GDPA PERSONAL DATA POLICY

YOUR OFFICIAL NAME

HEREIN REFERRED TO AS THE (ENTITY)


Since 1st January 2018

CERTIFICATION NUMBER: ######


As a business, we are 100% committed in protecting your data, the same way we wish our own personal data to be protected by others. If you have any concern, please reach out to us. Our policy herein is designed to meet our local Data Privacy Regulation, including regulations of other jurisdictions where applicable. Should you find any aspect which does not meet our obligation towards you, please feel free to let us know via the Communication Options provided at the end of this page and we will address the matter accordingly. CLICK HERE to validate our certification.


COMPLIANCE POLICY

OPENING STATEMENT

ENTITY is a registered business and our aim is to strengthen the protection of personal data in line with The General Data Protection Regulation (“GDPR”) and with our local Supervisory Authority. If you have any questions or doubts, you can contact us via the COMMUNICATION OPTIONS below.


ABOUT THIS POLICY

ENTITY is committed to protecting your privacy and ensuring that your personal data is handled in a safe and responsible way. This policy outlines how we aim to achieve this and includes the information collected when:

  • You use our website ENTITY WEBSITE
  • You use our social media pages ENTITY SOCIAL MEDIA PAGES
  • You make enquiries on our website.
  • You visit our physical establishment(s).
  • Someone is interested in working with us.

DEFINITION OF PERSONAL DATA

Personal data means any data that relates to an identifiable person who can be directly/indirectly identified from that data. In this case, it means personal data that you give to us via our site (online) or via offline methods (hand written or verbally spoken). By providing your personal data, you agree that we can use your personal data in accordance with this policy and with our obligations towards you. Ensure you understand this policy in its entirety and take your time to read it. Should you have any questions, you can reach out to us via the COMMUNICATION OPTIONS below.


WHO WE ARE

ENTITY is a enter type of business based in FULL ADDRESS/LOCATION. Our business registration number is: BRN/ABN/CAN/VAT/ΑΦΜ


HOW WE COLLECT INFORMATION FROM YOU

We collect information from you:

  • When you order/collect a product or pay for a service.
  • When you visit ENTITY (preferences, order history etc.).
  • Make an enquiry.
  • When you sign up to marketing emails.

CONDITIONS APPLICABLE TO CONSENT OF A CHILD/MINOR

Where a child/minor is below the age of ENTER AGE years, such processing shall be lawful only if and to the extent that consent is given or authorised by the holder of parental responsibility over the child.


TYPE OF INFORMATION WE COLLECTED FROM YOU

You may be asked to submit personal information about yourself when you order/collect a product and/or pay for a service. We will collect this information so we can fulfill your request. Where sensitive data is concerned, we will only request such data to fulfill our obligation to you, legitimate interests and/or as required by law.


WHEN YOU ORDER/COLLECT/USE A PRODUCT/SERVICE

ENTITY may collect information where applicable to fulfill its obligation to you such as:

  • Title
  • Name
  • E-mail address (used for confirmation and post-service feedback emails)
  • Home and/or work address
  • Billing information taken for deposits, pre-orders, pre-bookings or holding credit card information (where applicable)
  • Telephone number
  • Company name (where applicable)
  • Product/service requests
  • Marketing preferences (whether you opt-in or opt-out)

WHEN YOU ARE SERVICED AT ENTITY

  • marketing responses (where applicable)
  • survey responses (where applicable)
  • current and past order/service details

WHEN YOU ACCESS OUR SITES

There is “Device Information” about your computer hardware, mobile devices, electronic devices and software that is automatically collected by ENTITY where and if applicable. This information can include:

  • Device type (e.g. mobile, computer, laptop, tablet).
  • Cookies.
  • Operating system.
  • IP address.
  • Browser type.
  • Browser information (e.g., type, language, and history).
  • Domain names.
  • Access times.
  • Settings.
  • Referring website addresses.
  • Other data about your device to provide the services as otherwise described in this policy.

LOCATION INFORMATION

If you use our website(s) and/or social media site(s), we may receive your generic location (such as city or neighbourhood).


CAREERS

You may submit your Curriculum Vitae/Resume (CV) if you’re interested in working for us via EMAIL and/or POST. Your information is handled with the strictest data privacy measures in place and may include:

  • Non Sensitive Personal Details.
  • Sensitive Personal Details.
  • Family Details.
  • Employment Details.
  • Education Details.
  • Salary History Details.
  • Other Relevant Details.

We will use this information to assess your application. We may also keep it in our records for future reference and for no longer than 12 months. Please contact us if you would no longer like us to hold your records via the COMMUNICATION OPTIONS listed below.


HOW WE USE YOUR INFORMATION

Our use of your personal data will always have a lawful basis, either because it is necessary to complete our obligation to you, because you have consented to our use of your personal data (e.g. by subscribing to emails), or because it is in our legitimate interests.

We require the information defined and outlined herein to understand your needs and provide you with a better product/service, and in particular for the following reasons:

  • Internal record keeping.
  • Send you confirmation emails (booking/order/pickup/delivery confirmation and post-service feedback).
  • Improve our products and services.
  • Send marketing communications if you have opted in to receive them.
  • To customise our website(s) and/or social media site(s) according to your interests.
  • To continually improve our business model.

HOW WE HANDLE SENSITIVE DATA

Sensitive Data is a subset of Personal Data that contains information relating to a person’s race or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data (for identifying a person), health data, and data about sex life, sexual orientation or criminal records data.

We Encrypt Sensitive Data when necessary for example, when saving to a flash drive, usb stick, external hard drive, transmitting it via third party platforms/applications/devices or email.

We do not collect or use any Sensitive Data or Criminal Records Data unless we are required to in fulfilling our legitimate obligations or under special dictating circumstances which bind us as required by law.

Sensitive information in databases, logs, data files, backup media, etc. shall be stored securely by means of encryption, masking, truncation, de-identification or other means of blurring identifying features.

Servers, Desktop and Portable Devices storing sensitive information will be tested regularly so that corrective actions can be taken should an exploit be found and/or to avoid potential exploits.

Employees working with sensitive information may require additional training. Should such training be required, we will make provisions in providing appropriate training on data security practices for both new and existing employees.


HOW WE HANDLE CHILDREN’S DATA

We handle children’s personal data based on 15 key standards:

1. BEST INTERESTS OF THE CHILD: We account for the best interests of any child as a primary consideration where any conflict arises, keeping children safe from exploitation risks and protecting their health and well-being.

2. DATA PROTECTION IMPACT ASSESSMENTS (DPIA): We undertake DPIA to assess and mitigate risks to the rights and freedoms of children who are likely to access our service and/or come in contact with our products, which may arise from the data processing.

3. AGE-APPROPRIATE APPLICATION: We undertake a risk-based approach to recognizing the age of individual users. This applies to the standards in the code of all users. Where we rely on consent for any aspects of our services, we obtain parental authorization for under aged individuals.

4. TRANSPARENCY: Under Article 5(1) of the GDPR we process personal data lawfully, fairly and in a transparent manner in relation to data subjects including children.

5. DETRIMENTAL USE OF DATA: We do not use children’s personal data in ways that show to be detrimental to their well-being, or that go against industry codes of practice, other regulatory provisions or Government advice.

6. POLICIES AND COMMUNITY STANDARDS: We uphold our own published terms, policies and community standards (including privacy policies, age restriction, behavior rules and content policies) herein and beyond. It’s our way of saying that we say what we do and we do what we say.

7. DEFAULT SETTINGS: Our operational settings are set to ‘high privacy’ by default, unless a compelling reason for a different default setting can be shown, taking into account the best interests of the child.

8. DATA MINIMIZATION: We collect and retain only the minimum amount of children’s personal data where needed to provide the elements of the service in which a child is actively and knowingly engaged. Where applicable children are also given separate choices over which elements they wish to activate.

9. DATA SHARING: Data relating to children is not disclosed unless a compelling reason to do so is shown, taking into account the best interests of the child.

10. GEOLOCATION: Geolocation tracking features are switched off by default, unless a compelling reason to switch it on is shown. In such case, an obvious sign for children is shown when location tracking is active. Options which make a child’s location visible to others default back to off at the end of each session.

11. PARENTAL CONTROLS: Children are provided with age-appropriate information about parental controls. If any of our online service allows a parent or a guardian to monitor a child’s online activity or track their location, then our service will provide an obvious sign to the child when they are being monitored.

12. PROFILING: Any profiling options are turned off by default. The off by default setting does not mean that profiling is not possible or not permitted. Whenever possible, children are offered control over whether and how their personal data is used. Profiling is subject to a privacy setting and only occurs when there are appropriate measures in place to protect the child from any harmful effects, such as content that is detrimental to their health or well-being.

13. NUDGE TECHNIQUES: We do not use nudge techniques to lead or encourage children to provide unnecessary personal data or weaken or turn off their privacy protection.

14. CONNECTED TOYS AND DEVICES:  Should we provide connected toys or devices e.g. a fitness band that records the child’s level of physical activity and then transmits this back to servers, or a home hub interactive speaker device,) it will include effective tools to enable conformance to the code. This includes being clear about who is processing the child’s personal data and what their responsibilities are, anticipating and providing for use by multiple users of different ages, providing clear information about our use of personal data at point of purchase and on set-up, finding ways to communicate just in time information and avoiding passive collection of personal data.

15. ONLINE TOOLS: Where applicable, prominent and accessible tools are provided to help children exercise their data protection rights and report concerns.


ACCESS RIGHTS TO YOUR INFORMATION

We will not sell, distribute, or lease your personal information to third parties. Any personal information we request from you will be safeguarded under current data privacy legislation.

We will only share your information with companies and/or Third Parties if necessary to deliver services on our behalf.  For example service providers (e.g. for the provision of fulfilling your order/service), Third-Party payment processors, and other Third Parties to provide our Site(s) and/or fulfill your requests, and as otherwise consented to by you or as permitted by applicable law.

Third Parties whose content appears on our Site(s) may use Third Party Cookies. Please refer to USE OF COOKIES for more information on controlling Cookies. Please note that we do not control the activities of such Third Parties, nor the data they collect and/or use. We strongly advise you to check the privacy policies of any such Third Parties.

When we require to use Third Parties, we endeavour to make sure that they have appropriate safeguards in place for the protection of personal data, subject to it not having an impact on our business activities in being able to deliver our products and/or services. If possible and non-impacting, we will seek alternative Third Parties to deliver such services.

You may choose to restrict the collection or use of your personal information at any point.  Please refer to the DATA SUBJECT REQUEST section below for available options.


HOW AND WHERE DO WE STORE DATA?

We only keep your personal data for INSERT RETENTION PERIOD in order to use it as described in this privacy policy, and/or for as long as we have your permission to keep it and/or as required by law.

For orders and/or services taken through online software/platforms, your data will only be stored in ENTER COUNTRY.

Where applicable, your personal data is stored securely in the data centers of the software/platform providers.

For orders/services taken manually and logged as hard-copy, your data will only be stored in our place of business and secured with the correct measures to mitigate risks to your personal data.


DATA TRANSFERS

ENTITY and/or our subcontractors might transfer Personal Data to countries outside the European Economic Area (EEA) and European Union (EU) (“Third Country”). In such event, the transfer shall be conducted on a legal basis and in line with Chapter 5 Articles 44, 45, 46, 47, 48, 49 and 50 of the GDPR “Transfers of personal data to third countries or international organisations”.


DATA DESTRUCTION 

When required to destroy your personal data either online or offline, it will be done in a manner where your personal data cannot be recovered by any possible means or methods, including shredding, overwriting all devices and media both on digital storage devices and/or on hard-copy no longer used by ENTITY.


PROFILING

We may analyse your personal information to create a profile of your engagement history with ENTITY and preferences so that we can contact you with information relevant to you. We may make use of additional information about you when it is available from external sources to help us do this effectively. This will be done only with your explicit consent and/or as required by law.


YOUR CHOICES

We will not contact you for marketing purposes by postal services, emails, phone and/or digital text messages unless you have given your prior consent and we will not pass your details to any Third Parties for marketing purposes unless you have expressly permitted us to or as required by law.

Herein, you are provided with a full unencumbered DATA SUBJECT REQUEST gateway including:

  • Data Subject DATA BREACH Registrar.
  • Data Subject OPT-OUT Request.
  • Data Subject PORTABILITY Request.
  • Data Subject ERASURE Request.
  • Data Subject CORRECTION Request.
  • Data Subject ACCESS Request.
  • Data Subject RESTRICTION Request.
  • Data Subject OBJECTION Request.

You have the right to withdraw your consent to us using your personal data at any time, and to request that we delete it. We do not keep your personal data for any longer than is necessary in light of the reason(s) for which it was first collected. Data will, therefore, be retained as outlined herein in HOW AND WHERE WE STORE DATA.


SECURITY

Data security is very important to us, and to protect your data we have taken suitable measures to safeguard and secure data collected through our Site. If you would like further details please contact us via the COMMUNICATION OPTIONS below.


USE OF COOKIES

Like many other websites, we use cookies. We use them to personalise your online experience on our Site(s).

A cookie is a text file that is placed on your hard disk by a web page server which allows the website to recognise you when you visit. Cookies only collect data about browsing actions and patterns, and do not identify you as an individual.

We use cookies for the following purposes:

  • AUTHENTICATION, PERSONALISATION and SECURITY: cookies help us verify your account and device and determine when you log in, so we can make it easier for you to access the products/services and provide the appropriate experiences and features. We also use cookies to help prevent fraudulent use of login credentials.
  • PERFORMANCE and ANALYTICS: cookies help us analyse how the services are being accessed and used, and enable us to track the performance of the services. For example, we use cookies to determine if you viewed a page or opened an email. This helps us provide you with information that you find interesting. We also use cookies to provide insights regarding your End Users and your sites’ performance, such as page views, conversion rates, device information, visitor IP addresses, and referral sites.
  • THIRD PARTIES: Third Party services may use cookies to help you sign into their services from our services. We also may use third-party cookies, such as Google Analytics, to assist with analysing performance. Any third party cookie usage is governed by the privacy policy of the third party placing the cookie.
  • OPTING OUT: You can set your browser to not accept cookies, but this may limit your ability to use the products/services offered on our Site(s).

Our Site may contain links to other websites. Please note that we have no control over how your data is collected, stored, or used by other websites and we advise you to check the privacy policies of any such websites before providing any data to them.


WHAT HAPPENS IF OUR BUSINESS CHANGES HANDS

We may, from time to time, expand or reduce our business and this may involve the sale and/or the transfer of control of all or part of our business. Any personal data that you have provided will, where it is relevant to any part of our business that is being transferred, be transferred along with that part. The new owner or newly controlling party will, under the terms of this Privacy Policy, be permitted to use that data only for the same purposes for which it was originally collected by us.

In the event that any of your data is to be transferred in such a manner, you will not be contacted in advance and informed of the changes. When and if contacted you will not be given the choice to have your data deleted or withheld from the new owner or controller.


ENTITY GROUPS

We DO/DON’T share your information with other entities within our group. If we do, this is to enhance the experience that we the ENTITY group provide you when you engage with us, such as.

  • Type of product(s) and/or service(s).
  • If you previously expressed a preference for specific product(s) and/or service(s).
  • Customised service.
  • Improve our business model.

In addition to providing you with more customised service, we may, as permitted by applicable law, share your information with our affiliates to support operations, such as:

  • To perform analytics.
  • Tailor marketing to you.
  • Support a loyalty program that you have chosen to participate in.
  • Improve our products(s) and/or service(s).

For more information, please feel free to contact us via the COMMUNICATION OPTIONS listed below.


CHANGES TO THIS STATEMENT

ENTITY will occasionally update this Privacy Policy to reflect company and customer feedback. ENTITY encourages you to periodically review this statement to be informed of how ENTITY is protecting your information.


CONTACT INFORMATION

ENTITY welcomes your comments regarding this Privacy Policy. If you believe that ENTITY has not adhered to this Privacy Policy, please contact ENTITY at via the COMMUNICATION OPTIONS listed below. We will aim to use commercially available and reasonable efforts to promptly determine and remedy the issue or issue(s) as they may arise and/or brought to our attention by:

  • You.
  • Our data privacy adviser(s).
  • Our data privacy consultant(s).
  • Our legal adviser(s).
  • Our Supervisory Authority.
  • A court ruling presented to ENTITY.

DATA PRIVACY REGULATION GOVERNANCE

All being said and done, ENTITY’s handling of personal data is governed by the General Data Protection Regulation (GDPR) and our Supervisory Authorities Regulations. Our Supervisory Authority is the ENTER NAME.


RECENT POLICY UPDATE

This policy was last updated on ENTER FULL DATE

OUR COMMITMENT TO YOU

We are committed and as humanly possible permitted in upholding the highest standards when it comes to protecting your personal data and doing the right thing by YOU, as we would expect in others doing the right thing by US as individuals.

Perfection is something we strive for and is part of our culture. In saying that, we are also human and no doubt will make mistakes. When we do, you will be able to view them via our RECORDED BREACHES provided below.

Being a member of GDPA provides us with the support and tools to continually work towards being compliant with the data privacy regulations and as you would expect from us.

If you identify any shortfalls we may have, we invite you to contact us directly via the COMMUNICATIONS OPTIONS provided below, and we will come back to you within the shortest possible time-frame during our business hours and work towards correcting the matter and/or clarifying any doubt you may have.

Data Privacy is now embedded within ENTITY as part of our evolving business model and we are committed to the 15 primary compliance principles:

  1. Processing personal data lawfully, fairly and in a transparent manner.
  2. Collected personal data for specified, explicit and legitimate purposes.
  3. Adequate handling of personal data and making sure it is relevant and limited to what is necessary in relation to the purposes of processing.
  4. Accuracy of the personal data we hold and where necessary, kept up-to-date.
  5. Keeping personal data in a form which allows the identification of an individual for no longer than is necessary.
  6. Processed personal data in a manner that ensures appropriate security.
  7. Presenting you and data subjects in general with unencumbered rights via DATA SUBJECT REQUESTS below to:
    1. View your personal records.
    2. Have your personal data rectified.
    3. To have your personal data erased.
    4. Restrict the processing of your personal data.
    5. Object to processing of your personal data.
    6. To receive a copy of your personal data in a format for data portability.
  8. Data storage.
  9. Compliance with the General Data Protection regulation (GDPR).
  10. Data Protection Auditing.

DATA SUBJECT REQUESTS

when requested enter our confirmation email as follows


COMMUNICATION OPTIONS

when requested enter our confirmation email as follows

You can contact us via traditional post directly to our appointed GDPR Registrar acting on our behalf as our registered European GDPR Secretariat.

Our GDPR Secretariats duties are to view your submission and submit them to us, where we will take the necessary steps in answering you accordingly in-line with the GDPR Regulations and the protection of your personal data.

Please address the mail as follows:

OUR BUSINESS PHONE NUMBER

☎ International: +## ## #### ####
☎ National: ## #### ####

GDPA’s BUSINESS PHONE NUMBER EUROPE

☎ International: +30 21 0300 4376
☎ National: 21 0300 4376

BUSINESS HOURS

★ Monday to Friday
★ 9am to 5pm
★ Excluding Public Holidays