PRIVACY POLICY

 

Introduction

The following text, which is called Privacy Policy, explains in plain terms how our company Trust Plan processes the personal data which we collect from you or that you voluntarily provide to us as part of your transactions or communication with our business.

 

Data Controller

Personal data Controller is the legal entity with the name Trust Plan Single member P.C which is based in Kallithea, 196 A. Syggrou Avenue, P.C. 17671,  VAT number 801615971 with General Commercial Registry (GEMI) number 16018990300, tel: 215-2154083, e-mail address: info@trustplan.gr.

Our priority is to legally process this data and keep you fully informed about it. Please feel free to contact us for any queries.

 

Clarification-Scope

We inform you that our company is involved mainly in activities aimed at businesses (B2B) and not final consumers (B2C).

However, to be exact, in cases where our activities concern small sole proprietorships or single-member companies, ie where the business data relates to or can be considered to refer to an individual, we treat that person as a subject of personal data (regardless of the formal legal characterization of the company) and we apply this Privacy Policy.

 

Privacy Policy contents

  • Section One: General information

1) What is personal data?

2) What is Personal Data Processing?

3) Is the processing of your personal data mandatory?

4) When and how we collect your data

5) Which principles do we follow during your personal data processing?

 

  • Section Two: Processing analysis
  1. Categories of personal data which we process
  2. Purposes of processing – Legal basis of processing
  3. Personal data date retention
  4. Your rights

 

  • Section Three: Other information

 

SECTION ONE: General Information

  1. What is personal data?

The term “personal data” means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

In other words, personal data is any information related to a natural person, whether it immediately reveals its identity or it can reveal it.

 

  1. What is personal data processing?

Any  operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Basically, almost every action, from the moment personal data is created until it is destroyed ( or it is completely anonymised) constitutes processing.

Personal data processing is a legal action, provided it is carried out within the framework provided by the relevant legislation, meaning national law 4624/2019 and the European  General Data Protection Regulation (GDPR) 679/2016 and e-privacy (3471/2006).

 

  1. Is personal data processing necessary?

Providing some of your data to our business is necessary when you are trading or contacting us. No registration is required for your browsing of our website, but personal data is processed through cookies (see Cookies Policy).

With this policy we inform you of the processing rules we follow.

If you do not provide us with the data listed below, we will probably not be able to complete the transactions you requested or respond to your contact request or any other request you submit.

 

  1. When and how do we collect your data?

We collect your data at the following moments:

Α. When you counteract with our business in relation to the provision of our services

Β. When you contact us (via e-mail or post mail)

  1. When you request to receive newsletters online about our news, promotions and events, by subscribing to our newsletter.
  2. When visiting our website trustplan.gr, through cookie use as explained in Cookie Policy.

 

  1. Which principles do we follow during your personal data processing?

When processing your data, we accept, adopt, and apply the principles of processing under article 5 GDPR, meaning that your data are:

  1. a) processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’);
  2. b) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall, in accordance with Article 89(1), not be considered to be incompatible with the initial purposes (‘purpose limitation’);
  3. c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’);
  4. d) accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’);
  5. e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed (‘storage limitation’);
  6. f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’).

SECTION TWO: Processing analysis

 

  1. Categories of personal data which we process

Our company collects and then processes (stores etc) the following categories of personal data:

company name, type of company, activity, address, no. telephone, email address, website, VAT, Tax Office, no. G.E.M.I., data from transactions (type, value, comments / complaints), data of your banking transactions with our company (when you pay by bank for the provision of our services, ie date, amount, method of payment, account details ).

This data is closely and exclusively related to your business and is absolutely necessary to serve the following processing purposes.

 

  1. Purposes of processing – Legal basis of processing

We collect and process the above categories of personal data for the following purposes:

1.Provision of our services, invoicing-credit, service of contractual rights and obligations

2.Customer service (information about services, customer record keeping)

  1. Defense of legal claims
  2. Compliance with legislation (tax, etc)
  3. Sending newsletters, ie emails with promotional content in relation to our services
  4. Sending requests for research and evaluation of our services (without other content eg advertising or marketing purpose)
  5. Sending information material in relation to our services provided or data processing, eg information on legislative changes, service renewal, change of Privacy Policy, etc. (without other content such as advertising or marketing).

 

Legal basis of processing

Please be advised that the above purposes are processed for the following reasons:

  • under the legal basis of article 6, paragraph 1, subsection b of GDPR 679/2016/EE (processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract)
  • under the legal basis of article 6, paragraph 1, subsection c of GDPR 679/2016/EE (processing is necessary for compliance with a legal obligation to which the controller is subject)
  • as appropriate under the legal basis of article 6 paragraph 1 subsection f of 679/2016 / EU (ie for the defense of the legal interests of our company)

Regarding newsletter sending, we inform you that this, according to the provisions of law 3471/2006 (e-privacy legislation), is done only if there has been a provision of services between us or if you have voluntarily registered in the newsletter sending list of our company, ie in the latter case with your prior explicit consent.

In every newsletter message you receive, we give you the opportunity to stop receiving them, by selecting unsubscribe at any time you wish.

The sending of a newsletter is solely for the promotion of similar and related products or services of our business and your email address is not disclosed to third parties.

  1. Personal data date retention

Processing of personal data should be limited in time, only for the time absolutely necessary for the purposes of processing.

The personal data we process according to the above, is kept for a period of time necessary to comply with the legislation (mainly tax legislation) and to safeguard our legal claims.

We keep your data in our company, as well as in information systems located in a country within the EU.

 

  1. Your rights

We process the above data in accordance with the above protection policy and of course we support and ensure that your rights are exercised in a similar manner.

Our response to your requests (whether it is for the exercise of rights or the submission of complaints) takes place free of charge and without delay, and in any case within (1) one month after we receive your request and confirm your identity. However, if your request is complex or a large number of requests are submitted to our business at the same time, we will let you know within this month if we need to receive another (2) two-month extension within which to respond. Reported times of one (1) plus two (2) months (if required) are legal and provided for in the GDPR.

If your requests are manifestly unfounded or excessive, our business may charge a reasonable fee, taking into account administrative costs for providing the information or performing the requested action or refuse to respond to your repeated request.

Specifically you have the following rights:

  1. Right to information about all the above issues and any other issue relating to the processing of your data.
  2. Right of access, that is, the right to receive a copy of the data you have given us.
  3. Right of updating / rectification if any data is or becomes incorrect so as to correct it. The update will take place within 7 business days of the date of submission of your written request and confirmation of your identity.
  4. Right to erasure (‘right to be forgotten’). This right may be subject to limitations due to the need to retain certain data due to legal obligations.
  5. Right to restriction of processing when:
  6. a) the accuracy of the personal data is contested by you, for a period enabling us to verify the accuracy of the personal data;
  7. b) the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
  8. c) we no longer need the personal data for the purposes of the processing, but it is required by you for the establishment, exercise or defence of legal claims and in similar cases
  9. Right to data portability, meaning the right to receive the personal data concerning you, which you have provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided.
  10. Right to withdraw your consent to being send newsletters, that is, the right to request that you not receive future newsletter emails from our business by choosing the “unsubscribe” option to any such email you receive.
  11. Right to lodge a complaint to the Hellenic Data Protection Authority (dpa.gr) in case you believe we are breaching the relevant data protection laws.

SECTION THREE: Other information

 

  1. Our business uses modern and up-to-date protection systems (antivirus systems, firewalls, etc.) to prevent the illegal invasion, access or dissemination of your personal data.

 

  1. We inform you that we do not proceed to automated individual decision making or profiling.

 

  1. Privacy Policy Revisions

Our business reserves the right to modify or periodically review this Privacy Policy at its sole discretion. In the event of any changes, our business will record the date of modification or revision in the new Privacy Policy and the updated Policy will apply to you from that date. We encourage you to review this Privacy Policy from time to time to see if there are any changes to the way we handle your personal information.

 

  1. Contact – Requests – Complaints

If you have any questions, comments or complaints about the management or the protection of your personal information, or if you wish to exercise any of your rights, please contact us at info@trustplan.gr.

To file a complaint about a breach of your personal data you can contact the Hellenic Data Protection Authority (1-3 Kifisias Str., Zip Code 115 23, Athens, Call Centre: 210 6475600, Fax number: 210 6475628, e-mail address for reporting a personal data breach incident : databreach@dpa.gr, general e-mail address:  contact@dpa.gr)