- Controller’s details
The company under the trade name “OLVIOS EXPERIENCE P.C.” with GEMI number 186862007000 and registered seat at Marathonas Attica, 109 Chrisostomou Smirnis, zip code 19005, ΤΙΝ 802988540, Tax Office KEFODE Attikis, email info@olviosexperience.com (hereinafter the “Company”) hereby informs you, as the Data Controller, in accordance with Regulation (EU) 2016/679 (hereinafter referred to as the “GDPR”) and the relevant provisions of Hellenic legislation on the protection of personal data, as applicable, on the type of personal data collected, the source of their collection, the reason for their collection and further processing, any recipients thereof, their period of retention, any transfer outside the EEA and your rights in relation to the processing of your personal data.
- Data Processing Cycle
B1. Personal data we process in the context of our Website (olviosexperience)
| Personal Data Categories | Source | Purpose | Legal Basis | Retention Period | Recipients |
|---|---|---|---|---|---|
| Identification data (e.g. name, surname, interests) | Tourfic Dynawasp Soupalake Municipalities Prefecture Independent Authority for Public Revenue (IAPR) | Provision of retail trade services, including e-shop services. | Article 6 para. 1 (b) GDPR – Performance of our contract | Until expiry of the relevant limitation period (Article 249 of the Hellenic Civil Code) | Data Processors: Accounting service providers,DynaWasp (for IT support and hosting services)Hetzner (for cloud services),Channel Management System providers. Payment service providers for the execution of transactions Tax authorities, in accordance with applicable tax legislation Lawyers, in so far as this is necessary for the exercise of the rights of the Company and the protection of its legitimate interests |
| Contact data (e.g. postal and e-mail address, telephone number) | |||||
| Payment details (e.g. credit cards, redemptions/ debts) | |||||
| Billing details (e.g. tax identification number, tax office) | Product billing | Article 6 para. 1 (c) GDPR in conjunction with the relevant tax legislation | |||
| Transaction details (transaction history etc.) | Maintainance of order history | Article 6 para. 1 (f) GDPR – Company’s legitimate interest in maintaining client logs | |||
| Contact details (your email address) | Direct promotional activities via electronic means | Article 6 para. 1 (a) GDPR & Article 11 par. 1 of the Law 3471/2006/ Article 6 para. 1 (f) GDPR & Article 11 par. 3 of the Law 3471/2006 | Until the expiry of the limitation period following the withdrawal of your consent/ until you object to the processing of your data | Providers of product and service promotional services |
B2: Candidate employee data
| Personal Data Categories | Purpose | Legal Basis | Retention Period | Recipients |
|---|---|---|---|---|
| Identification details(full name, father’s name, mother’s name, gender, date of birth, ID number/passport number) | Assessment of the candidate for recruitment purposes | Article 6 para. 1 (f) GDPR – Our legitimate interest in the recruitment of qualified personnel | 6 months or for a greater period subject to your consent | Processors: providers of IT support servicesproviders of hosting services, cloud providersproviders of product and service promotion services |
| Contact data (postal and e-mail address, telephone number) | ||||
| Data contained in CVs (marital status, disabilities, education and qualifications data, work experience) |
B3. Vendor data (natural persons)
| Personal Data Categories | Purpose | Legal Basis | Retention Period | Recipients |
|---|---|---|---|---|
| Identification details(full name, father’s name, mother’s name, gender, date of birth, ID number/passport number) | Supply of goods and/or services to the Company | Article 6 para. 1 (b) GDPR – Performance of the contract | 5 or 20 years based on the respective limitation periods of Articles 250 and 249 of the Hellenic Civil Code | Data Processors: Accounting service providers, Financial institutions, to the extent necessary for the execution of transactions |
| Contact data (postal and e-mail address, telephone number) | ||||
| Transaction data(invoices, tax forms, etc.) | Compliance with relevant obligations under tax law | Article 6 para. 1 (c) GDPR – Compliance with legal obligation |
*No automated decision-making processing operation, including profiling is conducted.
Data we collect automatically e.g. language settings, IP address, location, device settings, device operating system, activity details, time of use, redirect URL, status report, user information (information about browser version), operating system, browsing result (simple visitor or registered customer), browsing history. We may also collect data through cookies. For information on the use of cookies, click here.
- Transfer of data outside the EEA
In principle, the Company does not transfer your personal data to third countries and/or International Organizations. In the event of a transfer of your personal data to a country outside the European Economic Area (EEA) or an International Organization, the transfer will be carried out pursuant to Chapter II and V of the GDPR cumulatively.
- Data subject rights
The Company ensures that it can respond directly to the requests of the subjects, for the exercise of their rights in accordance with Applicable Law. In particular, every data subject has the following rights:
| Portability | Rectification |
| Erasure | Restriction |
| Access | |
You have the right to object to the processing of your personal data as regards any processing carried out by the Company based on our legitimate interests.
If you wish to exercise any of your rights or acquire any information concerning the processing of your personal data, you can contact us via email in the following address info@olviosexperience.com, and the Company will respond promptly [in any case within thirty (30) days of the request], notifying you in writing of the progress of the request.
If you have any complaints regarding this Notice or any data protection concerns, and if we fail to comply with your request, you may contact the Hellenic Data Protection Authority, 1-3 Kifissias Avenue, 115 23, Athens (www.dpa.gr).
- Exclusion of Liability for Third Party Websites-Social Media Widgets
On this Website there are links to third party websites and/or social media widgets (e.g. Google, Facebook, Instagram), through which, after the user logs in to the third party’s website or social network, a special digital fingerprint is created in respect of which both the Company and the third party itself act as joint controllers.
As regards the Company, the purpose of processing such data is to improve the functionality of the Website and the services provided, as well as for traffic analysis. The lawful basis for the processing of personal data is the pursuit of the legitimate interest of the user and in particular the interoperability with applications used by them (Article 6(1)(f) GDPR).
The Company does not have control over and is not responsible for any further processing carried out on such data by the Joint Controllers.
For more information about the data processing policy and the options for configuring these networks, please visit the following websites:
https://www.facebook.com/privacy/policy/