PRIVACY POLICY

 

INTRODUCTION

BOURKAS GEORGE OF CHRIS (“Company” or “we”), wants to inform you about how we collect, use and share personal data from and about you through this website and its associated mobile sites, apps and widgets (collectively, the “Company Services”).

You will find the Contents and a brief summary of this Privacy Policy in the chart below. For more information about the data processing performed by Company, click on the links in each section of the summary.

Contents:

  1. WHAT AND WHO IS COVERED BY THIS PRIVACY POLICY?
  2. WHAT KIND OF PERSONAL DATA DO WE COLLECT ABOUT YOUR INDIVIDUAL?
  3. HOW DO WE USE YOUR PERSONAL DATA?
  4. WHY DO WE USE YOUR PERSONAL DATA?
  5. HOW DO WE PROCESS YOUR PERSONAL DATA?
  6. WHO CAN ACCESS YOUR PERSONAL DATA?
  7. IS YOUR PERSONAL DATA TRANSFERRED ABROAD?
  8. WHAT ARE YOUR RIGHTS WITH REGARD TO YOUR PERSONAL DATA?
  9. WHAT APPLIES FROM 25 MAY 2018?
  10. UPDATES TO THIS PRIVACY POLICY
  11. PERSONAL DATA PROTECTION AUTHORITY

Subject:

Information

1.

What and who is covered by this privacy policy?

The Company is the controller of the personal data we collect from and about you through the Company Services.

This Privacy Policy applies to all users, including those who use the Company Services without being registered or subscribed and those who are registered or subscribed to a Company Service.

2.

What kind of personal data do we collect about you?

The Company may collect data from and about your person.

Specifically, the Company collects (1) registration data, (2) public data and postings, (3) data that you have allowed social media to share with the Company, and (4) activity data.

However, we do not collect financial data from a payment service provider or sensitive data related to your person.

3.

How do we use your personal data?

The primary reason we collect data about your person is to provide you with the Company’s Services and to allow you to interact with those Services.

In addition, with your prior consent, we may send you offers, promotions and commercial communications, also based on your personal preferences and habits.

4.

Why do we use your personal data?

We collect your personal data primarily to provide you with the Company’s Services.

It is also necessary to collect your personal data for purposes of complying with legal obligations or for purposes of protecting the Company’s legitimate interests.

Failure to provide such data will result in our inability to provide you with the Company Services.

Where your personal data is collected for marketing purposes, you have the option not to provide the Company with your personal data.

5.

How do we process your personal data?

The security of your data is a priority for us. To this end, the Company has implemented appropriate administrative, technical and physical measures designed to protect your personal data from loss, theft and unauthorized use, disclosure or modification.

6.

Who can access your personal data?

The Company may disclose your personal data to (i) our service providers, (ii) our affiliated companies, and (iii) national authorities, if permitted by applicable law.

7.

Is your personal data transferred abroad?

Your personal data may be transferred to other countries either within or outside the European Economic Area. In any case, we always ensure that appropriate and adequate safeguards are in place to comply with applicable laws to protect your personal data.

8.

What are your rights in relation to your personal data?

You have, among other things, the right to access, complete, update, modify and delete your personal data.

9.

What is in force from 25 May 2018?

The General Data Protection Regulation (EU) 2016/679 has entered into force as of 25 May 2018, establishing, inter alia, additional rights for individuals.

10.

Updates to this privacy policy

The Company may amend or update this Privacy Policy and for purposes of compliance with applicable law.

Refer to the Effective Date at the top of this Privacy Policy to see when this Privacy Policy was last revised.

11.

Data Protection Authority

If you have any questions about personal data legislation or if you believe that your rights have been violated, you can contact the Personal Data Protection Authority, 1 Kifissias Avenue, Athens 11523, tel. 2106475600 or at www.dpa.gr.

 

  1. WHAT AND WHO IS COVERED BY THIS PRIVACY POLICY?

The Company is the controller of the personal data (e.g. information that identifies a specific person, such as full name or email address) that we collect from and about you through the Company’s Services that are processed in accordance with the terms of this Privacy Policy.

 

This Privacy Policy, as well as our Cookie Policy, applies to all users, including those who use the Company Services without being registered or subscribed to a Company Service and those who are registered or subscribed to a Company Service.

As set forth in our Terms of Use, the Company Services are directed to a general audience, are not directed to children, and do not knowingly collect personal data from children under the age of 16.

  1. WHAT TYPE OF PERSONAL DATA DO WE COLLECT ABOUT YOU?

The Company collects (1) registration data when you register or subscribe to a Company Service; (2) public data and postings you share through the Company Services; (3) data you have allowed social media to share with the Company; (4) activity data when you access and interact with a Company Service. Specifically, the Company collects the following types of data from and about you:

  1. 1.Registration Data, i.e., the information you submit to register for a Company Service, for example, to create an account, post comments, receive a newsletter or enter a contest. Registration information may include, for example, first name, last name, email address, gender, country, postcode and date of birth.
  2. Public data and postings consisting of comments or content you post on the Company Services and your personal data accompanying such postings or content, which may include your nickname, username, comments, likes, status, profile information and photo. Public information and postings are always public, which means that they are available to everyone and may appear in search results on external search engines.
  3. Data from social media. If you access or connect to a Company Service through a social media service or link a Company Service to a social media service, the data we collect may also include your user ID and/or username associated with that social media service, information or content that you have allowed the social media service to share with us, as well as your profile photo, email address When you access the Company Services through social media services or when you link a Company Service to social media services, you authorize the Company to collect, store and use the relevant personal data and content in accordance with this Privacy Policy.
  4. Activity data. When you access and interact with the Company Services, we may collect certain information about those visits. For example, to enable your connection to the Company Services, our servers receive and record information about your computer, device and browser, including possibly your IP address, browser type and other software or hardware information. If you access the Company’s services from a mobile or other device, we may collect a unique device identifier assigned to that device, geographic distribution data or other transaction data for that device. We may also collect cookies and other tracking technologies (such as browser cookies, pixels, beacons, and Adobe Flash technology commonly called “Flash cookies”). These technologies may be used to collect and store information about your use of the Company’s Services, such as the pages you have visited, the video and other content you have viewed, the search queries you have submitted and the advertisements you have seen. For more information, please see our Cookie Policy.
  5. Information from other sources. We may supplement the information we collect with information from other sources, such as publicly available information about your online and offline activity from social media services and commercially available sources.

We do not collect:

– Financial information from a payment service provider: in some cases, we may use an unaffiliated payment service to enable you to purchase a product or make payments (“Payment Service”). If you wish to purchase a product or make a payment through a Payment Service, you will be directed to a Payment Service website. Any information you provide to a Payment Service will be subject to the Payment Service’s privacy policy and not this Privacy Policy. We have no control over and are not responsible for any use, by the Payment Service, of information collected through any Payment Service.

– Sensitive Information: we ask that you do not send or disclose sensitive personal information (such as social security numbers, information about your racial or ethnic origin, political opinions, religion or other beliefs, health, criminal background or trade union membership) to or through the Company Services or otherwise.

Linked Services

Finally, the Company Services may also link to websites, including social networking sites, operated by non-affiliated companies, and may provide advertisements or offer content, functionality, games, newsletters, contests or applications developed and maintained by non-affiliated companies. The Company is not responsible for the privacy practices of unaffiliated companies, and once you leave the Company’s Services

 

Company or click on an advertisement you should check the other service’s applicable Privacy Policy.

 

3) Functionality Cookies

These cookies “remember” your preferences when you browse our site so that we can recommend the appropriate products based on your needs. With these cookies you enjoy a personalised version of heart-made.gr, making it much easier for you to find what you are looking for.

  1. HOW DO WE USE YOUR PERSONAL DATA?

We use the personal data we collect from and in relation to you for:

  1. To provide you with the Company’s Services and Operations,
  2. Provide you with the Company’s Services and Functions; provide you with the Company’s Services and Functions; provide you with the Company’s Services and Functions; and provide you with the Company’s Services and Functions; and measure, analyze and improve those Services and Functions,
  3. Improve your experience through Company Services (both online and offline) by providing content that you may find relevant and interesting,
  4. Allow you to comment on content and participate in online games, contests or loyalty programs,
  5. Provide you with customer service and answer your questions,
  6. Protect the rights of the Company and others. For example, there may be circumstances in which Company may use your personal information, including where Company believes, in good faith, that such processing is necessary to: (i) protect, enforce or defend the legal rights, safety or property of Company, Company’s affiliates or their employees, agents, contractors, licensors and suppliers (including to enforce our agreements and terms of use); (ii) protect the
  7. For purposes of complying with applicable laws or legal process and/or to respond to requests from appropriate governmental authorities.
  8. To complete a corporate transaction such as a proposed or actual reorganization, merger, sale, sale, joint venture, assignment, transfer or other disposition of all or part of the business, assets or stock of the business (including any bankruptcy or similar proceedings). For example, if the Company is involved in a merger or transfer of all or a substantial part of its business, the Company may disclose and transfer your personal information to the party or parties involved in the transaction as part of that transaction,
  9. Allow social transaction functionality – if you link or connect a social media service account to the Company Services, we may share your username, photo and likes, as well as your activities and comments with other users of the Company Services and your friends associated with your social media service. We may also share the same personal data with your social media service provider,
  10. Send you (via email, SMS, phone, chat and social media),

 

With your prior consent, offers, promotions and other commercial communications relating to the Company’s Services.

  1. To send you, with your prior consent, commercial communications tailored to your interests and needs through the communication methods set out in (j) above.

We may use anonymous information or information that no longer personally identifies you, even if only indirectly (e.g. statistics) for any purpose or disclose it to third parties.

  1. ON WHAT LEGAL BASIS DO WE PROCESS YOUR PERSONAL DATA?

The processing of your personal data for the purposes of:

– Section 3, points a) to f) of this Privacy Policy is necessary for the provision of the requested services and, as such, it is mandatory because otherwise the services could not be provided,

– Section 3, point g) of this Privacy Policy is requested in accordance with applicable laws and, therefore, is also mandatory.

– Section 3, item h) of this Privacy Policy is executed based on the legitimate interest of the Company and its counterparties in conducting such financial activities. This interest is sufficiently balanced with your interest, given that the data processing is carried out within the strictly necessary limits of carrying out such economic activities. This data processing activity is not mandatory and you may object at any time as described in Section 11 of this Privacy Policy.

In contrast, the processing of your personal data for other purposes:

– Section 3, point (i) is at your discretion, but without your consent it is impossible to link a social media service account to the Company Service, which means that you will need to log in to the Company Service using a different mechanism,

– Section 3, points (j) and (k) it is at your discretion, but without your consent it is impossible for the Company and/or third parties to provide you with general commercial communications of the Company and third party services/products or communications based on your interests and needs and to provide you with services under the same brand name.

You may withdraw your consent to the processing of your personal data for the purposes of Section 3(i) to (k) at any time by sending a notice to the email address described in Section 11 below.

Below is an explanatory diagram on the above topic:

Purpose of treatment

Legal basis

Legal basis Legal basis Voluntary or necessary provision of personal data

Section 3(a): provision of the Company’s services

Voluntary or involuntary service provision of the Company’s services

Provision is necessary

Failure to provide data would have the effect of making it impossible for us to provide the Company Services

Section 3(b): Analysis and improvement of the Company Services

Contract performance

Provision is necessary

Failure to provide data would lead to problematic services

Section 4(c): Improving user experience

Contract performance

Provision is necessary

Not providing data would lead to problematic services

Section 4(d): User interactions (comments, participation in competitions, etc.).

Contract performance

Provision is necessary

Failure to provide data would result in us being unable to provide the Company’s Services

Section 4(e): Customer support

Contract performance

Provision is necessary

Failure to provide data would result in us being unable to provide the Company’s Services

Section 4(f): Protection of the interests of the Company and third parties

Contract performance

Provision is necessary

Failure to provide data would have the effect of making it impossible for us to provide the Company Services

Section 4(g): Compliance with a legal obligation

Legal obligation

Provision is mandatory

Failure to provide data would have the effect of making it impossible to provide the Company’s Services

Section 4(h): Corporate Transaction

Legal interest

Provision is not mandatory

You may exercise your right to object to processing, but the Company may continue to process your data in the case of compelling legitimate grounds which override your interests, or for the purposes of legal defence.

Section 4(i): social media sharing.

Consent

The provision is voluntary.

You may exercise your right to withdraw your consent at any time, without consequence, except that you will be required to log in to a different account

Section 4(j): General marketing

Consent

The provision is voluntary

You may exercise your right to withdraw your consent at any time, without consequence, other than to stop receiving marketing communications.

Section 4(k): Targeted marketing

Consent

The provision is voluntary.

You may exercise your right to withdraw your consent

 

your consent at any time, with no consequences other than that you will stop receiving commercial communications.

 

  1. HOW DO WE PROCESS YOUR PERSONAL DATA?

 

 

Your personal data are processed both by electronic and manual means and are protected by appropriate security measures, taking into account the state of the art, the cost of implementation and the nature, scope, context and purpose of the processing, as well as the different possibilities and the seriousness of the risk with regard to the rights and freedoms of individuals. In particular, the Company uses appropriate administrative, technical, personnel, and physical measures aimed at protecting personal data in its possession from loss, theft and unauthorized use, disclosure or modification.

 

  1. WHO CAN ACCESS YOUR PERSONAL DATA?

The Company may disclose your personal data for the purposes of Section 3 above to the following categories of recipients located within the European Union or outside the European Union in accordance with and within the limits of the provisions of Section 7 below:

  1. To third party service providers who are entrusted with processing activities and, where required by applicable laws, duly appointed as processors (e.g. cloud service providers, other group organisations, service providers serving or supporting the Company’s Service and therefore, for example and without limitation, IT service providers, experts, consultants and law firms resulting from potential mergers, demergers or other transformations; and

b.

To affiliated companies in their capacity as data controllers or data processors.

  1. To competent authorities for purposes of compliance with applicable laws.

Data processors appointed by the company include IT service providers . You may request from the Company a complete list of the data processors appointed by the Company at the address listed in Section 11 of this Privacy Policy.

  1. ARE YOUR PERSONAL DATA TRANSFERRED ABROAD?

The Data may be transferred to countries within and outside the European Economic Area and in particular to the United States. The European Commission recognises that some non-EEA countries provide an adequate level of data protection in accordance with EEA standards. A full list of these countries is available at http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.htm. For transfers from the EEA to countries that are not considered secure by the European Commission, we have put in place appropriate and adequate safeguards designed to protect your Personal Data and transfer your Personal Data in accordance with applicable data protection laws, such as standard contractual clauses approved by the European Commission in accordance with Articles 45 and 46 of Regulation (EU) 2016/679

 

You have the right to request a copy of the above measures and further information about your personal data by contacting the Company at the address set out in Section 11 of this Privacy Policy.

  1. WHAT ARE YOUR RIGHTS IN RELATION TO YOUR PERSONAL DATA?

You have the right, at any time, to:

  1. obtain confirmation as to whether your personal data exists and to be informed of its content and origin, to verify its accuracy and to request its correction, updating or modification,
  2. request the erasure, anonymisation or restriction of the processing of your personal data processed in breach of applicable law,
  3. object to the processing, in all cases, of your personal data for legitimate reasons.

You may send your request to the address mentioned in Section 11 below. In your request, include your email address, name, address and telephone number and clearly specify the information you want to access, change, update, remove or delete.

Please be reminded that even after you cancel your account, or if you ask us to delete your personal data, copies of certain information from your account may remain visible in certain situations where, for example, you have shared information on social media or other services or, for example, where the retention of such copies is necessary for purposes of complying with legal obligations or for legal defense purposes. Due to the nature of caching technology, your account may not be immediately inaccessible to others. We may also retain backup information about your account on our servers for a period of time after your cancellation or request for deletion, for purposes of complying with applicable law.

We also give you many choices about the use and disclosure of your personal information for marketing purposes. You may withdraw your consent with respect to:

o Receiving electronic communications from us. If you no longer wish to receive marketing-related emails from us, you may opt out of receiving marketing-related emails either by following the instructions to unsubscribe to our communications or by simply changing your preferences in your user profile settings if you are a registered user or via the consent management tool available on our website if you are not a registered user. You may also send a request to the address listed in Section 11 of the Privacy Policy. In either case, the Company may continue to send you administrative notices regarding the provision of the Company Services.

Sharing your personal information with Company subsidiaries or business partners for their own marketing purposes. If you prefer that we do not share your personal information on an ongoing basis with Company affiliates and/or business partners for their direct Receiving electronic communications from us. If you no longer wish to receive marketing-related emails from us, you can opt out of receiving marketing-related emails either by following the instructions to unsubscribe to our communications or by simply changing your preferences in your user profile settings if you are a registered user or via the consent management tool available on our website if you are not a registered user. You may also send a request to the address listed in Section 11 of the Privacy Policy. In either case, the Company may continue to send you administrative notices regarding the provision of the Company Services.

o Sharing your personal information with Company subsidiaries or business partners for their own marketing purposes. If you prefer that we do not share your personal information on an ongoing basis with Company affiliates and/or business partners for their direct

 

their direct marketing purposes, you may opt out of such sharing either by simply changing your preferences in your user profile settings if you are a registered user, or through the consent management tool available on our website if you are not a registered user, or by sending a request to Section 11 of the Privacy Policy.

In all of the above cases, we may contact you and ask you for further information necessary to properly process your request. Also, the additional rights described in Section 9 below are effective as of May 25, 2018.

  1. WHAT APPLIES FROM 25 MAY 2018?

As of 25 May 2018, the General Data Protection Regulation has entered into force and the following provisions apply:

  1. Retention periods applicable to your personal data

 

We will only retain your data for the period necessary to fulfil the purposes for which the data was collected as described in this Privacy Policy. In any event, the following retention periods will apply in relation to the processing of your personal data for the purposes set out below:

o Data collected for the purposes set out in Section 3, points a) to h) of this Privacy Policy shall be retained for the duration of the provision of the Company Service, plus the duration of the limitation period in accordance with the applicable law, after the termination of the Company Service. The data collected for the purposes of Section 3, item i) of this Privacy Policy shall be retained for the period of time required to connect to the Company Service via a social network; and

o The data collected for the purposes of Section 3, point j) shall be kept in a form that allows the identification of the data subjects only for the time required for the purposes of processing the personal data; personal data may be stored for longer periods, provided that the personal data will be processed only for archiving purposes in the public interest, for scientific or historical research purposes or for statistical purposes, in accordance with the provisions of Section 3, point j); o The data collected for the purposes of Section 3, point c) shall be kept in a form that allows the identification of the data subjects only for the time required for the purposes of processing the personal data; personal data may be stored for longer periods, provided that the personal data will be processed only for archiving purposes in the public interest, for scientific or historical research purposes or for statistical purposes, in accordance with the provisions of Section 3, point d).

o Data collected for the purposes of Section 3(k) shall be kept in a form which permits identification of the data subjects only for the period necessary for the purposes of processing the personal data; personal data may be stored for longer periods, provided that the personal data will be processed only for archiving purposes in the public interest, for scientific or historical research purposes or for statistical purposes, in accordance with the provisions of Section 3(c)

At the end of the retention period, your personal data will be cancelled, anonymised or aggregated.

  1. Additional rights

In addition to the rights set out in Section 8 of this Privacy Policy and following the application of the Privacy Regulation, you will also have the right, at any time, to:

  • Request the Company to restrict the processing of your Personal Data in the event that:

 

  • You question the accuracy of the Personal Data until we take the necessary steps to correct or verify its accuracy,
  • The processing is unlawful, but you do not want us to delete your Personal Data,
  • We no longer need your personal data for the purposes of the processing, but you need it to establish, exercise or defend legal claims; or
  • You have objected to processing on the grounds of legitimate interests pending verification as to whether the Company has compelling legitimate grounds to continue processing.
  • You object to the processing of your personal data,
  • Request the erasure of your personal data without undue delay,
  • Obtain an electronic copy of your personal data if you wish to transfer the personal data you have provided to us, either to yourself or to another provider (“data portability”)< where the personal data is processed by automated means and the processing is either (i) based on your consent or (ii) necessary for the performance of the Company’s Service; and
  • File a complaint with the relevant data protection supervisory authority.
  1. UPDATES TO THIS PRIVACY POLICY

Company may amend or update this Privacy Policy for any reason (including, but not limited to, changes in applicable law and interpretations, rulings, opinions and orders regarding such applicable law.)

Please refer to the Effective Date at the top of this Privacy Policy to see when it was last revised. Any changes to this Privacy Policy will be communicated in advance by posting the revised Privacy Policy on the Company Services. If we make material changes to this Privacy Policy that change the nature of the processing or extend our rights regarding the use of personal data we have already collected from you, we will notify you and provide you with an option regarding the future use of that personal data as may be required by applicable law.

  1. PRINCIPLE OF PROTECTION OF PERSONAL DATA

If you have any questions about personal data legislation or if you believe that your rights may be violated, you may contact the Personal Data Protection Authority, 1 Kifissias Avenue, Athens 11523, tel. 2106475600 or at www.dpa.gr.