Critical Path Consulting & Training ("Critical Path", "company", "we", "us", "our") is the company that has created and manages the PMWaves online project management application ("Service", "application", "platform", "software"). Critical Path provides training, consulting, and software for project management.
The company is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use the PMWaves project management platform.
By using our Service, you agree to the collection and use of information in accordance with this policy.
The Data Controller for your personal data is:
Critical Path Consulting & Training
VAT ID: EL998957931
Tax Office: KEFODE Attikis
Address: 108 Kifisias Avenue
Postal Code: 115 26
City: Athens
Country: Greece
Phone: 210 654 1727
Email: privacy@pmwaves.com
Website: www.pmwaves.com
The Contact Person for Data Protection Matters is:
Yiannis Vithynos
Address: 108 Kifisias Avenue, 115 26
City: Athens, Greece
Phone: 210 654 1727
Email: privacy@pmwaves.com
We collect and process data with the sole purpose of lawful, orderly, and effective operation of the application and providing the best possible services to users.
Some of the data is collected automatically, while other data is entered by the user during login to the application or use of the application.
When you create an account, we collect:
When you use our Service, we store data you enter such as:
For a complete description of the Service and its capabilities, refer to section 2 of the Terms of Service.
We automatically collect data such as: IP address, browser type and version, operating system, device information, time zone settings, login timestamps, session data, and error information.
We collect information about how you use the Service such as: Features accessed, actions performed, time spent on pages, usage patterns, and search queries within the application.
| Legal Basis | Purposes |
|---|---|
| Contract Performance (Article 6(1)(b)) |
Account creation and management, Service provision, payment processing, support provision |
| Legitimate Interests (Article 6(1)(f)) |
Service improvement, security monitoring, fraud prevention, basic operational analytics (without analytics cookies), and service-related communications where applicable. |
| Consent (Article 6(1)(a)) |
Marketing emails, non-essential cookies, participation in beta features |
| Legal Obligation (Article 6(1)(c)) |
Tax requirements, legal requests, regulatory compliance |
We use your data to:
We use your email address to send you communications that are necessary for the operation of the Service (“Service / Transactional Emails”), and, only where permitted and with your consent, promotional communications (“Marketing Emails”).
These emails are sent regardless of marketing preferences, as they relate to your account and security:
Emails containing product news, promotions, newsletters or offers are sent only if you have provided explicit consent. You may withdraw your consent at any time using the unsubscribe link or by contacting us.
We may disclose your information only in the following limited circumstances:
Request a copy of your personal data and know what data we hold about you.
How to exercise: Email privacy@pmwaves.com with subject "Data Access Request"
Correction of inaccurate personal data or completion of incomplete data.
How to exercise: Update in application settings or email us
Request deletion of your personal data when it is no longer necessary.
How to exercise: Email privacy@pmwaves.com with subject "Deletion Request"
Restriction of how we use your data, e.g., in case of disputing its accuracy, evaluating objections, etc.
Receive your data in a structured, machine-readable format (JSON or CSV).
How to exercise: Use the export function in the application or send an email
For more details on export formats and the process, refer to section 9 of the Terms of Service.
Object to processing based on legitimate interests or to direct marketing.
We implement appropriate technical and organizational measures to protect your personal data, including:
Despite extensive security measures, no transmission over the internet is 100% secure. We are committed to promptly notifying users and competent authorities in the event of a data breach, in accordance with GDPR requirements.
In the event of a data breach, the company will act in accordance with Articles 33 and 34 of the GDPR, specifically:
PMWaves uses cookies to ensure proper platform functionality and improve user experience. Cookies are small text files that are stored on your device and allow us to recognize basic settings, such as session, language, and display preferences.
| Cookie Name | Category | Purpose | Duration | Required? |
|---|---|---|---|---|
pmw_sid |
Essential | Session identifier for functionality, navigation, and user authentication | Until browser closes | Yes (Always active) |
pmw_cookie_consent |
Essential | Stores your cookie usage preferences | 365 days | Yes (Always active) |
pmw_language |
Functional | Stores preferred language (e.g., Greek, English) | 30 days | No – with consent |
pmw_theme |
Functional | Stores preferred display theme (light/dark) | 30 days | No – with consent |
Currently, PMWaves does not use analytics cookies (e.g., Google Analytics) or marketing cookies (e.g., Facebook Pixel). If such services are added in the future, they will only be activated after your explicit consent via the cookie banner.
On your first visit, a banner appears allowing you to:
SameSite=Strict for enhanced protectionSecure flag is automatically usedYou can at any time:
If you reject a cookie category, PMWaves automatically deletes all cookies in that category. Essential cookies cannot be deleted as they are critical for platform functionality.
Your data is stored on servers within the European Union, hosted by top.host. If in the future the need arises to transfer data outside the EU/EEA, we will ensure that the transfer is carried out only based on appropriate legal safeguards, such as Standard Contractual Clauses (SCCs) or through providers certified under the EU–US Data Privacy Framework or equivalent compliance mechanism.
Certain features use external JavaScript libraries (e.g., Bryntum Gantt Charts) that may be loaded from CDNs outside the EU. These libraries do not collect personal data.
PMWaves allows account creation and free use of the platform by individuals aged 16 years and older, in accordance with Article 8 of the GDPR (Regulation EU 2016/679), which sets the minimum age for consent to the processing of personal data in the context of information society services.
Individuals aged 16-17 can use the free plan without parental consent, as data processing is based on their personal consent according to GDPR. This includes:
For purchasing subscriptions (Basic, Advanced, Enterprise), age 18 and above is required, as this involves entering into a contract requiring full transactional capacity according to the Greek Civil Code (Article 127).
If an individual aged 16-17 wishes to upgrade to a paid plan, the following is required:
The service is not intended for individuals under 16 years of age, and we do not knowingly collect personal data from individuals under 16 years of age.
If we discover that we have collected personal data from an individual under 16 years of age without verifiable parental consent, we will take steps to delete this information as soon as possible.
Users aged 16-17 have the same GDPR rights as adult users, including:
To exercise these rights, minor users can contact us directly at privacy@pmwaves.com.
We may update this Privacy Policy from time to time to reflect changes in our operations or legal requirements. In case of substantial changes, we will:
If you do not wish to continue using the service after changes, you have the option to export your data and terminate your account.
You have the right to lodge a complaint at any time with:
Hellenic Data Protection Authority
Αρχή Προστασίας Δεδομένων Προσωπικού Χαρακτήρα (ΑΠΔΠΧ)
Address: Kifisias 1-3, 115 23 Athens, Greece
Phone: +30 210 6475 600
Email: contact@dpa.gr
Website: www.dpa.gr
Before contacting the Authority, we would appreciate the opportunity to address your issue. Contact us at privacy@pmwaves.com for immediate support.
This version introduces clarifications to improve transparency:
Email Communications (Section 4.1)
We clarified the distinction between service emails (account-related, security, trial notifications)
and marketing emails (promotional content requiring your consent).
Legal Bases for Processing (Section 3)
We refined the description of processing purposes under "Legitimate Interests" to clearly
separate service operations from marketing activities, which require explicit consent.
Data Processors (Section 5)
We added explicit disclosure of email delivery providers and their role as data processors
under contractual obligations.
Email Logs Retention (Section 6)
We specified that email delivery and communication logs may be retained for up to 12 months
for security, compliance, and troubleshooting purposes.
Privacy Questions:
Email: privacy@pmwaves.com
Subject: "Privacy Question - [Your Topic]"
Data Rights Requests (GDPR):
Email: privacy@pmwaves.com
Subject: "Data Request - [Request Type]"
We will respond within 30 days, as required by GDPR.
Identity verification may be required for your security.
General Questions:
Email: info@pmwaves.com
Website: www.pmwaves.com
Business Hours:
Monday - Friday: 9:00 AM - 5:00 PM (EET/EEST)
By using PMWaves, you accept this Privacy Policy and agree to the data processing practices described herein. If you have any questions or concerns, you can contact us at privacy@pmwaves.com.
Last Updated: January 14, 2026 | Version 1.1