Technical analysis. Clear setups. Transparent performance.
 
 
 

Privacy Policy



Privacy Policy (Thomas Markets)

Last updated: 06 Jan 2026


1 Privacy at a glance
General information
This notice provides a simple overview of what happens to your personal data when you visit this website or contact us. Personal data means any data by which you can be personally identified.
Detailed information can be found in the sections below.


2 Data Controller
The controller responsible for data processing on this website is:
Kostas Thomas (Thomas Markets)
Metaxa 37
16674 Glyfada / Athens
Greece
E-mail: hello@thomasmarkets.com
Optional placeholders (can be shown in footer/imprint):
Greek Tax ID (AFM / ΑΦΜ): 180462898
GEMI / Γ.Ε.ΜΗ.: []


3 What data we process (overview)
a) When you visit the website (technical data)
When you access this website, information transmitted by your browser is processed automatically (e.g., IP address, date/time, accessed pages, referrer URL, browser/OS). This data is technically required to provide the website and to ensure security.
b) When you contact us (contact form / e-mail)
If you contact us via the contact form or by e-mail, we process the data you provide (e.g., name, e-mail address, message) to handle your request.
c) Coaching / waiting list / onboarding
If you are interested in coaching and provide information via a waiting list/onboarding form, we process the data you submit in order to (i) assess whether the offer is a good fit, (ii) prepare the coaching process, and (iii) organize delivery.
Typical categories may include:

  • Contact details (name, e-mail)
  • Experience/goals (e.g., trading experience, time horizon, objectives)
  • Practical framework (e.g., available time, preferred markets/instruments)
  • Risk profile/preferences (e.g., risk tolerance, learning goals)


You decide which information you provide. Mandatory fields (if used) will be marked in the form.
Note: Please avoid sending sensitive data (e.g., health data). If you voluntarily provide sensitive information, we will process it only insofar as it is required for communication and/or based on your explicit consent.


4 Purposes and legal bases of processing
Depending on the context, we process personal data on the following legal bases:


Contract / pre-contractual measures (Art. 6(1)(b) GDPR):
e.g., handling coaching inquiries, scheduling, delivering services.

Legitimate interests (Art. 6(1)(f) GDPR):
e.g., technically necessary operation, IT security, prevention of misuse, efficient communication.

Consent (Art. 6(1)(a) GDPR):
e.g., newsletter sign-up, certain cookies/embeds (if used).

Legal obligation (Art. 6(1)(c) GDPR):
e.g., statutory retention obligations under tax/commercial law.


5 Hosting (STRATO)
We host this website with STRATO AG, Otto-Ostrowski-Straße 7, 10249 Berlin, Germany (“STRATO”). When you visit the website, STRATO processes server log files (e.g., IP address, timestamp, requested page) to operate and secure the service.


More information: https://www.strato.de/datenschutz/

6 Cookies and similar technologies
Our website may use cookies. Cookies are small text files stored on your device.
• Strictly necessary cookies may be required to operate the website.
• We currently do not use optional cookies (e.g., for analytics/marketing).
If we introduce a cookie banner/consent tool or optional cookies/tools in the future, we will inform you separately and obtain consent where required.

7 Contact (contact form / e-mail)
If you send us inquiries, we process your details to handle your request and potential follow-up questions.
Legal basis:
• Art. 6(1)(b) GDPR (pre-contractual measures/contract), or
• Art. 6(1)(f) GDPR (legitimate interest in efficient communication)

8 Newsletter (Substack)
We offer a newsletter (“Trade of the Week”). For sending and managing the newsletter we use Substack Inc., 548 Market St, San Francisco, CA 94104, USA (“Substack”).
When you subscribe, your e-mail address and possibly your name are processed. Subscription typically uses a double opt-in procedure (confirmation of your e-mail address).
Legal basis:
• Consent (Art. 6(1)(a) GDPR). You can withdraw your consent at any time, e.g., via the unsubscribe link in each newsletter.
International transfers:
Substack is based in the USA; data may be transferred to third countries. Please see Substack’s privacy information:
https://substack.com/privacy
Note on paid newsletters:
We plan to offer paid newsletter/subscription options in the future. Once active, this privacy policy will be updated accordingly (e.g., payment processing, billing/transaction data).

9 Payment providers (planned): Stripe and PayPal
At present, payment processing may not yet take place directly via the website. However, we plan to introduce Stripe and PayPal as payment options. Once activated, when you choose a payment provider, the data required for payment processing will be transmitted to the respective provider (e.g., name, e-mail address, transaction/payment details; depending on the payment method additional data may be required). We generally do not receive full card/bank details, but rather confirmations and payment status information.

a) Stripe
Stripe Privacy: https://stripe.com/privacy
Stripe DPA (information): https://stripe.com/legal/dpa

b) PayPal
PayPal (GR) Privacy Statement: https://www.paypal.com/gr/legalhub/paypal/privacy-full
Legal basis:
• Art. 6(1)(b) GDPR (payment processing / contract)


10 Audio and video conferencing (Google Meet / Microsoft Teams)
For calls/sessions we use video conferencing tools. Depending on the tool, this may include processing of contact data, meeting metadata (time, duration), technical data (IP address, device data) and communication content (audio/video/chat, if used).
a) Google Meet (Google Workspace)
Google Privacy Policy: https://policies.google.com/privacy
Google Meet Privacy/Security information: https://support.google.com/meet/answer/9852160?hl=en
Google Cloud Privacy Notice (Workspace/Cloud Services): https://cloud.google.com/terms/cloud-privacy-notice
b) Microsoft Teams
Microsoft Privacy Statement: https://www.microsoft.com/en-us/privacy/privacystatement
Legal basis:
• Art. 6(1)(b) GDPR (contract/pre-contractual measures) and/or
• Art. 6(1)(f) GDPR (legitimate interest in efficient communication)


11 Social media (Instagram / LinkedIn)
Our website may contain links to or embeds of social media services. If social media elements are actively embedded, a connection to the provider’s servers may be established when the page is accessed. This may result in the transmission of data (e.g., IP address, browser information) to the provider.
a) Instagram / Meta
Instagram Data Policy: https://help.instagram.com/155833707900388
Meta Privacy Policy: https://www.facebook.com/privacy/policy/
b) LinkedIn
LinkedIn Privacy Policy: https://www.linkedin.com/legal/privacy-policy
Legal basis:
• Art. 6(1)(f) GDPR (legitimate interest in visibility/communication), or
• Art. 6(1)(a) GDPR (consent), if a consent mechanism is used for embeds/plugins.

12 YouTube
If YouTube videos are embedded on this website, a connection to Google/YouTube may be established when you play the video, which may result in data processing.
Google Privacy Policy: https://policies.google.com/privacy
Legal basis:
• Art. 6(1)(f) GDPR (legitimate interest in an attractive presentation), or
• Art. 6(1)(a) GDPR (consent), if a consent mechanism is used.

13 Retention period
We store personal data only as long as necessary for the respective purposes. Data is then deleted unless statutory retention obligations apply (e.g., tax/commercial law requirements).

14 Your rights
Under the GDPR, you have the following rights in particular:


Right of access (Art. 15 GDPR)
• Right to rectification (Art. 16 GDPR)
• Right to erasure (Art. 17 GDPR)
• Right to restriction of processing (Art. 18 GDPR)
• Right to data portability (Art. 20 GDPR)
• Right to object (Art. 21 GDPR)
• Right to withdraw consent (Art. 7(3) GDPR)
To exercise your rights, send an e-mail to: hello@thomasmarkets.com


15 Right to lodge a complaint with the supervisory authority (Greece)
You have the right to lodge a complaint with a data protection supervisory authority. In Greece, the competent authority at the controller’s seat is in particular the Hellenic Data Protection Authority (HDPA):
https://www.dpa.gr/en
Information on filing a complaint:
https://www.dpa.gr/en/individuals/complaint-to-the-hellenic-dpa


16 Updates and changes
We may update this privacy policy if our processes, tools or legal requirements change (e.g., introduction of Stripe/PayPal or a paid newsletter). The current version will be published on this website.