PRIVACY AND PERSONAL DATA PROTECTION POLICY
[IN CONFORMITY WITH EU REGULATION 2016/679]
In addition, it is noted that SCL's website contains links to other websites and has content from third-party providers that are operated and maintained by them without SCL's control. This privacy and protection policy applies only to the services provided by SCL and her website. When you follow links to other sites or use third party services and products, you should accordingly read their privacy policies.
1. EU REGULATION 2016/679 AND IMPLEMENTATION
Regulation 2016/679 (hereinafter referred to as the "Regulation") is the legislation of the European Parliament and the Council of the European Union of 27 April 2016 protecting fundamental rights and freedoms of natural persons, and in particular, their right to the protection of personal data; it has entered into force since 25/05/2018. The Regulation, which repealed the earlier Directive 95/46/EC, lays down rules on the protection of individuals with regard to the processing of personal data, rules on the free movement of personal data, and replaces the existing legal framework to protect the individual from the processing of personal data. From 25/05/2018 any reference to the provisions of Directive 95/46/EC and Greek Law 2472/1997 is considered to refer to the provisions of the Regulation. It is widely known as the General Data Protection Regulation (GDPR) and is based on paragraph 1 of Article 8 of the Charter of Fundamental Rights and Article 16 (1) of the Treaty on the Functioning of the European Union, which stipulate that every person has the right to the protection of personal data concerning him or her. The Regulation applies to wholly or partly automated processing of personal data and the non-automated processing of such data that is or will be included in a filing system within the activities of an establishment of a controller (or processor) in the Union, irrespective of whether the processing takes place within the Union; a filing system is any structured set of personal data which are accessible according to specific criteria, whether centralized, or decentralized or dispersed on a functional or geographical basis. However, the Regulation does not apply to a natural person in the context of a purely personal or household activity, and to the Authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offenses or the execution of criminal sanctions, including the protection and prevention of risks threatening public security.
3. PERSONAL DATA DEFINITION AND PERSONAL DATA PROCESSING
Personal Data means any information relating to an identified or identifiable natural person ("data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Personal Data Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction -processing examples: access/search for information in a contact database containing personal data, sending promotional emails, destroying documents containing personal data by means of shredding, storing IP addresses or MAC addresses, etc. The processing of personal data is carried out by a controller, a natural or legal person, a public authority, a service or another body which, alone or jointly with others, determines the purposes and how to process personal data. In this case, the controller is SCL.
There are some special categories of personal data whose processing is generally prohibited (sensitive data). Such is data which reveals racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union memberships, as well as genetic and/or biometric data relating to the sexual life of a natural person or sexual orientation, or data related to the health of a physical person, in other words related to physical or mental health (including the provision of healthcare services), and which reveals information about the situation of his/her health. These data are protected by the law with stricter settings than other personal data. Exceptionally, such data may be processed provided that the data subject has given his / her explicit consent to their processing for one or more specific purposes, unless the law of the Union or of a Member State provides that the prohibition of processing can not be removed by the data subject; consent is any indication of will, free, specific, explicit and in full knowledge, by which the data subject manifests that personal data relating to him/her may be processed.
It is also permissible to process such special categories of data provided that the processing: (a) is necessary, if permitted, for the performance of the obligations and the exercise of specific rights of the controller in the field of labor law and social security, as well as social security law and/or (b) it is necessary to protect the vital interests of the data subject or other natural person if the data subject is physically or legally incapable of and/or (c) it is necessary for the establishment, exercise or support of legal claims or where the courts are acting in their judicial capacity, and/or (e) is necessary for reasons of substantial public interest under EU or Member State law which is proportionate to the objective pursued, respects the essence of the right to data protection and provides for appropriate and specific measures to safeguard the fundamental rights and interests of the data subject, etc., in accordance with the provisions of Article 9 (2) of the Regulation.
4. PERSONAL DATA PROCESSED BY SCL
The personal data to be requested and processed (ie: collected, registered, organized, stored, adapted, altered, used, disclosed, transmitted, erased and/or destroyed) by SCL from her clients, depending on the respective legal basis (see figures 5 and 6 below) is usually:
• Identity data: such as title, full name, surname and/or surname, company name (if clients represent a legal person), identity card and/or passport number, date of birth, gender, nationality, surname, nationality and date of birth of minors by the holders of parental responsibility over them and when solely tourist services are to be provided to those minors, etc.
• Communication data: such as location, address and home number, postal code, e-mail address, home and/or work phone and/or mobile phone numbers, etc.
• Professional Data: such as profession, specialty, scientific title (Dr., LL.M., M.D., etc.), academic status (professor, associate professor etc.), professional address and/or job description etc.;
• Tax and/or Financial Data: such as tax identification number, tax office, credit or debit card details (number, type, holder name, card expiration date, ccv), invoice or proof of service, etc.
• Data from the Use of Electronic and/or Digital Services: such as cookie IDs and Internet protocol addresses (see figure 6.5 in detail), location data or other online identifiers, etc.
• Transaction and Communications Recording Data: such as telephone, fax, and e-mail (email, messenger, viber etc.), communications following prior client feedback and in accordance with the relevant legal requirements (eg. quality assurance and proof of service, any answers to requests or questions, etc.);
• Special Categories of Data: such as health issues that may affect their clients' travel, medical certificates for airlines' reimbursement procedures etc.; and
• Other Data: such as a frequent flyer number, further information required by another travel agent (airlines and shipping companies, hotels, etc.), interests, habits and client preferences to provide more specialized services (preferred hotel floor, smoking room, type of bed, etc.), arrival and/or departure dates, room and ticket numbers, etc.
However, the above personal data list is not exclusive, and collection of data, as well as its overall processing, depends on the service or services that clients require to be provided. Furthermore, the personal data provided to SCL by her clients shall be complete and accurate and shall be promptly updated with clients' own care in every instance of change, or whenever deemed necessary by SCL for both the maintenance of their contractual relations with SCL, as well as the fulfillment of a SCL obligation resulting from the legislation and the regulations in force.
SCL requires clients' explicit consent -which it may naturally be revoked at any time- when SCL shall process specific categories of personal data from those aforementioned, for one or more specific purposes (Article 9.2.a of the Regulation) as above referred unless, amongst other things:
• processing is necessary, if permitted, to fulfill the obligations and exercise of specific rights of SCL or her clients in the field of social protection law (Article 9.2.b. of the Regulation), and/or
• processing is necessary to protect the vital interests of her clients, to establish, exercise and/or support both legal claims of clients and SCL as a controller if her clients are, or become physically or legally incapable of of giving consent, e.g. inability to act, etc. (Article 9.2.c. Regulation), and/or
• Sensitive data has been manifestly made public by the client (Article 9.2.e. of the Regulation).
The concept of SCL clients' processing of data specific categories includes the collection by third parties acting on their behalf, as well as by a client (natural or legal person) related to SCL's clients. Also, if SCL clients provide her with personal data of third parties, they should have obtained their consent, and have them referred to SCL's protection policy.
5. LEGAL BASIS FOR SCL CLIENT'S PERSONAL DATA PROCESSING
SCL is permitted by Greek and EU legislation to process the aforementioned personal data if she has a legal basis for doing so. It is also required to disclose client the reasons for the processing. As a consequence, SCL is based on one of the following cases when processing her clients' personal data:
• client's consent (Article 6.1.a. of the Regulation), which the client may conditionally withdraw at any time by contacting SCL,
• the performance of a service agreement -a contractual relationship- or when -at the request of the client prior to the conclusion of the agreement- undertaking measures necessary to conclude a service agreement -contractual relationship (Article 6.1.b.) of the Regulation,
• a legal obligation (Article 6.1.c. of the Regulation), in particular when the processing is necessary for SCL's compliance with her legal obligation unto the regulatory, judicial and other authorities and Agencies, or it is required by the applicable law, the supervisory framework, as well as the decisions of these bodies,
• an SCL's or a third party's legitimate interest, unless such interest overrides the interest or the fundamental rights and freedoms of the data subject. that require the protection of personal data, specifically if the data subject is a minor (Articles 6.1.d. and 9.2.d. of the Regulation), and/or
• client's explicit consent on specific categories of data (Article 9.2.a, of the Regulation) that client may conditionally withdraw at any time by contacting SCL.
6. PURPOSE AND OPERATIONS FOR PERSONAL DATA PROCESSING
SCL will demand her clients those personal data strictly necessary for the following purposes (actions, operations, processes, etc.), based on the following legal bases:
6.1. PRE-CONTRACTUAL RELATIONSHIP: When registering as a "new client" and/or processing a client request prior to the conclusion and signing of the service agreement, SCL will process the following data:
♦ first name and surname
♦ father's name,
♦ company name (if client is representing a legal person),
♦ an email address, and/or
♦ work, home and/or cellular phone numbers.
Legal bases for the processing of the above data and for the purposes herein are:
• client's consent, which he/she may, under certain circumstances, withdraw at any time by contacting SCL
• the conclusion and signing of an agreement on the concept of undertaking measures at the request of the client necessary to proceed to a contractual relationship with SCL, such as, but not limited to: the evaluation of the client's request by SCL so as to proceed with an offer proposal to the client, questions to hotels for the availability of rooms and/or airlines for the availability of tickets etc. on behalf of the client, and
• SCL's legal obligation when processing is necessary to comply with her legal obligation to the police, judicial or other authorities, such as, for example, providing information to a public authority, comply with the principle of terrorism prevention, etc.
6.2. CONTRACTUAL RELATIONSHIP: In performing the tourism services agreement, and for the performance of her contractual obligations, when providing clients with services related to:
(a) their participation in an ORGANIZED TRAVEL (of cultural, professional or educational interest etc.) in Greece and/or abroad, or
(b) the provision of GENERAL TRAVEL SERVICES to clients, on an individual or group basis, both in Greece and abroad, and for the performance of SCL's contractual obligations when providing such services to clients, such as air-ticket, hotel, spa and resort centers reservations, rental of cars, buses, charter flights, visa issuing, and/or
(c) participating in a CONFERENCE - SEMINAR - MEETING - or OTHER VARIOUS EVENTS (corporate etc.), or participating in extreme sports' events and recreational activities organized in Greece and abroad,
and in order to perform capably, completely and uneventfully the tourism services agreement in relation to the above processes (accommodation, travel, nutrition, client insurance, overall management of the relevant reservations, as well as ensuring the payment of her services by the counterparty); SCL will process, if required, some of the following personal data, in addition to those mentioned in figure 6.1.:
♦ mother name,
♦ ID card and/or passport number,
♦ date of birth, sex,
♦ name, and date of birth, citizenship/nationality of minors granted only by the holders of parental responsibility over them and if only tourism services are to be provided to those minors,
♦ tax identification number,
♦ tax office,
♦ credit or debit card details (number, type, holder name, card expiration date, ccv -however, SCL does not store, at any payment's execution stage this data, but she uses it to execute the payment via a POS service,
♦ address for the issuance of the invoice, etc.,
♦ recording of telephone, fax, electronic, etc. communications upon prior notification of the client and in accordance with the respective legal requirements (eg. to be able to control call handling procedures and ensure that it provides a high level of client service, or to prove her contractual relationship with the client, etc.)
♦ frequent flyer number,
♦ driving license number in the event of a car rental reservation,
♦ Interests, habits and client preferences so as to provide more personalized services (eg. preferred hotel floor, smoking room, bed type, etc.)
♦ dates of arrival and/or departure,
♦ room and ticket numbers, and/or
♦ any further, additional, information required by an other tourism service provider (airlines and ferry companies, hotels, etc.)
SCL may also process special data categories for the purposes of her operations listed under (a) [package travel] and (b) [general travel services] such as:
♦ health problems due to which the client asks for assistance, or when a specific permit is required,
♦ medical certificates for airlines' reimbursements, and/or
♦ allergies, or other nutritional needs of the client.
In addition, when SCL provides her clients the service listed above under item (c) [that is, "participation in conferences, scientific events, etc."], SCL may also process -in addition to the data referred to above and accordingly applicable if the above mentioned (a) and (b) services are provided in conjunction with the (c) service- the following data as well:
♦ health issues that may affect the client's participation in an event (athletic or other)
♦ data (attendance rates) required for the issuance of participation/attendance certificates or continuing training certificates (medical, legal, economic, etc.) when it is additionally required by the regulations pursuant to the relevant regulatory frameworks of legislation (circulars, etc.), or, additionally,
♦ any other data which is generally required for the proper performance of SCL's secretarial duties before, during and after any event, etc.
Legal bases for the processing of the above data and for the purposes herein are -when applicable and as appropriate:
• the explicit consent of the client when dealing with specific categories of data that he/she may, under certain conditions, withdraw at any time by contacting SCL
• the execution of the tourism services agreement between the client and SCL
• SCL's legal obligation when processing is necessary for SCL to comply with her legal obligations to police, judicial, tax or other authorities, including but not limited to SCL's compliance with tax invoices and transaction records relating to the services provided, completion of tax returns and relevant forms for the fulfillment of her tax obligations, provision of information to a public authority etc. for the prevention, detection and investigation of crimes and cyber risks, or at the request of a public authority,
• SCL's legitimate interest in carrying out her business activities, including, but not limited to: asserting her financial requirements for her services, managing her business, providing best services to her clients, unless, certainly, the interests or the fundamental rights and freedoms of the client that require the protection of their personal data of the client prevail over SCL's interests; and
• the protection of a client's vital interest or other person's whose client exercises custody, such as, for example: whether he/she is physically or legally incapable to grant a consent, or is in need of assistance due to health problems, or when required to issue a specific permit etc., or to provide medical certificates to airline companies for a refund because of his/her inability to travel etc.
6.3. QUESTIONS - COMPLAINTS - CLIENTS' OPINION: When processing and responding to client inquiries about SCL's services, or when requesting information and/or clarification, or in order to deliver materials that have been requested by the client, or to look into client complaints regarding her services, or for the opinion of her clients about the quality of her services, or to assess their satisfaction and subsequently improve or upgrade her services' level, SCL will process some of the mentioned under figure 6.1. and 6.2. data, as and when required.
Legal bases for the processing of this data and for the purpose herein are:
• the explicit consent of the client, as specifically mentioned above,
• the execution of the tourism services agreement between the client and SCL,
• SCL's legitimate interest in carrying out her business activities, including but not limited to: managing her business, improving her services, developing additional services, further training her staff, satisfying clients' requests, etc., under the conditions set out in the Regulation and mentioned above (eg. the interest or fundamental rights of the client).
6.4. PROMOTIONAL OPERATIONS - CLIENT UPDATES: When carrying out promotional activities and, after a service has been provided, to inform the client for any new services (informative material with travel proposals, conferences, events, etc.,) as well as products or services related to those which may be of client's interest, either orally or in writing (electronic, printed, or by other means) such as, for example, via telephone, email, newsletters, SMS, postal mail, etc., as well as when the client provides his/her e-mail address via the SCL's website in order to receive the newsletter, etc., whether or not he/she had participated in a trip, event, etc., SCL will process data such as:
♦ first name and surname
♦ place, address, home number and zip code
♦ email address
♦ home, work and/or cellular phone numbers, and/or
♦ skype, messenger, viber etc. communication data.
SCL may also, in the list of people to whom SCL send newsletters, add those who provide their email addresses when contacted and who inquire for informative material; following each informative material (newsletters etc.) sending/shipping, the recipient client has the right to declare that he/she does not wish to receive this material from that time on.
Legal bases for processing this data and for the purpose herein are:
• the explicit consent of the client, as specifically mentioned above,
• the execution of an agreement between the client and SCL when the client requests information material sending/shipping as a service; and
• SCL's legitimate interest in carrying out her business activities, including, but not limited to: managing her business, promoting and improving her activities and services, personalizing client communication, etc.
Google Analytics Cookies: By using these "cookies" (listed below in terms of type, duration, and protection), the SCL Website discloses data to third parties using the Google Analytics data analysis services offered by "Google" by placing "cookies" stored on the visitor's electronic device and transferring site traffic data to the "Google" servers in order to: (a) provide information to evaluate the use visitors make on the Website; (b) provide Website administrators with reports on these activities; and (c) provide other services related to the use of the website and the internet (such as improving the advertising purchased by SCL from the Google Network). These services do not identify individual users, and do not associate the visitor's IP address with any other data that Google maintains. Google may process the data as described in its "Googles Private Policy," and transfer some of this data to third parties provided it is provided for by law or if any third parties process it the data on its behalf. By using the SCL website, the visitor agrees to process its personal data collected by "Google" in the manner described above. Visitors to the SCL website may at any time delete cookies from their device and/or deactivate cookies at any time, or put an "alert" every time they receive one of them on their device by adjusting browser settings before it enters its Website. It can also install one of the cookies' add-ons or plug-ins available for its browser to gain more control over when they are installed. For more information, please refer to your browser's user guide ("browser") that you use on your device, or other websites, such as "www.allaboutcookies.org" and "www.youronlinechoices.com." However, disabling cookies may potentially affect the functionality of the SCL website, or other websites you visit.
In any case, cookies installed through plug-ins on social networking sites and relating to content sharing between certified social networking members who have already logged in (Facebook, Google+, etc.) are excluded from the general obligation to inform and obtain visitor consent (Article 4 (5) of Law 3471/2006 - Opinion 4/2012 of the EC Working Group on Article 29) of the SCL website. The same applies to "cookies" that simply "remember" the visitor's choices about the presentation of the site (eg. "cookies" referring to the choice of language or the presentation of search results on the SCL website) and are installed for the security of the visitor, "cookies" with multimedia content and/or "cookies" that are necessary for the realization of the load balancing technique in a connection to an internet site.
SCL sometimes uses the following "cookies," but only with the consent of the visitor and after having been properly informed:
II. MARKETING COOKIES: Track visitors across websites. Their intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.
The collection of the above "cookies" implies low privacy risks and allows SCL to personalize the web experience of visitors to the website, improve its performance, usability and effectiveness, and evaluate the effectiveness of its service promotion activities. Legal bases for processing this data for the purpose here are:
• the consent of the visitor to the SCL website, and
• SCL's legitimate interest in carrying out her business activities, including but not limited to improving her services and online experience, displaying offers of interest to the website visitors, website security, etc.
7. HOW WILL SCL DEMAND AND COLLECT PERSONAL DATA FROM CLIENTS?
SCL will collect personal data via phone, email, fax, mobile phone (sms), or other electronic means (cookies, etc.):
• provided by her clients each time they use SCL's services, after their respective mandate given to SCL for the provision of the above-mentioned tourim services; and/or
• provided, in addition, voluntarily by SCL's clients when communicating with SCL using her call-center (e.g. by sending clients additional information, etc.), or by the visitors to SCL's website and/or
• SCL does not make decisions based solely on automated procedures for processing personal data.
8. HOW DOES SCL USE THE PERSONAL DATA PROVIDED BY HER CLIENTS?
All information related to personal information of SCL's clients is kept confidential. SCL administrator and SCL's partners employed in SCL's facilities only, have access to the data regarding the execution of specific actions and tasks. SCL does not disclose, sell, lease, and otherwise exchange, or otherwise transmit the personal data of her clients to third parties without her clients' consent, unless it is required by a court order or decision of any other public authority; "third party" means any natural or legal person, public authority, service or body, except the data subject, the controller, the person who executes the processing, and the persons who, under the direct supervision of the controller or the person who executes the processing are authorized to process personal data. However, SCL may need to disclose and/or transfer clients' personal data to meet their requests or business needs, and provide her services properly if required by law or contract and is lawful, as well. SCL transfers data which is necessary for the fulfillment of her respective target and purpose, and ensures the confidentiality of the personal data of her clients:
• with the explicit consent of SCL's clients, as mentioned above, and/or
• for any legitimate purpose in accordance with applicable law, or upon request for information, e.g. with competent Public Authorities and/or Agencies, Courts, Regulatory Bodies, when reasonably necessary for SCL's compliance with the legislation (eg. the regulatory framework for scientific events and conferences legislation, etc.).
• SCL may also share personal data of her clients with the scientific body/organizer of a scientific event in which clients are or will be participating, or with payment providers and/or other financial institutions in case of cancellation and return, or refund of electronic payments, etc.
SCL solely transmits personal data of her clients only in countries where the European Commission considers those countries provide an adequate level of protection. If it is necessary to grant access to personal data of SCL's clients to Suppliers located in countries outside the European Economic Area (EEA), SCL will ensure equal level of clients' information protection as offered by SCL herself. Whenever SCL transfers clients' personal data outside the EEA, SCL ensures a similar degree of protection for them by ensuring that one of the following protection measures is implemented:
• that the personal data transfer is necessary for the performance of the agreement signed and contracted with SCL's clients (eg. on flights with an airline based in a non-EU/EEA country)
• that the transfer will be based on the standard data protection clauses for the transfer of personal data to non-EU/EEA countries adopted by the European Commission; and
• the EU-U.S. Privacy Shield, where the transfer is in the United States of America and the recipient is legally certified.
If none of the above conditions apply, transmission may be made if:
• the client has provided SCL with his/her explicit consent, and/or
• transmission is necessary for establishing or exercising legal claims or defending SCL's rights, or there is an obligation bearing SCL under the law or a trans-national contract.
Minors need special protection when their personal data is processed, especially because they are unaware of the risks that this data processing might entail; therefore, SCL does not request or process any information by or for any minor under 16 years old without the consent of his/her parent/s or any other holder of parental responsibility over them, and shall make every reasonable effort to verify the age and the identity of the consenting person in the case of a minor (child) under 16 years old. If you are a parent or otherwise have a minor custody, and believe that this minor has revealed personal information/data to SCL, please contact SCL the soonest possible. If in any way it comes to the SCL's knowledge that some information communicated to her relates to a minor for whom the requred consent has not been received by minor's holder of parental responsibility, SCL will immediately delete the information from her records, and will ensure and secure that this information/data will no longer be disclosed to any third party.
10. HOW LONG DOES SCL RETAIN CLIENTS' PERSONAL DATA?
SCL retains the personal data of her clients throughout the duration of the contractual relationship between them and until termination. SCL then deletes the personal data of her clients unless it is required to retain part of this data for accounting reasons, other legal reasons for data retention (such as continuing contractual relationships with clients, etc.), but not exceeding twenty (20) years.
SCL retains the personal data of clients who have granted their explicit consent for receiving SCL promotions or newsletters, emails, etc. until such consent is withdrawn from SCL in accordance with the provisions of applicable law and as described above.
Data, such as the credit or debit card number, type, holder name, expiration date and ccv is not stored, and it is only used for the POS terminal operation to perform the respective transaction.
With regard to cookies, clients or visitors to the SCL's website may withdraw their consent at any time, as specifically and in detail outlined above.
In the event of litigation, personal data relating to SCL's clients will be in any case retained until the end of the Lis-pendens.
11. HOW DOES SCL PROTECT CLIENTS' PERSONAL DATA?
Access to SCL's clients' personal data for the execution of specific actions and tasks, when those required, is only provided by the administrator and SCL's partners, as above mentioned. Throughout the data processing cycle (from collection to destruction), SCL uses appropriate business systems, security procedures, internal processes and policies (such as staff training), technical and physical constraints for the access and use of personal data into her servers to protect her clients' personal data from any misuse, alteration, tampering, disclosure, loss, unauthorized access, destruction, or other illegal processing, in and out the internet.
All personal data of SCL's clients is non-accessible; access to SCL's computerized system ("Server") is controlled by a "Firewall" programmed and used to denote a device or program which is so configured to allow or reject data packets that pass from one computer network to another. It allows, in other words, the use of specific services, while prohibiting access to confidential data and information systems and databases with confidential data and information.
In the event that you visit SCL website and linked to third party websites (hyperlinks), please be aware that SCL does not control and is not responsible for the management and protection terms and conditions of personal data that those third party websites follow, and urges her clients to carefully read and understand the privacy policies of those third-parties.
12. SCL CLIENTS' RIGHTS RELATING TO THEIR PERSONAL DATA
SCL clients (and visitors to SCL's website, as the case may be and as described above) have the following rights:
♦ Right to Information on the processing of their personal data: client has the right to know that his/her personal data are being processed and for which purpose.
♦ Right of Access: to be aware of the categories of personal data that SCL maintains and processes, data sources, purpose of processing, categories of data recipients, time of data keeping, their rights, and the right of access to a copy of the their personal information;
♦ Right of Rectification: request the correction of inaccurate data and/or the filling in of incomplete personal data by means of a supplementary declaration so that it becomes complete and accurate, by providing any necessary documents that indicate the need for correction or completion;
♦ Right to Restriction of Processing: to request the limitation of their personal data processing;
♦ Right to Erasure ("right to be forgotten"): to request the deletion of their personal data from the records maintained by SCL;
♦ Right of Object: to oppose any further processing of their personal data retained by SCL;
♦ Right to their data portability: request the transfer of their data from SCL to any other controller; and/or
♦ Reservation of a right to complain or complain to the Hellenic Data Protection Authority provided that clients believe that their rights have been infringed in any way.
The rights of Restriction of Processing, Erasure, and Object may not be fulfilled, in whole or in part, as long as they involve personal data required for the preparation and/or continuation of the client's agreement with SCL, irrespective of the source of their collection. SCL has in any case the right to refuse the client's request to restrict the processing or erasure of its personal data, if the processing or retention of his/her personal data is necessary for the establishment, exercise or support of SCL's legitimate rights or the fulfillment of SCL's obligations resulting from the legislation. The exercise of the above "Rights to Data Portability" does not entail the deletion of the data from SCL records, which is subject to the terms of this paragraph. The exercise of the above-mentioned clients' rights (or visitors' to the SCL website rights) applies only in the future and does not relate to data processing already carried out and may always be exercised under existing legislation (such as tax or labor law).
SCL clients will not be required to pay any fees to access their personal data. However, SCL reserves the right to charge a reasonable fee if a client's request is clearly unfounded, recurring or abusive but also for the processing, when data has been provided incorrectly by the client and would, likely, cause problems on the provision of the services (eg. client not being able to travel by air). Alternatively, SCL reserves the right of refusal to comply with such a client request in these cases.
SCL keeps a record of her clients' communication messages to resolve any issues they may have. In any case, SCL will handle her client requests in accordance with the applicable personal data protection legislation. SCL will make every effort to respond to her client request within twenty (20) days of its submission. This period may be extended for twenty (20) additional days if, on SCL's sole discretion, deemed necessary, taking into account the complexity of the request and/or the number of requests. SCL will inform, within fifteen (15) days, the client whenever the deadline is extended. For the exercise of your rights, you can contact SCL in writing to the following address of the Processing Manager or to this e-mail.
Applicable law is the Greek law, as is configured in accordance with the General Regulation on the Protection of Personal Data 2016/679/EU and, in general, the current national and European legislative and regulatory framework for the protection of personal data.
Competent Courts for any disputes arising in connection with SCL clients' personal data are the competent Courts of Athens.
PERSONAL DATA CONTROLLER
SCL FIRST EVENTS, CONGRESS & TRAVEL P.C.
Address: 3 Proussis str., 10440 Athens
Tourism Agency Registration No: 0206Ε60000633301
General Commercial Registry No: 144538001000
Tel .: +30 2108228950
Fax: +30 2108228901