INTRODUCTION
Thank you for visiting https://gr4tours.com/ website (hereinafter the“Website”) operated by the company under the name “AKRON PC” and the distinctive title “AKRON TRAVEL” based at 35 Sorou Street, Maroussi, Athens, Greece, (hereinafter : «the Company”, “we”, “us” or “we”).
Before using our Website, please read this Privacy Policy carefully (hereinafter“Policy”).
1. DEFINITIONS
“Personal data” means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
“Special Categories of Data” (Sensitive Personal Data) is data which is inherently particularly sensitive in relation to fundamental rights and freedoms of natural persons and needs special protection, since the context of its processing could be create significant risks to the fundamental rights and freedoms of natural persons, such as health data, data revealing racial or ethnic origin, religious or philosophical beliefs or relating to the sex life of a natural person or sexual orientation etc.
“Processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
2. POLICY
The company must collect Personal Data (PD (i.e. personal information) for the effective performance of daily business functions and services and, in some cases, to comply with the requirements of the legislation and/or regulations it applies.
The Company is committed to collecting and processing your personal data in accordance with the provisions of Regulation (EU) 2016/679 (hereinafter referred to as “GDPR”).The Company as Controller informs you of the way in which information about you is collected and processed, which is governed by the following conditions and the relevant provisions of the GDPR and the relevant Greek and European privacy legislation. Specifically, this Policy presents the type of information that our Company may collect from you and informs you of how we use thisinformation.When you voluntarily provide us with personal data, such as your name, address or email address, we use this information with absolute confidentiality.
This Policy applies to the collection and use of your personal information by the Company and applies, in general, to any natural person who has or intends to have any kind of relationship with us.
3. WHAT DATA DO WE COLLECT FROM YOU?
In the course of our business activities and corporate operations, we collect the following Personal Data when you provide it to us:
4. HOW WE COLLECT YOUR PERSONAL DATA
We collect your Personal Data in the following ways:
5. HOW WE USE YOUR PERSONAL DATA
We use your Personal Data to respond to your own requests in order to provide you with our services, give you information and in general communicate with you on topics that interest you and concern you, such as offers, products, catalogs etc. The purpose of data collection is the provision of our electronically available services, which are the following:
5. LEGAL BASIS FOR PROCESSING OF PERSONAL DATA.
The Company collects only Personal Data necessary in order to meet your requests in the context of our business activity and its general operation. Where additional, optional information is sought, you will be informed of this at the time of collection of the data. Under Greek and EU legislation (including GDPR), we process Personal Data, since we have the legal basis to carry out the processing. Therefore, when we process your Personal Data, we rely on one of the following legal processin gbases:
The Company may collect “sensitive” personal data only when our clients, the data subjects voluntarily offer such data and have provided explicit consent to the processing thereof.
The company also reserves the right to regularly communicate with our clients by telephone, mail, email, SMS or any other means of communication, using the contact information which has been obtained lawfully, within the context of the company’s contractual relationship with the user (article 11§ 3 of N. 3471/2006) provided that the user has not opposed this communication. This communication may include an update on services provided, research to improve the services provided to the Customers and other promotional activities and to serve similar purposes.
6. SOCIAL MEDIA SHARE BUTTON
The Company has official social media accounts, specifically on Facebook, Linkedin and Twitter. On its website, the company incorporates an additional social media share button for Facebook, LinkedIn and Twitter, inviting website visitors and users to follow the company in the respective social media (follow/like) as well as upload posts and comments. During your use of the social media we may collect certain personal data (such as your profile data in the corresponding medium).
Based on European Court of Justice case-law, the Company is considered a Joint Controller for processing your data together with each social medium. Within this context, the company has posted the Privacy Policy on an easily accessible spot on each corporate social media account, it strictly complies with the obligations relating to the protection of personal data by taking the appropriate technical and or ganisational measures (such as limiting the number of people with access to corporate social media accounts) in order to ensure the safe processing of data (see below par.9)
The purpose of the data processing is to make visible and promote the company’s image and services, to provide updates or to communicate with you, responding to the messages/comments you send us.
The legal basis for processing is your consent, which you provide when you actively click on the social media share button, the “like” or “follow” button on the Company’s social media. You can withdraw your consent at any time in the same manner in which you provided it, i.e. by clicking “unlike” or “unfollow”.
The Company is not responsible for how each social medium processes your data and it is your responsibility to be informed about it by reviewing the Facebook, Linkedin and Twitter Privacy Policy.
Finally, while the Company wishes and encourages users to comment on posts and/or pages it maintains on social media, it informs users that any post or comment uploaded should respect the basic rules of politeness, decency and respect to different views, ensuring a safe online environment and .will remove any content deemed to violate the terms of use of the website, such as insulting, pornographic, or threatening content or content violating intellectual property rights, and may block users who violate these terms. In any case, if you consider that content posted on the Company’s official social media accounts violates the terms of use, please contact us immediately.
7. DATA RECIPIENTS
We do not disclose your Personal Data to third parties who are not affiliated with us, unless this is required by our legitimate business and business needs, in order to meet your requests and/or if required or permitted by law or professional standards and/or if we have your express consent to that.
Also, your data, to the extent appropriate for fulfilling our contractual obligations, improve our service and meeting your requests, may be transmitted to specific recipients to fulfil each of the processing purposes and within the business competences of each recipient, which may be:
It should be noted that when storing, accessing and/or processing the user’s personal data, the employees and agents of the company fully comply with the relevant provisions of the European General Data Protection Regulation 2016/679 on the protection of Data as well as with current Greek legislation and jurisprudence on the protection of personal data. The company requires of its employees, its website hosting and service providers, as well as its third party partners to take all necessary technical and organizational measures (including appropriate policies and procedures) to prevent unauthorized disclosure of users’ personal data to which they gain access, and implement procedures for the management and processing of personal data in a manner that is lawful and protect such data according to GDPR imposed obligations.Σεπερίπτωσηαναδιοργάνωσήςήπώλησήςμαςσεάλλονοργανισμό, ηΕταιρείαενδέχεταιεπίσηςνααποκαλύψειΠροσωπικάΔεδομέναπουαφορούν τηνπώληση, τηνεκχώρηση είτεάλλημεταβίβαση τηςεπιχείρησης.
Ακόμη, η Εταιρεία ενδέχεται εφόσον αυτό είναι αναγκαίο κατά την διενέργεια ελέγχων που αφορούν την προστασία των Προσωπικών Δεδομένων και την ασφάλεια και/ή για έρευνα είτε απάντηση σε κάποιο παράπονο ή απειλή ασφαλείας να προβεί σε γνωστοποιήσεις Προσωπικών Δεδομένων.
8. INTERNATIONAL TRANSFERS
It is possible that we may transfer the Personal Data we collect from you to countries other than the country in which Personal Data was originally collected. These countries may not have the same laws for the protection of Personal Data as the country in which Personal Data was originally collected. When we transfer your Personal Data to these other “third” countries, we take appropriate measures to protect it in accordance with this Policy and all applicable privacy laws. Each time we transfer your personal data outside the EEA, we ensure a similar degree of protection for them, ensuring that one of the following protection measures is implemented:
9. NETWORK AND INFORMATION SECURITY
The Company applies all reasonable and appropriate technical and organizational security measures to protect your Personal Data against unauthorized access, misuse, loss or destruction. Such measures include, where necessary, the use of firewalls, secure server installations, encryption, implementation of appropriate access rights systems and procedures, application of access control policy, careful selection processing and control of compliance with the GDPR and other reasonable organizational and technical measures to provide appropriate protection of your Personal Data; such measures are being updated taking into account the developments in the technology and the cost of their implementation.
All employees are bound by confidentiality agreements and your Personal Data is processed only by specially authorized company personnel.
10. TECHNICAL AND ORGANIZATIONAL MEASURES
The Company has taken appropriate technical and organizational measures to safeguard the security and protection of Personal Data in order to ensure the safe storage of Personal Data and prevent accidental loss or destruction and unauthorized and/or illegal access to them, use, modification or disclosure of them.
Our data centers where your Personal Data is stored are located in Greece, where the Company’s data center is located and the back up location is situated within the Company’s premises in a place that conforms with all necessary security measures. Also stored data are found in a cloud service provider whose data centers are located in the European Union. A second copy is created from the original backup, in an encrypted format that is kept in a different location bearing all security measures. If you need more information about protection measures you can contact (enter security, a second copy is created in an encrypted format that is kept outdoors bearing all security measures. If you need more information about protection measures you can contact (enter info@gr4tours.com).
11. RETENTION PERIOD
Personal Data shall be retained for the period necessary for the performance and completion of the processing purposes mentioned above, including the purposes of complying with legal, accounting or information requirements, and to meet your needs, both in physical file and in electronic form.
We retain your personal data for the duration of our contractual relationship. The personal data we process is not retained for a longer period of time than is necessary for the performance of the contract and any services directly related to it:
We will also retain your personal data:
At the end of the retention period, Personal Data is destroyed both in physical or electronic form and deleted from Company’s information systems or are anonymized them so that you can no longer be identified by them.
However, some necessary personal data regarding your contractual relationship with the company as well as information concerning your notification on the processing of your data and your consent, where applicable, may be retained so as to establish the lawfulness of processing of user data by the company and the legal claims of the parties.
12. YOUR RIGHTS
Under the GDPR (articles 12-22) you have the following rights:
To exercise the above rights, you can contact us via e-mail:info@gr4tours.com or by post or in person at the Company’s premises at 35 Sorou St., Marousi, Athens. We shall take all possible measures to satisfy your request within a reasonable period, but no later than one (1) month after the submission of the request and your identification. This period may be extended by a maximum of two (2) months if the request is complex or there is a large number of requests. The Company may retain the minimum necessary Personal Data to safeguard its legitimate interests.
Finally, you have the right to submit a request to the company inquiring on how the company processes and protects your personal data, and if you consider that your rights are infringed, you have the right to file a complaint with the Data Protection Authority (http://www.dpa.gr/, Kifisias 1-3, P.C. 115 23, Athens, 210 6475600, email: complaints@dpa.gr).
13. MINORS
Our company is committed to protecting the privacy of minors. Please be advised that the content and services of this Website are not intended for children under 15 years of age. Personal Data should not be submitted to the Company either through the Website or otherwise, by persons under the age of 15. If it is understood that a person under the age of 15 has submitted Personal Data to the Company, without the express consent of the parent, we shall immediately delete, upon request, that data in accordance with policy of deleting our Company.
14. CalOPPA Do-Not-Track NOTICE
The Company does not monitor its users on third-party websites and therefore does not respond to do not track (DNT) signals. The Company does not allow third parties to collect personal data directly from our users on our Website as through the use of third-party ads.
15. PRIVACY POLICY CHANGES
The company may change this policy. Please check the effective date at the top of the policy to see when it was last revised. Every revision will be implemented as soon as we publish the revised policy.
If we make substantive changes to this policy that broaden our rights to use the personal data that we have already collected from you, we will inform you and provide you with a choice for the future use of these data.