DATA PROTECTION POLICY

 

The present describes our policy regarding the personal data we collect from visitors of our pages (hereinafter “users”).

The data controller of your personal data is OLGA DAIKOU – OSTIA, with registered office at 22, Alexandrou Svolou street, 54622 Thessaloniki-Greece, Tax Identification Number 041333020 D Thessaloniki Tax Office, e-mail: info@ostia.gr.

In the daily activities of our company and our website, we process data concerning natural persons, among which:

  • Customers
  • Visitors of our website
  • Stakeholders (employees, suppliers).

 

Our company complies with the General Data Protection Regulation (2016/679 EU GDPR) and any other European and national legislation concerning the protection of personal data, electronic communications, etc. and undertakes that it will ensure the protection of your Data at any time:

  • The data are collected for specific, clear and legitimate purposes and are not further processed in a manner incompatible with those purposes.
  • We collect the necessary, for each purpose of processing personal data and we process it lawfully, fairly and in a transparent manner in relation to the data subjects.
  • We make sure that they are as accurate and up-to-date as possible and only retain them for as long as is necessary for the purposes for which they are being processed.
  • In any case, the criterion we use to determine the storage period is based on and duly takes into account the need to comply with any relevant legal requirements, as well as the principle of data minimization.
  • We process the Data electronically and manually and take all appropriate measures to protect personal data, including protection against unauthorized or unlawful processing and against accidental loss, damage or destruction, using appropriate technical or organizational measures.

 

Collection, purpose, legal basis of processing and time period of retention of your data

  1. Data that we collect automatically through our website

The website https://www.ostia.gr/ uses the SSL (Secure Sockets Layer) protocol which uses data encryption methods that are exchanged between two devices (most commonly Computers), establishing a secure connection between them via the internet, resulting in the protection of your personal data.

When you visit our website, our server collects the so-called log files of the server and more specifically:

  • Date and time of entry to the website.
  • The volume of data sent in bytes.
  • The browser and operating system you used to access the website.
  • The Internet Protocol address when you access the website. The IP address is personal data along with the date and time of your visit, although we cannot identify you with that data alone.

The legal basis for which we collect your IP address and retain it in special files (log files) is our legitimate interest in processing this data in order to ensure the security of networks, information and services from accidental events or illegal or malicious actions which compromise the availability, authenticity, integrity and confidentiality of stored or transmitted data (e.g. monitoring ddos “denial-of-service” attacks), as well as our legal obligation to provide a more secure environment for processing your personal data (paragraph 1 (f) and (c) of article 6 of the GDPR). The data will not be transferred or used in any other way. However, we reserve the right to check the server log files if specific indications of unauthorized use are identified.

  1. Customer Data.

When you visit our business, we collect your personal data such as full name, father’s name, e-mail, postal address, gender, age, occupation, address, and any other information related to the provision of our services to you.

The purpose of the processing of your data is to provide you with the requested services and the legal basis of the processing is the execution of the contract between us (par. 1b of article 6 and par. 2 of article 9 of the GDPR), as well as our compliance with legal obligations. Your data is retained for the time period required and maybe longer if legal claims arise.

It is clarified that we do not have a publicly accessible list of e-mail addresses of our subscribers/users. Therefore, any personal data (e.g. access names, etc.) that appear anywhere on the pages and services of the website of the Data Controller is intended solely to ensure the operation of the respective service and may not be used by any third party, without complying with the provisions of the legislation on protection against the processing of personal data, as applicable each time. The Data Controller acts in accordance with applicable law and aims to better implement good practice as regards the Internet. Your personal information is stored securely for as long as you are registered with a service of the Data Controller and is deleted after the termination in any way of your dealings with the Data Controller.

  1. Data we collect via e-mail and the Contact Form

As part of the communication between us via email and the Contact Form, we collect your name, email address and any other information you provide to us. This data is stored and used exclusively to meet your request. The legal basis for the processing of your personal data is your consent (par. 1a of article 6 of the GDPR). Your data will be deleted after the final processing of our communication. This will happen after the completion of the purpose and scope of our communication, provided that there are no legal requirements for storing such data.

  1. Mailing of Newsletter

Following your consent, we will collect your e-mail in order to send you a newsletter with the news of our Company and articles that you will probably find interesting. The legal basis for the processing is your consent (par. 1a of article 6 of the GDPR) and you have the right to withdraw it at any time.

  1. Suppliers’ data

For the performance of the contract between us, we collect the data of our suppliers such as full name, address, contact details, shipping details, financial data, which you provide to us. The legal basis for the processing of your data is the performance of a contract and our compliance with legal obligations (par. 1b and c of article 6 of the GDPR), and we retain them for a period of up to twelve years from the last provision of services, or as required by tax and any other relevant legislation.

Who has access to your data. Data transfers.

Your data is accessible to our employees, as well as to any other person authorized to process your data in the course of their duties. In addition, we cooperate with third parties, natural or legal, professionals, independent consultants, etc. who provide us with commercial, professional or technical services (e.g. web hosting, accounting services, transportation services) for the purposes mentioned above, and support our company in whole or in part, in relation to our activities. In this case, such natural/legal persons shall act as Joint or Independent Data Controllers, Data Processors or persons authorized to process personal data for the same purposes mentioned above, with the same security measures and in accordance with the applicable legal obligations.

Before the third party receives the Personal Data, we must: (1) complete the confidentiality review to assess the privacy practices and risks associated with these third parties (2) to receive contractual guarantees from these third parties that Personal Data will be processed in accordance with our instructions and in accordance with this Policy and applicable law, that they will immediately notify our company of any incidents of Personal Data Protection or Security, failure to comply with the standards set out in this Policy and existing legislation, that they will work together to rectify any such incident, that they will assist us to honor the rights of the persons set out below, and that they will allow the Data Controller Doctor to check their processing as regards compliance with these requirements.

Finally, the data can be further transferred to public authorities and institutions, as well as to our legal supporters (legal and insurance companies), for legal purposes.

In addition to the above, the Data will not be disclosed to third parties, individuals or legal entities and will not be disseminated.

Our company does not transfer Personal Data outside the EU, and if necessary (for example, in order to use Cloud services) this will be done under the terms and conditions set out in Articles 44 et seq. of the GDPR, including following your consent, the implementation of standard contractual clauses approved by the European Commission or to countries considered safe by the European Commission.

Use of cookies

We use cookies for the efficient operation of the website and to enhance your browsing experience, as well as for the better provision of our services. Cookies are text-files with information that the web server of the Data Controller stores on your computer when you visit this site. In this way, the website remembers your actions and preferences for a period of time, so that there is, for example, personalization of online ads, traffic analysis or other statistical analysis, and the provision of the services you have requested. In this way you don’t have to enter these preferences every time you visit the website or browse its pages. Only the Data Controller and its specially authorized associates have access to any information concerning cookies.

You can check and/or delete cookies according to your wishes. Details can be found on the website: aboutcookies.org. In case you choose to disable cookies on the website https://www.ostia.gr/, the functionality of some pages may be lost or reduced.

See here which Cookies we use:

Additional information on the use and management of cookies on the website can be found on the websites:

Regarding cookies and their management:

http://www.aboutcookies.org/default.aspx

http://www.whatarecookies.com/

Regarding Google’s policy:

https://www.google.com/about/company/user-consent-policy.html

https://www.google.com/policies/technologies/cookies/

http://www.google.com/intl/el/policies/privacy/partners/

Data Security and Integrity

The Data Controller implements reasonable policies and procedures for technical and organizational security in order to protect personal data and information from loss, misuse, alteration or destruction.

In addition, we try to ensure that access to your personal data is limited to those who need to be aware of it. Those who have access to the data are obliged to keep the confidentiality of this data.

Please note that transmitting information over the Internet is not completely secure. Although we make every effort to protect your personal data, we cannot guarantee the security of the data transmitted by our website. After receiving your details, we will implement strict security procedures and functions in order to try to prevent unauthorized access.

We make every reasonable effort to keep the personal data we collect from you only for the period of time we need this data for the purpose for which it was collected or until their deletion is requested (if this happens earlier), unless we continue to retain it in accordance with applicable law.

Links to other websites

Our website may contain links to other websites governed by other privacy statements, the content of which may differ from this Privacy Statement. Please review the privacy policy of each website you visit before submitting any personal data. Although we try to provide links only to sites that share our high standards and respect for privacy, we are not responsible for the content, security or privacy practices of other websites.

Data of minors

.If we need to process data of minors (e.g. data of underage patients), i.e., according to the GDPR, those who have not completed the age of 15, the processing is done only following the written and explicit consent of the persons who have parental responsibility for the minor. In any case, we make reasonable efforts to verify that consent is granted or approved by the person who actually has parental responsibility for the child, that is, by identity check and any other available information.

Data Subject Rights

You can contact us by mail or e-mail at the addresses mentioned in paragraph (1) above, to exercise your rights under Articles 15 et seq. of the GDPR. You can, for example, request an updated list of people who have access to your data, receive confirmation of whether or not we are processing personal data related to you, check their content, source, accuracy and location (also in relation to any third country), request a copy, request their correction and limit their processing, even their deletion, if applicable. Similarly, you can always make your comments and lodge complaints with the Hellenic Data Protection Authority, 1-3 Kifisias Ave., GR 115 23, Athens-Greece Call Center: + 30-210 6475600 or at http://www.dpa.gr/

Changes to this Policy

The Data Controller regularly reviews this Policy and may modify or revise it at our discretion. Whenever we make changes, we will record the date of the amendment or revision in the Policy. The updated Policy will be valid for you and your data from that date. We encourage you to study this Policy from time to time to see if there are any changes in the way we handle your personal data. This Statement was last updated in May 2021.

Contact us

If you have any questions, comments or complaints regarding the management or protection by us of your personal data or if you wish to modify your personal data or exercise any of your rights as a data subject, please contact us at info@ostria.gr.