PRIVACY POLICY

 

With this Privacy Statement (from now on “Statement”) the company “THEODOROPOULOS THEMISTOKLIS L.P.”, that is based in the 5th of Menehmou Str. in Nafpaktos, and is legally presented, (from now on “The Company”) sets the bases on which it collects, uses, communicates or otherwise processes data in the context of the operation of this agreement, in accordance with the provisions of European Regulation 2016 / 679.

  1. Editor

The company under the name “THEODOROPOULOS THEMISTOKLIS L.P.”, based in 5th of Menehmou Str. in Nafpaktos, and is legally represented.

Phone contact: (0030) 26340 26250

Contact person: Theodoropoulos Georgia

Email: [email protected]

  1. Personal data concept

Any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one whose identity can be verified, directly or indirectly, in particular by reference to an identity such as name, ID number, location data, online identity or one or more of the factors specific to physical, physiological, genetic, psychological, economic, cultural or social identity of such natural person.

  1. Personal Data Processing Concept

Any act or series of acts performed with or without the use of automated means, on personal data or personal data sets, such as the collection, registration, organization, structure, storage, adjustment or alteration, retrieval, search for information, use, disclosure, dissemination or any other form of distribution, association or combination, restriction, deletion or destruction.

  1. Data we collect

The Company collects from the Clients such data as are strictly necessary and essential for the purpose for which they were provided and used solely for the purposes for which they were collected. The data are limited to what the Client has explicitly provided, with his consent and for a specific purpose. The data is limited to what the Client has explicitly provided, with his consent and for the purpose of concluding a specific contractual relationship.

The Company collects the following personal data:

  1. Identity: such as name, surname, father’s name, mother’s name, ID or passport number and issuing details (date, issuing authority), date of birth, place of birth, nationality, residence permit (for foreigners). In order to confirm this information, he may request the client to produce a copy of the police ID card or passport, which he keeps in his file in hard copy.

In the case of a legal entity, the Company collects data such as the Articles of Association, its amendments, Government Gazette- foundation – establishment – representation, relevant Ministry of Finance decisions or certificates of the Region (in the case of branches of foreign companies), proxy, certificates from competent bodies, (General Commercial Register ,Court of First Instance).

  1. Contact details: such as e-mail address, mobile and landline number (legal representative in case of legal entities), home – work address (country, city, street, number, and postal code).
  2. Finance – Business information: such as occupation, tax identification number (TIN), tax authorities, tax returns, copies of Public Business and Organizations accounts, earnings certificates, E-3 forms, certificate of commencement , credit card or bank account details. In case the client is a legal entity, the Company may also request balance sheets – financial statements, certificates of liquidation – bankruptcy of the legal entity
  3. For vehicle insurance contracts: the Company collects additional information such as driving license, vehicle registration certificate, DTC, exhaust card.
  4. For fire insurance contracts, the Company collects additional information about the insured object (eg property address, surface and value, existing safeguards), the co-operative bank if it is a mortgage, and may also be requested on a case-by-case basis a description of the elements of the building and its objects, in the case of movable property insurance.
  5. For life-health-old-age insurance contracts, the Company collects additional Client health information, including: Health booklet, medical history, exam results, detailed job and working descriptions, and details of legal heirs or beneficiaries of insurance (full name, Taxpayer ID , home and contact information)

The reference to the above Client data is not exclusive, as additional elements, not mentioned in this statement, may be required but are deemed necessary by the Company for the purpose of drawing up the contract or may be required by specific laws at any time. All of these elements apply to the same protection policy and the same guarantees that the Company provides through this statement, regardless of its reference to this statement. The reference in this article to the data requested by the Company from the Client is not proof that such information was actually provided by the Client for the purpose of drawing up the contract.

  1. How to use data

The processing of Client Data is carried out by the Company’s personnel through computer and electronic systems. Exceptionally, it may be processed by third parties who, having contractually committed themselves to the Company for the protection of confidentiality and the protection of Client Data, process them on behalf of the Company only, and solely for the purposes for which they have provided.

The Client provides the Company with his data, which are processed in order to provide the following services:

– Vehicle rental (with or without driver)

– Tourist services

– Vehicle insurance

– Fire safety

– Life insurance – health – old age

– Trading of cars – spare parts

– Long term leasing of vehicles

The Company requests and processes the Customers’ personal data in order to process requests, accept or reject them and conclude the respective contracts. The provision of data by the Client does not imply the Company’s obligation to conclude the contract. In the event of a non-contract, the Company returns all the data delivered in physical form to the Client and deletes all of his data from its records, unless Customer consents to the contrary or is required to maintain the data by specific legislation provision or for the fulfillment of a contractual obligation or the exercise of Company claims.

Failure to provide the required data entitles the Company to refuse to conclude a contract with the customer, not to proceed with renewal of an existing contract and terminate active contract with no liability for this.

  1. Purpose of processing

The Company collects Client data for the purposes of the services provided, the processing of requests and the conclusion of contracts, in particular for:

– Hire a vehicle (with or without driver)

– Tourist services

– Vehicle insurance

– Fire safety

– Life insurance – health – old age

– Trading of cars – spare parts

– Long-term vehicle leases

– Management of vehicle rental or tourist service booking requests

– E-mail information and promotional material about the Company’s services and products.

Future expansion of the services or products provided by the Company will be covered by this Privacy Policy, even if it is not amended in time to explicitly include the new Services.

  1. Legal basis for data processing
  2. Purpose of drawing up a contract
  3. Client consent.

Specifically for sending e-mail messages regarding the promotion of information and promotional material, the Client may at any time withdraw his consent, either by contacting the Company at the information provided above, or by selecting at the end of each e-mail that is sent by the Company the indication “UNSUBSCRIBE”.

The Company does not make decisions by automated methods.

  1. Recipients of User Data

The Company does not sell, distribute, lease or otherwise transfer, disclose or otherwise provide Client personal data unless provided for by a specific agreement with Client and with his express consent, or if required for the purpose of drawing up the contract or by law.

In cases where the Company acts as a representative of third parties, the Client’s data is knowingly transmitted to the third party providing the Service (eg insurance company) to the Client for the purpose of concluding the contract. In this case, the third party acts as Client Data Processor and adheres to his own Privacy Policy, which the Client is encouraged to know. In such cases, the Company acts as the Processing Executor, does not retain the Client’s personal data, which it sends in its entirety to the third Processing Person. To the extent that the Company retains part or all of the data in its archive either for future Client service (eg renewal of contracts) or to satisfy its claims against a third party (e.g. commission), then it acts together with the third party as the Editor, of this statement having full force to safeguard the Client’s rights.

In any event, however, the Company may use and disclose the Client’s personal data where necessary to defend the Company’s legal rights, including but not limited to the establishment, exercise or support of legal claims, in defense of legal claims, whether pending before judicial authorities or not, whether it is judicial or extrajudicial procedure.

Access to Client Data has the strictly necessary of the Company’s staff, who are committed to confidentiality and our affiliates, which process Customer Data as Joint Processors or as Processing Officers on our behalf and in accordance with our commands.

Indicatively, your Data recipients are:

1) The Company’s staff

2) Partners with our Company users of our systems.

3) The cooperating tourist agencies regarding car hire and tourist services.

4) Internet service providers for sending e-mail messages

5) Third parties, if the Service is provided to the Customer by them (insurance, leasing contracts, etc.).

Client Data will not be used for any other purpose without its prior information and consent.

  1. Assurance of the protection of the personal data by the Executors of the processing

Any person (employee, agent, partner, etc.) who performs the processing of Client personal data for the Company has agreed and is contractually bound by the Company¨

  1. To keep a complete confidentiality
  2. Not to convey to any third party Client Data if this is not provided for by contract or without the express permission of the Company
  3. To take the appropriate security measures
  4. To fully comply with the legal framework for the protection of personal data and in particular Regulation 679/2016 / EU (otherwise GDPR).

In the performance of their duties, the Executors of the processing on the behalf of the Company may employ other people (subordinates). In such a case, the subordinate shall have the same obligations and rights as the Executor, as set forth in this Policy, and always within the scope of his delegated powers, and shall bear full responsibility with the Executor.

  1. International transmittals of personal data

The Company at this stage is not sending data outside the EU to manage bookings made through the website.

However, it may in the future transmit and process client personal data worldwide to places where processing activities take place. Today the servers where client personal data are stored are located in Greece. If in the future the company considers it appropriate to cooperate with non-EU service providers, this privacy policy will be updated accordingly.

In any case, the Company guarantees that any transmittal of personal data by the Company to third countries (including the United States) will only take place in countries that have personal data protection legislation which provides an adequate level of protection as interpreted in accordance with European legislation on the protection of personal data.

Specifically for the purpose of sending emails, providers of such online services may have access to the personal data required to fulfill their obligations and may not disclose or use this information for any other purpose. These providers are bound by written non-disclosure and confidentiality clauses and have sufficient guarantees for the security of Clients’ personal data.

To the extent that an international transmittal of personal data takes place, the Company will seek and obtain assurances that any information that it may transmit is adequately and securely complied and in accordance with the Privacy Statement and the requirements of applicable personal data law.

  1. Clients’ rights

Clients have the following rights regarding the use of their personal data by the Company:

Right of access: The Client may ask the Company whether or not their personal data are being processed, as well as the type of processing being performed. He may also access his personal data held by the Company.

Right of correction: The Client may check his personal data, update it or request correction if it is incorrect or if it is incomplete.

Deletion Right (“Right to Forget“): The Client has the right to request the Company to delete any personal data that are not necessary to the Company for the purposes for which they are collected, or in case that he has withdrawn his consent or in case of misuse of the data or for any other lawful reason expressly provided for by European Union Law or Greek Law.

Right of withdrawal of consent: The Client may at any time he wishes to withdraw his consent to the Company. Such withdrawal shall not affect the legality of the data processing, which took place on the basis of the consent that was given the previous to the withdrawal period.

Right of Restriction of Processing: The Client has the right to request the Company to restrict the use of his personal data if there is a dispute about the accuracy of the data and verification of the data is expected, or if the use is unlawful or if he considers that the personal data held by the Company are no longer needed for the purposes held or finally in case of pending verification as to whether the Executor’s legitimate reasons prevail over the reasons of the data subject.

Right to Portability: The Client has the right to receive the personal data relating to him, provided by the Company, in a structured, commonly used and machine-readable format, and the right to transmit such data to another controller without objection from the Company.

Right to object: The Client has the right to object at any time and for any lawful reason in the processing of his personal data.

  1. How to exercise Client’s legal rights

In order to exercise his above rights, the Client may at any time contact the Company, by any appropriate means, (see contact details above).

The Company has one month to respond to Customer’s request. In certain cases it may take additional time for the request to be evaluated and up to two months for the response to be made. In this case the Company will inform the Client why it takes longer.

A copy of the Client’s personal data will be provided free of charge. However, if the claim is manifestly abusive or excessive, the Company may charge a fee for the costs associated with it or may refuse to comply.

  1. Duration of the personal data retention

The Company retains its Client Data only for as long as it is required to fulfill the purpose for which they were provided and in compliance with the applicable laws.

Specifically with the Client’s consent to the sending of information and promotional material by email, this is maintained for as long as the relevant messages are sent by the Company, unless the Client has earlier opted to terminate their dispatch.

  1. Security of personal data

The Company declares that it takes all necessary measures, organizational, technical to protect the Data of Clients, with the sole purpose of securing them and protecting them from any form of accidental or unlawful processing.

These measures shall be reviewed and amended where necessary, in the light of legislative and technological developments.

  1. Applicable law – Competent Courts

This policy is governed by Greek law and interpreted in accordance with the laws of the State of Greece. For any dispute arising out of the access or use of the Company’s website, the local Courts of Law agree with those of the City of Patras.

This policy has been written in Greek and has been translated into English. For any difference between the interpretation of the Greek and the English text, the Greek shall prevail.

  1. Complaint about how personal data is processed

The Client has the right to complain about the way the Company processes its personal data in:

Personal Data Protection Authority (ASCIS)

Address: 1-3 Kifissias Ave, 115 23 Athens, Greece

Tel: +30 210 6475600

Fax: +30 210 6475628

Email Address: [email protected]