Privacy Policy

1. Introduction

This Policy, which has been designed in accordance with the General Data Protection Regulation of the European Union (Regulation 2016/679) (“GDPR”), the relevant Greek legislation, including L. 4624/2019, and the Directives and Guidelines issued by the competent European and national authorities, has been implemented by the company under the trade name NYNN S.A., having its registered seat in Greece, at 60 Zefyrou Str., Palaio Faliro, 17564, with G.C.R. No. 182916001000 (hereinafter “our Company” or “we”). The Company’s website is www.nynn.co (the “Website”).

2. Who we are

We are a company operating in the lifestyle hospitality, entertainment and wellness sector, in which we develop and operate a diverse range of activities, from members’ clubs and resort hotels to retreats, entertainment-driven gastronomies and related concepts under the trade name “NYNN”. In this context, our Company is also the operator of the private lifestyle members’ club under the name House of NYNN (the “House of NYNN”) accessible only to members.

Our Company respects your privacy and is committed to protecting your personal data. We greatly appreciate the visitors – users of the Website, the applicants for becoming a member of House of NYNN or joining our team, the members thereof, and the users of our services, as well as the trust they display in our Company and we procure so that all the information they provide to us in order to receive our services is securely kept.

This Policy explains our practices and policies regarding the personal information we collect from you or for you through the Website and/or through written or oral communication with you and/or when you apply for becoming a member of House of NYNN and/or use the services provided by our Company through the Website or at the House of NYNN and/or when you enter into agreements with us (hereinafter the “Personal Data”) and the way, in which our Company, in its capacity as Data Controller, uses, collects, transfers, processes, discloses and protects your Personal Data.

If you have any question regarding this Policy, you may contact our Company via e-mail at ask@nynn.co. You can also contact our Data Protection Officer via e-mail at dpo@nynn.co.

3. Collection of Personal Data

Our Company collects your Personal Data in one of the following ways:

  • by visiting the Website, logging in, using the services of the Website or signing in the Website for upcoming events/newsletters from our Company;
  • by contacting our Company either through the Website or through another way of communication (written or oral);
  • by applying for becoming a Member of House of NYNN and by becoming a member thereof, as well as by registering for a product or service provided by our Company;
  • by using our Company’s services;
  • by entering into an agreement with our Company;
  • by making a payment for a product or service provided by our Company;
  • by operating CCTV within House of NYNN and within premises operated by our Company and collecting video footage and images;
  • through third parties within the context of co-operation with our Company and provision of information.

4. Types of Personal Data

Our Company may collect, store and process the following types of your Personal Data:

  • information you may provide in order to contact our Company, log in, sign in or apply for participating in upcoming events and generally (information you may provide) in order to use our Company’s services;
  • any other information you may choose to disclose to our Company (either through the Website or otherwise) which is pertinent to the fulfilment of your personal requests and fall within our scope of business. In this instance, this information may extend to your accompanying family members or guests;
  • any information you may disclose to our Company in the context of submitting an application for becoming a member of House of NYNN and/or for using our Company’s services in your capacity as a member of House of NYNN or for purposes of renewing your membership thereto;
  • any information you may disclose to our Company in the context of signing and performing an agreement with our Company;
  • information which our Company may receive by third parties within the context of co-operation and provision of information.

Particularly, the information that our Company may collect in the abovementioned ways refers to the following:

  • Personal data, such as name, last name, middle name, email address, telephone number, type and identification form number (e.g. passport, identity card), home address, date of birth, nationality, proof of address, photograph, profession, gender etc;
  • Financial data, such as credit card details (card type, credit card number, name referred in the card, expiration date and security code), bank account information and billing information, such as business card, credit card number, T.I.N. and Tax Office, if an invoice is requested, payments, payment methods, etc.;
  • Employment data, such as employment, position / title, employment location;
  • Family Details, such as personal details of family members, age of minor children, if necessary to proceed with the provision of our Company’s services;
  • Medical data related to your health, such as, indicatively, food and other allergies, mobility problems, medical certificates, which are collected and registered either at your request for your convenience or for purposes of ensuring that you safely use our Company’s services (e.g. usage of gym facilities);
  • Information regarding your usage of our Company’s services, such as information about how you use and interact with House of NYNN, including, indicatively, when you use our membership cards to check-in at, and check-out from, the House of NYNN, book a training session or add it to your schedule, reserve a conference room, schedule spa appointments, etc.;
  • Information you provide about your advertising preferences when participating in surveys, contests and promotions;
  • Video footage and images of you and others when you visit House of NYNN or other premises operated by our Company through the operation of CCTV (including your/their location and physical appearance);
  • Technical data: When you use the Website, we may collect information automatically, some of which may be Personal Data. These may include data such as language settings, IP address, location, device settings, device operating system, activity details, usage time, redirect URL, status report, user information (information about the version of the browser, how you use the Website and its services), the operating system, the browsing result and the browsing history, as well as other information collected through cookies and similar technologies, which are relevant to the analysis of your visit to the Website. For more information regarding data that are collected through cookies and similar technologies, please read our Cookies Policy at the following link [www.nynn.co/cookiespolicy].

We try to minimize the data we collect and to only process data that are absolutely necessary for the required purposes. We keep this data in a cloud-based database software tool located within data centers maintained in EU countries, the purpose of which is to enroll you in our private club and manage the business relationship with you, in accordance with the provisions of the data protection laws. For more information, please contact the DPO.

5. Purposes of Processing

The Company uses your Personal Data, as provided by law. We typically use your Personal Data in the following cases and for the following purposes:

i. providing the services you request, based on our contractual relationship. We use Personal Data to provide the services you have requested, including:

  • For the purpose of executing and performing an agreement / contract concluded or a contract to be concluded by our Company, for handling and processing your membership application, for the provision of our services to you, as well as to understand your needs and preferences, so that we can adapt our services accordingly;
  • Fulfillment of requests and management of your relationship with the Company: We can use the information we collect to satisfy your requests regarding the services we provide through the Website or whatsoever and to answer to your questions and requests;
  • Newsletters, alerts  and promotions: As part of your participation in this private lifestyle members’ club, it is essential for us to process your Personal Data, including your preferences and interests, in order to ensure your full engagement in the club’s activities. You may change your preferences any time through our website.
  • To complete and fulfill any purchases or requests for services, for example to process your payments or communicate with you regarding your purchase and provide you with related customer service;
  • To guarantee your membership fee to the House of NYNN, as well as the services associated with it; manage, process and settle any outstanding payments that may be due by you in exchange for the provision of our Company’s services; run credit limit reports to ensure that you do not exceed your credit limit during your membership to House of NYNN and during the provision of our services;

ii.based on your explicit consent, we process your Persona Data for the following purposes:

  • for the use of technologies such as cookies, information about you is automatically collected in accordance with the Website’s Cookies Policy for analytics, personalisation and/or advertising purposes. You can change your cookie options and withdraw your consent at any time through the Website’s Cookies Policy.
  • for the processing of your health data so that you safely use our Company’s gym and related facilities as per applicable legislation
  • for the processing of minor’s personal data through our platform.

iii. complying with our legal obligations, pursuant to the applicable legal and regulatory framework. We use your Personal Data for the following purposes:

  • legal procedures and compliance: In some cases we need to use the information provided, which may include Personal Data, to manage and resolve legal disputes or grievances, for regulatory investigations and compliance, or to implement the agreement (s) with you or to comply with lawful requests from law enforcement authorities, to the extent required by law (e.g. compliance of the Company with its legal or tax obligations), .

iv. based on our business legitimate interest, we process your data for

  • performing market research via surveys to better serve your needs and improve your experience in our club, improve the efficiency of our websites and our various means of communications, facilitate our advertising campaigns, and/or promotional activities
  • administering customer-care services to facilitate and address inquiries, comments and complaints about any of our services (such as in person, through phone lines, email, or on social media)
  • To safeguard and protect our legal interests, both ours and yours, as well as for the protection of people and goods with the establishment of a system of video surveillance;
  • Security, detection and fraud prevention: We use the information, which may include Personal Data, to prevent fraud and other illegal activities. We also use this information to investigate and detect cases of fraud. We may also use your Personal Data for risk assessment and security purposes, including user authentication. For these purposes, your Personal Data may be disclosed to third parties, such as law enforcement authorities, as permitted by applicable law, and to external consultants;

If we use automated personal data processors that have legal effects or that significantly affect you, we will take appropriate steps to protect your rights and freedoms, including the right to human intervention.

6. Processing of sensitive data

In some cases, we might process special categories of your Personal Data (“sensitive data”). For example, we may process your sensitive data if you have previously freely given your explicit, informed and special consent, in a specific context for a specific purpose (e.g. processing your health data  for ensuring that you safely use our Company’s gym and related facilities as per applicable legislation) without prejudice to your right to withdraw such consent at any time.

7. How long we keep your personal data

We retain your Personal Data, for as long as we deem necessary, for fulfilling the purposes for which your Personal Data were collected, providing our services, complying with applicable law, resolving disputes with various parties and whatever else may be required for the purposes of our business, including detecting and preventing fraud or other illegal activities. In addition, we will delete all your Personal Data if you have asked us not to contact you in the future. All Personal Data we retain are subject to this Policy. If you have questions about a specific retention period for certain types of Personal Data, please contact us at the contact details found in herein

8. Protection of your Personal Data

Our Company takes appropriate legal, organizational and technical measures in order to protect your Personal Data in accordance with the applicable legislation for privacy and data security. Our Company implements various security technologies and procedures in order to protect your Personal Data from any illegal destruction, loss, misuse or modification, as well as against any unauthorized or illegal processing, use or disclosure.

9. Who we share your data with

Employees of the Company, who are responsible for the administration of the memberships to the House of NYNN and for the provision of our services will only have access to your Personal Data, which are relevant to their function. Our relationship to them is governed by binding rules concerning confidentiality and their liability for the use of such Personal Data.

We may disclose your information to third-party service providers including, for example, companies that provide website hosting, data analysis, payment processing, order fulfillment, activities and food & beverage booking, information technology and related infrastructure provision, customer service, email delivery, marketing, auditing and other services. When we use third party service providers, we only disclose to them Personal Data that are necessary for them to provide their service, and we have a contract in place that requires them to keep your Personal Data secure and not to use them other than in accordance with our specific instructions. We have a data processing agreement in place with such third parties to ensure that your Personal Data are not compromised. Third parties are obliged to implement appropriate technical and organizational measures to ensure the security of your Personal Data. We may also disclose your Personal Data to third parties, such as lawyers, consultants and insurance companies in order to defend and exercise our rights.  We may disclose your data to respond to requests from public and government authorities, including authorities outside your country of residence and to meet national security or law enforcement requirements and to allow us to pursue available remedies or limit the damages that we may sustain.

10. Non-Disclosure of your Personal Data to Third Parties

Without prejudice to any contrary provision in this Policy, our Company bounds:

(1) not to sell, rent or otherwise publish or disclose your Personal Data to any third party and

(2) not to disclose your Personal Data to third parties (individuals or legal entities) unless:

a) you have provided explicit written consent and (i) the third party (individual or legal entity associate/ supplier/ service provider of our Company) has provided sufficient guarantees in respect of the technical and organizational measures governing the processing to be carried out and (ii) the third party (individual or legal entity associate/ supplier/ service provider of our Company) has entered into a written contact with our Company which imposes on the third party obligations identical to those imposed on us under the provisions of Personal Data protection legislation;
b) it is required for our Company’s compliance with the respective legislation and only to any competent tax authority, public prosecutor, police, criminal investigation and judicial authorities in response to their requests;
c) in connection with any legal/judicial proceedings or prospective legal/judicial proceedings;
d) for the purposes of establishing, exercising, defending or executing our legal rights and legal interests–including information to regulatory, prosecution οr other authorities for the purposes of fraud prevention and anti-counterfeiting, unauthorized use and illegal activities.

When we transfer your Personal Data in third countries outside the European Union, we ensure that data processors based in such third countries meet an adequate level of protection pursuant to the GDPR (as evidenced, inter alia, by virtue of an adequacy decision by the Commission, according to which the third country in question ensures an adequate level of personal data protection, or other appropriate safeguards) and comply with the requirements set out by the CJEU, as well as the new standard contractual clauses for data transfers between EU and non-EU countries, issued by the European Commission (Commission Implementing Decision (EU) 2021/914 of 4 June 2021). In the case of transfers of personal data by virtue of standard contractual clauses or other appropriate safeguards, a copy thereof can be requested at the email address found herein. We remain up to date with new developments in this area and comply with any new legislation and case law.

11. Your Rights

You shall have the following rights, as specified by the provisions of GDPR and the applicable legislation which implements or supplements GDPR or otherwise is related to the processing of individuals’ Personal Data together with the binding directives and Codes of Practice issued from time to time by the respective supervisory authorities:

(a) The right to be informed and the right of access
You shall have the right to be informed about the processing of your Personal Data by our Company, as well as the right of access to your Personal Data and the information relating to their processing and the right to obtain a copy of your Personal Data undergoing processing.

(b) The right to rectification
You shall have the right to obtain from our Company the rectification or completion of your Personal Data, if your Personal Data are inaccurate or incomplete.

(c) The right to erasure
You shall have the right to obtain from our Company the erasure of your Personal Data. We shall satisfy your requestwhere one of the following grounds applies:

  • the Personal Data are no longer necessary in relation to the purposes for which they were collected;
  • you withdraw your consent and there is no other legal ground for the processing;
  • you exercise the right to object to the processing (see below (f)) and there are no overriding legitimate grounds for the processing;
  • your Personal Data have been unlawfully processed;
  • your Personal Data have to be erased for compliance with a legal obligation.

Kindly note that this right of erasure does not include any data we are obliged to keep for administrative, legal, tax, or security purposes.

(d) The right to restriction of processing
You shall have the right to obtain from our Company restriction of processing. We shall satisfy your request where one of the following applies:

  • when you contest the accuracy of your Personal Data, for a period enabling us to verify the accuracy of your Personal Data;
  • when the processing is unlawful and you oppose to the erasure of your Personal Data and request the restriction of their use instead;
  • you exercise the right to object to the processing (see below (f)) pending the verification from our Company whether the legitimate grounds for the processing override your interests, rights and freedoms.

(e) The right to data portability
You shall have the right to receive your Personal Data in a structured, commonly used and machine-readable format, as well as the right to request to transmit those data to you or another controller that shall proceed to their processing.

(f) The right to object
You shall have the right to object to

  • the processing of your Personal Data by our Company for our legal interests or legal interests of third parties;
  • the processing of your Personal Data for direct marketing purposes;
  • the processing of your Personal Data for statistical purposes;

For any question you may have or in order to exercise all the above-mentioned rights you may contact our Company either (a) through the respective contact form or by sending an e-mail to the following e-mail address ask@nynn.co or (b) at the contact details found herein

You are also entitled to withdraw at any time the consent you have provided regarding the processing of your Personal Data (without retroactive effect) following one of the aforementioned ways.

(g) The right to lodge a complaint
In case you believe that we have not adequately satisfied your request and that the protection of your personal data is in any way affected, you may lodge a complaint via a dedicated portal to the Personal Data Protection Authority (Athens, 1-3 Kifissia Avenue, PC 115 23 | tel. +30 210 6475600). Detailed instructions for filing a complaint are provided on the Authority’s website.

12. Minors

House of NYNN offers membership options for minors under the age of 18 (“Minors”), subject to the condition that registration is completed by a parent or legal guardian who is an active Member. Any personal data of Minors is collected and processed solely for the purposes of membership administration, safety management, and the provision of services specifically tailored to minors, in accordance with applicable data protection legislation.

We only collect personal data of Minors with the verified consent of a parent or legal guardian. This includes the Minor’s name, age, date of birth, gender and relevant health or access preferences necessary for safe use of our facilities and services.

Parents or guardians are responsible for managing the Minor’s access and use of our services through the designated online registration platform. The supervising parent or guardian retains full responsibility for the Minor’s presence and conduct at our premises.

13. Third-party links

The Website may include links to third-party websites (such as indicatively websites operated by Workable Technology Limited, Peoplevine Inc. and Book4Time Inc., their parents, subsidiaries and affiliates, whose privacy policies can be found on each of their websites respectively), plug-ins and applications or include third party websites. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. This Policy does not apply to these websites, we do not control and we are not responsible for the privacy policies or practices of such websites or for their privacy statements. When you choose to visit a linked website, our Company is not responsible for the availability of this website and ag does not control or is responsible in any way whatsoever for the way in which your Personal Data are addressed in these websites, the content of such websites and the use of such websites from other individuals.

Embedded content: Articles on the Website may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor of the Website has visited the other website. These websites may collect data about you, use cookies, embed additional third-party tracking and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and you are logged in to that other website.

When you leave the Website, we encourage you to read the privacy notice of every website you visit so you understand how they will process your Personal Data.

This Policy does not in any way cover the relations between you as users of the Website and any services and practices that are not subject to the control of the Company and / or owned by the Company. In view of the nature and the great amounts of information on the internet, the Company shall not be responsible in any case, including, without limitation, in cases of the Company’s negligence, for any kind of damages sustained by you who use the sites, services, selections and contents of the Company’s Website on your own initiative and being aware of the terms of this Policy.

14. Applicable Law

The processing and protection of your Personal Data is governed by the terms of this Policy, the provisions of GDPR and the applicable Greek legislation which implements or supplements GDPR or otherwise is related to the processing of individuals’ Personal Data together with the binding guidelines and  decisionsissued from time to time from the respective supervisory authorities (e.g. the European Data Protection Board and the Hellenic Data Protection Authority).

15. Changes in this Policy

Our Company reserves the right to update this Policy from time to time and post the most up-to-date version on the Website at any time without announcement. If substantial changes have been made our Company reserves the right to either post on the Website a relevant announcement relating to the amendments or inform you by sending a notification via e-mail and/or SMS. We encourage you to check the Website at regular intervals in order to verify whether there have been any amendments, as well as to review from time to time this Policy in order to keep informed about the way in which our Company protects your Personal Data.

It is important that the Personal Data we hold about you is accurate and current. Please keep us informed if your Personal Data changes during your relationship with our Company.

This Policy was last updated on 8/7/2025.