Personal Data Protection Policy
Definitions For the purposes of this Policy, the following terms have the following meaning: "Personal Data": any information relating to identified or identifiable a natural person ('data subject'); the identifiable a natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, Online an identity identifier or to one or more factors peculiar to the physical, physiological, genetic, psychological, economic, cultural or social identity of the natural person concerned. 'Special categories of personal data' means personal data revealing racial or racial or Ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, as well as the processing of genetic data, biometric data for the purpose of unambiguously identifying a person, data concerning health or data relating to the sex life of a natural person or sexual orientation. 'processing' means any operation or set of operations which is carried out, whether or not by automated means, on personal data or on sets of personal data, such as the collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, search for information, use, disclosure by transmission, dissemination or otherwise making available; association or combination, restriction, deletion or destruction. «Anonymization': the processing of personal data in such a way that the data can no longer be attributed to a particular data subject. «Pseudonymization:the processing of personal data in such a way that the data can no longer be attributed to a particular data subject without the use of supplementary information, provided that such additional information is kept separate and is subject to technical and organisational measures to ensure that it cannot be attributed to identified or identifiable natural person. 'controller' means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for his or her appointment may be provided for in Union or law; Member State. In this particular case, the Company acts as a Data Controller. 'Processor' means the natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller. "Data Subject" means the natural person whose personal data are being processed. In this particular case, each user of the processing is considered to be the subject of the processing.
Site our. 'consent' of the data subject: any indication of will, whether free, specific, express and in the form of such an explicit person; complete aware, by which the data subject expresses his or her agreement, by a statement or by a clear affirmative action, to the processing of personal data concerning him or her. 'personal data breach' means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed. 'Existing legislation': The national and Eu legislation on the protection of personal data and in particular the General Data Protection Regulation (EU) 2016/679 (hereinafter referred to as the "GDPR"), Law 4624/2019 as well as the Decisions, Directives and Opinions of the Hellenic Data Protection Authority (hereinafter referred to as the "DPA").
Personal Data we Collect and Process, Purpose of Processing and Lawful Basis. Personal data collected through the contact form. (will it have?)
A.2) Purpose of Processing and Legal Basis. The purpose of the collection and processing of these personal data is the optimal response and service of the user. The legal basis for the processing of personal data is the legitimate interest of the Company to provide high quality services to its customers and users. Site (GDPR Art. 6(1f)).
B.2) Purpose of Processing and Legal Basis. The purpose of the collection and processing of these data is to improve its functionality Site and the services provided as well as the analysis of the visitability his. The legal basis for the processing of personal data is the user's consent (GDPR Article 6(1a)) which is provided upon acceptance of these data cookies, with the exception of the bare essentials cookies which are permanently installed and are absolutely necessary for the operation of the isotope, for which the legal basis for processing is the legitimate interest of the Company (GDPR Article 6 par.1f).
Personal Data of Underage Users The Company is not addressed to minors and does not wish to collect and process personal data of minors (i.e. persons who have not reached the age of 18). However, because it is impossible to cross-check and verify the age of its users Site we kindly ask the parents/guardians of minors, in case they find any unauthorized disclosure of data on behalf of minors, to immediately notify the Company, as it undertakes the necessary protective measures (e.g. deletion of their data). In the event that the Company becomes aware that it has collected personal data of a minor, it undertakes to delete them immediately and to take all necessary measures to protect such data.
Transmission to Third Parties The Company may transmit the above personal data to third parties to whom it has entrusted the processing of personal data on its behalf (such as service companies social media, website developers etc.). In any case, the third parties to whom user data may be transferred are contractually bound by our Company to ensure the obligation of confidentiality as well as all the obligations provided for by the Existing Legislation. At the same time, users' personal data may be transferred to public authorities, independent authorities, etc. (e.g. Police stations, Prosecutorial Judicial, Tax, Customs authorities, the DPA, etc.) in the performance of their duties ex officio or at the request of a third party claiming a legitimate interest and in accordance with legal procedures.
Transfer of Personal Data outside the EU In case of transfer of users' personal data collected through the Site in a country outside the European Union (EU) or the European Economic Area (EEA), the Company first checks whether:
a) The Commission has issued a relevant adequacy decision for the third country to which the transfer will take place. b) The appropriate safeguards are maintained in accordance with the Regulation for the transmission of these data. Otherwise, the transfer to a third country is prohibited and the Company will not transfer personal data of users to it, unless one of the specific derogations provided for by the GDPR applies (e.g. the explicit consent of the user and informing him about the risks involved in the transfer, the transfer is necessary for the performance of a contract at the request of the subject), there are reasons of public interest, it is necessary to support legal claims and vital interests of the user and so on).
Data Retention Period The personal data of the users are collected are kept for a predetermined and limited period of time, depending on the purpose of the processing, after which the data are deleted from our files. When processing is required as an obligation by provisions of the applicable legal framework or a specific retention period is provided for, your personal data will be stored for as long as the relevant provisions require. The personal data of users collected and processed for the performance of a contract are kept for as long as it is necessary for the performance of the contract and for the establishment, exercise, and / or support of legal claims based on the contract. The personal data of users processed for marketing purposes with the consent of users (e.g. data from the registration in the Newsletter) are kept until the consent is withdrawn, without such withdrawal affecting the lawfulness of the processing to date.
Protection and Security of Personal Data Taking into account the latest developments, the cost of implementation and the nature, scope, context and purposes of the processing, as well as the risks of different likelihood of occurrence and severity for the rights and freedoms of users from the processing, the Company takes the necessary technical and organizational measures, to protect users' personal data. Although no method of transmission over the Internet or method of electronic storage is completely secure, the Company takes all necessary measures of digital data security (antivirus, firewall, backup) etc.
Data Protection Officer (DPO) The Company, in order to ensure the adequate protection of personal data, has appointed a Data Protection Officer to whom data subjects may address their requests and questions regarding the protection of their personal data and this policy, to the following contact details: in the email firstname.lastname@example.org
Rights of Personal Data Subjects Our Company ensures that it is able to respond promptly to users' requests for the exercise of their rights in accordance with the Existing Legislation. In particular, each user has the following rights:
a) To request information about the processing of his/her personal data by the Company.
b) To request access to his/her personal data kept by the Company. More specifically, he/she may request to receive a copy of his/her personal data kept and to check the lawfulness of the processing.
c) To request the correction of his/her personal data in case of incorrect or incomplete registration by the Company.
d) To request the deletion of his/her personal data if their retention is not based on any legal basis or legitimate interest.
e) To request restriction of the processing of his/her personal data, under specific conditions. f) Request the portability/ transmission of his/her personal data either to him/her or to third parties. g) To withdraw at any time the consent he gave for the processing of his/her personal data, without such withdrawal affecting the lawfulness of the processing up to that time.
To exercise your rights, you can contact the contact details of the Data Protection Officer (email email@example.com). In case of exercise of any of the above rights, the Company shall provide the data subject with information on the processing operations following the relevant request submitted within one (1) month of receipt of the request and the identification of the subject. This deadline may be extended by two (2) more months, if required, if the request is complex or there is a large number of requests. In this case, the Company is obliged, within one month of receipt of the request, to inform the data subject of the delay, as well as the reasons for it. Within the above period, it shall also inform the data subject of any refusal to comply with the Whole or in part the request made, as well as for the reasons for the refusal.
For any complaint you may have regarding this policy or issues of personal data protection, if we do not satisfy your request, you may contact the Hellenic Data Protection Authority www.dpa.gr.
Disclaimer for Sites Third Party In the event that in the Website there are links to us which redirect users to websites third parties, we inform you that our Company does not control or be responsible for the content of these Sites, nor the way in which they process users' personal data.