PRIVACY POLICY // TERMS & CONDITIONS
GENERAL
Welcome to PAVLIDISREALTY.GR and its managing company PAVLIDIS LP. We aim to provide our services with a commitment to protecting and respecting your privacy. For the purposes of this notice, we will refer to ourselves as the “Organization”.
This policy was approved by the administrator of the “Organization” and came into effect on 21/06/2024. Processing does not take place outside the European Union.
With this policy, we inform you about how we collect and use information about you, as provided by the applicable law (General Data Protection Regulation 679/2016 and Law 4624/2019). Additionally, we describe your rights regarding the personal data we process and the measures we take to protect your privacy. Personal data is information that can identify an individual. Indicatively, information such as your name, possibly the details your insurance provider (public or private) holds to identify you, your email account, the address from which you browse the internet (IP address and IP provider), financial information necessary to fulfill contractual obligations.
The personal data processed relates to users of the pavlidisrealty.gr website, commercial customers, and employees of the aforementioned “Organization”.
The policy describes how personal data is collected, stored, and processed to align with the company’s internal operations and the law. It also confirms that PAVLIDISREALTY.GR and its managing company PAVLIDIS LP:
- Complies with the General Data Protection Regulation 679/2016.
- Protects the rights of its staff, minors, and partners.
- It is transparent about how it maintains and processes personal data.
- It is protected against potential risks of data breaches and unauthorized access.
WHAT THE LAW DEFINES
To process data concerning you as individuals and in the transactional behavior that connects us, it is necessary to have a specific legal basis.
The “Organization” maintains and processes personal data as part of its contractual obligations, as provided by law (Article 6 GDPR para.1), and to protect the interests of the subjects of the aforementioned personal data.
To comply with the law, the “Organization”, while maintaining and processing personal data (electronically or in paper files), needs to follow certain fundamental principles, which are:
- Doing so with lawful cause.
- For a specified purpose.
- With accuracy and keeping only the necessary data.
- Additionally, personal data must be accurate and up-to-date, according to the rights of the subject, kept only for the time necessary, and protected with appropriate technical and organizational means.
- In case of transfer outside the European Union, it must be done legally.
TYPES OF PERSONAL DATA WE PROCESS
The “Organization” collects:
- Your name, surname, contact details, occasionally your date and place of birth. Also, details related to serving the business purpose of the “Organization”, contractual relationships, and communication practices of the “Organization”.
- If we communicate with you and vice versa, we will keep a record of the details of this communication, possibly including your judgments about third parties.
- Internet connection and communication data related to the means and applications you use.
- If you are an employee of the “Organization”, we may collect data regarding gender, nationality, and documents sufficient for your identification. Also, data for payroll purposes, numbers associated with tax and insurance details, and anything necessary to complete the contractual relationship.
- Our facilities have a closed-circuit television (CCTV) for recording potential malicious activity, as the law provides. In these contexts, image and movement are recorded and kept for a short time.
- The “Organization” reserves the right to check, monitor, record, and use the content of the data maintained and processed through its electronic systems. The same applies to data maintained in paper files (folders).
- On our website pavlidisrealty.gr, we use a traffic customization application for statistical purposes (cookies), and data transmission from the related contact form is subject to the security terms of each application, including encryption methods.
JUSTIFICATION FOR RETAINING AND PROCESSING YOUR PERSONAL DATA
The “Organization” collects and processes your personal data for the following reasons:
- To comply with applicable legislation (such as GDPR 679/2016 and Law 4624/2019).
- To conduct statistical research for internal use by the “Organization”.
- To fulfill our obligations arising from your position as a customer or partner and our position as an employer under the contract.
- For purposes related to the safety of individuals, facilities, assets, and material related to the “Organization”.
- For managing the communications of the “Organization”.
- For any obligations of the “Organization” related to obligations and rights defined by Public Authorities.
- In any case, where a significant reason for justification is your explicit consent to retain and process the aforementioned data.
POTENTIAL RISKS FOR PERSONAL DATA
This Policy helps the “Organization” protect itself from risks, which may include:
- Breach of confidentiality. This is, information that may be given to someone without the necessary authorization and processing authority.
- Lack of choice for the subject regarding how data concerning them is maintained and processed.
- Damage to the reputation of the “Organization” in case of illegal access to personal and sensitive personal data.
ARE YOU OBLIGED TO GIVE US YOUR PERSONAL DATA?
To conclude a contract with you and fulfill the obligations arising from it and to exercise our rights, you are obliged to provide us with your personal data and data concerning individuals for whom you may exercise guardianship. Otherwise, we may not be able to contract with you and provide our services (whether as an employer, service provider, or supplier). Any information about minors is kept only with the consent of the guardian.
AUTOMATED DATA PROCESSING
For statistical research and informing you, after your consent, the “Organization” may use an automated decision-making system for profiling. We reiterate that such actions, when taken, require your consent and are already mentioned in the terms of use of the pavlidisrealty.gr website.
RETENTION TIME OF YOUR PERSONAL DATA
The Organization may keep your data for some years after the end of the contractual relationship with you. In some cases, it may be required by law. Financial information concerning you is kept in our files for five years (5 years). Sensitive personal data are kept only for as long as necessary to complete the contractual relationship.
USE OF PERSONAL DATA
Personal data only holds value for the Organization when used. Therefore, the risk to personal data exists during its processing and may include loss, destruction, or theft. Specifically:
- Employees related to personal data ensure their computer screens are always locked when not in use.
- Personal data is not shared informally. Specifically, it is not sent via non-secure email.
- Personal data is encrypted before electronic transmission (SSL).
- The Organization’s personnel do not have copies of personal data on their personal computers.
- Personal data is only at the necessary processing points and not scattered across a series of computers deemed unnecessary.
DATA TRANSFER TO THIRD PARTIES
The “Organization” does not share files containing sensitive personal data with third parties. If this occurs, it will only be with the explicit consent of the subject and for explicitly stated reasons. For example, transferring data related to the completion of an order handled by a shipping company.
Additionally, personal data may be transferred to an accounting or banking support company, which will be governed by this policy, always within the framework of a contractual relationship. Sometimes, within a contract, the “Organization” may act as a data processor on behalf of a counterparty. In this case, we may maintain a joint file with our counterparty, which is governed by this policy.
Furthermore, we disclose personal data to Authorities when we have a legal obligation and this becomes necessary within the framework of compliance with the law and for public safety. As previously mentioned, your data is not transferred outside the European Union.
DATA STORAGE
The following rules describe how and where data is kept. Questions should be addressed to the Data Protection Officer at info@pavlidisrealty.gr. Thus, data kept in paper files are stored where unauthorized persons cannot see them. The same applies to files kept electronically but have been printed for some reason. Key points are:
- Folders and paper data are kept in a locked filing cabinet.
- Employees ensure that prints are not left where unauthorized persons could access them, such as in or near the printer.
- Printed data that is not in use is destroyed.
When data is stored electronically, it is protected from unauthorized access, accidental destruction, and hacking attempts. Specifically:
- Data is protected by strong passwords, which are changed frequently and not disclosed to unauthorized employees.
- If data is stored on portable media (like CDs), these are kept securely when not in use.
- Data is stored only on reliable servers and approved cloud computing services.
- Servers containing personal data are located in secure locations away from the central office area of the “Organization”.
- Copies of the data are kept by the “Organization” and periodically checked, in line with the procedures set by the “Organization”.
- Data is not kept directly on laptops or devices like smartphones or tablets.
- All servers and computers containing data are protected by approved software and firewalls.
INTERNAL RESPONSIBILITY WITHIN THE ORGANIZATION
Anyone working as an employee in the “Organization” has some level of responsibility for ensuring the legal collection, storage, and processing of data. Each person handling personal data has the duty to ensure that it is processed according to this policy and data protection principles, as outlined above.
However, the following individuals have specific areas of responsibility:
The administrator of PAVLIDIS LP, representing the “Organization”, Mr. Pavlidis Christos holds the highest level of responsibility, ensuring the Organization meets its legal obligations regarding the maintenance and processing of personal data.
- Informing Management about data protection responsibilities and potential risks.
- Updating all data protection procedures according to the organization chart.
- Planning training and advising those related to this policy.
- Managing data requests from individuals.
- Approving data protection agreements and policies.
- Addressing data protection questions from the media and public.
- Ensuring procedures follow data protection principles.
CONSENT
In some cases, consent is required for the collection, storage, and processing of personal data. If required, the DPO requests this and ensures that:
- Consent is freely given.
- Individuals are informed of how their data will be used.
- Separate consent is obtained for different processing activities.
RIGHTS OF THE DATA SUBJECT
The “Organization” ensures that individuals can exercise their rights according to GDPR. Specifically, they can:
- Be informed about data processing activities.
- Request access to their personal data.
- Request rectification of inaccurate data.
- Request erasure of data when it’s no longer necessary or processing is unlawful.
- Request restriction of processing under specific conditions.
- Object to data processing on grounds related to their situation.
- Receive their data in a portable format and transfer it to another controller.
- Withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
REPORTING A DATA BREACH
All employees must notify the DPO immediately if they suspect a data breach. This allows the “Organization” to take appropriate action swiftly.
TRAINING
All employees receive data protection training as part of their induction and at regular intervals. This training covers:
- Data protection principles.
- Legal requirements.
- Security measures.
- Procedures for reporting data breaches.
CONTACT
For any questions about this policy or data protection in general, contact the Data Protection Officer at info@pavlidisrealty.gr.
This policy is subject to periodic review and update as necessary.