Privacy Policy

WEBSITE PRIVACY POLICY

I. Paraskevi Tsirigoti, daughter of Theodorou, resident of Chalandri, Attica, 39 Tsitouri Street (Tax Identification Number: 102962341 - hereinafter referred to as "company"), in her capacity as legal representative and manager of the Limited Liability Company under the name "ETHOS OF GAIA EE", located in Chalandri, Attica (Tax Identification Number: 802831850) informs, in accordance with Regulation (EU) 2016/679 of the European Union and the provisions of Greek legislation on the protection of personal data, the natural person - visitor of the website (hereinafter referred to as "Customer" or "Visitor", regardless of gender or status) that she and/or third parties, on her behalf and on her behalf, will process personal data concerning her, in the context of visit, use, stay and roaming within this website, as stated below:

II. PERSONAL DATA PROCESSING DETAILS:

A. TYPE OF DATA COLLECTED:

The personal data we collect concerns the Visitor, both with regard to any information that he/she voluntarily provides, and to that which is technologically required for his/her visit, use, stay and navigation on this website, as well as in the context of any electronic transactions between the parties.

This data concerns exclusively and only issues related to the above, namely, indicatively:

(a) IP address, date and time of access,
URL, access provider, browser, operating system

(b) name, email, comments, contact details, management of any request, question or complaint you may have submitted, etc.

B. DATA COLLECTION SOURCES:

The personal data we collect comes from the customer/visitor himself, either from forms/registrations that he completes and uses at the beginning, or during his visit and stay on the website, either by telephone communication, or electronic mail, or after sending messages from both sides, or in any other way required by modern technological means to achieve the purpose of the website and the entire process of visiting it, staying or roaming by its visitors.

C. REASON FOR DATA COLLECTION AND METHOD OF PROCESSING THEM:

Personal data is collected for the purpose of safe and adequate operation of the website, the business, and knowledge of the necessary information about the visitor as a future customer of the business. It is also collected for the advertising purposes of the business, as well as for future communication with the visitor, sending advertising/informational materials.  brochures, other forms, correspondence between the parties, future connection of the customer to the website, and so on.

The processing of this data relates to the collection, registration, organization, structuring and storage thereof, and is carried out exclusively by the "company" or its staff, or its associates, to serve the aforementioned purposes.

The "company" undertakes to have taken all the necessary actions, applying the appropriate technical and organizational measures, for the lawful maintenance, processing and safeguarding of the personal data file it maintains, and undertakes to secure and protect it in every way from loss, leakage, alteration or unlawful processing by unauthorized persons.

The "company" undertakes that the above personal data is not provided to third parties who are not related to the assigned project, and is not used for third party advertising purposes.

D. RECIPIENTS OF THE DATA:

The data is made known to the "company", or its personnel, or its associates, who are related to the proper, legal and orderly operation of this website, in accordance with the purposes mentioned above, with the self-evident note that each of them receives and processes only those data that are absolutely necessary for the performance of their duties.

E. SHELF LIFE:

The above personal data are stored indefinitely, unless the client/visitor explicitly requests their deletion, either before or after the completion of the assigned project, except for those data that must be kept indefinitely according to the law, or current business practices. In any other case, all data are deleted twenty (20) years after the last contractual connection of the parties, unless there are judicial, legal, procedural pending matters that make their further retention necessary, in which case the retention period will be extended by two (2) years after specifically informing the client of the reason and time of the extension.

F. CUSTOMER RIGHTS:

  1. The customer has the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed and, if so, the right to access the personal data and the following information: a)  the purposes and origin of the processing, b)  the relevant categories of personal data, c)  the recipients or categories of recipients to whom the personal data have been or are to be disclosed, in particular recipients in third countries or international organisations, d)  if possible, the period for which the personal data will be stored or, where this is not possible, the criteria determining that period, e)  the existence of the right to request the controller to correct or erase personal data or to restrict the processing of personal data concerning the data subject or to object to such processing, f)  the right to submit a complaint to a supervisory authority, g)  where the personal data are not collected from the customer, any available information on their origin, h) the existence of automated decision-making, including profiling, and, at least in such cases, meaningful information on the logic involved, as well as the significance and envisaged consequences of such processing for the data subject.
  2. The customer has the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, he or she also has the right to obtain the completion of incomplete personal data, including by means of a supplementary statement.
  3. The customer has the right to request from the controller the erasure of personal data concerning him or her without undue delay and the controller is obliged to erase personal data without undue delay if one of the following reasons applies: a)  the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed,  b)  The customer withdraws the consent on which the processing is based and there is no other legal basis for the processing, c)  The customer objects to the processing and there are no compelling and legitimate reasons for the processing, d)  the personal data have been processed unlawfully, e)  the personal data must be erased in order to comply with a legal obligation under Union or Member State law to which the controller is subject, f)  the personal data have been collected in connection with the provision of information society services referred to in Article 8(1).
  4. The customer has the right to obtain from the controller the restriction of processing when one of the following applies: a)  the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data, b)  the processing is unlawful and the customer opposes the deletion of the personal data and requests, instead, the restriction of their use, c)  the controller no longer needs the personal data for the purposes of the processing, but these data are required by the customer for the establishment, exercise or defence of legal claims, d)  The customer objects to the processing, pending verification of whether the legitimate grounds of the controller override those of the data subject.
  5. The customer has the right to know and receive the personal data concerning him, which he has provided to a controller, in a structured, commonly used and machine-readable format, as well as the right to transmit such data to another controller without objection from the controller to whom the personal data were provided, when: a)  the processing is based on consent or a contract and b)  the processing is carried out by automated means. When exercising the right to data portability in accordance with the above, the customer  has the right to request the direct transmission of personal data from one controller to another, where this is technically feasible.
  6. The customer has the right to object, at any time and on grounds relating to his or her particular situation, to the processing of personal data concerning him or her, including profiling. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.  If personal data are processed for direct marketing purposes, the customer has the right to object at any time to the processing of personal data concerning him or her for such marketing, including profiling, if it is related to such direct marketing. Where the customer objects to the processing for direct marketing purposes, the personal data shall no longer be processed for such purposes. At the latest during the first contact with the customer, this right shall be expressly indicated to the customer and described clearly and separately from any other information.  In the context of the use of information society services and without prejudice to Directive 2002/58/EC, the customer may exercise his right to object by automated means using technical specifications.  Where personal data are processed for scientific or historical research purposes or for statistical purposes, the customer has the right to object, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

It is noted that the "company" has the right to refuse a request to restrict the processing or delete the customer's data if the processing or retention thereof  is necessary for the establishment, exercise or pursuit of its legitimate interests, or for its compliance with legal obligations.

The exercise of the above rights by the customer is effective only for the future, with the starting date being the date on which the relevant request reached the "company" in any proven manner.

The Customer has the right to submit a complaint to the Personal Data Protection Authority (www.dpa.gr), which is the competent supervisory authority for the protection of the fundamental rights and freedoms of natural persons with regard to the processing concerning them, if they consider that their rights are being violated in any way.

The customer may exercise the above, and all other, rights either by sending an e-mail, or by registered letter, or by extrajudicial declaration, or by telephone or by physical correspondence to the data controller or data protection officer of the company (see below), or at its official headquarters.

The "company" will make every effort to respond to the Customer within thirty (30) days from the submission of his request, which may be extended for an additional sixty (60) days if this is required due to any complexity of the request or number of requests. If the "company" does not act on the Customer's request, it informs him without delay and at the latest within thirty (30) days from receipt of the request, of the reasons for not acting and of the possibility of submitting a complaint and taking legal action.  The above service is provided free of charge. However, in the event that the Customer's requests are manifestly unfounded, excessive or repetitive, the Conservatory may either impose a reasonable fee on the Customer, informing him accordingly, or refuse to respond to such requests.

The "company" implements an information security management system to ensure the confidentiality, security of the processing of Customer data and their protection from accidental or unlawful destruction, loss, alteration, prohibited dissemination or access and any other form of unlawful processing, including special provision for the pseudonymization and encryption of the above data.

The above information to the Customer is provided in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council and the provisions of Greek legislation on the protection of personal data adopted and applied in this context and replaces any previous information provided in the context of Law 2472/1997 and any references to contractual or other documents of the Conservatory.

Regarding cookies, see here .

G. CONTACT DETAILS:

RESPONSIBLE FOR PROCESSING and PROTECTION of the above data, has been appointed by the "company" as Paraskevi Tsirigoti, son of Theodorou, resident of Chalandri, Attica, 39 Tsitouri Street (Tax Identification Number: 102962341), tel: 6972007074, e-mail: info@ethosofgaia.com