Protecting the personal data of individuals is a fundamental right. Article 8 paragraph 1 of the Charter of Fundamental Rights of the European Union and Article 16 paragraph 1 of the Treaty on the Functioning of the European Union (TFEU) establish that every person has the right to the protection of personal data concerning them.
Furthermore, since May 25, 2018, the General Data Protection Regulation (GDPR) of the European Parliament and of the Council, which introduces a stricter framework for the protection of personal data and the free movement of such data, has been in effect. Additionally, since August 29, 2019, the national law 4624/2019 “Personal Data Protection Authority, implementation measures of Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC and other provisions” has been in effect.
Protecting the personal data of individuals is of utmost importance to Marevanton Ltds (hereinafter referred to as the “Company”). Therefore, the collection and processing of personal data by the Company are carried out only in accordance with the aforementioned applicable national legislation and the General Data Protection Regulation, where necessary for the operation of employment relationships and the general activities of the Company. The Company allows access to personal data only to authorized personnel and takes enhanced security measures to protect the data from loss, improper handling, unauthorized access, modification, or disclosure, among other risks.
- Processing of Personal Data on the Company’s Website
1.1 Categories of Personal Data During your visit to the Company’s website, the Company may process the following categories of personal data: (a) Data you enter for communication with the Company (e.g., name, email address, content of communication), (b) Personal data automatically collected during your browsing (e.g., IP address, device type, browser program, referring website, website of the Company visited, date, and time of the visit).
1.2 Purposes of Processing The processing of your personal data is carried out to serve pre-contractual or contractual relationships, to provide you with personalized information, respond to your requests, or contact you upon your request.
1.3 Legal Bases for Processing The processing of your personal data is necessary for the fulfillment of the aforementioned purposes. Unless otherwise specified during the collection of personal data, the legal basis for their processing is one of the following: (a) Processing is necessary for the performance of a contract with you (Article 6 paragraph 1b of the General Data Protection Regulation), (b) Processing is necessary for the purposes of the legitimate interests pursued by the Company (Article 6 paragraph 1f of the General Data Protection Regulation), (c) You have given explicit consent for the processing of personal data (Article 6 paragraph 1a of the General Data Protection Regulation).
1.4 Recipients and Transfers A third-party IT company (acting as a data processor) may manage our website. In such cases, we ensure, through contractual terms and regular checks, that if it has access to personal data, it adequately complies with data protection laws.
1.5 Cookies Policy Cookies are small text files stored on your computer or mobile device when you visit a website. We use the term “cookies” as a collective term to describe techniques such as cookies, Flash cookies, and web beacons. Cookies are primarily used to ensure that your visit to our website is as user-friendly as possible and for advertising purposes during your future visits to other websites.
1.6 Personal Data of Minors
The Company and its website are intended for individuals who have reached the age of eighteen (18). If minors, particularly those under the age of fifteen (15), voluntarily visit our website, the Company assumes no responsibility. In the event that during the data collection process, it is noticed that the user is under the age of fifteen (15), the Company will not process their personal data.
- Processing of Personal Data Related to Your Transactional Relationship with the Company and/or Contract Conclusion
2.1 Categories of Personal Data and Sources
In the context of an imminent or existing transactional relationship with the Company, the Company may process the following categories of personal data of its contractual partners: (a) Identity and contact details, such as full name, ID number, tax identification number, tax office, address, telephone number, mobile phone number, fax number, and email address provided by the contractual partner or their representatives for identification and communication purposes. (b) Support data, such as data that a user has sent to us for supporting a request or inquiry related to the website and its services. (c) Notification data, such as data provided by the user to receive updates, newsletters, and relevant information of interest.
2.2 Purposes of Processing
- Management of the contractual relationship with the Company’s tenants, such as support and monitoring of the contract, fulfillment of contractual obligations, etc.
- Ensuring the Company’s compliance with legal obligations (taxation, insurance, accounting, etc.) for compliance checks of the Company’s tenants and safeguarding the Company’s overriding legal interests.
2.3 Legal Bases for Processing
Unless otherwise specified during the collection of personal data, the legal bases for their processing are as follows: (a) Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Company (Article 6 paragraph 1e of the General Data Protection Regulation and Article 5 of Law 4624/2019). (b) Processing is necessary for the performance of a contract with you (Article 6 paragraph 1b of the General Data Protection Regulation). (c) You have given explicit consent for the processing of personal data (Article 6 paragraph 1a of the General Data Protection Regulation). (d) Processing is necessary for compliance with a legal obligation of the Company or for the purposes of the legitimate interests pursued by the Company (Article 6 paragraph 1c or f of the General Data Protection Regulation, respectively).
2.4 Recipients and Transfers
The Company may disclose personal data to third parties, but only if and to the extent such disclosure is strictly required for the purposes mentioned above and is necessary for the Company’s operations.
The Company may disclose personal data to judicial, administrative, tax, customs, arbitration authorities, or other public authorities, regulatory bodies, and lawyers if it is necessary to comply with the law or to establish, exercise, or defend its legal claims.
In such cases, we ensure through contractual terms and regular checks that, if and when third parties have access to personal data, they process it solely for the purposes for which it was disclosed and that they adequately comply with the legislation for its protection. In this case, third parties provide sufficient assurances for the implementation of appropriate technical and organizational measures to meet the requirements of the applicable legislation and to protect the rights of data subjects.
- Data Retention Period
The Company will retain your personal data for as long as necessary to fulfill the purposes described in this policy unless the applicable law requires or permits a longer retention period. The criteria for determining the data retention period include the following: (a) The duration of our contractual relationship. (b) The time required for the Company to comply with its legal obligations. (c) The time required in view of the Company’s legal position, such as defending rights before courts, regulatory audits, etc.
- Technical and Organizational Measures
The Company effectively implements, both at the time of determining the processing means and at the time of processing, appropriate technical and organizational measures, such as pseudonymization, encryption, data minimization, designed to apply data protection principles and integrate the necessary safeguards into the processing to meet the requirements of applicable legislation and protect the rights of data subjects.
- Right to Withdraw Consent
If you have given your consent for the processing of specific personal data by the Company, you have the right to withdraw your consent at any time, with future effect. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. In case of withdrawal of consent, the Company may continue to process personal data only if there is another legal basis for the processing.
Rights of the Data Subject
Under the current legislation on the protection of personal data, and provided that the relevant legal conditions are met, you have the following rights:
6.1 Right of Access
You have the right to be informed whether the Company is processing your data, to have access to your data, and to obtain supplementary information regarding their processing.
6.2 Right of Rectification
You have the right to request the update, rectification, or completion of your personal data.
6.3 Right of Erasure (Right to be Forgotten)
You have the right to request the erasure of your personal data, which will be fulfilled provided that no other legal basis for processing exists (e.g., a legal obligation requiring the processing of personal data).
6.4 Right to Restrict Processing
You have the right to request the restriction of the processing of your personal data in the following cases: (a) When you contest the accuracy of your personal data, and until its accuracy is verified. (b) When you object to the erasure of your personal data and request the restriction of its use instead. (c) When your personal data is no longer needed for the purposes of processing but is necessary for the establishment, exercise, or defense of legal claims. (d) When you object to the processing, pending verification of whether the legitimate grounds of the Company override your interests or rights, as provided in Article 35 of Law 4624/2019.
6.5 Right to Object to Processing
You have the right to object to the processing of your personal data at any time when such processing is based on the legal basis (Article 6 paragraph 1e or f of the General Regulation), except if the Company demonstrates compelling legitimate grounds for the processing, which override your interests, rights, or if the processing is necessary for compliance with a legal obligation.
6.6 Right to Data Portability
You have the right to receive your personal data in a structured, commonly used, and machine-readable format, or to request the transmission of your data directly to another data controller, if technically feasible.
6.7 Right to Object to Automated Decision-Making
You have the right to request the exclusion from decisions based solely on automated processing, including profiling.
If you wish to exercise one or more of your rights and for better service, please contact us via email at email@example.com
- Data Protection Officer (DPO)
The Data Protection Officer (DPO) for the company Marevanton Ltds, based Makrygianni Ave. 105, GR-18345 Moschato, Athens – Greece, is responsible for providing support for all inquiries, comments, concerns, or complaints related to the protection of personal data or in case you wish to exercise any rights regarding the protection of your data. You can contact the Data Protection Officer via email at firstname.lastname@example.org or by post office at:
Marevanton Ltds, Makrygianni Ave. 105, GR-18345 Moschato, Athens – Greece
- Right to Lodge a Complaint with the Supervisory Authority
The competent authority is the Hellenic Data Protection Authority for the Protection of Personal Data. You have the right to lodge a complaint with the Hellenic Data Protection Authority for matters concerning the processing of your personal data. Before turning to the competent authority, you should attempt to exercise your rights with the Company. For information on the competence of the Authority and the process of submitting a complaint, you can visit their website (www.dpa.gr > My Rights > Submit a Complaint), where detailed information is provided.
If you have any further questions or require assistance with regards to the protection of your personal data, please do not hesitate to contact our Data Protection Officer at the provided contact details.