1. Purpose With this Policy, the Company with the name “KAINOTOMES LYSEIS KAI YPIRESIES MONOPROSOPI ETAIREIA PERIORISMENIS EUTHYNIS” and the trade name «INSS SINGLE MEMBER LTD», to which this website belongs (hereinafter referred to as the “Company”), aims, as Data Controller, under the meaning of the applicable legislation, to provide its website users/visitors with more specific information regarding the processing of their personal data during the browsing and use thereof, which is necessary based on the relationship – cooperation between them.
2. Basic terms
«Data Subject»: Τhe website user and any other natural person, coming into contact with our website.
«Personal data»: Any information that can directly or indirectly identify a natural person (the “Data Subject”), such as name, postal address, contact details (phone number, e-mail), etc.
«Processing»: Εvery act or series of acts performed with or without the use of automated means on personal data or sets of personal data, such as collection, registration, organization, structuring, storage, adaptation or alteration, retrieval, research of information, use, disclosure by transmission, dissemination or any other form of disposal, correlation or combination, restriction, deletion or destruction of personal data that has come to or will come to the Company’s knowledge, either directly by you through the website, or in the context of your transactional relationship.
«Data Controller»: the Company named «KAINOTOMES LYSEIS KAI YPIRESIES MONOPROSOPI ETAIREIA PERIORISMENIS EUTHYNIS» which owns this website and determines the purposes and way of processing personal data.
«Data Processor»: the natural or legal person, public authority, agency or other entity that processes personal data on behalf of the controller.
«Recipient»: the natural or legal person, public authority, agency or other body to which the personal data is disclosed, whether it is a third party or not. «Data Protection Officer, DPO»: the Data Protection Officer designated by the Company who holds the position and duties defined by the current legislative framework on personal data protection.
3. What kind of data we collect, why and on which legal basis We collect and process your following personal data in the following cases: Activity Data Purpose Legal basis Entrance in our website IP address, date and time of access (timestamp-time zone), access provider, browser and its version, operating system and its version, user id/device id Provision of personalized services to you, proper connection establishment, security and system stability
a) legal obligation
b) legitimate interest as part of making our website available to the public securely and providing services to it Contact form Name, e-mail address, content of the message Contact, dealing with or resolution of your request, question or complaint and providing information
a) the transactional relationship between us and your specific request b) legitimate interest, in the context of your service Signing up to newsletter E-mail address Providing information and promoting our services
a) Your consent in order to sign up
b) the transactional relationship between us and your specific request Cookies (see Cookies policy) We must inform you that the personal data you provide to us through our website, for the above purposes, is necessary for us, for your optimal service and the arrangement, management or resolution of your request, question or complaint. Therefore, not providing your data may block our communication through the website and even our transactional relationship in general.
4. Processing of personal data of special categories Our Company does not process through this website personal data of special categories, such as data related to your racial or ethnic origin, your religious or philosophical beliefs, health data or data concerning your sexual life or your sexual orientation, since the above data are not necessary for us. We therefore ask you not to include such data when filling in any message field. Otherwise they will be processed by us on your own initiative, as an integral part of your request.
5. Data concerning minors Our website does not address to individuals who have not reached the age of eighteen (18). Therefore, our Company does not process personal data of minors.
6. Who are the recipients of your data Your personal data that we collect in the framework of our relationship, are being processed by:
1. the authorized and trained personnel of our Company bound by absolute confidentiality and non- disclosure,
2. our Company’s partners in which the Company entrusts the execution of specific tasks on its behalf, in accordance with Article 28 GDPR, and with which it has ensured the accordant to the Regulation (GDPR) processing, for the protection of your data, through signed contracts and legal binding of upholding sufficient measures, under the accordant provisions of the GDPR (articles 28, 32), such as, indicatively but not limited to, third party partners – companies that support this website or our applications.
3. public bodies and authorities, such as public agencies and bodies, independent authorities, regulatory authorities, police, competent authorities, prosecutors, other administrative agencies, etc., when we are required to do so by the applicable legal framework. In principle we do not transmit your personal data to third countries or international organizations (outside the EU or EEA), which do not ensure an adequate level of protection (such as adequacy decision). Any transmission will comply with the relevant provisions of the applicable legislative framework, in particular Article 44 and following of the GDPR.
7. Retention time of personal data We retain your personal data for as long as it is required, based on the nature and purpose of every case of data processing, or it is provided by the legislative and regulatory framework, taking into account the legal obligations of our Company, our contract and any legal claims that may arise thereof. In particular, your email address that you have provided for subscribing to the newsletter will be kept until you unsubscribe from it, while the information you fill in the contact form will be kept for up to five years, subject to any obligations on our part for further storage or legal claims.
8. Your rights based on the GDPR In any case, you have control over the processing of your personal data. Any user, as data subject, preserves the following rights, as provided in the GDPR and especially Articles 12 to 23 thereof, and the relevant national legislation:
1. Right to be informed and briefed about exercising your rights (art. 12, 13, 14 GDPR), meaning your right to be informed about how your personal data are being processed (as it is thoroughly done in this Privacy Policy).
2. Right of access. This means that you have the right to request access to the data we process and to be provided with information about how the Company processes it (Art. 15 GDPR).
3. Right to rectification. This means that you have the right to have your personal data rectified, if it is inaccurate and/ or incomplete (Art. 16 GDPR).
4. Right to erasure (“right to be forgotten”). This means that you have the right to get some or all of your personal data erased under certain conditions, if there is no legal basis for us to continue processing it or there is a legal obligation to erase it (Art. 17 GDPR).
5. Right to request restriction of processing. This means that you have the right to request restriction of processing your personal data. After a valid request we may be entitled to store your personal data but not to further process it. (Art. 18 GDPR).
6. Right to data portability. It allows you to obtain and reuse the personal data you have provided to us for your own purposes in various services. You have the right to receive and transmit an electronic copy of your personal data easily and ask us to transmit it to another data controller (Art. 20 GDPR).
7. Right to object. This means that you can ask us to no longer process your data, unless we demonstrate compelling reasons why further processing is required. (art. 21, 22 GDPR).
8. Right to withdraw your already given consent (Art. 7 par. 3 GDPR) at any time for processing based on consent. The lawfulness of 4 your data processing is not affected by the withdrawal of consent until the point at which you requested the withdrawal. You also have the right to submit a complaint to the competent supervisory authority, particularly in the Member State of your residence or your place of work or the place of the infringement, if you consider that the processing of your personal data violates the GDPR (art. 77 GDPR) and your request has not been sufficiently satisfied by us. The competent Supervisory Authority in Greece is the Hellenic Data Protection Authority (1-3 Kifissias Avenue, PC 115 23, +30 210 6475600, contact@dpa.gr).
9. How to exercise your rights You may exercise your rights either by sending an e-mail to the e-mail address dpo@inss.com.gr or by sending a letter to our Offices: 28, Nap. Zerva Street., Glyfada. Our Company will make every effort to proceed to the necessary actions within (1) month from the date of receipt of your request, unless the tasks related to the satisfaction of the request are characterized by particularities and/or complications, based on which the Company retains the right to extend the time to complete the actions. In any case, you will be informed about the progress of your request within one (1) month of its submission.
10. Security of your data Our Company ensures, among other things, that sufficient and appropriate technical and organizational measures are taken in order to ensure the appropriate level of security against risks during processing and in particular from accidental or illegal destruction, loss, alteration, unauthorized disclosure or access of personal data transmitted, stored or otherwise processed but also the preservation of both technical and physical security in accordance with Article 32 of the GDPR. Our Company has relevant Policies and generally follows the principles of processing in accordance with the GDPR (Art. 5 GDPR), to ensure the availability, integrity and confidentiality of your data.
11. Social media Our company uses the following social media: Facebook, LinkedIn. Regarding certain processing, we and the Data Controllers of the aforementioned social media platforms act as joint Data Controllers of your data, under the meaning of Article 26 GDPR. As for the processing by the Social 5 Media Data Controllers, we can only have a limited influence. Therefore, we act within the framework of our possibilities and in accordance with the applicable legislation on the protection of personal data. The social media platfrom Data Controller manages the overall information infrastructure of each service, maintains their own technical and organizational data protection measures and their own relationship with you as a user and, therefore, as a data subject (if you are a registered member of the respective social media service). For more information regarding the processing of your data by the providers of social media platforms and in general about your rights, please refer to the respective Privacy/Protection Policies of each provider. The data you provide us with when visiting our social media page, such as comments, videos, images, “likes”, public messages, etc., are made public on the social media platform you choose and are neither used nor processed by us for purposes other than your information regarding our promotional actions, such as discounts, special offers, competitions that we may organize, but also as part of your service, when you wish to contact us in this way.
12. Company’s Declarations
1. The Company declares that it is not responsible for any damage (direct, indirect, positive, deponent) that may be caused to the visitor on the occasion of the website or its use. The visitor is solely responsible for the protection of their system against viruses and other malware.
2. The Company does not make decisions or proceed to profiling based on an automated processing of your data.
3. The Company declares that the present Privacy Policy is likely to be amended / updated at any time but will always be updated on our website.
4. The Company declares that it will not process the user’s/visitor’s personal data for any other purpose not mentioned herein, without the user’s prior notice and, where required, their consent. 13. Useful contact details
1. Details of the Data Controller KAINOTOMES LYSEIS KAI YPIRESIES MONOPROSOPI ETAIREIA PERIORISMENIS EUTHYNIS 6 28, Nap. Zerva Street, Glyfada Phone number: 211 1049 900 E-mail: info@inss.com.gr Website: https://inss.com.gr/el/
2. Details of the Hellenic Data Protection Authority Address: 1 – 3 KIfissias Avenue, PC 115 23, Athens Call Centre: +30 210 6475600 E-mail: contact@dpa.gr Website: www.dpa.gr Details of the Data Protection Officer (DPO) E-mail: dpo@inss.com.gr Last update: 09/2023 7
