CULTURAL PROCESSING AND PROTECTION POLICY OF PRIVACY
I. GENERAL INFORMATION
• INFORMATION ABOUT THE WEBSITE:
This website, www.ckbsm.gr (the website) is managed by CKBSM LTD. hereinafter referred to as the Company as the controller.
The website provides visitors and users with general and special content information through newsletters and bulletinboards. The information provided concerns individuals, professionals and legal entities in matters relating to services and products, for which visitors – users express their interest.
Respect for privacy and the protection of personal data are of particular importance in the design of our business policy and activity for both visitors – users of the website and our customers.
• INFORMATION FOR THE COMPANY AS A RESPONSIBLE PROCESSING:
Name: ” CKBSM INSURANCE COUNCILS – REAL ESTATE – ADVERTISING SERVICES AND COMMERCIAL COMPANY COMPANY ”
Distinctive title: ” CKBSM LTD. »
Number of General Commercial Register: 143281901000
VAT Number: 800863004
Headquarters: 102-104 Veikou srt.
Postal Code: 11741
Installation country: Greece
TEL.: 0030 2103003018
FAX: 0030 2103005039
REPRESENTATIVES AND RESPONSIBLE FOR THE PROCESSING: Mr. Kallinikos Christos and Mr. Michalakis Anastasios , street Veikou 102-104 – Athens, 11741, Tel. + 21030003018, Fax . + 30 2103005039, e mail . email@example.com
the website www.ckbsm.gr, as well as the possibilities it offers,
The Website reserves the right to exclude the visitor from accessing it, even without prior notice, if he does not comply with one or more of the terms described in this chapter.
If the visitor of the website does not agree and does not accept the terms and conditions of operation, he must immediately leave this website.
Please note that you are welcome to ask any questions regarding the use of the website by e-mail to the editor.
2.PERFORMANCE IN THE WEBSITE:
Access to the website is provided free of charge to any visitor who has an internet connection. Internet access costs are borne exclusively by the visitor, who is solely responsible for the proper operation of his terminal equipment.
3. CONTENT OF CONTENT:
The company reserves the right to modify the content of the website and to add or remove any information or information at any time and without notice. The website reserves the right to terminate or suspend operations, or modify, in whole or in part services, without prior notice.
4. INTERFACE (Links):
Our website provides the interface to other sites of the Company or third natural or legal persons through links, solely for convenience -Use and of our customers. The selection and launch on another website of the Company or a third party constitutes an exit from this website. The company is not responsible for any damage or injury to the visitor-user that could result from the use of the interconnection feature or from the use of the information contained in the linked websites or the suggested links to other websites. The company does not control the availability, connection quality and service links and third part sites, nor the accuracy of the computer contents the with emphasis only u them. Therefore, for any problem that arises during the use of the link, the visitor must contact the editor in charge of the relevant websites.
All information, text, Advertise whatever slogan, photograph, picture or design, software and audiovisual work that is contained in this site is the brainchild and crystal products of the mind and is protected by relevant laws and international conventions. Each name, trade name and trademark, posted and listed on the site are the property of the website or relating beneficiaries and may not be reproduced, distributed or modified without the written consent of the company.
III . CULTURAL PROCESSING AND PROTECTION POLICY OF PRIVACY
The company, as the controller, undertakes to adhere to the principles governing the processing of data and in detail the principle of legality and objectivity of the processing, which is always transparent, limiting the processing to the absolutely necessary, keeping the current and accurate, limiting the data. which is processed on the basis of the principle of minimization and limits the period of data storage to a period not less than six (6) months nor more than two (2) years. The Company, as the person in charge of processing, takes all the necessary organizational and technical measures in order to ensure the security of the data and the observance of the existing provisions and applies the approved Code of Ethics.
The company as a controller that performs processing operations collection, recording, organization, structuring, storage, adaptation and search or any other form of data distribution, carried out with or without automatic means.
2. PERSONAL DATA:
The company as controller collects and processes personal data in a way fairly and lawfully. The Company, as the controller, carries out processing operations on any information concerning an identified or identifiable natural person (“data subject”). Identifiable individual is one whose identity can be identified, directly or indirectly, in particular by reference to identifier identity, such as name, number s identity, location data, online identifier or to one or more factors specific to the physical, normal, genetic, psychological, economic, cultural or social identity of the individual in question.
3. SPECIAL CATEGORIES OF PERSONAL DATA:
Our company is the data controller does not collect sensitive personal information (such as origin, opinions, beliefs, genetic data, biometric data to provide unambiguous facial identification, data concerning health or sexual life of the subject, etc.). Exceptionally, the processing and collection of special categories of data takes place only when the data subject has expressly provided his consent to be used for one or more specific purposes, or only if the processing is necessary for the performance of obligations and the exercise of specific rights. the Company as the controller or the data subject in the field of labor law and social law, insurance and social protection, the processing EIV j necessary to protect the vital interests of the data subject or another individual if the data subject is physically or legally incapable of consent, the processing is carried out with appropriate safeguards, under the legal institution’s activities, organization or other nonprofit body with a political, philosophical, religious or trade union purpose and provided that the processing concerns exclusively the members or former members of the body or persons who have regular contact with the u in relation to its objectives and that personal data are not communicated outside the target audience without the consent of the data subjects, the process which concerns personal data which are manifestly made public by the underlying data, the processing is necessary the acquisition, exercise or support legal claims or when the courts acting in their judicial capacity, and the treatment that is necessary for effective public interest under section The law of the Union or Member State , which is analogous to the intended purpose, respects the substance of the right to data protection and provides appropriate and specific measures to safeguard the fundamental rights and interests of the data subject . Also, except for the prohibition on processing of special categories of data there when the processing is necessary for the purposes of preventive or occupational medicine, assessment of capacity for work of the employee, medical diagnosis, provision of healthcare or social care or treatment or the management of health and social systems and services under EU law or the law of a Member State or under a contract with a healthcare professional, or when processing is necessary for public interest in the field of public health, such as protection against serious cross-border threats to health or ensuring high standards of quality and safety of health care and medicines or medical devices, under Union or State law. which provides for appropriate and specific measures to protect the rights and freedoms of the data subject. Also, if the processing is necessary for archiving purposes in the public interest, then for scientific or purpose of historical research or statistical purposes it is sufficient that the processing is proportionately as to the intended objective, and respecting t avoid substance of the right to data protection and to provide appropriate and specific measures to ensure the fundamental rights and interests of the data subject.
4. AUTOMATED PROCESSING:
The company as controller processes the data of the visitors of the website, which is automatically recognized by the network server (webserver) , such as electronic address ( IP ), the domain name ( domain name ) , and information about the system of terminal equipment of each visitor- user . This data is collected with the help of ” cookies “. Verification of the subject’s identity only at the express consent and voluntary disclosure of information subject to the controller and the purposes of the mission by the Company bids on specific services or products the subject explicitly requested or executing a contract , in which the subject is a contractor or for reasons of compliance of the Company as a controller for legal obligations or for the duty performed in the public interest. When the treatment does not require the identification of the data subject is not sought additional and supplementary information, and the Company as Controller , inform n if on the data subject that has no information allowing verification of the identity , and therefore it may not exercise any rights (in particular, correction, deletion, objection), which may an identified subject . The Company, as the controller, does not make automated decisions or profile training and acts with respect to the personality and individual case of each visitor and customer.
5. OPERATION ” COOKIES “:
The «cookies» are small text files that the website stores the computer of the visitor – user when visited. In this way, the website remembers the actions and preferences of the visitor – user (such as language, font size and other display preferences), and so the visitor – user does not need to enter these preferences every time he visits the website, if his system has saved the “cookies” .
6. CONSTRUCTION IN ” COOKIES ” INSTALLATION:
The visitor-user of the website with his access and stay in it must express his consent and acceptance in the special box – square that exists either as a popup window or fixed in favor. point of the website. The consent means that an indication of the specific, explicit and complete s awareness free will, which indicates the clear and positive consent to install ” cookies ” to automatically collect and store information or gain access to the site in already saved information to the terminal equipment (I P , domain name , etc . ). It should be noted that when the visitor explicitly requests the provision of a specific service by the website, then his consent is not required for the installation of ” cookies ” directly related to this service, as the consent of the data subject in their processing is presumed.
Access to the website is allowed without the obligation to consent to the installation of ” cookies “. E if the visitor-user chooses anonymous surfing on the website then the ” cookies ” included d n being Tai analysis of data, browsing and advertising services of the website. If the visitor – user does not wish to receive ” cookies “, then he has the ability to configure his system to be informed about their installation or to refuse the installation. However, if the ” cookies ” are turned off automatically, the user will not have access to all the services of the website.
B. LEGALITY OF PROCESSING IN DATA PROSECUTOR’S CHARACTER:
1. REASONS FOR LAWFUL TREATMENT OF DATA:
The Company as Controller before processing will ensure that at least there is a legitimate reason for a Po those described in Article 6 para. 1 of EU Regulation 2016/679, which are followed by : a) the data subject has consented to the processing of personal data for one or more specific purposes, b) processing is necessary for the execution of a contract to which the data subject is a contracting party or in order for measures to be taken at the request of the data subject before the conclusion of a contract, c) the processing is necessary for the compliance with the legal obligation of the controller, d) the processing is necessary for the protection of vital interests of the data subject or of another natural person, e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, f) processing is necessary for the purposes the legitimate interests pursued by the controller or a third party, unless against those interests prevail over the interests or fundamental rights and freedoms of the data subject which imposed if the protection of personal data, especially if the data subject is a child.
The Company, as the controller, relies on the harmonious cooperation with its visitors and wishes each visitor to give his free consent regarding the processing of his data. The consent is always given in the context of a written statement that is separate, understandable and easily accessible and has a clear and simple wording. Consent may be granted to adults at the time of their declaration.
Withdrawal of consent is possible at any time in the same clear and unambiguous manner, at which time the processing ceases for the future.
3. PURPOSE OF THE EIA Un ORK :
The collection and processing of the above described personal data has as its main objective to improve the quality of the visitor’s browser – user on the website, under the interested e p beings of and securing electronic transactions , made to maintain evidential s correlation s of communication and transaction. The data subject shall in any case be informed of the contact details of the controller, the purpose of the processing and the legal basis of the processing which is one of the sole reasons referred to in Article 1 above (legality of processing), as provided by Regulation (EU). ) 2016/679 of the European Parliament and of the Council on the protection of natural persons against the processing of personal data and on the free circulation of such data (Article 6 ( 1)) . a ‘to f).
4. PHYSICS OF THE DATA :
By filling in the blanks that will be found on the website, in the special field “communication”, “contact form”, “order form” and in similar contexts, the visitor as a data subject searches for more information about the services, or extra services that the Company offers and gives its consent explicitly and with full will, fills in and notifies the following personal details: The visiting individual completes his personal details ( Country and City of origin, name and surname , email , phone, TIN, ID card or passport ) selects the service he wants and preferred response time , as well as optionally the amount he wishes to allocate for the services he has chosen, in order to be submitted by the Company and sends a message to the website . Visitors who declares that acts as the company, excluding these items, indicate in addition the name of the contact person. Therefore, the Company, as the controller, collects and processes the special personal data (name, country and city of installation, assets and especially the VAT and Identity Card data) that the subject itself informed about the purpose of the information regarding its specific activities. Company. The E match as controller collects and processes personal identifiers (e.g. input password) and financial identification (e.g. credit card number, address (IP), number s customer identity and payment) only for customer management and the proof and fulfillment of the contractual terms of the contract, where the data subject is counterparty.
5. TRANSMISSION DATA:
The site, the company is the data controller and the processor shall not transfer s of the data subjects (visitors, clients, stakeholders) without their prior consent to third parties (public or private). The consent for the transmission of personal data is express and is provided either by a written certificate or by a special note at a specific point on the website (click) . The visitor has the opportunity to withdraw his consent at any time by written request to the email of the editor in charge.
6. OBLIGATION TO UPDATE THE SUBJECT OF DATA:
The Company as Controller facilitates the exercise of data subjects’ rights and even indirectly has the data subject about all measures, without delay, within one month of receipt of the request and in particularly complex applications, the within three months , from the initial request. The visitor – user has the opportunity to submit a request for information at any time with a simple request to the controller, regarding all the data kept by the controller, both during the pre-approval stage and during the validity of the agreement. However, the data subject must be aware that the controller may charge a reasonable fee for the administrative costs of reproduction, storage and shipping to which the information is provided or refuse to continue to submit the request to the subject if this is manifestly unfounded or overly or unreasonably repetitive.
The Company as Controller communicate any correction or deletion of personal data or restriction of processing of data conduct unless it involves disproportionately expenses or is impractical.
7. RIGHT OF INFORMATION TO THE INFORMATION COLLECTED:
Visitors – The data subject has the right to request information from the company as controller of the data processed and the latter is obliged to provide all information relating to a) the identity and contact details of the controller and, where appropriate, the representative of the controller, b) the contact details of the data protection officer, if appropriate, c) the purposes of the processing k they are intended personal data and the legal basis for the processing completion, correction or clarification of, d) the legitimate interests pursued by the controller or by a third party, e) the recipients or categories of recipients personal data, if any, f) ) as the case may be, the intention of the controller to transmit personal data to a third country or international organization and the existence or absence of a decision of the Commission’s competence or, in the case of transfers, reference to appropriate or appropriate guarantees and means to obtain a copy of them or where they were made available. In addition, the information also extends to the information concerning: a) the period for which personal data will be stored or, where this is not possible, the criteria set out in that period, b) the existence of the right to submit a request to the person in charge. processing to access and correct or delete personal data or restrict the processing of the data subject or the right to object to the processing, as well as the right to data portability, c) when e processing is based on consent or voluntary disclosure, the existence of the right to withdraw its consent at any time, without prejudice to the lawfulness of the processing based on consent prior to its revocation, d) the right to file a complaint with a supervisory authority, e) whether the provision of personal data is a legal or contractual obligation or requirement for the conclusion of a contract, as well as whether the data subject is obliged to provide personal data and what possible consequences the non-provision of such data would have, f) the existence of automated decision making, including training profiles, and, at least in these cases, important information about the logic followed, and the importance and foreseeable consequences of due to processing for the data subject . The Company, as the controller, does not share data of the subjects with another controller, nor does it collect data from third parties. In the event that the data of the subjects in the Company are transferred as an exception as the controller, then the latter undertakes to fully inform the data subject about the source of transmission of his data.
8. RIGHT OF ACCESS TO DATA SUBJECT:
The subject t s data is entitled to request information and confirmation of the existence and extent of the data , by the Company as Controller and in particular , information on the following elements: a) the purpose of processing, b) the relevant categories of personal data, c) the recipients or categories of recipients to whom disclosed or to be disclosed personal data, especially from recipients in third countries or international organizations, d) if possible, the period of time for which personal data will be stored or, where this is not possible, the criteria that determine that period, e) the existence of a right to apply to Processor responsible for correcting or deleting personal data or restricting the processing of personal data concerning the data subject or the right to object to such processing, f) the right to file a complaint. a supervisory authority, g) where the personal data are not collected from the data subject, all available information on the origin of the and the source of them, h) the existence of automated decision making, symperilam CD- training profile. The Company, as the controller, will provide a copy of the personal data that is being processed, in the same way that the subject submitted his application or requested to be notified . In the event of an application for more copies, reproduction costs will be claimed as reasonable fees for administrative costs.
9. ADMINISTRATION RIGHT:
The data subject has the right to demand from the Company, as the person in charge of processing, the correction without unjustified delay of inaccurate personal data concerning it. Also, taking into account the purposes of the processing, the data subject has the right to demand the completion of incomplete personal data, among other things through a supplementary declaration.
10. DELIVERY RIGHT (RIGHT TO “MORTGAGE”):
The data subject has the right to request from the controller the deletion of personal data concerning it without undue delay and the editor is obliged by force to delete a personal data if the following reasons: a) personal data are no longer necessary in relation to the purposes for which they were otherwise collected or otherwise processed, b) the data subject withdraws consent and there is no other legal basis for processing, c) the data subject opposes automated decision making and profile creation and there are no compelling and legitimate reasons for processing or the data subject opposes the processing, d) personal data submitted to illegal treatment, e) personal data must be deleted in order to respect legal obligation to which the controller is subject , f) Personal data were collected in connection with the provision of information society services and concerned a minor visitor and data subject.. Such deletion is not possible when the processing is necessary a) for the exercise of the right to freedom of expression and the right to information, b) for the observance of a legal obligation which requires processing under the law of the Union or the law of the Member State to which it belongs. the controller or the fulfillment of a task carried out in the public interest or in the exercise of official authority vested in the controller, c) for reasons of public interest in the municipality area a health , d) for archiving purposes in the public interest, scientific or historical research or statistical purposes, since the right to erasure is likely to make it impossible or largely prevented the intended purpose of the processing, or e) for the establishment, exercise or support of legal claims.
11. LIMITATION OF RIGHT TO TREATMENT:
The company is the data controller ensures the data subject the limitation of processing , where any one of the following cases: a) the accuracy of personal data is contested by the data subject, for a period enabling the data controller to verify the accuracy of personal data, b) the processing is unlawful and the data subject opposes the deletion of personal data Rulers instead, it seeks to limit their use, c) the controller no longer needs the personal data for the purposes of the processing, but this data is required by the data subject for the establishment, exercise or supporting legal claims, d) the data subject has objections to automated processing, pending verification of whether the legal grounds of the controller prevail over the data subject’s reasons . If the controller accepts the request for restriction then the processing is limited to storage and there is no case for further processing except with the consent of the subject to exercise, establish or support legal claims or protect the rights of a natural or legal person or for public reasons. interest.
12. DATA PORTABILITY:
The controller provides the data subject personal data relating to the current file format, (especially. Zip., Pdf) when the processing based on consent and performed by automated means in order to respect the principle of the portability of its data.
The data subject has the right to object, at any time and for reasons related to his particular situation, to the processing of personal data concerning it, when the processing is necessary for the performance of a public duty. interests or the exercise of official authority vested in the controller, or the processing is necessary for the purposes of legitimate interests pursued by the controller or a third party, except ed against those interests prevail over the interests or fundamental rights and freedoms of the data subject which require protection of personal data, especially if the data subject is a child. including training profile. The controller no longer processes the personal data unless the controller demonstrates compelling and lawful reasons for the processing, which prevail over the interests, rights and freedoms of the data subject or for the establishment, exercise or support. legal claims. Also, e if personal data are processed for direct marketing purposes, the data subject is entitled to object at any time to the processing of personal data concerning him for such marketing, including training profiles, whether related this direct commercial promotion. The right to object is notified by the Company as the person in charge of processing at the latest during the first communication with him and is described separately from any other information.
The transfer of data by the subject (visitor, customer and interested party) is done by secure transfer method and the Company as the controller takes care of all necessary organizational and technical means to ensure the protection of the data, such as data protection. encryption and human intervention before they are transmitted.
V. EXCLUSION AND LIMITATION OF LIABILITY
1. VIOLATION OF DATA:
Our company maintains a strict policy of safety and protection of personal data from any unauthorized access, disclosure, use and modification by intentional or unintentional destruction. However, the website allows the visitor- user to communicate or send information during the transmission of which third parties may intervene and gain unfair and illegal access. The company does not bear any liability if the data subject unlawful act cause injury or damage to the subject is, if there was no gross negligence or willful misconduct As of. The visitor – user acknowledges the current limitations regarding the safety and security of the Internet and accepts the fact that the site can not guarantee absolute protection against malicious third party practices (such as, in particular, the virus spread, or decrypt data). In the event of a breach of personal data, which may seriously jeopardize the rights and freedoms of natural persons, the Company, as the controller, shall, without delay, declare the breach of the data to the data subject without delay, with a statement clearly describing the nature. the breach, the name of the controller, the possible consequences of the breach and the measures taken or proposed to mitigate the adverse consequences.
2 . INFORMATION AND PUBLICATIONS:
V I. TECHNICAL PROVISIONS
1. DIFFERENT DISTINCTION:
2.APPLICATION OF THE LAW:
The company has headquarters in Athens and this site is governed by the Union and Greek law on electronic commerce and consumer protection, in particular N. 2251/1994 (Government Gazette A / 191) for the protection of consumers, as amended and in force, the P.D. 131/2003 , ( Government Gazette A / 116 ), for the adaptation of Greek law to Directive 31/2000 of the European Parliament and of the Council on Electronic Commerce , the Code of Consumer Ethics for Electronic Commerce (Ministerial Decision 31619 / 22-3- 2017 (Government Gazette B / 969) as well as Law 3471/2006 (Government Gazette A / 133) for the protection of personal data and privacy in the field of electronic communications and the Regulation (EU) 2016/679 of the European Parliament and Council of 27 April 2016 for the protection of individuals against the processing of personal data and for the free circulation of such data and the abolition of Directive 95/46 / EC (General Data Protection Regulation), published in the Official Journal of the European Union (L 119). / 78).
LAST UPDATE April 2020.