The Company THESISSA fully shares your concern regarding your personal data in accordance to the enhanced requirements of Regulation (EU) 2016/679 (hereinafter “GDPR”), law 4624/2019, Decisions, Guidelines and Opinions of Hellenic Data Protection Authority and, the relevant legislation about the protection of Personal Data (hereinafter “Data Protection Legislation”), as the Data Controller, informs the natural persons (hereinafter “Data Subjects”, “you”) about the processing of their personal data through this Privacy Notice.
Ι. What personal data we collect, for which purposes and which are the legal bases
PERSONAL DATA COLLECTED
First name, last name, email, phone number personal data that may be included in the message send by the user
Article 6 (1) (b) GDPR: processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
II. How long your personal data is retained for
Personal data shall be retained for as long as necessary for data collection purposes, as specified in section I, unless otherwise specified by law.
It is our Company’s responsibility, once the retention period expires, to ensure that your data will be safely deleted or destroyed in accordance to explicitly described standards and specifications, apart from your contact information, which shall be retained until you recall your consent to receiving our news regarding our products and services (through “Newsletters”).
ΙΙΙ. To whom your personal data are disclosed and/or transmitted
Our company shall disclose your personal data to authorized employees of our Company.
Furthermore, we may disclose personal data collected through this website to:
a) Entities entrusted with the execution of specific tasks such as, but not limited to, product suppliers and/or IT service providers and/or support service providers of all kinds of computer-based information systems or electronic systems and networks. Those entities offer adequate assurance for the implementation of necessary technical and organizational measures, so that data processing is conducted in accordance to GDPR and other relevant legislation for data protection.
b) Supervisory, independent, judicial, prosecuting, public and/or other authorities, bodies or parties assigned to control/monitor the Company’s activities within the scope of their responsibilities.
ΙV. Rights of the data subject
The General Data Protection Regulation provides you with rights and options that we are committed to satisfying. Thus, you may:
• request information about your stored personal data and the way it is processed. If you so wish, we shall provide a copy of your personal data undergoing processing, free of charge (Right of Access)
• request rectification of inaccuracies or errors, correction of incomplete data or an update of your data (Right to rectification)
• request erasure of personal data, if no longer retained for specific, legal or stated purposes (Right to erasure or Right to be forgotten)
• request restriction of processing a) when the accuracy of the personal data is contested, b) when the processing is unlawful (but you oppose the erasure of the data), c) when the data is no longer needed for the purposes of the processing, and d) for as long as the verification whether the legitimate grounds of the controller override those of the data subject are still pending
• object on grounds relating to your particular situation, at any time, to processing of personal data, especially when this data is processed for direct marketing purposes or profiling. More specifically, you may object to a decision based solely on automated processing. In such a case, you may exercise your right of intervention (Right to object – Automated individual decision-making)
• receive your personal data in a structured, commonly used and machine-readable format or transmit this data to another controller at your behest, where technically feasible and at all times under the specific conditions of the law (Right to data portability).
• revoke your once granted consent for your data processing at any time. As a result, we will not be allowed to continue the data processing based on this consent in the future.
You may address your requests to our Company’s Data Protection Officer (DPO) via email. Our Company shall answer all your requests within one (1) month. In the extremely rare cases that such a fulfillment is proven unfeasible, we shall immediately inform you explaining the reasons in detail.
If you believe that the provisions for personal data are being violated, you may file a complaint to the Hellenic Data Protection Authority (DPA).