Privacy Policy

The personal data collected by the website ‘spay.gr’ are explicitly used to facilitate online, or other, communication activities and under no circumstances are they sold, rented or in any way conveyed and/or disclosed to third parties except in the case where the disclosure of data to the competent supervisory authorities is imposed by an explicit legal provision.

The collection, processing and management of personal data by ‘spay.gr’ pursuant to the relevant EU and Greek provisions on the protection of personal data, shall be subject to the conditions of professional secrecy laid down in this privacy statement.

The visitor/user of the website ‘spay.gr’ maintains the rights derived from the provisions of the Greek and European law, as well as the rights of access, rectification and erasure of his / her personal data.

Privacy Policy and Personal Data Protection

SPAY fully understands the importance of protecting your personal data. Our goal is to ensure that you feel safe on our website.

The following Privacy Policy and Personal Data Protection aims to inform you about the nature of personal data processed by SPAY, the purposes of the processing, the category of recipients and the procedures that data subjects may follow to exercise their legal rights, in compliance with the stringent requirements of the Greek law on data protection and the Regulation (EU) 2016/679 with regard to the processing of personal data. If you do not agree with the terms of this Privacy Policy as it may be amended from time to time, you may terminate your use of this website.

Definitions

Personal Data means any information relating to the ‘data subject’; an identifiable natural person who can be identified, in particular by reference to an identifier specific to the identity of that natural person such as name, address, date of birth and gender, mobile phone number, e-mail address, as well as usage data, for instance, an IP address.

Data Subject: A natural person who is the subject of personal data and who can be identified by means of the provider and the provider’s data about its users/customers.

Data Processing or Processing: Any operation or set of operations which is performed on personal data, such as collection, recording, organisation, preservation, storage, adaptation or alteration, retrieval, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, interconnection, restriction, erasure or destruction.

Consent of the Data Subject: Any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action and after being informed, signifies agreement to the processing of personal data relating to him or her. Such information shall include at least details as to the purpose of processing, the data or data categories being processed, the recipient or categories of recipients of personal data, as well as the name and address of the Controller and his / her representative if any. Such consent may be revoked at any time, without retroactive effect.

Recipient: A natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not.

Third-Party: A natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller, are authorised to process personal data.

Controller: A natural or legal person, public authority or agency which determines the purposes and means of the processing of personal data; where the purposes and means of processing are determined by national or Community laws or regulations, the controller or the specific criteria for his nomination may be designated by national or Community law.

Processor: A natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Filing System: Any structured set of personal data which are accessible according to specific criteria.

Collection of personal data and purpose of data processing

When you visit or navigate SPAY’s website, we collect only the data that are deemed appropriate and necessary to provide you with user-friendly and enjoyable navigation on our website.

These should include in particular:

• Device information
• Information regarding navigation to this website
• IP Address and
• Cookie data

The aforementioned personal data are processed exclusively for the purpose of providing better access to information on this website and ensuring the website’s proper functioning.

More specifically, we collect the following data:

Navigation Data: Data relating to your use of this website, such as the web browser you use, the pages you visited and the website elements you clicked on and which were displayed to you while visiting this website.

Connection Data: Information about the device you use to navigate and use our website (such as the operating system, web browser type, IP address, date and time of access, the proxy server used, imprecise geographical location of the IP address, Internet service provider).

In general, this information is collected using digital identifiers such as a device number, browser cookie or your IP address. These identifiers are used to distinguish the information provided by your browser or device from that of another user’s browser or device.

The collection and storage of the aforementioned data is necessary for the operation of our website to ensure the proper functioning of our website and deliver our website content to your computer. We also use these data to improve our website and ensure the security of our information technology systems. The legal basis for processing the aforementioned data is Article 6, paragraph 1, point f of the Regulation (EU) 2016/679. In any event, we reserve the right to check the server log files should specific evidence point to unlawful use.

Disclosure of personal data

The personal data of our users are not disclosed to third parties. Data transfer to third countries is currently not carried out, nor envisaged.

Data accuracy and duration of data retention

We regularly ensure that the personal data held are accurate and kept up-to-date Your data are held for as long as required in accordance with the purpose of their processing and/or the applicable legal and regulatory framework.

The data retention period is determined by the quantity and nature of your data, the potential risk of damage from unauthorised use or disclosure of your data, the purposes for which we process your data, our ability to fulfil these purposes through other means and/or the applicable legal and regulatory framework.

Rights of data subjects

In accordance with the provisions of the General Data Protection Regulation, you have the right to information about the processing of your personal data and the right to obtain access to the personal data held about you.

You also have the right to request the rectification and/or erasure of your data, to restrict the processing of your personal data in accordance with this Statement and to receive your personal data and send it to another controller (‘data portability’) without any objection from SPAY.

In addition, you may object to the processing of your personal data for the stated purposes at any time with effect for the future and at no cost, separately for each communication channel and you may also request the creation of a personalised user profile.

Any such request of the data subject with regard to the aforementioned purposes should be addressed in writing to SPAY at the email address: info@spay.gr

Upon such request, we have the obligation to notify you regarding any rectification or erasure of your personal data or restriction of processing in accordance with Article 19 of the Regulation (EU) 2016/679.

We reserve the right to further process your data if we can demonstrate that there are compelling, legitimate grounds for the processing which override your interests, fundamental rights and freedoms, or if the processing is necessary for the exercise or defence of legal claims.

In any case, you may submit your request to which we are obliged to respond justifying our decision.

We are required to respond to any such request within one month of receipt of the request. This response time may be extended by two further months where necessary, taking into account the complexity and number of requests. In the event of a delay in responding to your request, we are obliged to inform you of the reasons we have not done so.

You have the right to lodge a complaint with the Data Protection Authority if you are concerned about the manner in which we have processed your personal data. For further details, visit the Data Protection Authority website at www.dpa.gr