Privacy Statement
Notice on Personal Data Processing
Introduction
The Public Properties Company (PPCo) is a societe anonyme whose purpose is to develop, by all means appropriate, the immovable assets it owns, as well as manage assets and operate tourism business units entrusted to it by the Greek State, by legal entities governed by public law, by legal entities governed by private law belonging to the wider public sector and by other societes anonymes whose share capital is owned directly or indirectly by the Greek State (hereinafter “PPCo SA” or “the Company”).
We would like to reassure you that for PPCo SA, the protection of our clients’ personal data is of paramount importance. For this reason, we take appropriate measures to protect the personal data we process and ensure that the processing of your personal data is always carried out in accordance with the obligations laid down by the legal framework, both by the Company itself, and by third parties who process personal data on behalf of the Company.
Controller – Data Protection Officer (DPO)
PPCo SA, registered in Athens (7 Voulis Street, 10562 Athens, Greece), with Tax No. 094537454, Tel. +30 210 3339416, website: http://www.etasa.gr, email: info@etasa.gr and fax +30 210 3339507, informs you that for the purposes of conducting business, it shall process personal data in accordance with the applicable national legislation and Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free circulation of such data (hereinafter “the Regulation”), as in force.
For any issue relating to personal data processing, contact the Data Protection Officer (DPO), Ms Marilena Bellou, directly via email at dpo@etasa.gr.
What kind of personal data we process
The personal data provided to us (name, contact phone number, email address) are the strictly essential and necessary data for our intended purposes, which we process only when we have a legitimate reason to do so. We would also like to reassure you that, we do not collect and process data about children under the age of 15. If you are under 15 years of age, you can only make purchases from our website with the participation and approval of a parent or guardian.
How and why we use your personal data
• To provide products and services online and to carry out and fulfil our obligations towards you
We collect your personal data in order to provide you with our products and services through our electronic platform. In particular, for the purpose of buying tickets online through our website (web tickets) in order to visit our tourist and business facilities, information, such as your name, phone number and email address is required, so as to confirm your booking and contact you.
• To contact you and manage our relationship with you
We may need to contact you by email or over the phone about matters regarding altering or cancelling your booking, handling your complaints, and serving you in general.
• To improve our services and protect our business interests
We may use your personal data (e.g. browsing history) to optimise our online services (via website) as well as to better run our website and meet your expectations.
• To inform you about our news and offers via Newsletter
If you have given your explicit consent, we will use your email address, your name and your mobile phone number to send you promotional/informational messages about our new products, services and offers.
• To comply with legal obligations
We process your personal data as part of our compliance with legal obligations and in particular, with the provisions of the tax law, with judicial decisions, regulations or decisions of administrative authorities and in the context of investigating complaints, preventing and detecting fraud, checking the correctness of pricing and checking situations concerning possible threats to the security of any person or violations of our policies or terms.
What the legitimate reasons are for processing your personal data
The legitimate reasons for processing your personal data include:
i. To process your data as part of our contractual obligation or at the pre-contractual stage of the online process you follow to acquire our products and services.
ii. To safeguard and protect our legitimate interests, which may consist of network security, security in the operation of the Company’s IT systems, protection against malicious software, IT support, and defence, exercise or establishment of your legal claims, as well as organising our business activities in general.
iii. To comply with a legal obligation, which may consist of specific obligations arising from the provisions of the tax legislation.
iv. To obtain consent under the conditions specified by the legal framework, such as consent for you to receive updates on products, services and offers.
Where is your data shared
PPCo S.A. may transmit your personal data to the following categories of recipients:
• Company employees
To the employees of the Company who are responsible for evaluating and confirming your booking requests, contacting you in cases of ticket cancellations due to weather and other conditions prevailing at ACHILLION MUSEUM, managing any requests submitted for information or complaints, as well as properly executing the agreement between us. Your personal data are handled with the strictest confidentiality and discreetness, as the employees who process your personal data have an adequate and significant level of knowledge to protect the data and are bound by a confidentiality clause regarding the management of personal data or are subject to due regulatory obligation to respect the confidentiality clause.
• State authorities and law enforcement agencies in the context of their duties
We may share your information with relevant bodies, law enforcement agencies and other third parties, to the extent permitted by the law, to prevent or detect criminal acts, illegal activities and situations related to possible threats to the safety of any person or violations of our policies or terms.
• Company associates (banks, legal advisers, accountants, auditors, etc.)
For the purpose of fulfilling the stated purposes, for processing your personal data and providing a higher level of service, the Company may disclose or transmit personal data that you have given us to third party service providers to carry out ticket sales, as well as to third party service providers, who, in partnership with the Company, assist in the proper operation of this website, including, but not limited to, technology service providers for the protection and security of our online systems. When managing judicial cases and for the purpose of the establishment, exercise or defence of its legal claims against third parties, the Company may transfer your data to external associates / lawyers, in case their assistance is deemed necessary for managing the case and supporting the Company’s rights. Furthermore, our Company works with banks, accountants, auditors, advertising companies, for sending informational material and other third parties, to whom it assigns the processing of personal data on its behalf.
In such cases, the Company remains liable for the processing of your personal data and defines the specific details of such processing, while it also signs a special agreement with the third parties to whom it assigns the execution of processing activities, in order to ensure that the processing is carried out in accordance with the applicable legal framework and that any natural person can freely and unrestrictedly exercise the rights conferred on them by the legal framework.
Retention Period
The data storage time is determined based on the following specific criteria, depending on the case:
When the processing is required by the provisions of the applicable legal framework, your personal data will be retained for as long as the relevant provisions require.
When the processing is carried out as part of executing an agreement and/or taking measures to draft an agreement, your personal data will be retained for as long as is necessary for establishing, exercising, defending or refuting legal claims arising from the agreement and up to their legal statute of limitations. These personal data may even be retained for as long as specified by other tax or special legal provisions.
For the purposes of promoting our products and services and to the extent that the availability of your personal data is based on your consent, your personal data is kept until your consent is withdrawn. You can carry this out at any time. Withdrawal of consent shall be without prejudice to the legality of the processing, based on the consent during the period prior to its withdrawal.
What your rights are with regard to your personal data
Any natural person, whose data is processed by PPCo S.A. in the context of using our website for online ticket purchasing purposes, enjoys the following rights:
Right of access:
You have the right to be aware of and verify the legality of processing. Therefore, you have the right to access the data and obtain additional information about their processing.
Right to rectification:
You have the right to study, rectify, update or modify your personal data by submitting a written request to the Data Protection Officer (DPO).
Right to erasure:
You have the right to submit a written request for the erasure of your personal data when we process them on the basis of your consent or in the context of protecting our legitimate interests. In all other cases (for example, where there is an agreement in place, an obligation to process personal data imposed by the law, public interest), this right is subject to specific restrictions or does not exist as appropriate.
Right to restriction of processing:
You have the right to request the restriction of processing of your personal data in the following cases: i. when you challenge the accuracy of the personal data and until it is verified; ii. when you oppose the erasure of the personal data and request the restriction of their use instead; iii. when your personal data are no longer needed for the purposes of the processing, but they are required for the establishment, exercise or defence of legal claims; and iv. when you oppose the processing, and pending the verification whether the legitimate grounds that concern us override those for which you oppose the processing.
Right to oppose the processing:
You have the right to oppose the processing of your personal data at any time, where, as described above, this is necessary for the purposes of legitimate interests that we pursue as controllers.
Right to data portability:
You have the right to receive your personal data free of charge in a format that allows you to access, use and edit them with commonly used processing methods. You also have the right to ask us, if technically feasible, to transmit the data directly to another controller. Your right applies for the data that you have provided to us and their processing is carried out by automated means on the basis of your consent or in execution of a relevant agreement.
Right to withdraw consent:
Where processing is based on your consent, you have the right to withdraw it freely, without prejudice to the legality of the processing that was based on your consent before withdrawing it.
To exercise any of these rights, you may contact the Data Protection Officer (DPO), Ms Marilena Bellou, by post at 7 Voulis Street, 10562 Athens, or email at dpo@etasa.gr.
Right to lodge a complaint to the DPA
You have the right to lodge a complaint to the Hellenic Data Protection Authority (www.dpa.gr): Call Centre: +302106475600, Fax: +30210 6475628, email: complaints@dpa.gr
In all these cases, we will expend all efforts to respond to your request within 30 days from the day submitted. This deadline may be extended for another 60 days, provided this is deemed necessary, taking into account the complexity of the request and the number of requests, in which case, we will inform you accordingly within the aforementioned 30-day deadline.
Personal Data Protection
PPCo S.A. has suitable technical and organisational measures in place, aiming to safely process personal data and prevent any accidental loss or destruction and any unauthorised and/or illegal access to them, use, modification or disclosure thereof. In any case, the way the internet operates and the fact that it is free to anyone do not permit the provision of guarantees that unauthorised third parties will never be able to violate the applicable technical and organisational measures, gaining access and possibly using personal data for unauthorised and/or unfair purposes.
Links to Other Websites
Our website may contain links to other websites. PPCo SA is not liable for the privacy practices or the content of other websites that are not owned by our Company. Therefore, we recommend that you read carefully the privacy notices posted on the website of the respective third-party website.
Changes in the Privacy Policy
The information about our Company’s Privacy Policy reflects the current situation regarding data processing on our website. In the event of changes to data processing, this data protection information will be updated accordingly. The latest version of this data protection information will always be posted on our website, so that you can be informed about the extent of data processing on our website. We recommend that you are always up to date on how we process and protect your personal information. All future changes regarding this Privacy Notice will be disclosed in due time, before these changes come into force.
This information is provided in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council, and the provisions of the Greek legislation on the protection of personal data, as adopted and implemented within the context of this Regulation.
