Personal Data Protection Policy

A. INTRODUCTION

This Personal Data Protection Policy (PDPP) is harmonized with the General Data Protection Regulation – EU Regulation 2016/679 (hereafter referred to as GDPR), applicable in the European Union from May 25, 2018, and concerns the website of the company named Active Point ABEE (hereafter referred to as “the Company), based in Athens, 11 Siatistis str (the Company), using the web address www.activepointtraining.gr.

The Company, in the framework of its obligations to implement GDPR and to protect the personal data of persons visiting this website, has prepared this Personal Data Protection Policy, in order to inform these persons regarding the way the website collects, uses and shares their personal data.

B. PERSONAL DATA DEFINITIONS

‘Personal Data’: Any information relating to an identified or identifiable natural person (‘data subject’).

‘Controller’: The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

‘Processor’: A natural or legal person, public authority, agency or other body which processes personal data on behalf of a controller.

‘Personal Data Subject’: Natural persons, regarding which the processor collects and edits personal data (in this Personal Data Protection Policy, Data Subjects are the users of the aforementioned website, identifiable or not.

‘Recipient’: A natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not.

C. PERSONAL DATA COLLECTION

C. 1 Categories of General Data of Personal Nature.

C. 1.1.  When the visitor/user visits the Company’s website and therefore interacts with it, it is possible to collect certain information, given willingly by the visitor in order for them to be identifiable.

C. 1.2. Furthermore, aiming to offer digital services, the Company processes – as a Processor – personal data such as (a) the IP address attributed to the device with the user connects to the website (b) browsing data inside the website (by installing cookies) and (c) elements of the connecting device (operating system, browser software).

C. 1. 3. Furthermore, all the data included in any kind of inquiries submitted by the visitor / user / client are collected.

C. 2. Special Categories of Data of Personal Nature

The Company does not collect or processes special categories of data, as defined in the provisions of the current legislation (especially racial or national descent, religion, medical data etc) for the needs of identification and service provision. It is, though, possible to process special categories of data, if that data are submitted willingly by the user themself (in free-text fields) while using the website.

D. PURPOSE OF PERSONAL DATA PROCESSING

The Company collects and processes its website user/ visitor / client personal data for the sole purpose of pursuing the Company’s legitimate business and the Company’s compliance with its legal obligations derived from the European and national law.

The personal data collected by the Company are limited only in to what is strictly necessary, are stored in local databases and are intended to be used for:

D. 1. To accomplish the business / commercial purpose of the Company, i.e. providing services to its users.

D. 2. To provide information about the Company and the way it operates, and

D. 3. To extract anonymous statistical data regarding the use of its website.

More specifically, the collection and processing of personal data has the following purposes:

• Visitor / user / client identification.
• Seamless, user-friendly and easy operation of the website and the services provided.
• Technical support towards the visitors / users / clients.
• Improvement of the internet experience of using the webpage.
• Compiling of statistical reports and graphs relevant to the website’s operation, with no user personal data, as they will be extracted from anonymised information.

These data are each time relevant, appropriate and not beyond what is required for the aforementioned purposes. They are accurate and, when needed, they are updated.

Furthermore, these data are kept only for the time period required to implement the purpose of their collection and process, and are deleted after this period.

E. CONFIDENTIALITY

The Company, for any reason, does not sell or otherwise transfer or disclose your personal data to anyone other than the aforementioned, except in the context of compliance with legal obligations and only to the competent authorities.

More specifically, the stored personal data can be disclosed to the competent judicial, police and other administrative authorities at their legitimate request, in accordance to the current laws and legislations. Furthermore, in the event of a legal order by a prosecutor or other Authority, or the conduct of a regular interrogation or preliminary examination, the Company is obliged to provide access to the relevant data and to make them available to the requesting Authority.

The Company does not transfer user personal data to third countries or international organisations.

F. PERSONAL DATA STORAGE AND TRANSFER

Any Personal Data Subject’s personal data transfer or transmission is done through digital systems. Access to the users’ data is granted only to authorised Company employees, in the context of their duties and responsibilities.

After a written request by the user/visitor/client to the Company and in the context of the aforementioned purposes, the Company may transfer some personal data to third parties, which are chosen by the user themself.

G. PERSONAL DATA SUBJECTS’ RIGHTS

The Company, in full compliance to the provisions of GDPR, satisfies and facilitates the exercise of Data Subject rights as determined in GDPR, i.e.:

G.1. The access right, in order for the Subject to be informed which data does the Company process, for what purpose, and who their recipients are.

G.2, The correction right, in order for mistakes, inaccuracies and omissions in the Subject’s data to be rectified.

G.3. The right to have data erased, in order to erase the Subject’s data from the Company’s files, under the conditions of GDPR.

G.4. The right to restrict processing in the event of a dispute regarding the accuracy of the data and in case the data are no longer necessary for their initial purpose, but, for legal reasons, cannot yet be erased.

G.5. The right to have data transferred, so that the Subject can receive their data in digital form and transfer them to a third party.

G.6. The right to object to processing of the Subject’s personal data, by recalling the Subject’s consent – if it was required. It is understood that this recall does not affect the legality of the processing for the time period between the granting and the recall of the consent.

H. SATISFACTION OF THE RIGHTS – GUARANTEES – TIME OF STORAGE

Overall, the Company ensures that:

H.1. There are procedures allowing the Data Subjects to easily exercise their rights in order for all the actions required to be taken immediately.

H.2. It will respond to any request submitted by the Data Subject without any undue delay and, in any case, in no more than thirty (30) calendar days. In case the Company shall not be able to satisfy any right exercised by the Data Subject, the Company shall ensure that specific, sufficient and comprehensive reasoning is provided.

H.3. Except in cases of manifestly unfounded or excessive requests, all actions regarding cases of satisfaction of Data Subject rights shall be offered free of charge for the Subject.

H.4. The collected personal data are stored on computer systems which provide sufficient security and are used by specially trained and authorized employees, in order to achieve the maximum possible protection of the recorded data, in the modern digital environment.

The Company keeps and processes personal data for the aforementioned purposes, only for as long as needed for the purpose that they have been collected for.