The company TREKKING HELLAS – OUTDOORS TRAINING IKE, a company incorporated under the laws of Greece having its registered office at 96 Dimitriou Gounari street, 15125, with contact info email@example.com and +30 210 3310323, under the capacity of a data controller (hereinafter “the Company”), ensures the secure processing of the personal data that are submitted, fully complied with the current legal framework for the protection of personal data and in particular the General Regulation of Data Protection (EU) 2016/679 and the L. 4624/2019.
In this context, the Company collects and further processes your personal data to the extent that it is absolutely necessary for lawful purposes, as they are described in detail below.
This Policy aims to inform the users of the website https://trekking.gr/ about the processing of their personal data.
For the purposes of the present, the following terms have the following meaning:
- ”Personal data” means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
- “Special categories of personal data” means personal data disclosing racial or ethnic origin, political views, religious or philosophical beliefs or trade union affiliation, as well as the processing of genetic data, biometric data, data relating to health or data relating to the sexual life of a natural person or sexual orientation.
- “Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
- “Anonymization” means the processing of personal data in such a manner that the data can no longer be attributed to a specific natural person.
- “Pseudonymization” means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
- “Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
For the purposes of the present, the Company acts as a Controller.
- “Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the Controller.
- “Data subject” means the natural person whose personal data are being processed, e.g. partners, website users, employees.
- “Consent” of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
- “Personal data breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.
- “Applicable Legislation” means the applicable national and European legislation on the protection of personal data and particularly the General Regulation of Data Protection (EU) 2016/679 (hereinafter “the Regulation”), the Law 4624/2019, the case-law of the Court of Justice of the European Union (hereinafter “CJEU”), as well as decisions, guidelines, recommendations, opinions of the European Data Protection Board (hereinafter “EDPB”) and the
Hellenic Data Protection Authority (hereinafter “HDPA”).
B. Collection and further processing of personal data
- Collection and further processing of data through the website https://trekking.gr/
While browsing and using the website, we collect and further process the following personal data for the following purposes:
Data such as IP address, location, browser type and version, operating system, referral source, visit duration, number of web page views, web navigation paths, information about the time, frequency and pattern of service usage
Data analysis to control and improve services through the website and user support
Processing is necessary for the purposes of the legal interests pursued by the Company (article 6 par. 1f of the Regulation)
One (1) month
1) Google analytics
Contact and booking details, such as name, e-mail address, postal address, mobile phone, date of birth
Expression of interest and reservation of services provided
Processing is necessary for the execution of the contract or for measures to be taken at the request of the data subject before the conclusion of the contract (Article 6 par. 1b of the Regulation)
Up to five (5) years after the completion of the provided services, unless special legal provisions require otherwise
1) – CRM company
2) ΙΤ personnel
- Collection and further processing of personal data of minors
In principle, we do not directly or indirectly collect and further process personal data of minors (ie persons under the age of 18 years). However, as it is impossible to cross-check and verify the age of people browsing or otherwise using our site, it is recommended that parents and guardians of minors contact us immediately if they find any unauthorized disclosure of personal data of the minors for whom they are responsible, in order to exercise the rights granted to them, such as deleting their data. In case the Company realizes that personal data of a minor has been collected, the Company undertakes to delete such data without delay and to take all necessary measures for their protection.
We transfer the above personal data to third parties, to whom we have entrusted part or all of the processing of personal data on our behalf as well as to companies with whom we cooperate. Specifically, the data are transferred to the following:
- CRM company
- IT personnel
- Google analytics
In any case, the third parties to whom your personal data are transferred are contractually bound to us with a confidentiality clause and are subject to all the obligations provided by the current Legislation for the protection of the data subjects' rights.
- Transfer of personal data outside the European Economic Area (EEA)
In principle, we do not transfer your personal data to third countries or international organizations. In case of such transfer, e.g. through the use of Microsoft email and Google analytics services, we confirm in advance that one of the legal bases of Article 6 of the Regulation is used and that one of the following conditions is met:
- a) The European Commission has issued a decision of adequacy for the third country to which the transfer is pursued (article 45 of the Regulation.)
- b) The appropriate guarantees for the transfer of data are observed (article 46 of the Regulation.)
- c) For any occasional processing operations, there is one of the exceptions of article 49 of the Regulation.
If any of the above conditions is met, we will not transfer your personal data to a third country, unless one of the special derogations provided by the Regulation applies (eg if you have given your express consent after being informed of the risks involved in such transmission or if the transmission is necessary for the performance of the contract at your request or if the transmission is necessary to support legal claims, etc.).
- Retention period of personal data
Your personal data is collected and stored for a predetermined and limited period of time, depending on the purpose of processing, after which the data is deleted from our files.
When processing is necessary for the purposes of the legitimate interests we pursue, your personal data will be stored until you object to such processing.
When processing is required as an obligation by provisions of the Applicable Legislation or a specific retention period is provided by law, your personal data will be stored for as long as the relevant provisions require.
When processing is necessary for the performance of the contract, your personal data will be retained for as long as it is necessary for the execution of the contract and for the establishment, exercise and / or support of legal claims under the contract.
Your personal data processed for promotional purposes with your consent (eg data from the Newsletter subscription) will be kept until the withdrawal of consent, without such withdrawal affecting the legality of the processing carried out until the withrawal.
- Personal data breach
In the event of a breach incident, we apply a specific Personal Data Breach Case Management Policy. If you become aware or suspect that a personal data breach has occurred or has occurred, please let us know without delay at firstname.lastname@example.org.
- Security of personal data
Considering the latest technological developments, implementation costs and nature, scope, context and purposes of processing, as well as the risks of occurrence and severity of varying intensity and severity for your rights and freedoms from the processing of personal data We take all necessary technical and organizational measures to protect your rights and freedoms. Although no internet transmission method or electronic storage method is completely secure, we take care to take all necessary digital data security measures (eg antivirus) in full compliance with our obligations under Applicable Legislation.
- Your rights as data subjects
We ensure that we are able to respond promptly to the requests of data subjects to exercise their rights in accordance with Applicable Legislation.
In particular, each data subject has the following rights:
- Right of access. The right to obtain access to your personal data.
- Right to rectification. The right to obtain rectification of your personal data without undue delay where that personal data is inaccurate or incomplete.
- If the processing is based on consent, withdrawal of the consent at any time, without such withdrawal affecting the legality of the processing until the withdrawal.
and if the conditions of the Applicable Legislation are met.
- Right to erasure. The right to obtain the erasure of your personal data without undue delay in certain circumstances, such as where the personal data is no longer necessary in relation to the purposes for which it was collected or processed.
- Right to restriction. The right to obtain restriction of the processing undertaken by us on your personal data in certain circumstances, such as, where the accuracy of the personal data is contested by you, for a period of time enabling us to verify the accuracy of that personal data.
- Right to portability. The right to portability allows you to move, copy or transfer personal data easily from one organization to another.
- Right to object. You have a right to object to any processing based on our legitimate interests where there are grounds relating to your particular situation. you can object to marketing activities for any reason whatsoever.
In case of exercise of any of the above rights we will respond immediately and in any case within one month from the submission of the request informing you in writing of the progress. For the exercise of your rights or for any question regarding the protection of your personal data you can contact us at email@example.com. For any complaint regarding this Policy or personal data protection issues you can also contact the Hellenic Data Protection Authority (HDPA) (https://www.dpa.gr/el/polites/gkpd ).
- Disclaimer for third party websites-Social media buttons
In this website there are social media buttons - social media widgets (eg Facebook, Instagram, etc.) with the use of which, after the user connects to the social network, a special digital fingerprint is created, for which we and the social network we act as jointly responsible for the processing of your personal data.
For us, the purpose of processing this data is to improve the functionality of the website and the services provided as well as the analysis of its traffic. The legal basis for this processing of your personal data is the fulfillment of purposes of our legal interest and specifically the interoperability with applications that we use.
We do not control or are responsible for any subsequent processing performed on them.
This Policy may be amended / revised in the future in the context of our compliance according to the Applicable Legislation as well as the optimization and upgrade of the services of the website. We therefore recommend that you always refer to the updated version of the Policy for your information.