further use of your personal data. In fact, this means that we may store your data but we will not be able to process them anymore, unless said processing takes place with your consent or said processing is necessary for the establishment, exercise or defend of the FC’s legal rights, or for the protection of another person or for reasons of public interest. We maintain lists of people that have asked us to preclude future processing of their personal data to make sure that this limitation will be observed in the future.
  • To Data Portability: You have the right to transfer your personal details to other controllers. In practice, this means that you may transfer all information we keep on you to any third person. To support you exercise this right, we provide you with your data in a structured, commonly used and machine-readable format, so that you may transfer them to any other controller. Else, we may send this data directly to your account. The right to data portability applies (a) for data we process automatically, i.e. with no human intervention), (b) for personal data provided by you, (c) for personal data we process based on your consent or whose processing is necessary to perform a contract.
  • To lodge a complaint with competent authorities: You have the right to lodge a complaint with the competent supervisory authority, which, for Greece, is the Hellenic Data Protection Authority (“HDPA”). You may contact the HDAP in the following ways: (a) Postal Address: Hellenic Data Protection Authority, Offices: 1-3, Kifissias Ave. P.O. 115 23, Athens, (b) Call center: +30-210 6475600, (c) Fax: +30-210 6475628, (d) Email: contact@dpa.gr.
  • Withdrawal of consent. In the cases that processing your personal data is performed on the basis of your prior consent, you have the right to withdraw this consent at any time; the FC will cease this activity which you have consented to before, unless there is an alternative legal basis that justifies further processing of your data for this purpose, in which case we shall inform you about.
  1. Controller

The FC acts as your personal data Controller. Details of the Controller are the following:




Distinctive title: OLYMPIACOS FC
General Electronic Commercial Register No.: 44327807000
Tax ID: 094079531 Tax Office: FAE Piraeus
Seat: Alexandras Sq., P.O. 18534, Piraeus, Attika
Legal representative: DIMITRIOS AGRAFIOTIS
Data Protection Officer: Liza Kostarlidou
Telephone:   2169002520-2
Fax:     2169002519
E-mail:  Kostarl.liza@gmail.com

Questions? If yes, then contact us!

If you have any question on this Notification, please contact our Data Protection Officer.


‘General Data Protection Regulation (GDPR)’ – an EU Regulation that intends to harmonize European Legislation on protection of personal fata. It shall take effect on May 25th, 2018, and every reference to it must be construed in a way that also includes national implementing laws.

‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;.

‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

‘sensitive personal data’ means personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, physical and mental health, genetic and biometric data concerning a natural person’s sex life or sexual orientation and data relating to criminal convictions and offences. Because of the nature of sensitive personal fata, legislation is much stricter with the way this data should be processed. The Company processes sensitive personal data only in accordance with the law.

‘personal data breach’ means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed; .

‘restriction of processing’ means the marking of stored personal data with the aim of limiting their processing in the future;

‘controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;

SUBSCRIBE TO OUR NEWSLETTER All the latest news from our team in your e-mail I wish to receive Club newsletters, updates on competitions, new products and services, ticket distribution and offers by official sponsors and partners of Olympiacos FC; ; I have also read and accepted the terms of use.
This website uses cookies and in some cases, third-party cookies for marketing purposes and to provide improved services in line with your preferences. By clicking OK or by continuing to browse our website you agree to our use of cookies in accordance with our Cookies Policy. View our Cookies Policy by clicking here.