PRIVACY POLICY

Last Updated: 31/08/2021 

The protection of your personal data is a key priority for us.


Please read this Privacy Policy (hereinafter referred to as the "Policy") in order to be adequately informed about the way in which the Non-Profit Organization under the name "Creative Thinking Development (CRE.THI.DEV)", based in Athens (8, Solonos and Empedokleous street, 19009, Drafi, Rafina), VAT 997608917 of the Tax Office of Pallini, e-mail info@crethidev.gr Tel: 210 8047243, Mob: 694 4506065 acting as the Data Controller (asfollows called ("we or us or our data controller"), is committed to protect your personal data with this policy.

 
This Privacy Policy describes the types of information we may collect from you or that you may provide through the website https://www.crethidev.gr/ hereinafter referred to as ("Website") or through forms, applications and devices, product websites on social media or otherwise. This Privacy Policy also explains our practices for collecting, using, maintaining, protecting and disclosing this information. This Policy also describes how you use, share and protect your personal data, the rights you have regarding your personal data and how to communicate with us. For any questions regarding this Policy, as well as any issue related to the processing of your Data and the exercise of your rights, you may contact us at the above contact details of the website.


1.    Definitions


Personal Data: Any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person shall be one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person;
Processing: Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Data Subject: The data subject is any identified or identifiable natural person whose personal data are processed by the controller in question;
Controller : The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for his or her appointment may be provided for by Union or Member State law;
Processor: The natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller;
Consent: Any freely given, specific, explicit and informed indication of the data subject's intention to express his or her agreement, by a statement or by a clear affirmative action, to the processing of personal data concerning him or her; 
Recipient: The natural or legal person, public authority, agency or other body to which the personal data are disclosed, whether or not it is a third party. However, public authorities which may receive personal data in the context of a particular investigation in accordance with Union or Member State law shall not be considered as recipients; such data shall be processed by those public authorities in accordance with the applicable data protection rules depending on the purposes of the processing;
Third: Any natural or legal person, public authority, agency or body, with the exception of the data subject, the controller, the processor and the persons who, under the direct authority of the controller or processor, are authorised to process the personal data;
Special Categories of Data: 'genetic data' means personal data relating to the genetic characteristics of a natural person inherited or acquired, as resulting, in particular, from an analysis of a biological sample of that natural person and which provide unique information on the physiology or health of that natural person;
'biometric data': personal data resulting from specific technical processing related to the physical, biological or behavioural characteristics of a natural person and which allow or confirm the unambiguous identification of that natural person, such as facial images or dactyloscopic data;
'health-related data': personal data relating to the physical or mental health of a natural person, including the provision of health care services, which reveal information about his or her state of health;
Profiling: any form of automated processing of personal data consisting in the use of personal data to evaluate certain personal aspects of a natural person, in particular to analyse or predict aspects relating to the performance at work, financial situation, health, personal preferences, interests, reliability, behaviour, location or movements of that natural person.


2.    What data do we collect about you?


We only collect data that is strictly necessary, that is relevant and appropriate for the intended purpose. The personal data we collect and process belong to the following categories and may not concern you in their entirety. Specifically, we collect:
a) Identity data (e.g. first name, surname).
b) Contact data (e.g. e-mail address).
c) Data collected through Cookies, e.g., your computer's IP address, browser type and operating system, the speed of your connection and information about the software programs installed on your computer, basic information about the connection to the server and information collected through Cookies. 
For more information on the use of Cookies please read our Cookies Policy.
Special categories of data, such as information about religion, political opinions, health or sexual orientation, are not collected unless you choose to provide such information.


3.    What are the purposes for collecting your personal data and on what legal bases?


We collect and process your Personal Data:
a) To answer questions you have asked us about the activity of our company or to resolve problems you may be facing regarding the use of our website. Legal basis of the processing: The processing of your data is necessary in order to respond to your request.
The website https://www.crethidev.gr/ contains information allowing for quick electronic contact, as well as direct communication with us, it also contains a general e-mail address (e-mail address). If a data subject contacts the controller by e-mail or through the contact form, the personal data transferred by the data subject shall be automatically stored. Such personal data that are voluntarily transmitted by the data subject to the data controller shall be stored for the purpose of processing them or of communicating with the data subject. Such personal data shall not be transferred to third parties, subject to a legal obligation to provide the data or where their transfer serves the purpose of criminal prosecution.
As data controller, we provide, at any time, information to each data subject upon request of the type of personal data held about the subject. Moreover, as we must, we correct or delete personal dataat the request or suggestion of the data subject, to the extent that there is no legal obligation to keep them, and in this respect we are at the disposal of the data subject as contactor communication.
b) When we accept relevant warrants of courts or public authorities, the controller has the right to disclose any personal information of yours in order to respond to such requests. Legal basis of the processing: Compliance with our legal obligations (Art. 6(1)(c) of the GDPR).


5.    Who are the Recipients of your data?


Access to your Data is available to our absolutely necessary staff, who are committed to confidentiality in order to carry out their duties. Your data may be disclosed to our technical support companies, our lawyers, for any claim of our legal claims.


6.    How do we ensure that our partners respect your Data?

Our partners have agreed and are committed to maintain confidentiality, not to send your Data to third parties without our written permission and to take appropriate technical and organizational measures to protect them.


7.    Do we transfer your Data outside the EU?


The website https://www.crethidev.gr, in the event that data are to be transferred to third countries outside the European Economic Area, for which there is no decision of the European Commission or to international organizations, all appropriate safeguards provided for in the applicable data protection legislation on transfers to third countries will be taken and the relevant information will be received and posted on our website.


8.    When do we delete your data?

 

Your data is kept by us only for as long as necessary to fulfill the purpose for which you have communicated it to us unless an extension of this time is required due to our legal claims or legal obligations.
For the retention time of the Data collected through Cookies you can be informed by the Cookies Policy.


9.    Personal data of minors


Our services are not directed to anyone under the age of 15. As a result, children's personal data are not processed and stored. For the processing of personal data of minors under the age of 15, the consent of a person with parental responsibility is required.


10.    Security of your data


Ensuring your privacy is a key priority for us, for this reason we have taken all appropriate technical and organizational measures which for the protection of your Data which are reviewed and modified whenever necessary due to technological development.


11.    Cookie Policy


According to the European Directive E- Privacy 2009/136/EC and the instructions of the Greek DPA of 25.2.2020, our website accepts the use of cookies. These are online tools for collecting and analyzing information coming from social networking platforms or collaborating websites of third parties, in order to measure traffic, improve the operation, the environment and the overall appearance of our website and to adapt to the needs of our customers. When using our website, your personal data is processed by third parties, such as social networks and search engines, e.g. Google Analytics, Facebook social plug-ins +etc., without any involvement, influence and control on our part and is transferred either outside or within the European Economic Area (27 EU Member States plus Iceland, Liechtenstein and Norway), for which these third parties are solely responsible. If you do not wish third parties, such as Google, Facebook, Twitter, to receive information from your browser, when you visit the organization’s website you may opt out of the terms provided by the respective User Policy on the website of any such third party. Although most browsers automatically accept the use of cookies, you can always change the settings on your computer by choosing not to accept cookies, or to be asked to accept each of them separately. However, please be aware that doing so will limit the range of browsing facilities available to you on each web page and the user experience.


12.    What are your rights?


Right of access to your data: You can be informed by us about which Data are being processed, the purpose of the processing, the type of your Data we store, the storage period and whether automated decision-making takes place.
Right to correct inaccurate data: This means that if you have the right if you find that there is an error, to ask us to correct the inaccurate data as well as to fill in incomplete data (e.g., correction of name, e-mail address). In this case, we will need to verify the accuracy of the new data you will provide to us.
Right to delete your data: You can request the erasure of your personal data. This enables you to request that we delete or remove personal data in the event that there is no reason for us to continue processing it. Please note, however, that this right of yours may in certain cases not be possible for specific legal reasons that will be communicated to you, where applicable, at the time of your request.
Right to portability of your data: You can ask us to receive in a readable form the Data you have provided or ask us to transfer it to a third party.
Right to restriction of processing: You can request restriction of processing of your personal data. In particular, you can ask us to stop processing your personal data on the following cases:
(a) If you want us to redefine the accuracy of your personal data;
(b) when you believe that the use of your data is abusive, but you do not want us to delete your data;
(c) when we need to keep your data, even if we no longer require it from you, in order for you to be able to use it in case of your possible exercise of your rights.
Right to withdraw/object to the processing of your Data: You may object at any time to the processing of your Data or withdraw your consent, where it has been required at any time and we will stop processing your Data if there are no other compelling and legitimate reasons that override your right or if they are no longer necessary for the above-mentioned processing purposes.


13.    How can you exercise your rights?


In case you wish to exercise any of the above rights please contact us at the e-mail dpo@crethidev.gr . Download the application file by clicking here.
Furthermore, we inform you that you have the right to lodge a complaint with the competent Authority for the Protection of Personal Data in case you believe that your rights have been affected by the processing of your personal data by us.


14.    When do we respond to your requests?


We will respond to your requests free of charge and without delay, and in any case within (1) one month from the time we receive your request. However, if your request is complex or there is a large number of your Requests, we will inform you within the month if we need to receive an extension of another (2) months within which we will respond to you. If your requests are manifestly unfounded or excessive, in particular because of their repetitive nature, we may charge a reasonable fee, taking into account the administrative costs of providing information or performing the requested action, or refuse to act on the Request by justifying the reply to you.


15.    Do we make use of automated decision-making/ including profiling when processing your Data?


We do not take decisions or do profiling, based on automated processing of your Data, except in the case of the use of "cookies" on our website, always after informing you and consenting.


16.    What is the applicable law with regard to the processing of your Data by us?


The applicable law is Greek law, as formulated by the General Data Protection Regulation 2016/679/EU, and in general the applicable national and European and legislative and regulatory framework for the protection of personal data.


17.    How will you be informed of any changes to this Policy?


This Privacy Policy has been drafted in application of the provisions of the General Data Protection Regulation no. 679/2016 and will be informed by us whenever necessary.


18.    Communication on issues of Personal Data Protection


For any issue regarding the processing of your personal data you can contact us at the following e-mail address: dpo@crethidev.gr