Add 4 or more clothing items — take 50% off your cart.

2025-2026 Collection is Here.

Free Exchanges & Returns

Delivery Anywhere in Greece, Cyprus & Bulgaria.

WOMENMENKIDS
BRANDS

Privacy Policy

This Privacy Policy explains how Sport Cafe S.A. collects, uses, stores, and protects your personal data across our websites and applications. We are committed to full compliance with the EU General Data Protection Regulation (GDPR) – Regulation (EU) 2016/679.

1. Data Controller

Sport Cafe S.A.
Registered in Greece
Website: www.sportcafe.gr

This policy applies to all Sport Cafe S.A. digital platforms, including:

  • sportcafe.gr – Public e-commerce website for customers
  • intranet.sportcafe.gr – Internal employee intranet portal
  • Sport Cafe mobile application for iOS (App Store) and Android (Google Play)

2. What Personal Data We Collect

2.1 Customers (sportcafe.gr & Mobile App)

  • Full name, email address, phone number, billing and delivery address
  • Order history, purchase preferences, wishlist items
  • Account login credentials (encrypted)
  • Payment data: processed securely via Stripe — we do not store full card numbers (see Section 6)
  • Device information, IP address, browser type, operating system
  • Cookies and similar tracking technologies (see Section 9)
  • Communications with our customer support team

2.2 Employees (intranet.sportcafe.gr & Employee Mobile App)

  • Full name, employee ID, work email, department, role, and store location
  • Login credentials and access logs to the intranet system
  • Device identifiers for company-managed or registered devices (iOS/Android)
  • Attendance records, task completion, and system usage data
  • HR-related documents where applicable (handled under separate HR policies)

3. Legal Basis for Processing

We process your personal data only when we have a valid legal basis under GDPR Article 6:

  • Contract performance – Processing orders, managing accounts, delivering purchases
  • Legal obligation – Tax records, fraud prevention, regulatory compliance
  • Legitimate interests – Website security, internal analytics, fraud detection
  • Consent – Marketing communications, non-essential cookies (you may withdraw consent at any time)
  • Employment contract / legal obligation – For employee data processed on the intranet

4. How We Use Your Data

4.1 Customer Data

  • Processing and fulfilling your orders (Greece, Cyprus, Bulgaria)
  • Sending order confirmations, shipping updates, and invoices
  • Managing your customer account
  • Providing customer support
  • Sending marketing emails or push notifications (only with your consent)
  • Improving our website and mobile application performance
  • Complying with legal and tax obligations

4.2 Employee Data

  • Providing access to internal tools, systems, and communications via intranet.sportcafe.gr
  • Managing employee records, schedules, and store operations
  • Ensuring system and data security
  • Compliance with Greek labor law and EU employment regulations

5. Data Sharing and Third Parties

We do not sell your personal data. We may share data with trusted third parties only where necessary:

  • Stripe, Inc. – Payment processing. Stripe is PCI-DSS Level 1 certified and complies with GDPR. See stripe.com/privacy
  • Shipping & courier partners – Name, address, and phone for delivery purposes only
  • Hosting and cloud providers – Subject to EU Standard Contractual Clauses (SCCs) where applicable
  • Analytics providers – Aggregated or anonymised data only (e.g., Google Analytics with IP anonymisation enabled)
  • Legal authorities – Only when required by law or court order
  • Apple Inc. / Google LLC – Our iOS and Android apps are distributed via Apple App Store and Google Play Store. Apple and Google may process certain technical and device data per their own privacy policies when you download or use our app

6. Payment Processing via Stripe

All payment transactions on sportcafe.gr and the Sport Cafe mobile app are processed by Stripe, Inc., a third-party payment processor. When you make a purchase:

  • Your card details are entered directly into Stripe’s secure, encrypted form
  • Sport Cafe S.A. does never see, store, or have access to your full card number, CVV, or PIN
  • Stripe stores a tokenised reference that we use solely to process refunds or repeat transactions you authorise
  • Stripe is certified to PCI Service Provider Level 1 — the highest level of certification available in the payments industry
  • Stripe processes data in accordance with GDPR. For details, visit: https://stripe.com/privacy

7. Data Retention

  • Customer order data – Retained for 10 years to comply with Greek tax law (Law 4308/2014)
  • Customer accounts – Retained as long as the account is active, or up to 3 years after last activity
  • Marketing consent records – Until you withdraw consent, then deleted within 30 days
  • Employee data – Retained for the duration of employment plus up to 5 years post-employment, unless otherwise required by law
  • Server & access logs – Retained for up to 12 months for security purposes

8. International Data Transfers

Your data is primarily processed within the European Economic Area (EEA). Where we use third-party providers (such as Stripe or Google) that may process data outside the EEA, we ensure appropriate safeguards are in place, including:

  • EU Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions where applicable
  • Compliance certifications (e.g., Stripe’s EU data processing addendum)

9. Cookies

We use cookies and similar technologies on sportcafe.gr and in our mobile app. Cookie types:

  • Strictly necessary cookies – Required for the site to function (shopping cart, login session). No consent required.
  • Performance / analytics cookies – Help us understand how visitors use our site (e.g., Google Analytics). Require your consent.
  • Marketing cookies – Used to deliver relevant advertisements. Require your consent.

You can manage your cookie preferences at any time via our cookie consent banner on the website, or through your browser settings. Withdrawing consent will not affect previous lawful processing.

10. Mobile Application – iOS & Android

The Sport Cafe app is available on the Apple App Store and Google Play Store. When using the app, we may collect:

  • Device type, operating system version, and app version
  • Push notification token (if you opt in to notifications)
  • Crash reports and app performance data (anonymised)
  • Location data only if you explicitly grant permission (e.g., to find nearby stores)

We do not access your contacts, microphone, camera, or any other device feature without your explicit permission. You can revoke any permission at any time in your device settings.

Apple and Google’s data practices are governed by their own privacy policies:
Apple Privacy Policy  |  Google Privacy Policy

11. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction, including:

  • HTTPS / TLS encryption across all websites and APIs
  • Encrypted password storage (bcrypt hashing)
  • Role-based access control (RBAC) for staff and intranet users
  • Regular security audits and vulnerability assessments
  • Data minimisation and pseudonymisation where possible

12. Your Rights Under GDPR

As a data subject under EU GDPR, you have the following rights:

  • Right to access – Request a copy of the personal data we hold about you
  • Right to rectification – Correct inaccurate or incomplete data
  • Right to erasure (“right to be forgotten”) – Request deletion of your data where no legal obligation requires us to retain it
  • Right to restriction of processing – Ask us to limit how we use your data
  • Right to data portability – Receive your data in a structured, commonly used, machine-readable format
  • Right to object – Object to processing based on legitimate interests or for direct marketing purposes
  • Right to withdraw consent – At any time, without affecting prior lawful processing
  • Right to lodge a complaint – With the Hellenic Data Protection Authority (HDPA): www.dpa.gr

To exercise any of these rights, contact us at: [email protected]

We will respond within 30 days of receiving your request, as required by GDPR.

13. Children’s Privacy

Our services are not directed at children under the age of 16. We do not knowingly collect personal data from children under 16. If you believe a child has provided us with personal data without parental consent, please contact us immediately at [email protected] and we will delete the data promptly.

14. Changes to This Policy

We may update this Privacy Policy from time to time. When we make significant changes, we will notify you via email (for registered customers) or a prominent notice on our website and app. The “Last updated” date at the top of this page will always reflect the most recent version.

15. Contact Us

For any questions, requests, or concerns regarding this Privacy Policy or your personal data:

Sport Cafe S.A.
Website: www.sportcafe.gr

Follow us
SCROLL
Bestsellers:
Your Cart 0
RECENTLY VIEWED 0
WOMEN
MEN
KIDS
TOP WOMENS CATEGORIES
TOP MENS CATEGORIES
TOP KIDS CATEGORIES
ALL ESHOP ITEMS

Have a Question?
Get connected now via data, for free.

LoginRegister

Find A Store Near You