Who is the Controller
The Company is the controller of personal data, which it processes in the context of the provision of its services or the sale of products, maintains and processes your personal data with confidentiality and respect for your privacy, taking the necessary technical and organizational measures to further protect them.
Principles We Rely On
The Company is committed to comply with the following principles of personal data processing Article 5 GDPR:
- Legality, objectivity and transparency
- Purpose limitation - Personal data is collected for specified, explicit and legitimate purposes and is not further processed in a manner incompatible with those purposes.
- Data minimization - Personal data is adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed.
- Data accuracy/quality - Personal data must be accurate and, where necessary, updated.
- Retention - Personal data must be kept no longer than is necessary or required by law.
- Integrity and confidentiality – Security must be guaranteed, in particular protection against unauthorised or unlawful processing and against accidental destruction or damage, using appropriate technical or organisational measures.
- Accountability Principle.
Collection of Personal Data
We collect information about you, including in the following cases:
- When you contact contact us directly, through our website, to request information about the products or services we offer.
- If you purchase a product or service from us.
- If your personal data is transmitted to us by Companies, partners or other third parties.
- At the pre-sale or service stage in order to have contact with you and suggest the best possible solution.
We also collect data occasionally, from third parties, who may lawfully transmit to us information about our customers or to whose records we may lawfully have access, such as our external partners, Credit Information and Fraud Prevention Agencies, lawyers, public services (administrative, tax, judicial, regulatory, insurance funds) or other legal entities or legal entities. We process personal data for the purposes as detailed below.
Please help us keep your information up to date by informing us of any changes to your personal data.
What kind of personal data we collect about you
The following categories of data about you may be collected and further processed as described in this Policy:
- Contact Information (e.g. Name, Address, Phone Number, email)
- Professional Status Information (e.g. Profession)
- Payment Information (e.g. IBAN/Account No., desired payment method)
- Identification data (e.g. contract code)
- Customer history (e.g. satisfaction rate, quotes received, purchase data, order dates, purchase prices, parts purchase details, complaints)
- Application / website / social media data (e.g. cookies)
Annex 2: "Indicative Data Categories" presents indicative personal data that we process.
Categories of Personal Data Subjects
The categories of subjects include:
- Natural persons in their capacity as employees, directors or partners in a legal person.
- Third parties involved in events related to the sale or provision of our services.
- Our staff
What are the Purposes of Processing & The Legal Basis of the Data Processing
The processing of personal data is based on one of the "legal bases", as referred to in Article 6 §1 of the GDPR. An explanation of the legal bases for processing is available in Annex 1 hereto. The legal basis on which the processing of each use of your data is based refers to each purpose of processing.
Sales & Contract Management – to process the sale, configure the appropriate solution and manage the Contract. [Art. 6§1(a), 6§1(b) and 6§1(f) GDPR].
The provision of personal data in the context of sales of our products or the provision of services is a contractual obligation and failure to provide them will affect the proper performance of the contract or make it impossible.
Customer Support - for answering queries and for technical support regarding our products and services. [Art. 6§1(a), 6§1(b) and 6§1(f) GDPR]
Promotion and Marketing Actions - to answer questions and to inform about our news and our products [Art. 6 §1 (a) and 6§1(f) GDPR].
Consent regarding marketing can be revoked at any time, with effect for the future.
For existing customers, consent is not required, since the possibility to oppose Law 3471/2006, Article 11 §3 is provided in a clear and distinct way
Adherence to our Legitimate Interests – e.g. to improve our products and services, prevent and detect fraud against us [Art. 6 §1, (f) GDPR]
Compliance with our Legal Obligations - to comply with our legal obligations to police, regulatory, tax, accounting, statutory auditors, judicial authorities and services [Art. 6 §1(c) GDPR].
The provision of personal data as above, is a legal obligation that depends on the specific request.
Processing of Special Categories of Data: According to Article 9 §1 and 2 of the GDPR, the processing of special categories of data is allowed only in the specific cases defined by law, among which, the provision of consent art. 9§2(a).
How We Ensure the Security of Personal Data
We ensure that personal data is processed by adhering to policies and procedures consistent with the purposes of processing. For example, the following security measures are used to protect personal data against misuse or any other form of unauthorised processing:
- Access to personal data shall be limited only to a certain number of persons authorised for those purposes.
- The staff of the competent departments responsible for the management of your contract, is bound by confidentiality clauses having classified and limited access, only to what is necessary to complete the provision of the service.
- Sensitive data is stored on a PC with authorized access. Also in printed form they are locked in cabinets where only authorized persons have access.
- We select reliable partners, who are bound in writing in accordance with Article 28 §4 GDPR with the same obligations regarding the protection of personal data. We reserve the right to control them in Article 28 §3 (h).
- The IT systems used to process the data are technically isolated from other systems in order to prevent unauthorised access, for example through hacking.
- In addition, access to these IT systems is monitored on a permanent basis in order to detect and prevent illegal use at an early stage.
How Long We Store the Data
We store the personal data for as long as required by the respective processing purpose and any other permitted connected purpose. The data is retained for the duration of our contract and, after its expiration, for as long as provided by applicable law.
Information that is no longer necessary is securely destroyed or anonymized.
Especially for the data that we process based on your consent (e.g. for marketing purposes), these are kept from the receipt of the relevant consent and until it is revoked.
We restrict access to your data to the persons who are necessary to use it for this purpose.
Who are the Recipients of the Data
The personal data we collect may be transferred to third parties, provided that the legality of the transfer is justified.
Furthermore, where the lawfulness of the transfer is justified, personal data may be disclosed to the following categories of recipients:
- Our clients are individuals or companies, for which we act as "Processors", who are "Controllers".
- Our employees or partners who may process your personal data under our instructions.
- Transport or Courier Companies
- Cooperating companies within the framework of their responsibilities.
- External partners, who are bound in writing in accordance with Article 28 §4 of the GDPR with the same obligations regarding the protection of personal data.
- Any supervisory authority, as required by the applicable supervisory framework.
- Any public or judicial authority, if required by law or by a court decision.
The Company uses a number of service providers who cooperate in the provision of the services mentioned.
Although the transmission of data over the internet or a website cannot be guaranteed to be protected from cyberattacks, both we and our partners work to maintain physical, electronic and procedural security measures to protect your data.
Where the Processing Takes Place
The personal data of our customers are processed within the European Economic Area (EEA).
In case an investigation is required for the provision of services outside the EEA then this is done with your explicit consent. Article 49, §4 (a).
Personal Data Breach
In the event of a breach of the security and integrity of the data at our disposal concerning personal data, the Company will take the following measures: (In accordance with Articles 33 and 34 GDPR):
- Examine and evaluate those procedures required to mitigate the breach
- It will assess the risk and its impact on the rights and freedoms of data subjects.
- It will try to reduce as much damage as possible that has been or may be caused.
- Will notify within 72 hours of knowledge of the breach if required
- It will assess the impact on privacy and take appropriate measures to prevent the breach from recurring.
Your Rights as a Data Subject and How You Can Exercise them
You have the right to request access to your personal data, rectification/erasure of your personal data, restriction of processing, right to object to the processing and/or to exercise your right to data portability.
If the data processing is based on your consent, you can withdraw your consent at any time, with effect for the future.
More specifically, you have the right to:
- Access: Right to be informed about the processing of the Data by us, and right of access to the data.
- Rectification: Right to request rectification or completion of your data, if they are inaccurate or incomplete.
- Deletion: Right to request the deletion of your data: This right can be satisfied if:
- The data is no longer necessary for the purposes for which it was collected.
- If there is no other legal basis for processing than consent.
- If you exercise your right to object (see f below).
- If the data were processed contrary to the applicable legal provisions.
- Whether the data needs to be deleted in order to comply with a legal obligation.
We reserve the right to refuse to satisfy the above right if the processing of the data is necessary for the fulfillment of our legal obligation, reasons of public interest or the establishment, exercise or support of legal claims (Article 17 §3)
- Restriction of processing: Right to mark the data, with the aim of restricting their processing. For example, when you have questioned the accuracy of your personal data, for the period that will be required for verification.
- Portability: Right to receive your data in a structured, commonly used and machine-readable format as well as to request their transmission, both to you and to another person who will process them.
- Objection: Right to object at any time to the processing of your data, including profiling, also when the reason for processing concerns direct marketing.
The Company will examine your request and respond to you within one month of receipt of the request either for its satisfaction or for the objective reasons that prevent its satisfaction or, taking into account the complexity of the request and the number of requests, within a period of an additional two months. (Article 12(3))
The exercise of your above rights is carried out at no cost to you, by sending a relevant request / letter / email to the Data Controller. The abusive exercise of the above rights (Article 12 §5) may impose a reasonable fee.
In the event that you are not satisfied with our use of your data or our response to the exercise of your above rights, you are entitled to lodge a complaint with the Personal Data Protection Authority.
You can exercise your above rights at the contact details listed below.
Contact Details of the Controller
For any issue regarding the processing of your personal data and for the exercise of your above rights, you can contact the Company, by phone at +30 210-9820211 (Monday - Friday 10:00 - 16:00), by e-mail: firstname.lastname@example.org and by post at the address: LEAP, Kremou 5, Kallithea, PC 17676.
Contact Details of the Personal Data Protection Authority
Phone: +30 21064.75.600, e-mail: email@example.com and postal address: 1-3 Kifissias Avenue, PC 115 23, Athens.
We may collect information that your browser sends whenever you visit our website. This log data may include information such as your computer's IP address, browser type, browser version, the pages you visit, the time and date of your visit, the time spent on those pages, and other statistics.
In addition, we may use third-party services, such as Google Analytics, that collect, monitor and analyze this type of information in order to improve the functionality of our website and our services. These third-party service providers have their own privacy policies about how they use this information, and we encourage you to learn about it.
Google also recommends that you install the Google Analytics opt-out browser – https://tools.google.com/dlpage/gaoptout – for your web browser. The Google Analytics opt-out browser add-on gives visitors the ability to prevent GoogleAnalytics from collecting and using their data.
For more information about Google's privacy practices, visit Google's http://www.google.com/intl/el/policies/privacy.
Links to Other Websites
Our Website does not contain links to other websites that are not operated by us.
This policy is revised when there is a significant change. This review will be available on our https://www.leap.gr/