Personal data protection and privacy policy
The private company under the corporate name “NIK – POUL MEMBER P.C.”, owner of the website www.shila-athens.com, informs you that the processing of your personal data, which are collected via the communication form, is performed pursuant to the data protection law in force (Regulation (EU) 2016/679 – hereinafter “GDPR”) and the present Personal Data Protection and Privacy Policy of the Website, and declares that it is our company’s aim to comply with the principles that govern the data protection regarding their processing, given that it is committed to respect your civil rights and your privacy.
1. Data Processing Controller
“NIK – POUL MEMBER P.C.” is the Data Processing Controller (hereinafter the “Controller”).
You may communicate with the Controller at the following email address hello@thefountainathens.com
2. Definitions
Data Subject: any natural person whose personal data is processed by us or on our behalf.
Personal Data: any information relating to an identified or identifiable natural person, which pertains to the physical, physiological, psychological, emotional or financial status, the cultural or social identity of said natural person.
Processing: processing of personal data (“processing”), is any operation or set of operations which is performed on personal data such as, indicatively, the collection, record-keeping, storage, alteration, analysis, use, association, restriction, erasure or destruction;
Transmission: the access to personal data, for example by allowing access, transmission or publication.
Controller: the legal person which determines the purpose, the content and the procedure of the processing of personal data.
Processor: the natural or legal person, which processes personal data according to the controller’s instructions.
3. The Data that we process
With your consent, we process the following personal data that you provide when you interact with the Website and use the services and functions it offers. Said data, which you provide when you submit the communication form, specifically include the name and surname that you indicate, your communication details, as well as the wording that you fill out in the communication form and constitutes a request for information, an opinion, a rating or anything else you wish to communicate.
In order to satisfy the requests that you submit via the communication form and/or offer you updates, in general or regarding undesirable actions, it is necessary to consent to the processing of the data, which is indicated with an asterisk (*). Without said mandatory data or your consent we are unable to proceed further. On the contrary, the information required in fields without an asterisk indication (*) as well as your consent to receive updates, are optional and therefore, if you don’t provide them, there is no consequence.
In any event, even without your prior consent, the Controller may process your data, in order to comply with its legal obligations, under law, regulations and the EU legislation, to exercise its own lawful interests and, in any occasion, pursuant to articles 6 and 9 of the GDPR, as the case may be.
The processing is performed by means of computers as well as hard copies and always entails the implementation of security measures pursuant to the legislation in force.
4. Why and how we process your data
The data is processed for the following purposes:
to handle the requests that you submit via the “Communication Form”. The legal basis for the data processing for this purpose is your consent (article 6 par. 1 (a) and article 9 par.2 (a) of the GDPR);
to handle the reports for undesirable actions that are submitted via the Website or the Forms. The legal basis for the data processing for these purposes is your consent (article 6 par. 1 (a) and article 9 par.2 (a) of the GDPR) as well as any public interest (article 9 par.2 (i) of the GDPR) and legal obligation;
Moreover, but only upon your optional consent, which is the legal basis for the data processing pursuant to article 6 par. 1 (a) of the GDPR:
(iii) in order to receive advertising material (direct marketing) from us – newsletters.
With regard to the email updates, you may remove yourself from the relevant list of recipients at any time, by following the instructions contained in every communication. Should you opt to be deleted from a service or communication, we will try to erase your data as soon as possible; nevertheless, certain time and/or information may be required, prior to processing your request.
You provide your consent to the processing of your data for these purposes by choosing the appropriate fields in the communication form.
In any event, your data may be subject to process, even without your consent, in order to comply with laws, regulations and the EU legislation (article 6 par. 1 (c) of the GDPR) and in order to receive statistical data pertaining to the Website’s use and its proper operation (article 6 par. 1 (f) of the GDPR).
The personal data is entered in our information system in full compliance with the data protection legislation, and their processing is based on the principles of proper practice, legitimacy and transparency.
Data are stored for as long as it is absolutely necessary, in order to attain the purposes, for which the personal data are processed. In any event, the criteria to determine said period is based on complying with the time limits provided by law and the principles of data minimization, storage limitation and rational processing of the records.
All data shall be subject to processing in hard copies or via automated means; in any case the appropriate level of security and confidentiality will be ensured.
5. Principles applied during processing
We may process your personal data, in order to provide personalized services, pursuant to article 6 par. 1 (b) of GDPR and the national legislation that implements it. Your personal data are not used for other purposes apart from those described herein, unless we receive your prior consent or if required or allowed by law.
Personal data should be processed in a manner compatible to the purpose for which they are collected.
The principle of proportionality is applied during the processing of personal data; amongst others, said principle creates the obligation to not purposelessly collect personal data.
Personal data, which are used, should be precise and updated.
Personal data, which are used and are no longer precise and comprehensive, should be revised or deleted.
With the exception of cases where there is a legal obligation to retain them for a longer period of time, personal data should not be stored longer than required for the purposes for which they were collected or processed.