Personal Data – GDPR

 

In the company “EPIKYKLOS”, our objective is to protect and secure the confidentiality of the information provided to us, always respecting the trust bestowed upon us by our customers and the users of our website.
We always comply with the applicable national and EU laws on Personal Data Protection, and we have implemented a series of actions and procedures, in order to be fully compliant with the new General Data Protection Regulation (GDPR) of the European Union. You are kindly requested to read and accept this Privacy and Data Protection Policy.
This Policy establishes the basis for the processing, through our website, of all the personal data we collect from you or you provide to us. We keep some basic information when you visit our website, and we recognise the importance of keeping such information secure, and of informing you about how we intend to use it.
You are kindly requested to read this Policy in order to find out more about how we collect, store, use, transfer, and protect the personal data and information we receive. You can also find information about the rights you have with regard to such collection and processing, how you can exercise such rights, and in general how you can contact us if you have any question.

1. Principles governing data processing
2. Lawfulness of the processing
3. Minors
4. Collection and Use of Personal Data
5. Transfer of Personal Data to third parties
6. Rights and manner of exercise thereof
7. Links to other websites
8. Provision of professional services
9. Changes in the data protection policy
10. Contact us

1. Principles governing data processing

a) Lawfulness and transparency
All the personal data we collect are subject to lawful and fair processing, always in accordance with the applicable laws, in a transparent manner as regards the information we collect about you;
b) Purpose limitation and data minimisation “EPIKYKLOS” collects your personal data for specified, explicit and legitimate purposes and such data are not further processed in a manner that is incompatible with those purposes. Moreover, only the adequate and necessary data are collected, to the extent of the purpose for which they are processed. This means that the information and data you share with us are not subject to further unlawful processing, unless there are reasons of public interest;
c) Accuracy
Your personal data are accurate, and, where necessary, kept up to date. “EPIKYKLOS” takes all the reasonable measures to ensure prompt erasure or rectification of inaccurate personal data, by promptly contacting you by email, as detailed below;
d) Storage limitation
“EPIKYKLOS” keeps your personal data for no longer than is necessary for the purposes for which the personal data are processed, or for compliance with the request of each person, or until the data subject requests erasure thereof (and, in any case, for no longer than 7 years, unless we continue to keep them in accordance with the provisions of the applicable laws);
e) Integrity, Confidentiality and Security of Personal Data
“EPIKYKLOS” implements adequate security policies and procedures in order for your personal data to be processed in a manner that ensures appropriate security thereof, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
Despite the efforts made by “EPIKYKLOS”, security cannot be entirely guaranteed against all threats. In the case of loss or breach of personal data, we have a special incident handling team, and a procedure for handling such incidents, in order to restore the breach as soon as possible, to limit the possible consequences, and to comply with our statutory obligations. We make any possible effort to ensure that access to your personal data is limited to the persons required to have access to them. The persons who have access to the data are required to keep the confidentiality thereof. In the event of breach of your personal data, we will notify you promptly and in any expedient means.

2. Lawfulness of processing

Processing of your personal data and information shall be lawful only if certain conditions are met. “EPIKYKLOS”, always compliant with the Greek and EU laws, collects only the personal data that are necessary, complying with the following lawful conditions:
a) Your consent: In order for us to process the data you provide to us, you must have first given us your consent, accepting the terms of use, this privacy policy of our website, and the use of cookies. We may occasionally request from you special permission to process some of your personal data, and your personal data will be processed only in that manner, if you agree on this. You can request withdrawal of your consent with regard to the processing of certain personal data, and the extraction, rectification, or erasure of your personal data kept by us, by contacting us at “info@epikyklos.gr”.
In general, you are not required to submit personal data to “EPIKYKLOS” online, but we may ask you to provide certain personal data, so that you can receive additional information about our services and events. The company may also request your permission for certain uses of your personal data, and you can either consent to or decline such uses. If you accept the consent clause for certain services or communications, such as newsletters, you will be able to unsubscribe from the relevant mailing list at any time, by following the instructions included in each communication. If you decide to unsubscribe from a service or communication, we will try to erase your data as soon as possible, although we may need some time and/or information before we are able to process your request;
b) Performance of a contract: this is when processing of your personal data is necessary for the fulfilment of our obligations under a contract to which you are a party, or at your request, prior to entering into a contract;
c) Legal obligation: this is when we are required to process your personal data, in order to comply with a legal obligation, such as keeping records for tax purposes, or providing information to a public body or law enforcement authority;
d) Legitimate Interest: we may process your personal data, when we have a legitimate interest in performing a lawful activity, in order to ensure the continuity of such activity, provided that it does not exceed your own interests;
e) Public interest: sometimes processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority.

3. Minors

“EPIKYKLOS” understands the importance of protecting the personal data of children, especially in an online environment. If the child consenting to personal data processing is at least 16 years old, the processing shall be lawful. Where the child is below the age of 16 years, such processing shall be lawful only if and to the extent that consent is given or authorised by the holder of parental responsibility over the child.

4. Collection and Use of Personal Data
4.1 Data we collect

We receive your personal data, if you opt to provide them (for example, if you email us or if you subscribe to certain services).
By subscribing and/or submitting your personal data to “EPIKYKLOS”, you also consent to the use of such data in accordance with this policy. Your personal data shall not be used for other purposes, unless we receive your permission, or unless this is required or permitted by the law or the professional specifications. For example, if you sign up at the website of “EPIKYKLOS” and provide information about your preferences, we will use such information in order to personalise your user experience. In some cases where you have subscribed to certain services, we may temporarily store your email address, until we receive confirmation of the information you provided by email (i.e. by sending an email to the email address you provided while signing up, in order to confirm the sign-up request). While contacting us using the contact form, you provide, by way of indication, the following data to us: your email, full name (necessarily), company, city, country, postal code, and telephone.

4.2 Automatic collection of Personal Data

In some cases, our company and its service providers use cookies and other technologies, in order to automatically collect certain data categories, when you visit our website, and through the emails we may exchange. The collection of such data allows us to personalise your online experience, to improve the performance, usability, and effectiveness of the online presence of “EPIKYKLOS”, and to assess the effectiveness of our marketing activities.

4.2.1 IP Addresses

The IP address is a number assigned to your computer each time you access the Internet. It allows computers and servers to recognise and communicate with each other. The IP addresses from which guests appear to originate may be recorded for reasons of Information Technology security and system diagnosis. Those data may be also used cumulatively, for the purpose of analysis of the website trends and performance.

4.2.2 Cookies

Cookies may be stored at your computer or device connectable to the Internet, each time you visit our website. This allows the website to remember your computer or device, and to serve more purposes.
A warning banner will be displayed on our website, requiring your consent to the collection of cookies. If you do not give your consent, your computer or device connectable to the Internet will not be monitored for marketing-related activities. A secondary kind of cookies may be required for the purpose of securing the necessary functionality. Those cookies will not be excluded through the use of the above warning banner. Your option will be stored in a cookie, and will be valid for a period of 100 days. If you wish to withdraw your option, you can do it by deleting the cookies of your browser.
Although most browsers automatically accept cookies, you can opt to accept or not accept cookies through your browser settings (a choice which is often found in the Tools or Preferences menu of your browser). You can also delete cookies from your device at any time. However, you should know that if you do not accept cookies, you might not be able to get fully acquainted with some of the features of our website, and that some sections of our website might not be able to function properly.
Additional information about management of cookies can be found in the folder “Help” of your browser, or on websites such as www.allaboutcookies.org.
Third-party tools and widgets may be used on our website, in order to provide additional functionality. The use of such tools or widgets may install a cookie on your device, to make their service easier to use and to secure that your activity will appear properly on our websites.
Cookies do not in themselves notify us of your email address, or personally identify you in any other manner. In our detailed reports we may receive identification information, including IP addresses, yet only for the purpose of determining the number of single guests on our websites, and the geographical origin of guests, as opposed to identifying individual guests.
By navigating on our website, and by entering your login data, in order to have access to areas restricted to registered users, you agree that we can place cookies on your computer or on your device connectable to the Internet.

4.2.2.1 Types of cookies

The basic types of cookies, which may be used by the websites, are described below:
• Session Cookies
They are temporary cookies, which remain in the cookies folder of the browser of your device only during your visit, and are deleted when you close down the browser.
• Persistent Cookies
They remain in the cookies folder of the browser of your device even after you close down the browser, sometimes for one year or even more (the exact duration of the period during which they remain in the cookies folder depends on the life cycle of each cookie). Persistent cookies are used when the website operator may need to know who you are for more than one visits (e.g. to remember your username, or your preferences with regard to the configuration of the website).
• First-party Cookies
They are cookies installed in the browser and/or the hard disk of your device from the website you visit. This includes assigning a unique identification code to you, for the purpose of monitoring your website navigation. Website operators often use first-party cookies to manage visits and for identification purposes.
• Third-party Cookies)
They are cookies used by third parties, such as social networks, to track your visits to the different websites on which they advertise. The website operator has no control over those third-party cookies.

4.2.2.2 Cookies from video service providers (Google, Vimeo, DailyMotion etc.)

Those providers may store cookies in your device, if you watch on our website videos that they provide to us as an external service. If you disable those cookies, you might not be able to see the embedded videos on our website.

4.2.3 Google Analytics

“EPIKYKLOS” uses Google Analytics. You can find more information about how our company uses Google Analytics here: http://www.google.com/analytics/learn/privacy.html
In order to provide the website guests with more options regarding the manner of collection of their data by Google Analytics, Google has developed the Google Analytics Opt-out Browser Add-on. The add-on communicates with Google Analytics JavaScript (ga.js), to show that the information about the visit to the website should not be sent to Google Analytics. The Google Analytics Opt-out Browser Add-on does not block the transfer of information to the same website or other web analytics services.

5. Transfer of Personal Data to third parties

We do not share any personal data with third parties not connected to us, unless this is required for our lawful professional and business needs, so that we can respond to your requests, and/or if it is imposed or permitted by the law or the professional standards.
The following third parties are included:
• External service providers: Where required, we will assign other companies and natural persons to execute certain works, which contribute to our services, on our behalf, as part of data processing agreements. For instance, we may provide personal data to associates, in order for them to host our databases and applications, for the provision of data processing services, or in order to send you information you have requested, or for telephone centres, for the purpose of providing support or interview services during market research projects. All the associates of “EPIKYKLOS” are fully compliant with the General Data Protection Regulation (GDPR compliant), and are contractually bound to comply with it. “EPIKYKLOS” transfers personal data to them, only when they fulfil our strict data processing and security standards. We disclose only personal data that allow them to offer their services.
• Business transfer: In the event of reorganisation, restructuring, merger, sale, or other transfer of assets, we will transfer data, including personal data, at a reasonable scale, on the condition that the recipient agrees to respect your personal data in a manner compatible with data protection under the applicable laws. We will continue securing the confidentiality of any personal data, and we will inform you when your personal data become subject to a different privacy policy.
• Courts, judicial, or regulatory authorities: We may disclose personal data in order to respond to requests made by courts, judicial, governmental, or police authorities, or where it is required and prudent that we comply with the applicable laws, court decisions, or orders of courts or judicial authorities.
• Public Bodies: We may disclose personal data in cases of inspections made by public bodies and authorities, such as inspections concerning personal data protection, security, tax audits.
“EPIKYKLOS” shall not transfer the personal data you provide to it to any third parties for their own direct use for marketing purposes.

6. Rights and manner of exercise thereof

If you have submitted personal data to “EPIKYKLOS”, you have the following rights:
• Right of access: you have the right to access and extract your personal data. Before we provide personal data to you, we may request proof of your identity and adequate information about your transactions with us, from which we can trace your personal data.
• Right to rectification: if the data we have concerning you are inaccurate, you can rectify them, by asking us to modify any inaccuracies therein.
• Right to object, and right to restriction of processing: you have the right to object to our processing of your personal data, if we no longer have the right to use them, for any lawful reason, or to request that the processing thereof be restricted to some cases, such as for reasons of data accuracy, and for reasons of lawfulness.
• Right to data portability: At your request, we will transfer your data to another data controller, in the cases where this is technically feasible, on the condition that the processing is based on your consent, or is necessary for the performance of a contract.
• Right to erasure: you have the right to request erasure of your data in certain cases, such as when they are no longer necessary for processing, or when they have been kept in our records for a long period of time.
You can submit a request, or exercise your foregoing rights, by contacting us at info@epikyklos.gr, and we will make any reasonable and practical effort to comply with your request, provided that it is compliant with the applicable law and the professional standards.

7. Links to other websites

The website of “EPIKYKLOS” may include links to other websites for your own convenience and information. Those websites operate independently, and provided that they do not cooperate with us, they are not under our control, and we are not liable for any illegal processing of your personal data. They possibly follow their own privacy policy, which you are encouraged to read if you visit a link to other websites, before you disclose any personal data.

8. Provision of professional services

“EPIKYKLOS” receives personal data while providing professional services, usually while providing services to private individuals, employers, businesses whose customers are natural persons, and to the public sector. Our relations with our customers are governed by the letters of collaboration, and the general business conditions, including use of the personal data we receive. However, “EPIKYKLOS” complies with its obligations arising from the applicable Greek and EU laws on personal data protection, as in force, and the applicable regulatory guidance relating to personal data management.

9. Changes in the Personal Data Protection Policy

“EPIKYKLOS” may occasionally amend this Policy, in order for it to adjust to the national and EU laws, and to reflect our recent privacy practices. When we make any changes, we will record the amendment or revision date at the end of this page, and we will notify you of the changes whenever it is deemed necessary.

10. Contact us

If you have any questions, comments, or complaints concerning the management or protection of your personal data from us, or if you wish to modify your personal data, or to exercise any of your rights as a data subject, you are kindly requested to contact us at info@epikyklos.gr.

Live the Epikyklos Experience

CONTACT US ›