Privacy and Personal Data Protection Policy
Greecebikes respects and protects your personal data by following and applying the provisions of the General Data Protection Regulation – GDPR (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 «on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46 / EC».
Please read our Privacy Policy carefully to learn how Greecebikes, operating as a controller collects, stores, uses and generally processes your personal data when you visit, register or use the platform through any technological or other means (websites and / or applications etc.) and make transactions with it naturally.
This Privacy Policy describes how you use, share and protect your personal information, your choices and your rights with respect to your personal data.
Your use of Greecebikes and / or the web pages and / or services of requires your express agreement (and) with this Policy. Submitting your personal data to the Company constitutes your consent to their use in accordance with this Policy.
If you do not agree, you should refrain from using Greecebikes.
The Privacy Policy may change from time to time in accordance with legislation or developments in the industry. We will not explicitly inform Greecebikes users of these changes.
If you are under 18 years old, you must have your parents’ consent before using the services of Greecebikes.
For questions about our Privacy Policy and any issues related to the processing of your Data and the exercise of your rights, you can contact by e-mail at [email protected]
Attention: Greecebikes will never ask you to provide personal data through third parties, unless these third parties are expressly and in writing authorized for this purpose. In the event that any third party (host, visitor or other) requests the provision of such data, we invite you, on the one hand, to refuse to provide them and, on the other hand, to notify us of the fact in order to take the relevant measures.
Contents
- Definitions
- Principles relating to processing of personal data
- When, why and how we collect and process personal data
- What personal data we collect
- How long are personal data kept?
- Transmission of personal data
- Personal data security
- Hyperlinks (links)
- Website traffic monitoring
- Contact forms and e-mail links
- Rights of the Data Subject
- Definitions
(1) ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
(2) ‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
(3) ‘controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
(4) ‘consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
- Principles relating to processing of personal data
Greecebikes follows all of the principles set forth in Directive 2016/679, personal data shall be:
(a) processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’).
(b) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall, in accordance with Article 89 (1), not be considered to be incompatible with the initial purposes (‘purpose limitation’).
(c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’).
(d) accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’).
(e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89 (1) subject to implementation of the appropriate technical and organisational measures required by this Regulation in order to safeguard the rights and freedoms of the data subject (‘storage limitation’).
(f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’).
- When, why and how we collect and process personal data
We collect and process personal data only if you give us your explicit consent / consent and to the extent that such collection and / or processing:
(a) is necessary for the performance of the contract between us, and / or
(b) is necessary to take measures before the contract is concluded, and / or
(c) is necessary to comply with our legal obligation (tax, insurance, etc.), and / or
- d) is necessary for the purposes of the legitimate interests pursued by our company as a controller or a third party, in accordance with the law.
We collect solely the personal data we receive from you in any way, such as through the use of the Website and / or the Webpage and / or any applications of Greecebikes, e-mail, contracts, newsletter, etc.
- What personal data we collect
We collect the minimum required data only to the extent strictly necessary to achieve the intended purpose, that is, the performance of our contract and / or the compliance of our company with a legal obligation and / or the pursuit of our legitimate interests.
You are kindly requested to inform us of any changes to your personal information so that it is always up-to-date and accurate. In the event of an update, the old data, where it is no longer necessary to achieve the objectives pursued, will be permanently deleted.
In this context, the personal data collected on a case-by-case basis for the achievement of the objectives pursued are as follows:
- Identity and Contact Information of yours or of third parties to whom you have obtained explicit consent (name, surname, father’s name, business title, telephone number, home address, head office address, contact address, e-mail, etc.), and/or
- Financial Information (VAT, Tax Code, Hellenic Business Registry Number, Bank Account Numbers, Credit Card Details, Payment Receipt, etc.), and / or
- Electronic identification data (where required during the Company’s provision of services to you), and / or
- Any personal information you voluntarily or occasionally send to us is necessary for the achievement of the objectives pursued, even if not expressly stated herein.
- Any information you enter while using the Website and / or the Webpages and / or any applications of Greecebikes
Furthermore, when you visit the websites and / or webpages and / or applications of all kinds of Greecebikes, our company reserves the right to collect non-personally identifiable user information about your computer, mobile phone or any mobile device you use for your browse (browser, type of computer, operating system, internet providers, device recognition, geographic location, search history, etc.) and / or monitor Internet Protocol (IP) addresses using similar technologies (cookies). Cookies are small text files that are stored on each user’s hard drive without access to documents or files from the user’s computer.
For more information about cookies please visit our Cookies Policy page.
- How long are personal data kept
We retain your personal data only for the period necessary to achieve the intended purpose, that is, the performance of our contract and / or compliance with our legal obligation and / or the pursuit of our legitimate interests. It is clarified that these include the satisfaction of legal, tax, accounting and other receivables. As a result, your data will be retained for as long as our contractual relationship lasts and in any case (even if the contract is terminated sooner) until the expiry of the relevant claims and for as long as required by tax or other legislation, the applicable legal and regulatory framework, and approved codes of conduct. In the event of a pending litigation (legal or extrajudicial) beyond this timeframe, we will keep your data until the dispute is settled by an extrajudicial settlement or irrevocable court order.
We also keep your personal information when contacting us for inquiries for the time required to process them and to respond to you. If you have given your consent to the conservation of your personal data (such as for a newsletter or for promotional purposes) we will keep your data until you unsubscribe or request deletion or after a period of inactivity.
After the expiry of the retention time, personal data that is in physical form will be destroyed, and those in the company’s information systems will be anonymized so that you can no longer be identified.
- Transmission of personal data
We only transmit your personal data to the extent necessary to achieve the intended purpose, that is, the performance of our contract and / or the compliance of our company with a legal obligation and / or the pursuit of our legitimate interests and only to related people with the achievement of the above objectives.
In this context, we inform you that we may transmit your personal data:
(a) to employees and executives of our company and people cooperating with the company in the execution of our contract;
(b) to companies affiliated with our company,
(c) to third parties not related to us (e.g. lawyers, tax consultants, business consultants, audit firms, etc.) where required for our legitimate business and business needs and / or the protection of our legal rights,
(d) to specialized service providers, such as consulting and auditing services, record keeping and management companies, IT companies, printing, organizing and delivering services, shipping, postal and courier companies;
(e) Judicial, Public Prosecutor’s, Police, Tax (e.g. Independent Public Revenue Authority (IPRA), Insurance (e.g. Single Social Security Entity (SSSE) and other Public Authorities and / or Services)
(f) Independent Authorities, such as the Consumer Advocate, the Consumer General Secretariat, the Personal Data Protection Authority.
We may transfer the personal information we collect from you to third countries or international organizations, if necessary. And in this case, we will take appropriate measures to protect your data in accordance with this Policy.
- Personal data security
We take and apply appropriate technical and organizational measures where appropriate to ensure an appropriate level of security to safeguard the security of personal data with the aim of safely storing it and preventing accidental loss or destruction and unauthorized and / or illegal access, use, modification or disclosure thereof.
We also take and enforce measures to ensure that personal data is processed only by people authorized to do so in accordance with this Policy, this Directive and the Law.
- Hyperlinks (links)
Websites and / or webpages and / or applications of all kinds at Greecebikes, may include links to, or receive information from, third party websites, websites, etc. The company bears no responsibility for the policies and / or compliance of them with third parties.
Greecebikes does not track its users on third party websites and therefore does not respond to DoNotTrack (DNT) signals. The Company does not allow third parties to collect personal data directly from our users on our website such as through the use of third party advertisements.
- Website traffic monitoring
Like most sites, this site uses Google Analytics (GA) to track user activity. We use this data to determine the number of our site visitors to better understand how they find and use our web pages. Although GA records data such as your geographic location, your device, your web browser, and your operating system, none of this information identify you to us. GA also records your computer’s IP address, which could be used to identify you, but Google does not provide access to it. We believe that Google is a third data processor that is compliant with the requirements of European legislation.
- Contact forms and e-mail links
If you choose to contact us using a contact form or an email link, none of the data you provide will be stored to our site or transferred or processed by any third party data processor. Instead, these data will be sent to us via an SMTP protocol (Simple Mail Transfer Protocol). Our SMTP servers are protected by a TLS security protocol (also known as SSL), meaning that email content is encrypted before being sent over the Internet. The content of the email is decrypted by our local computers and devices.
- Rights of the Data Subject
We respect and satisfy all of your rights to the protection of your personal data as set forth in Directive 2016/679, and in particular you have:
- Access Right, to obtain information about the type of personal data being processed, the purposes of the processing, any recipients thereof, the storage period, the information on your related rights.
- Right to Rectification, to correct any inaccurate data or to fill in gaps.
- Right to Erasure (“right to be forgotten”), for deleting personal data provided that such data is no longer necessary for the purposes for which it was otherwise collected or processed, there is no other legal processing basis (such as when they are prescribed by tax law), there are no compelling and legitimate reasons for processing (such as when they are necessary to protect our legitimate interests before the Court or other Authority)
- Right to Restriction of Processing,
- Right to data Portability, to obtain personal data relating to it, provided by the controller in a structured, commonly used and machine-readable format, and the right to transmit such data to another controller if the processing is (a) based on consent or (b) necessary for the performance of the obligations and for the exercise of specific rights of the controller or data subject in the field of labor law and social security and social protection law or c) based on a contract or d) processing is carried out by automated means.
- Right to Object, to discontinue the processing of personal data relating to it, including profile development, for reasons related to its particular situation, unless such processing is based on compelling and legitimate reasons that outweigh the interests, rights and the data subject’s freedoms or for the foundation, exercise, or support of legal claims.
- Right to lodge a complaint with the Supervisory Authority. The competent authority in Greece is the Personal Data Protection Authority, which is based in Athens, Kifissias str. 1-3, tel.: 2106475600, fax: 2106475628, complaints email: [email protected], website: www.dpa.gr.
The prerequisite for filing a complaint is prior communication with our company and a specific request. You can send your request to: [email protected]. We kindly request that you have complete contact details and a detailed description of the right that you believe has been infringed and your request in order for us to be able to take the appropriate action. We may contact you for further information. We will respond to your request within one month of receiving it.
If you have any questions about this Policy and / or any other Greecebikes Policy feel free to contact us.