Personal Data Protection Policy
Last updated: June 2026
1. Introduction
This policy explains how Themelio, operated by GRNET, processes your personal data when you use the platform, in accordance with Regulation (EU) 2016/679 (GDPR) and applicable national law.
2. Data we collect
Account & identity data provided by your federated identity provider (e.g. name, email, affiliation) when you sign in.
Usage data such as repositories, deployments, and activity needed to operate the service.
Technical data such as logs and network metadata collected to secure and optimise the platform.
3. Purpose of processing
We process personal data to provide and secure the platform, authenticate users, manage resource quotas, comply with legal obligations, and improve the service. Processing is based on the performance of our service to you and our legitimate interest in operating it securely.
4. Retention
Personal data is retained only for as long as necessary to fulfil the purposes above or as required by law, after which it is deleted or anonymised.
5. Sharing with third parties
We do not sell your personal data. Data may be shared with the identity providers and infrastructure operators strictly necessary to deliver the service, and with authorities where required by law.
6. Your rights
Under the GDPR you have the right to access, rectify, erase, restrict, and port your personal data, and to object to its processing. You may also lodge a complaint with the competent Data Protection Authority.
7. Contact
For any data-protection request or question about this policy, please contact the GRNET Data Protection Officer at dpo@grnet.gr.