Last updated: 30 May 2026
Connectoras is designed GDPR-native. When we process business data on your behalf, we act as Data Processor and you act as Data Controller, on the basis of a Data Processing Agreement (DPA).
Core principles
- EU Cloud: hosting and processing within the European Union.
- Tenant isolation: per-customer data separation.
- Minimisation: we process only the data required for the service.
- Encryption: in transit (TLS) and role-based access controls.
- Audit logging: recording of actions, especially for the AI/MCP operations.
Data Processing Agreement (DPA)
We provide a DPA under Art. 28 GDPR for business customers. Request it at info@steel.gr.
Sub-processors
We use selected sub-processors (EU hosting, payments, email/SMS, AI services) under contractual confidentiality and security commitments. A full list is available upon request.
AI & Data
AI/MCP operations are carried out with controlled access to your ERP data, with logging and without using your business data to train third-party models without consent.
Data breaches
In the event of a security incident, we notify without undue delay in accordance with Art. 33–34 GDPR.
Exercising rights
For data subject requests or data protection enquiries: info@steel.gr. Supervisory Authority: Hellenic Data Protection Authority.