Personal Data Protection Policy
1. About KS Marin (Mediterranean Villages SA) (data controller)
The company Mediterranean Villages SA which has its registered seat at Leoforos Alimou 7 in Alimos municipality of Athens with Commercial Registry Number 123575201000 (hereinafter “the Company” or “we”) is dedicated to protecting the confidentiality and privacy of information entrusted to it and complies with personal data protection legislation in force. The Company is the data controller of the personal data of the users of this website. Our commitment to privacy is a natural extension of our commitment to confidentiality towards our customers, employees and all parties that transact with the Company.
This policy applies to all personal data being processed by the Company’s staff, external contractors, service providers and other third parties acting for the account of the Company.
We invite you to carefully read this Personal Data Protection Policy, which sets out in which context we are processing your personal data and explains your relevant rights.
2. Principles of processing of your personal data
In line with the General Data Protection Regulation of the EU (GDPR) and the applicable Greek laws, the Company has introduced a data protection framework for the processing of personal data in order to comply with the following principles:
3. What personal data we collect about you?
This information and personal data may either be directly provided by you or the legal entity for which you work for or provided by a third party (supplier, service provider, business partner etc).
We may collect various types of personal data about you, depending on whether you are a business partner or an employee of the Company when you contact us for an inquiry or remark through completion of our contact form or otherwise and generally when you visit and use our website or our premises. Personal data may indicatively include:
4. Purposes and legal basis of processing
Your personal data are processed only for specific and legitimate purposes which undergo a lawful and proper basis for processing. More specifically, we process your personal data for the following purposes and on the following legal basis:
5. Who has access to your personal data and to whom are they transferred?
Your personal data are processed internally by these employees of the Company who need to process them in order to carry out their duties and provide services to you. We do not share personal data with third parties, except when it is necessary to fulfil our obligations, to respond to your requests, to serve our legitimate interests, and/or as required by law.
We may also share your personal data with persons or companies that we work with for the operation/technical support of our webpage, other service providers such as marketing companies, advertisers, media agencies for the purposes of marketing and research.
We may also have to provide your personal data to tax or other public authorities or to law enforcement agencies in order to comply with our statutory obligations or an order.
When we work with business partners, service providers or agencies which process your personal data on our behalf, we ensure that they are bound by contractual obligations to maintain the confidentiality and security of your personal data at least equivalent to those with which we are obliged to comply.
6. Protection of your personal data
We ensure that your personal data processed is secure against unauthorized processing, loss of confidentiality, integrity or availability by implementing appropriate technical and organizational measures such as malware protection, firewalls and cryptography technologies, access limitations, strictly defined employee tasks, trainings, internal and external audits, business continuity and recovery procedures. We also have in place data breach management procedures. We impose same obligations to third parties that process your personal data for the account of the Company.
7. Retention of and access to personal data
We will keep and process your personal data only for as long as it is necessary for the fulfilment of the purpose for which they are processed or for the fulfillment of its legal obligations. The retention period may vary significantly depending on the category of the data. To determine the appropriate retention period of your personal data, we take into consideration also the nature and sensitivity of personal data, the time periods for which we are required by law or by contract to do so, the statute of limitations in order to be able to deal with potential claims, any outstanding or threatened court proceedings. The retention periods are provided in the Data Retention Policy of the Company.
8. Your privacy rights
You have the following rights with respect to your personal data
Right of information
You have the right to be informed about the processing of your personal data.
Right of access
You have the right to request access to your personal data being processed by the Company in a brief, comprehensible, transparent and easy manner.
Right of correction
You have the right to request from the Company to rectify any inaccurate or outdated personal data without undue delay or to complete any incomplete personal data of yours.
Right to be forgotten
You have the right to request from the Company to erase your personal data provided that the processing is not necessary for the purposes of processing. If for example the processing is necessary for the fulfillment of lawful obligations of the Company or for the defense of lawful rights of the Company, your request may be rejected.
Right to restrict the processing
You have the right to request from the Company to restrict the processing under certain conditions and only for specific purposes.
Right to object
You have the right to object on ground related to your particular situation at any time, in which case the Company is obliged to not further process your personal data unless there are compelling and lawful prevailing grounds.
Right to portability
You have the right to receive your personal data in a structured, commonly used and machine-readable format and, in some cases, we shall transmit your data, upon your request, to another controller, provided this is technically feasible, unless the rights of others are adversely affected.
Right to revoke your consent
You have the right to revoke your consent at any time without prejudice to the legality of the processing based on your consent until that time. In any case the Company informs you that the revocation of your consent may entail that a contract cannot be performed and that, in such case, the Company has the right to terminate the contract with you.
For the exercise of your abovementioned rights and for any explanation or clarification in connection with eh above you may contact us by email at firstname.lastname@example.org or send us a letter to the abovementioned registered address of the Company.
You also have the right to lodge a complaint with the competent supervisory authority, which is the Hellenic Data Protection Authority (www.dpa.gr).
The Company reserves the right to mend and update this Policy from time to time; so please check this page periodically.