Data Protection Statement
This document describes in detail the actions of compliance with the General Regulation for Data Protection 2016/679, also known as GDPR.
Definitions
The Company: our company with the name ““Α.&S.PIKIOKOS Ο.Ε.””, to which the sole ownership of the present website and all its content belongs.
The User: every person who visits our website and every person who obtains a member account to use the services offered.
Website: the website https://gaia-green.gr, which like all the content, belongs to our Company in full and exclusive ownership.
Introduction
Our Company firmly believes in the protection of personal data, in the principles that govern data processing and specifically that: All data are subject to lawful and fair processing in a transparent manner. The data are collected for specified, explicit and legitimate purposes and are not further processed in a manner incompatible with those purposes. The data are appropriate, relevant and limited to what is necessary for the purposes for which they are processed. The data is accurate and is updated when necessary. The data is kept in a format that allows the data subjects to be identified only for the period required for the purposes of the processing. The data are processed in a way that guarantees their proper security. Carefully read this Personal Data Protection Statement, in order to be informed about your personal data that the Company collects and about the way it uses and protects your personal data, as well as about the relevant options and possibilities that you have.
Ways of collecting personal data
The Company may collect your personal data in the following ways (indicative): Registration on the Website, Sending a contact form, Contacts with the Company, Purchase of services, Contact with a representative of the Company by e-mail, telephone or mail, Subscription to a newsletter (newsletter) of the Company, Cookies that are stored on your computer or on your mobile device when you visit our Website websites. Security The Company recognizes the importance of the issue of the security of Personal Data as well as electronic transactions and its related obligations and takes all necessary measures, with the most modern and advanced methods, to ensure the maximum possible security of the User. All information related to the User’s personal data is secure and confidential. We receive your personal data only if you choose to provide it and expressly consent to their processing by our Company.
Security is achieved by the following methods:
Recognition
Two fields are used to identify the User: the Login ID (e-mail or username) and the Personal Security Code (password), which each time they are registered provide access with absolute security to his account. The User is the only one who has access to his data through the above secret code and is solely responsible for maintaining his confidentiality and hiding it from third parties. In case of loss or leakage, you must notify the Company immediately, otherwise the Company is not responsible for its use by an unauthorized person. The Company recommends, for security reasons, the User to change his password at regular intervals and to avoid the use of easily traceable codes (eg date of birth or telephone). It is also recommended to use in addition to letters and numbers and symbols (eg$^*#@!_) when creating the password.
Ensuring the Confidentiality of the Transfer of Your Personal Data
To ensure the confidentiality of data transfer, SSL encryption protocol with RSA key 2048 bits (e 65537) is used. In addition, all the backup systems we use have additional encryption (AES-256) before transmission to an approved cloud provider via SSL connection as an additional data security measure. The backup providers we use today for data storage are: company infrastructure.
Controlled Access
The website is hosted and installed in Data Center infrastructures that have ISO 27001 security standards and meet the GDPR requirements for data protection. Access to the Company’s systems (servers) is controlled by a firewall, which allows the use of specific services by users while prohibiting access to systems and databases with confidential data and information of the Company. The web hosting provider we use today is:
Encryption
By using special software, the Company’s electronic system first decrypts the information it receives before processing it. The Company’s systems send information following the same encryption process. Wherever you enter personal data (password, email, addresses, telephone numbers, credit card number, etc.) there is SSL encryption with RSA key 2048 bits (e 65537).
Confidentiality of Transactions
Confidentiality is self-evident for us. The basic principles that govern the classic transactions also apply in the case of electronic transactions with the Company. All information transmitted by the User is confidential and the Company has taken all necessary measures to remain secure and used only to the extent necessary to service the contract and provide the services. The User, in order to ensure the security of his data, should not make any disclosure of them, nor of the access data to them, to third parties.
Purpose of processing personal data
Your personal data is not used for purposes other than those listed herein and provided by you, unless we obtain your permission, or unless otherwise required or permitted by law. The Company collects by your consent only personal data that are absolutely necessary in order to satisfy your requests and to provide you with the services you choose under the best conditions and in the most efficient way. If and where additional information is required, you will be informed at the time of data collection and you will be asked for consent again. The Company collects data for the communication, the issuance of official written offers and relevant sales documents, in accordance with the current legislation and the requirements of the financial services (Tax Office, taxis, etc.).
Services
The personal data of the User as they arise during the provision of the services he has chosen, will be stored and will be accessible for the execution of the contract and the provision of the services in an efficient way, so that the competent and any strictly authorized partner can execute or monitor the progress of each project.
Service Improvement and Measurements
In addition, the Company collects information when you visit us online, as well as through the emails we may exchange, about how the User uses the services, such as the type of content displayed or the frequency and duration of its activities. Furthermore, the Company collects information from or about the devices through which the User accesses the services, depending on the rights granted. The Company can correlate the information it collects from the various devices of the User, as this contributes to the consistency of the Services provided. The collection of this data allows us to personalize your online experience, to improve the performance, usability and effectiveness of the Website and to evaluate the effectiveness of the promotion activities (marketing) of our services. In particular, login information is collected, such as the name of your mobile or ISP, browser language and time zone, the geographical location of the access device, and its type (Google Chrome, Safari etc.) the IP address of the electronic device through which you access the Website.
IP address
The IP address is a number assigned to your electronic device each time you access the Internet, and for information security and systems diagnostics purposes, this data is collected when you visit the Website.
Cookies
Cookies are small information files that are stored in your computer browser. Websites can only access cookies stored on your computer. Each site that you agree to store cookies in your browser can only access its own cookies and not cookies from other sites. Find out about the relevant European directive at http://ec.europa.eu/ipg/basics/legal/cookies/index_en.htm
Processing of personal data by third parties
We may disclose your personal information to service providers, affiliates and third parties in accordance with applicable law. For example, the Company may outsource the processing of your personal data as defined herein to a specialized company. The Company will disclose personal data only in compliance with this Statement and / or when required by applicable law. Agreements with these affiliates will limit the purposes for which your personal data may be disclosed and processed as set forth herein and will require adequate protection of your personal data. The Company may store your personal data in the cloud. This means that your personal data can be processed by a cloud service provider on behalf of the Company and your personal data can be stored in different locations around the world. The Company uses organizational and contractual measures to protect personal data and to impose similar, but in no way less restrictive, requirements on our cloud service providers, including requirements regarding the exclusive processing of your personal data for the purposes stated herein. . While browsing the Company Website, you may come across links to other websites for practical and informational reasons. These websites may operate independently of the Company and may have their own notes, statements and privacy policies. We recommend that you read them to understand how your personal data is processed in relation to the specific sites, as we are not responsible for the content of sites owned or operated by another company, nor for the use or the privacy practices of these sites.
User Rights
The User has the ability to access his personal data that have been collected and processed by the Company, as well as the right to information, upon request by sending an email to [email protected]. The User can restrict, change, correct, supplement and delete his personal data that are processed by the Company and for this reason he can contact by sending an email to [email protected] or by relevant signed fax to the number (+30) 210.2431356. The User has the possibility to withdraw this consent for the processing of personal data by sending an email to the email address [email protected] or by relevant fax to the number (+30) 210.2431356. After studying the relevant request and identification of the individual, the Company will proceed within a period of one month to satisfy it provided that the request is legal and valid. For any question or for the provision of information related to the processing and protection of personal data you can contact the Company by sending an email to [email protected] or by phone at +30.2310.48.9680. In case of non-compliance within the period of one month, the User reserves the right to complain to the Personal Data Protection Authority (1-3 Kifissias, PC 115 23, Athens, +30 210 6475600, [email protected]) .