Privacy Policy – Lombardias

Data Protection Policy

Personal Data Protection Policy

Before using our website, please read this Personal Data Protection Policy carefully, in compliance with the General Data Protection Regulation (EU 2016/679) and Law 4624/2019 (Government Gazette A’ 137/29.08.2019).

Introduction

The Private Company under the name “AFOI LOMBARDIA IKE” (hereinafter referred to as the “Company”), recognizing the fundamental importance of personal data protection, has fully complied with its obligations as a Data Controller under the General Data Protection Regulation (EU) 2016/679 (GDPR) and Law 4624/2019. This Personal Data Protection Policy, in accordance with Article 13 of the General Data Protection Regulation (EU) 2016/679 (GDPR) and Article 31 of Law 4624/2019, as well as the applicable Greek legislation, informs you about: a) The personal data concerning you that the Company collects and processes, b) The legal basis for their processing, c) The purposes of their processing, d) How the Company uses and protects them, and e) Your rights and options based on the aforementioned legal framework.

Scope and Purpose

This Personal Data Protection Policy is addressed to individuals who interact with or come into contact with the Company and its Services, as well as employees or potential employees, providing accurate and detailed information regarding the covered issues. As this Personal Data Protection Policy may be modified periodically and at any time to remain current and in compliance with applicable provisions, please visit this website regularly to ensure you are aware of any changes. It is also available at the Company’s headquarters.

The protection of individuals against the processing of personal data is a fundamental right. Article 8, paragraph 1 of the Charter of Fundamental Rights of the European Union (the “Charter”) and Article 16, paragraph 1 of the Treaty on the Functioning of the European Union (TFEU) state that everyone has the right to the protection of their personal data.

Furthermore, since May 25, 2018, the General Data Protection Regulation (GDPR) of the European Parliament and of the Council No. 2016/679, which introduces a stricter framework for the protection of individuals against the processing of personal data and the free movement of such data (hereinafter the “General Regulation”), has been in force.

The protection of individuals against the processing of personal data is of utmost importance to the Company. Therefore, the collection and processing of personal data by the Company is conducted solely in accordance with the General Regulation and applicable legislation, and where necessary, related to the operation of employment relations and the Company’s business activity. The Company permits access only to authorized persons and implements enhanced data security measures to prevent loss, misuse, unauthorized access, modification, or disclosure.

Key Definitions

Personal Data: According to Article 4(1) of the General Data Protection Regulation (GDPR), “personal data” refers to any information relating to an identified or identifiable natural person (data subject). An identifiable natural person is one who can be identified, directly or indirectly, by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
Processing: According to Article 4(2) of the GDPR, “processing” refers to any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.
Controller: According to Article 4(7) of the GDPR, “controller” refers to the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
Processor: According to Article 4(8) of the GDPR, “processor” refers to a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.
Consent: According to Article 4(11) of the GDPR, “consent” of the data subject means any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

1. Processing of Personal Data on the Company’s Website

1.1 Categories of Personal Data

During your visit to the Company’s website, the Company may process: a) Data you have entered on the website and its services (name, contact phone number, email address, communication content, etc.), b) Personal data automatically collected during your browsing (IP address, device type, browser, referral website, company pages visited, date and time of the visit).

1.2 Purposes of Processing

The processing of personal data is conducted for the following purposes: a) To serve a pre-contractual or contractual relationship, to respond to your requests, or to contact you following your communication/request. b) To establish any lawful legal claim or defense of the Company’s legitimate interests. c) To create anonymized statistics regarding the traffic and accessibility of the main website and subsequent pages to undertake necessary actions for their improvement to enhance your browsing experience.

1.3 Legal Bases for Processing

The processing of your personal data is necessary to fulfill the aforementioned purposes. Unless otherwise specified during the collection of personal data, the legal basis for processing is one of the following: a) The processing is necessary for the performance of the contractual relationship with you (Article 6(1)(b) of the General Regulation), b) The processing is necessary for the purposes of the legitimate interests pursued by the Company (Article 6(1)(f) of the General Regulation), c) Your explicit consent has been given for the processing of personal data (Article 6(1)(a) of the General Regulation).

1.4 Recipients and Transfers

Third-party IT companies (processors) may manage our website. In such cases, we ensure through contractual terms and regular checks that, if they have access to personal data, the legislation on their protection is adequately followed.

1.5 Cookie Policy

Cookies are small text files stored on your computer or mobile device when you visit a website. We use the term “cookies” as a collective term to describe techniques such as cookies, Flash cookies, and web beacons.

Cookies are primarily used to ensure that your visit to our website is as user-friendly as possible and for advertising purposes during future visits to other websites. Further details about the types of cookies we use, their use, and ways to delete or block specific cookies from being stored on your computer or mobile device are provided in our cookie policy.

1.6 Personal Data of Minors

The Company and its websites are addressed to individuals who have completed their eighteenth (18th) year of age. If minors voluntarily visit our websites, the Company bears no responsibility. If it is detected during data collection that the user is a minor, the Company will not process their personal data.

2. Processing of Personal Data Related to Your Transactional Relationship with the Company

2.1 Categories of Personal Data and Sources

In the context of an imminent or existing transactional relationship with the Company, the Company may process the following categories of personal data:

(a) Identity and contact details, such as name, VAT number, tax office, address, telephone number, mobile number, fax number, email address, specific characteristics that justify the issuance of a specific invoice (e.g., maintaining a contractual relationship with a specific third party).

(b) Bank account numbers you provide us, transaction details, and payment execution details within the scope of the contractual relationship with the Company, information related to the communication of potential or existing clients with the Company (including requests, complaints, etc.).

(c) Data processed in the context of a project, product, or service purchase, such as personal data related to orders, payments made, requests, and reports within the scope of project implementation or general collaboration.

(d) Creditworthiness and integrity information (e.g., information on legal cases or other legal proceedings) collected from publicly available sources, databases, and credit control organizations.

2.2 Purposes of Processing

Management of the contractual relationship, such as receipts, product deliveries, service provision, project execution, collections, payments, accounting audits, operational and computer support, execution, support, and monitoring of the contract, fulfillment of contractual obligations, etc.

Conducting customer satisfaction surveys, carrying out advertising campaigns, or other promotional activities.

Ensuring the Company’s compliance with legal obligations (tax, insurance, customs, accounting, etc.) for the purposes of compliance checks of business partners to prevent financial crimes and secure its superior legitimate interests such as transferring data to legal advisors or competent authorities.

2.3 Legal Bases for Processing

Unless otherwise specified during the collection of personal data, the legal basis for processing is one of the following:

(a) The processing is necessary for the execution of the contractual relationship with you (Article 6 (1) (b) of the General Regulation),

(b) Your explicit consent has been given for the processing of personal data (Article 6 (1) (a) of the General Regulation),

(c) The processing is necessary for compliance with a legal obligation of the Company or for the purposes of the legitimate interests pursued by the Company (Article 6 (1) (c) or (f) of the General Regulation, respectively).

2.4 Recipients and Transfers

The Company may transfer personal data to other subsidiary companies or third parties, but only if and to the extent that this transfer is strictly required for the aforementioned purposes.

The Company may transfer personal data to judicial, administrative, tax, customs, arbitration authorities, or other public authorities, regulatory bodies, and legal advisors if necessary for compliance with the law or for the establishment, exercise, or defense of legal claims.

Further, the Company may outsource part or all of the aforementioned processing to third parties (processors), including their directors and employees:

To parties contracted with the Company for the promotion of the company’s services, for the provision of postal services, computer support services, record-keeping services, research services, IT services, advertising services, banking, and credit institutions, audit firms.
To parties contracted with the Company for assessing the creditworthiness of the client to fulfill their contractual obligations,
To legal advisors and lawyers.

In these cases, we ensure through contractual terms and regular checks that if and when they have access to personal data, they comply adequately with the data protection legislation.

Recipients of personal data may be located outside the European Economic Area. In such cases, the Company takes measures to implement adequate and appropriate safeguards for the protection of personal data, primarily through the use of the EU’s standard contractual clauses.

3. Data Retention Period

The Company will retain your personal data for as long as necessary to fulfill the purposes described in this policy, unless applicable law requires or permits a longer period. The criteria governing the determination of the retention period include the following: (a) the duration of our contractual relationship, (b) the time required to ensure the Company’s compliance with a legal obligation, and (c) the time required considering the Company’s legal position (such as the defense of rights before courts, authority checks, etc.).

4. Technical and Organizational Measures

The Company implements effective technical and organizational measures both at the time of determining the means of processing and during the processing itself, such as pseudonymization, designed to apply data protection principles like data minimization and to incorporate the necessary safeguards into the processing to meet legal requirements and protect the rights of individuals.

5. Right to Withdraw Consent

If you have given your consent for the processing of specific personal data by the Company, you have the right to withdraw this consent at any time, with future effect. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. In the event of withdrawal of consent, the Company may further process personal data only if another legal ground for processing exists.

6. Data Subject Rights

Under the applicable personal data protection legislation and provided the relevant legal requirements are met, you have the following rights:

6.1 Right of Access

You have the right to be informed if the Company processes your data, to access the data, and to receive supplementary information regarding its processing.

6.2 Right to Rectification

You have the right to request the updating, correction, or completion of your personal data.

6.3 Right to Erasure

You have the right to request the deletion of your personal data, which will be granted provided that no other legal basis for processing exists (e.g., a legal obligation to process personal data).

6.4 Right to Restriction of Processing

You have the right to request the restriction of processing of your personal data in the following cases: (a) when you contest the accuracy of personal data and until verification is complete, (b) when you oppose the deletion of personal data and request restriction of its use instead, (c) when personal data is not needed for processing purposes but is necessary for the establishment, exercise, or defense of legal claims, and (d) when you object to processing and until verification that there are legitimate grounds concerning the Company which override the grounds for your objection.

6.5 Right to Object to Processing

You have the right to object at any time to the processing of your personal data when it is based on the legal basis (Article 6 (1) (e) or (f) of the General Regulation) which will be fulfilled unless the Company demonstrates compelling legitimate grounds for processing.

6.6 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format free of charge or to request, if technically feasible, that we transfer the data directly to another controller.

6.7 Right to Object to Automated Decision-Making

You have the right to request exemption from decisions based solely on automated processing, including profiling.

7. Data Controller

The Data Controller is the private limited company “AFOI LOMBARDIA IKE,” headquartered in Agios Stefanos, Attica, at 13 Spetses Street, lawfully represented.

The Company provides support for all inquiries, comments, concerns, or complaints related to personal data protection or if you wish to exercise any right concerning your data protection. You can contact the Data Protection Officer via email at info@pierrouattorneys.eu or by mail at:

AFOI LOMBARDIA IKE,
Attention: DPO,
13 Spetses Street,
Agios Stefanos, Attica,
PC 14565

8. Right to Lodge a Complaint with the Authority

The competent authority is the Hellenic Data Protection Authority. You have the right to lodge a complaint with the Hellenic Data Protection Authority regarding matters concerning the processing of your personal data. An attempt should first be made to exercise your rights with the Company before lodging a complaint with the competent Authority. For the Authority’s competence and the way to submit a complaint, you can visit its website (www.dpa.gr > My rights > Submit a complaint), where detailed information is available.

Agios Stefanos, March 2023