the emblem of the European Union with the relevant reference to the Union and the Structural Fund, the logo of the NSRF and the Operational Program Competitiveness, Entrepreneurship & Innovation

ΓΓΕΚ, espa banner

PRIVACY POLICY

Privacy Policy

This Privacy Policy aims to inform you about the information collected from you when you visit this website, how it may be used, how you can control the use and disclosure of your information, and the measures taken to protect this information. This Policy is an integral part of the Terms of Use, which are incorporated herein by reference.

The website of the company under the name “GEORGIOS M. TSAKOUMIS & SIA EE” and the trade name “CONSORTIS” (hereinafter referred to as “Consortis”) serves as the company’s informational online platform (hereinafter referred to as the “Website”). Consortis, as the data controller of your personal data, informs you, as the data subject to whom personal data pertains (hereinafter referred to as the “Data Subject”), that during your visit or use of the Website, the processing of your personal data is governed by the applicable European and national legislation on personal data protection, including Law 4624/2019, Regulation (EU) 2016/679 of the European Parliament and Council (GDPR), which came into effect on May 25, 2018, and the decisions, guidelines, and regulatory acts of the Hellenic Data Protection Authority.

1. Personal Data Collected and Processed by the Website

The Website ensures the lawful and legitimate collection and processing of personal data. Personal data refers to information that directly or indirectly identifies the Data Subject, particularly through reference to identifying elements such as name, contact number, and email address. The personal data collected is strictly necessary for the action requested by the Data Subject.

The Data Subject ensures that the provided personal data is accurate and correct and is obligated to inform Consortis of any changes or modifications to this information. Any loss or damage caused to the Website or any third party through the provision of incorrect, inaccurate, or incomplete information in the contact form is the sole responsibility of the Data Subject.

2. Use of the Website by Minors

Under Article 8(1)(a) of the GDPR and Article 21 of the Law, minors under the age of fifteen (15) are prohibited from disclosing their personal data via the Website without prior consent from their guardian.

3. Purpose of Data Processing

The purpose of collecting and processing personal data via the Website is to facilitate communication between Consortis and the Data Subject for better handling of their request submitted via email or the contact form. Additionally, the Website collects essential personal data for basic functions, such as navigation and access to secure areas of the Website (necessary cookies). With explicit consent, Consortis may collect browsing data for analytical purposes (e.g., tracking traffic) and statistical purposes (browser type, operating system, IP addresses) to understand user interaction with the Website and improve it accordingly. More details about such data are available in the Website’s Cookies Policy.

Consortis collects and processes personal data exclusively for the aforementioned purposes and strictly to the extent necessary for their effective execution. The data collected is relevant, adequate, and not excessive concerning these purposes, ensuring accuracy and regular updates as needed.

4. Data Retention Period

Personal data collected is stored and maintained in a secure environment solely for the realization of the purposes outlined in section 3 and for as long as necessary to achieve these purposes, subject to applicable legal provisions. Upon expiration of these periods, the data is securely deleted or destroyed unless retention is required by law (e.g., for civil claims, criminal investigations, tax audits, etc.).

5. Data Security

Consortis ensures that personal data processing is conducted confidentially. It implements appropriate organizational and technical measures to protect data from accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access, and other forms of unlawful processing.

6. Data Breaches

In the event of a database breach, Consortis commits to notifying the Data Subjects and the Hellenic Data Protection Authority within 72 hours of the breach.

7. Data Recipients

Recipients of personal data are Consortis and its processors. Consortis guarantees not to transfer, disclose, or share personal data with third parties for any purpose or use unless required by law or ordered by a judicial or administrative authority with legal competence.

8. Processors Acting on Behalf of Consortis

Consortis engages third-party service providers (e.g., accountant, web hosting provider, lawyer) to manage specific activities, including personal data processing. Consortis uses contractual commitments and other appropriate means to ensure that personal data is handled lawfully and in accordance with this Policy.

9. Use of Cookies

The Website uses cookies necessary for its basic functions. It may also use cookies to analyze visitor behavior, track preferences, and gather information about the Data Subject. These cookies help manage sessions and provide personalized web pages that reflect individual needs and interests. This eliminates the need to re-enter preferences on each visit unless the Data Subject chooses otherwise.

For more information, please refer to the Cookies Policy.

10. Links to Third-Party Websites

Any link from the Website to third-party websites (via links, hyperlinks, banners) does not imply responsibility for their data protection practices. The Data Subject should independently review the privacy and data management policies of these websites.

11. Rights to Access, Rectification, and Deletion

Under the GDPR (Articles 15-18, 20-21), the Data Subject has the right to access, rectify, delete, restrict processing, data portability, and object. These rights can be exercised by sending an email to info@consortis.gr from the email address used for initial contact to ensure identification.

12. Contacting the Hellenic Data Protection Authority

If the Data Subject believes their personal data protection rights have been violated, they may contact the Hellenic Data Protection Authority:

Hellenic Data Protection Authority
www.dpa.gr
Kifisias 1-3, GR-115 23, Athens
Phone: +30 210 6475628
Email: complaints@dpa.gr

This Privacy Policy and its terms may be subject to modifications. The Data Subject should regularly review its content and check for updates.

Last updated: 01.06.2024