Privacy Policy

PERSONAL DATA PROTECTION POLICY

 

The company "IT SOLUTIONS PROVIDER S.A." (hereinafter the "Company") informs you that the processing of your personal data is carried out in accordance with the Law. With this protection policy (hereinafter the "Policy"), we provide you with information regarding the collection, storage, processing, and use of your personal data. The Policy may be modified/ supplemented/ updated at any time by the Company, to comply with the current Legislation. It is recommended to regularly check for any changes.

 

What is the GDPR Regulation:

It is Regulation (EU) 2016/679 of the European Parliament and of the Council, dated 27/4/2016, on the protection of natural persons regarding the processing of personal data and on the free movement of such data, as currently in force, including the legislative acts and amendments incorporating it into Greek law (hereinafter the "Regulation").

 

What is personal data:

These are elements-information that concern you and make you an identified or identifiable person, such as name-surname, address, contact details, etc. (hereinafter the "Data").

 

What are sensitive personal data:

These are elements-information that reveal racial or ethnic origin, religious or philosophical beliefs, union membership, as well as genetic or biometric data and data concerning health (hereinafter "Special Categories of Data").

 

What is data processing:

Processing is any operation or set of operations performed with or without the use of automated means on Data or/and Special Categories of Data, such as collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment, combination, restriction, erasure, or destruction (hereinafter "Processing").

 

What data do we collect:

The Company collects and processes only the Data that is absolutely necessary for each purpose. The Data is limited to what you have provided to the Company, either in the context of a corresponding contractual relationship (hereinafter the "Contract"), or during your communication with the Company (written, telephone, electronic), or during the use of this website, including information contained in forms, applications, reports, etc., and specifically:

- Identity Data (e.g., name-surname, father's name, mother's name, date of birth, ID number).

- Contact Data (e.g., home or work address, postal address, email address, fax number, telephone number(s)).

- Identification Data (e.g., IP address).

- Credential Data, necessary for identity verification and access to the Company's services (e.g., passwords, password hints, etc.).

- Payment Data, necessary for the completion of transactions in case of purchases (e.g., payment method number - credit cards, security code associated with the payment method, etc.).

- Usage Data (regarding the capabilities used by the users of the Company's services).

- Performance Data and Error Reports (regarding the performance of the used software and the errors/problems that arise during its use). This data includes information necessary to resolve the encountered problems (e.g., information regarding communication with the Company, the state of equipment and applications during the occurrence of the problem and during diagnostic checks, system data and registry information regarding software installations and hardware configuration settings, etc.).

- Other Data (e.g., online identifiers, location data, voluntarily disclosed information).

 

How we use the Data:

The Company will process the Data for the absolutely necessary period, based on the retention of legal deadlines, the reasons for which the Data Processing is required, any legal obligations regarding the retention of the Data for a specific period (e.g., applicable labor or tax law, fraud prevention legislation, warranty duration, etc.), as well as the principles of data minimization, storage limitation, and rational management of records. Exceptionally, the Company may retain Data for a longer period, for archival purposes in the public interest or for research (scientific or historical) purposes.

The Data will be processed electronically and manually according to the procedures and practices related to each purpose and will be accessible by the Company's authorized personnel and the corresponding partners (e.g., processors, data protection officers, technical staff), bound by confidentiality and secrecy agreements, as defined by the Law.

The Company will take all necessary measures, using advanced technologies, processes, technical and organizational measures, to ensure the security of the Data, to avoid unauthorized access, loss, illegal or irregular use, and to generally comply with the provisions of the Regulation.

 

For what purposes do we process the Data:

The Company will process the Data for the following purposes:

- To comply with the applicable legislation, judicial and other decisions, actions, and procedures of the competent Authorities, European, Community, and International Regulations, and generally applicable legislation.

- To exercise and establish specific legal claims and rights.

- To fulfill contractual obligations.

- To provide its services and conduct its business activities.

- To diagnose problems, improve services, and provide solutions.

- To operate and maintain the security of its services, including preventing or stopping any attack on computer systems or networks or protecting the rights or property of the Company.

- To communicate for the improvement of its products and services, to adapt the website to your interests and preferences, and to provide information (telephone, written, electronic, through messaging, etc.) regarding new products, special offers, or other information that may be useful to you.

- To manage your requests or reports of unwanted actions.

By accepting the Policy, you explicitly consent to the Company processing the Data for the aforementioned purposes. In case of Data Processing for another purpose, other than those mentioned above or below, the Company must obtain your prior consent and provide you with all necessary information about the purpose of the Processing.

 

What is the legal basis for processing:

The legal basis for processing your Data is defined as follows:

- Your explicit consent for the pursued purposes.

- The execution of the contract.

- The Company's compliance with its legal obligation.

- The pursuit of the Company's legitimate interest, under the conditions of the Regulation.

 

Who are the recipients of the Data:

According to the Regulation, recipients are natural or legal persons, public authorities, services, or other bodies to whom the Data is disclosed (hereinafter the "Recipients"). Recipients are defined as: (a) public authorities and services, as well as third parties (natural or legal persons) to whom the Data will be disclosed based on the applicable legislation, (b) subsidiaries and affiliated companies with the Company and Group companies, (c) cooperating companies, third parties, and providers of professional or technical services, to achieve the aforementioned purposes (e.g., banks and general bodies providing financial services or acting for fraud prevention and credit risk reduction).

The Recipients who receive the Data will process it, depending on the case, as data controllers, processors, or persons authorized to do so, according to the applicable legislation.

Beyond the Recipients mentioned in the Policy, the Company will not transfer, disclose, or grant the Data to third parties, unless required by applicable legislation or requested by public/judicial bodies/authorities. By accepting this, you explicitly consent to the Company transferring the Data to the designated Recipients.

 

Where the Data is stored:

The Data Processing takes place at the Company's facilities, within the Greek territory. However, to provide its services better, the Company uses cloud infrastructure in Greek data centers and Microsoft Azure. In the case of Microsoft Azure, only data centers within the European Union are used.

 

How we ensure the Data:

The Company declares that the Data:

- Will be processed lawfully and fairly in a transparent manner.

- Will be collected for specified, explicit, and legitimate purposes and will not be further processed.

- Will be appropriate, relevant, and limited to what is necessary for the purposes pursued.

- Will be accurate and updated following relevant information.

- Will be retained in a form that allows identification only for the required period.

- Will be processed in a manner that ensures its appropriate security, including protection against unauthorized or illegal processing and accidental loss, destruction, or damage, using appropriate technical or organizational measures.

 

Transfer of Data to third countries:

Your Data is transferred only to entities within the European Economic Area (EEA) and therefore subject to the strict legislation of the European Union on the protection of personal data or to entities outside the EEA, provided they have the necessary certifications and commitments to comply with corresponding European security standards or meet the Regulation's requirements.

 

Information:

The data controller, as defined by the Regulation, is "IT SOLUTIONS PROVIDER S.A." with contact details: Address: Papanikoli 10, Chaidari, Attica, P.C. 124 61, Email: info@parochos.gr

Email of the data protection officer, as defined by the Regulation: info@parochos.gr

 

What are your rights:

Based on the current legislation, you have the following rights:

- Access to the Data, confirming its Processing by the Company, the categories of Data, the purposes of Processing, the Recipients, the processing period, receiving a copy of the Data, and an updated list of Recipients.

- Correction of inaccurate Data, updated after your relevant information to the Company.

- Completion of incomplete Data, including through a supplementary statement.

- Deletion of the Data by revoking your consent to the Company, provided the Data is no longer necessary to comply with a legal obligation requiring Processing under the legal order and/or to execute a Contract and/or to establish, exercise or support legal claims.

- Restriction of Processing, when you dispute the accuracy of the Data for a period allowing the Company to verify its accuracy or when Processing is illegal, and you oppose its deletion, requesting instead the restriction of its use or when the Company no longer needs the Data for Processing purposes, but the Data is required to establish, exercise, or support legal claims.

The Company will notify each correction, completion, deletion of Data, or restriction of its Processing to each Recipient to whom the Data has been disclosed, unless this is impossible or requires disproportionate effort. The Company will provide information regarding such Recipients upon your request.

You can object at any time to the processing of the Data by the Company when this is done for direct marketing purposes (including profiling related to direct marketing). You also have the right to file a complaint with the Hellenic Data Protection Authority if you believe that any of your rights is being violated.

For exercising your rights, you can contact the Company's Data Protection Officer at the email info@parochos.gr or send a letter to the address Papanikoli 10, Chaidari, Attica, P.C. 124 61. The Company will examine your request and respond within a month of its submission, possibly extending the deadline for two additional months, if necessary, based on the complexity and number of requests.

crossmenu