The controller is:
Karkavitsa str., 36
Pirgos, 27 131
Tel: +30 2621 121 373
Registration tax office, Pirgos, ILIA
VAT ID no. EL 047648274
CEO: Nikos Prountzos
Prootzos is the data protection officer, firstname.lastname@example.org.
The Prootzos Online handles a Customer’s security, trust and respect. The safeguarding of Customer personal data is particularly important. Hence, the Prootzos Online communicates the above to its visitors and/or Customers:
The Prootzos Online website is a communication system to the public, with which information and services are offered, through the Internet. Visitors of the Prootzos Online website are able to inform themselves of any new products and services it offers, important announcements, new jobs and be notified of any service without offering any information.
In case of gathering a Customer’s personal data is necessary, for the execution of some trade through the website, the following shall take effect:
1. The Prootzos Online maintains a log and processes potential Customer personal data, the sole reason being the support, forwarding and implementation of the exchange with the Customer as well as the provision of high level services.
2. Customer data are safeguarded by strict discretionary criteria and are forwarded on third-party companies only if necessary for an order’s implementation or the functionality of a Customer’s service.
Website software is designed for a maximum amount of security and trust. All information contained within requests submitted in the website and are related to payment of whichever service the Customer chooses, are secure. Only authorized employees, having received proper training so as to the processing of Customer information, shall have access to such information and only when necessary for implementing Customer requests.
Clarifications in regards to the processing of personal data
Why shall the Prootzos Online Process Data of Personal Type (OPD) and the Special Category Data of Personal Type (SCD)?
With the purchase of services / products that the Customer carries out through the Prootzos Online website, they state that they wish for the Prootzos Online to handle the completion of a task or the mediation between the Customer and some third party for the completion of a task with the Prootzos Online function being an Internet service provider. The Prootzos Online, based on information / data the Customer declares in its website / ordering form, should integrate such into a homogeneous category and calculate, based on said declarations, the product/ service which is suitable and relevant for the Customer.
For such to happen, the Customer needs to fill in the particular DPT and/or SCDPT noted in the relevant fields of the ordering form. This data is objectively essential to the implementation and function of the provided service. The proper and complete information for data the Prootzos Online requests are considered obligatory of the Customer, according to law. It is possible that inaccurate or incomplete data the Prootzos Online requests to find, cause for the Prootzos Online to demand even the cancellation or report of the provided service, at any time.
For however while the contract for service provision remains in effect, the Prootzos Online shall process Customer data which are necessary for its function based on the present contract with which the Customer consents to should they proceed in carrying out an ordering of service / product from the Prootzos Online.
In what kind of data processing shall the Prootzos Online proceed to?
After the Customer proceeds in the ordering a product / service and has filled in all necessary fields in the order form, the Prootzos Online shall, for the reasons already noted, carry on with any action or series of actions processing the Customer’s data with assistance of automated means like, for example gathering, input, organizing, rectifying, storage, adjustment, shift, recover and searching of information as well.
The Prootzos Online makes use of automated means for the fulfillment of the order and providing the service. Through said means, the Prootzos Online can reach decisions quicker, with greater accuracy, transparency and consistency. However, in those cases, regular relevant checks are made from pertinent Prootzos Online employees.
The Prootzos Online, in the name of safeguarding legal interests, often runs checks, through automated procedures to prevent scams against it.
In particular, the following individual audits are made towards compliance of the Prootzos Online with instruction from european and greek legislature.
- Audits (and automated ones) are conducted for preventing the use of products in money laundering and / or the funding of terrorism.
- Audits are conducted and files and data are sent towards compliance of the Prootzos Online with the administrative cooperation of European Union member-states.
- Audits are conducted and files and data are sent towards compliance of the Prootzos Online with the multi-part agreement of Pertinent Authorities for the automated trade of information in regards to financial matters.
For how long shall the Prootzos Online hold the Customer’s data in a file?
The Prootzos Online shall hold on to the Customer’s data for however long a contractual relation is maintained between them, either in written or electronic format. In a case of, for whatever reason, this is interrupted the Prootzos Online shall hold on to such for however long of a time is left for any relevant claims to become time-barred.
What rights does the Customer have in regards to the processing of their data?
The Customer, may, as appropriate, exercise the following rights:
- The right of access (learning which data of theirs the Prootzos Online is processing, for what reasons and its recipients)
- The right of amendment (rectifying any inaccuracies or lack of data)
- The right of deletion / right of oblivion (purge from Prootzos Online files, should their presence, however, no longer be necessary)
- The right of restricting processing (In case of doubt being presented so as to the accuracy of data etc.)
- The right of portability (for the Customer to receive their data at a structured and commonly used format)
Such rights are exercised sans cost for the Customer, with the sending of relevant postage or email to the Data Protection Officer, unless they are repeated often and due to volume, they possess administrative weight for the Prootzos Online, hence the Customer shall be burdened with the relevant cost.
Should the Customer exercise any of those rights, the Prootzos Online shall undertake any possible means for the satisfactory conclusion of such a request within thirty (30) days from receiving the relevant request, after the Prootzos Online notifies such either for its execution, or the subjective reasons which prevent it.
Beyond such, the Customer, may, at any time, be set against the processing of their DPT and SCDPT for the purposes of the contract service provider, withdrawing their consent. However, this will lead to the termination of the Customer’s contract services provided from the Prootzos Online because (according to the above) no service works without processing of the Customer’s DPT and/or SCDPT (concerning data).
How is the Customer’s data security safeguarded?
Data security is, to the Prootzos Online, an absolute commitment. To achieve such, all modern and suitable means are implemented for purposes of technological processing (for example, encryption, anonymity) as well as organizational measures, the effectiveness of which the Prootzos Online checks at regular intervals.
Where shall the data be transferred?
The Customer’s data will be transferred to Prootzos Online departments pertinent to the execution of the provided service and for the proper and hurdle-free implementation of such. For example, the Technical Support department, Legal, Accounting etc.
The Customer’s data might be transferred and made accessible for legal entities and / or persons with which the Prootzos Online occasionally maintains contracts for the proper provision of offered services. Furthermore, in regards to the Customer’s safeguarding contract, such data might be transferred to various services, public authorities etc. However, in this case, the legal entities or persons will process the Customer’s personal data solely for provision of services towards the Prootzos Online and not for personal gain, acting as executors for the processing.
In every transfer, the Prootzos Online always undertakes any possible measure to ensure the transferred data are always the minimum required and the conditions are for legal and desired processing.
Shall the Prootzos Online process the Customer’s data for commercial purposes?
For the duration of processing noted above, the Prootzos Online might process your OPD data (but not your SCD).
The Customer may be set against processing of their data (for commercial purposes) through the sending of a relative request to Data Protection Officer. In such a case, the Customer’s data will no longer be subjected to processing for commercial purposes.
The Prootzos Online, as the controller, only uses processors that provide reasonable assurance that appropriate technical and organizational measures will be in place to ensure that the processing meets the requirements of EU Regulation 2016/679 and any other applicable European and national legislation, and safeguards the rights of the data subject.
Processing by the processor, a partner of the Prootzos Online, is governed by a contract or other legal act under the law of the Union or the Member State which binds the processor in relation to the Prootzos Online and determines the subject matter and duration of processing, the nature and purpose of the processing, the type of personal data and the categories of data subjects and the controller’s obligations and rights. This Convention or other legal act provides in particular that the processor:
a. processes personal data only on the basis of documented Prootzos Online instructions as a controller, including with regard to transfers of personal data to a third country or international organization, unless it is required to do so under Union law or the law of the Member State to which the processor is a subject. In this case, the processor shall inform the controller of this legal claim in question prior to processing, unless that law prohibits such information on important grounds of public interest;
b. ensures that persons authorized to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality;
c. takes all necessary measures pursuant to Article 32 of (EU) Regulation No 2016/679,
d. complies with the conditions set out above for the recruitment of another processor,
e. taking into account the nature of the processing, assists the controller with the appropriate technical and organizational measures, to the extent possible, for the fulfilment of the controller’s obligation to respond to requests for exercising the data subject’s rights laid down in EU Regulation 2016/679;
f. assists the controller in ensuring compliance with the obligations pursuant to EU Regulation 2016/679 Articles 32 to 36, taking into account the nature of processing and the information available to the processor;
g. at the choice of the controller, deletes or returns all the personal data to the controller after the end of the provision of services relating to processing, and deletes existing copies unless Union or Member State law requires storage of the personal data;
h. makes available to the controller all information necessary to demonstrate compliance with the obligations laid down in this Article and allow for and contribute to audits, including inspections, conducted by the controller or another auditor mandated by the controller.
As regards point (h) of the first subparagraph, the processor shall immediately inform the controller if, in his opinion, an instruction infringes this Regulation or other Union or Member State data protection provisions.
Where a processor engages another processor for carrying out specific processing activities on behalf of the Prootzos Online as a controller, the same data protection obligations as set out in the contract or other legal act between the Prootzos Online as the controller and the processor, as provided for in paragraph 3, shall be imposed on the other processor by a contract or other legal act in accordance with the law of the Union or of the Member State, especially to provide sufficient assurances to implement appropriate technical and organizational measures in order processing meets the requirements of this Regulation. When the other processor fails to meet data protection obligations, the initial processor remains fully accountable to the Prootzos Online as the controller for the fulfilment of the obligations of the other processor.
Submission of an accusation / complaint?
For whichever issue involving the processing of your data, you may address Data Protection Officer (DPO) of the Prootzos Online: email: email@example.com
In addition, the Customer always hold the right of turning to the pertinent Authorities, where they can submit the relevant complaints. For Greece, this is Independent Authority for Data Protection (Kifissia’s 1-3, P.C 115 23, Athens) or online at (www.dpa.gr).
Additional clarifications concerning Cookies
What are Cookies and why is the Prootzos Online using them?
Cookies are small text files sent on the browser program the Customer uses and are stored at their computer, while the Customer is browsing within the Prootzos Online website. Under no circumstances do the cookies contain personal information or information which would allow anyone to communicate with the website’s visitor, through phone, email etc. Furthermore, using cookies, there is no access granted to the computer’s documents or files.
Cookie usage facilitates the retaining of information relating to the Customer’s visit, to the website, gathering useful preferences in regards to the Customer’s search preferences. Consequently, the searching experience will be optimized. In addition, cookies help the Prootzos Online review the performance and visitor count of its website, improving its display and content, according to visitor preferences.
Which cookies are used?
Some or all cookies described might be stored into the browser application. The Customer can see and manage the cookies in the browser application (however, browser applications intended for mobile devices might not possess this sort of functionality).
The technically necessary cookies the Prootzos Online is using are of vital import for the proper function of the website, and allow the Customer to browse and use its functions. These cookies do not distinguish a Customer’s particular identity. Without such, the Prootzos Online cannot offer effective functionality on its website.
The Customer can activate, or deactivate and completely delete the cookies, through the settings of the specific application of his browser. However, after such an action, some parts of the site may not work properly.
In order to avoid operational problems of our website, please select the cookies by clicking on the “Show Cookie Settings” button.