Skip to main content

Don't miss this deal! Join our newsletter to receive 10% OFF.

MILQERSRULE9

MILQ Privacy Policy

 

(Last updated: January 2026)

 

At MILQ, we want you to know and have control over which data you share with us and how we use it. This text (referred to as the Privacy Policy) explains, in clear and simple terms, what data we collect and how we use it. Its purpose is to help you stay informed and decide which data you wish to share with us and in what way.

 

1. Data Controller

 

“MILQ P.C.”, with VAT No. 802910054 and G.E.MI. No. 185121301000, having its registered office at 6 Thrakis Street, 145 68 Kryoneri, Attica (hereinafter “MILQ”, “we”, or the “Company”), acts as Data Controller pursuant to the GDPR and Greek Law 4624/2019 for the personal data collected through the website www.milq.gr and the MILQ App.

 

2. What Data We Collect

 

When you browse or use our services, we may collect:

  • Identification Data: full name, MILQ username, etc.

  • Contact Details: email address, telephone number, postal address.

  • Transaction Data: products, amounts, IBAN (for refunds), orders placed through the “MILQ Cart”.

  • Cookies & Analytics Data: IP address, geographic location, device type, advertising identifiers, behavioural data via MILQ Analytics.

  • User-Generated Content (UGC): reviews, photos, videos, comments.

  • Call Recordings: where permitted by law and with consent (e.g. for quality training).

  • Geolocation Data: approximate or precise location (e.g. via GPS or IP), where the user provides consent, for the purpose of displaying nearby products and stores.

 

MILQ does not store full payment card details. Payments are processed in a secure environment of the National Bank of Greece (NBG).

 

3. Legal Bases & Purposes of Processing

 

Legal basis Examples of processing
Contract Member registration, account management, orders via the “MILQ Cart”.
Legitimate interest Platform security, fraud prevention, basic usage statistics, and service improvement (R&D).
Legal obligation Cooperation with authorities, responding to GDPR requests, DAC7 reporting.
Consent – Use of geolocation data to display nearby products and stores.
– Marketing cookies and promotional communications.  
– Call recording for training purposes, where applicable.  

Geolocation Data: approximate or precise location (e.g. via GPS or IP), where the user provides consent, for the purpose of displaying products and stores located nearby.

 

4. Cookies & Local Storage

 

MILQ uses cookies in accordance with the Cookies Policy. You may modify your preferences at any time:

  • Website: “Manage Cookies” link in the footer.

  • App: Profile > Privacy & Terms > Privacy Settings.

 

5. With Whom We Share Data

 

Indicative categories of recipients:

  • Hosting & cloud service providers (e.g. AWS, Microsoft Azure).

  • Payment service providers (MILQ does not store or process full payment card details; payments are processed in a secure environment of the National Bank of Greece (NBG)).

  • Courier companies & cooperating stores for order fulfilment.

  • Analytics & marketing platforms (Google, Meta) – using EU Standard Contractual Clauses.

  • Supervisory / regulatory authorities (upon lawful request).

 

Processing Roles – MILQ and Cooperating Stores

 

MILQ acts as Data Controller for personal data collected and processed in the context of operating the platform, such as account creation, order management, returns, customer support, platform security, and compliance with legal obligations.

Cooperating stores act as independent Data Controllers for the personal data they receive in order to perform the sales contract (e.g. invoicing, shipping, and after-sales support). Such processing is governed by each store’s respective privacy policy.

Cooperating stores receive from MILQ only the data strictly necessary for order fulfilment and issuance of lawful fiscal documents.

 

6. Data Retention Period

 

  • User account: until deletion.

  • MILQ Cart transaction data: up to 5–10 years for tax purposes.

  • MILQ Analytics cookies: deleted after 15 days; anonymised statistics retained for up to 2 years.

  • Call recordings: up to 6 months; training recordings up to 2 months.

 

7. Use of Geolocation

 

MILQ may request permission to access a user’s device geolocation data solely to improve the browsing experience, such as displaying products and stores closer to the user’s location.

Granting access to geolocation data is optional. Users may continue to use the platform without enabling geolocation; however, certain nearby-store features may be unavailable or based on general location data.

Users may withdraw or modify their consent at any time through their device settings or their account privacy settings.

 

8. Your Rights

 

8.1 Rights

 

Access • Rectification • Erasure • Restriction • Data Portability • Withdrawal of consent

 

To exercise your rights, you may contact our team at privacy@milq.gr (or by post at the Company’s address). We respond within one (1) month (possible extension of up to +2 months).

 

8.2 Right to Object (Article 21 GDPR)

 

Where the processing of personal data is based on MILQ’s legitimate interest, the user has the right to object at any time to such processing for reasons relating to their particular situation. MILQ will cease processing unless it demonstrates compelling legitimate grounds that override the interests, rights, and freedoms of the user, or for the establishment, exercise, or defence of legal claims.

 

9. Transfers of Data Outside the European Union

 

Some of MILQ’s service providers may be located or process data outside the European Union or the European Economic Area (EU/EEA). In such cases, MILQ ensures that transfers are carried out in accordance with Articles 44 et seq. of the GDPR, using appropriate safeguards such as the European Commission’s Standard Contractual Clauses or adequacy decisions, where applicable.

 

10. Security

 

We apply TLS encryption, PCI-DSS standards for card payments, role-based access controls, regular penetration testing, and incident response policies.

 

11. Complaints and Information

 

If you believe that your rights are being infringed, you may contact:

 

Hellenic Data Protection Authority (HDPA)
1–3 Kifisias Ave., 115 23 Athens
www.dpa.gr

 

For more information regarding the use of cookies or any questions about this Privacy Policy, please contact us at privacy@milq.gr.