DATA PROTECTION POLICY
The present describes our policy regarding the personal data we collect from visitors of our pages (hereinafter "users").
The data controller of your personal data is the Company “ZOHIOS G – ZOHIOS K & SIA O.E.”, with distinctive title “GEORGE RENT A CAR”, with registered office at Agios Georgios 49080 Corfu Greece, Tax Identification Number 099344805 of the Corfu Tax Office, e-mail: georcars@yahoo.gr .
In the daily activities of our company and our website, we process data concerning natural persons, among which:
• Customers
• Visitors of our website
• Stakeholders (employees, suppliers)
Our company complies with the General Data Protection Regulation (2016/679 EU GDPR) and any other European and national legislation concerning the protection of personal data, electronic communications, etc. and undertakes that it will ensure the protection of your Data at any time:
The data are collected for specific, clear and legitimate purposes and are not further processed in a manner incompatible with those purposes.
We collect the necessary, for each purpose of processing personal data and we process it lawfully, fairly and in a transparent manner in relation to the data subjects.
We make sure that they are as accurate and up-to-date as possible and only retain them for as long as is necessary for the purposes for which they are being processed.
In any case, the criterion we use to determine the storage period is based on and duly takes into account the need to comply with any relevant legal requirements, as well as the principle of data minimization.
We process the Data electronically and manually and take all appropriate measures to protect personal data, including protection against unauthorized or unlawful processing and against accidental loss, damage or destruction, using appropriate technical or organizational measures.
Collection, purpose, legal basis of processing and time period of retention of your data
1. Data that we collect automatically through our website
The website http://www.rentacar-corfu.gr uses the SSL (Secure Sockets Layer) protocol which uses data encryption methods that are exchanged between two devices (most commonly Computers), establishing a secure connection between them via the internet, resulting in the protection of your personal data.
When you visit our website, our server collects the so-called log files of the server and more specifically:
• Date and time of entry to the website.
• The volume of data sent in bytes.
• The browser and operating system you used to access the website.
• The Internet Protocol address when you access the website. The IP address is personal data along with the date and time of your visit, although we cannot identify you with that data alone.
The legal basis for which we collect your IP address and retain it in special files (log files) is our legitimate interest in processing this data in order to ensure the security of networks, information and services from accidental events or illegal or malicious actions which compromise the availability, authenticity, integrity and confidentiality of stored or transmitted data (e.g. monitoring ddos "denial-of-service" attacks), as well as our legal obligation to provide a more secure environment for processing your personal data (paragraph 1 (f) and (c) of article 6 of the GDPR).
The data will not be transferred or used in any other way. However, we reserve the right to check the server log files if specific indications of unauthorized use are identified.
2. Customer Data.
When you visit our business, we collect your personal data such as full name, father’s name, e-mail, postal address, gender, age, occupation, address, and any other information related to the provision of our services to you.
The purpose of the processing of your data is to provide you with the requested services and the legal basis of the processing is the execution of the contract between us (par. 1b of article 6 and par. 2 of article 9 of the GDPR), as well as our compliance with legal obligations. Your data is retained for the time period required and maybe longer if legal claims arise.
It is clarified that we do not have a publicly accessible list of e-mail addresses of our subscribers/users. Therefore, any personal data (e.g. access names, etc.) that appear anywhere on the pages and services of the website of the Data Controller is intended solely to ensure the operation of the respective service and may not be used by any third party, without complying with the provisions of the legislation on protection against the processing of personal data, as applicable each time. The Data Controller acts in accordance with applicable law and aims to better implement good practice as regards the Internet. Your personal information is stored securely for as long as you are registered with a service of the Data Controller and is deleted after the termination in any way of your dealings with the Data Controller.
3. Data we collect via e-mail and the Contact Form
As part of the communication between us via email and the Contact Form, we collect your name, email address and any other information you provide to us. This data is stored and used exclusively to meet your request. The legal basis for the processing of your personal data is your consent (par. 1a of article 6 of the GDPR). Your data will be deleted after the final processing of our communication. This will happen after the completion of the purpose and scope of our communication, provided that there are no legal requirements for storing such data.
4. Mailing of Newsletter
Following your consent, we will collect your e-mail in order to send you a newsletter with the news of our Company and articles that you will probably find interesting. The legal basis for the processing is your consent (par. 1a of article 6 of the GDPR) and you have the right to withdraw it at any time.
5. Suppliers’ data
For the performance of the contract between us, we collect the data of our suppliers such as full name, address, contact details, shipping details, financial data, which you provide to us. The legal basis for the processing of your data is the performance of a contract and our compliance with legal obligations (par. 1b and c of article 6 of the GDPR), and we retain them for a period of up to twelve years from the last provision of services, or as required by tax and any other relevant legislation.
Who has access to your data. Data transfers.
Your data is accessible to our employees, as well as to any other person authorized to process your data in the course of their duties. In addition, we cooperate with third parties, natural or legal, professionals, independent consultants, etc. who provide us with commercial, professional or technical services (e.g. web hosting, accounting services, transportation services) for the purposes mentioned above, and support our company in whole or in part, in relation to our activities. In this case, such natural/legal persons shall act as Joint or Independent Data Controllers, Data Processors or persons authorized to process personal data for the same purposes mentioned above, with the same security measures and in accordance with the applicable legal obligations.
Before the third party receives the Personal Data, we must: (1) complete the confidentiality review to assess the privacy practices and risks associated with these third parties (2) to receive contractual guarantees from these third parties that Personal Data will be processed in accordance with our instructions and in accordance with this Policy and applicable law, that they will immediately notify our company of any incidents of Personal Data Protection or Security, failure to comply with the standards set out in this Policy and existing legislation, that they will work together to rectify any such incident, that they will assist us to honor the rights of the persons set out below, and that they will allow the Data Controller Doctor to check their processing as regards compliance with these requirements.
Finally, the data can be further transferred to public authorities and institutions, as well as to our legal supporters (legal and insurance companies), for legal purposes.
In addition to the above, the Data will not be disclosed to third parties, individuals or legal entities and will not be disseminated.
Our company does not transfer Personal Data outside the EU, and if necessary (for example, in order to use Cloud services) this will be done under the terms and conditions set out in Articles 44 et seq. of the GDPR, including following your consent, the implementation of standard contractual clauses approved by the European Commission or to countries considered safe by the European Commission.
Use of cookies
We use cookies for the efficient operation of the website and to enhance your browsing experience, as well as for the better provision of our services. Cookies are text-files with information that the web server of the Data Controller stores on your computer when you visit this site. In this way, the website remembers your actions and preferences for a period of time, so that there is, for example, personalization of online ads, traffic analysis or other statistical analysis, and the provision of the services you have requested.
In this way you don't have to enter these preferences every time you visit the website or browse its pages. Only the Data Controller and its specially authorized associates have access to any information concerning cookies.
You can check and/or delete cookies according to your wishes. Details can be found on the website: aboutcookies.org. In case you choose to disable cookies on the website http://www.rentacar-corfu.gr , the functionality of some pages may be lost or reduced.
See here which Cookies we use:
Additional information on the use and management of cookies on the website can be found on the websites:
Regarding cookies and their management:
http://www.aboutcookies.org/default.aspx
http://www.whatarecookies.com/
Regarding Google's policy:
https://www.google.com/about/company/user-consent-policy.html
https://www.google.com/policies/technologies/cookies/
http://www.google.com/intl/el/policies/privacy/partners/
Data Security and Integrity
The Data Controller implements reasonable policies and procedures for technical and organizational security in order to protect personal data and information from loss, misuse, alteration or destruction.
In addition, we try to ensure that access to your personal data is limited to those who need to be aware of it. Those who have access to the data are obliged to keep the confidentiality of this data.
Please note that transmitting information over the Internet is not completely secure. Although we make every effort to protect your personal data, we cannot guarantee the security of the data transmitted by our website. After receiving your details, we will implement strict security procedures and functions in order to try to prevent unauthorized access.
We make every reasonable effort to keep the personal data we collect from you only for the period of time we need this data for the purpose for which it was collected or until their deletion is requested (if this happens earlier), unless we continue to retain it in accordance with applicable law.
Links to other websites
Our website may contain links to other websites governed by other privacy statements, the content of which may differ from this Privacy Statement. Please review the privacy policy of each website you visit before submitting any personal data. Although we try to provide links only to sites that share our high standards and respect for privacy, we are not responsible for the content, security or privacy practices of other websites.
Data of minors
If we need to process data of minors (e.g. data of underage patients), i.e., according to the GDPR, those who have not completed the age of 15, the processing is done only following the written and explicit consent of the persons who have parental responsibility for the minor. In any case, we make reasonable efforts to verify that consent is granted or approved by the person who actually has parental responsibility for the child, that is, by identity check and any other available information.
Data Subject Rights
You can contact us by mail or e-mail at the addresses mentioned in paragraph (1) above, to exercise your rights under Articles 15 et seq. of the GDPR. You can, for example, request an updated list of people who have access to your data, receive confirmation of whether or not we are processing personal data related to you, check their content, source, accuracy and location (also in relation to any third country), request a copy, request their correction and limit their processing, even their deletion, if applicable. Similarly, you can always make your comments and lodge complaints with the Hellenic Data Protection Authority, 1-3 Kifisias Ave., GR 115 23, Athens-Greece Call Center: + 30-210 6475600 or at http://www.dpa.gr/
Changes to this Policy
The Data Controller regularly reviews this Policy and may modify or revise it at our discretion. Whenever we make changes, we will record the date of the amendment or revision in the Policy. The updated Policy will be valid for you and your data from that date. We encourage you to study this Policy from time to time to see if there are any changes in the way we handle your personal data. This Statement was last updated in November 2021.
Contact us
If you have any questions, comments or complaints regarding the management or protection by us of your personal data or if you wish to modify your personal data or exercise any of your rights as a data subject, please contact us at: georcars@yahoo.gr .
Μarch 2023
Statement of the Data Controller "On Personal Data Protection"
The increasing economic and scientific cooperation, as well as mutual provisions for data processing services, have as a consequence the exchange of personal data, a trend reinforced by the growing use of modern means of telecommunication.
For these reasons, it is necessary to process the data carefully.
The Data Controller states that compliance with the principles governing the protection of data for their processing is his purpose, as he is committed to respecting individual rights and privacy of individuals.
The Data Controller handles personal data with special care and always in accordance with EU Regulation 2016/679, applicable National Law and applicable law.
The following definitions will apply for the purposes of this Directive:
Data Subject: any natural person whose personal data is the subject of processing by or on behalf of the Company.
Personal Data: any information in relation to an identified or identifiable natural person relating to his/her physical, physiological, psychological, emotional or economic status, cultural or social identity.
Processing: processing of personal data ("processing"), any work or series of work performed on personal data, such as collection, registration, storage, modification, analysis, use, correlation, blocking( locking), deletion or destruction.
1. Data Controller and Data Protection Officer
The Data Controller is the Company “ZOHIOS G – ZOHIOS K & SIA O.E.”, with distinctive title “GEORGE RENT A CAR”, with registered office at Agios Georgios 49080 Corfu Greece, Tax Identification Number 099344805 of the Corfu Tax Office, e-mail: georcars@yahoo.gr ("Data Controller").
2. The Data we process
Following your consent, we process the following common and sensitive personal data that you provide when you interact with the Website http://www.rentacar-corfu.gr and use the services and functions it provides. This data includes in particular the name and surname, contact details, address and content of your specific requests, updates or reports, as well as the additional data that the Data Controller may acquire, including from third parties, in the context of conducting its business activity ("Data").
In order to be able to fulfill the requests you submit through the contact form and/or to provide adverse event notices, it is necessary to consent to the processing of the data marked with an asterisk (*).
Without this mandatory data or your consent, we cannot proceed any further. Conversely, the information required in fields that are not marked with an asterisk and your consent to receive informational material is optional and their non-provision has no consequence.
In any case, even without your prior consent, the Data Controller may process your data to comply with the legal obligations arising from EU legislation, regulations and law, to exercise rights in legal proceedings, to exercise its own legitimate interests and in all cases provided for, as the case may be, in Articles 6 and 9 of the GDPR. The processing is performed both by using computers and in printed form and always involves the implementation of the security measures provided by current legislation.
3. Why and how we process your data
The data is processed for the following purposes:
i. to handle the requests you submit with the "Form", to then contact you or to provide information through it. The legal basis for the processing of personal data for this purpose is your consent (Article 6 (1) (a) and Article 9 (2) (a) of the GDPR) and the performance of the contract in which you are a party to as a data subject.
ii. to manage adverse events reports submitted through the Website or the Forms. The legal basis for processing for these purposes is your consent (Article 6 (1) (a) and Article 9 (2) (a) of the GDPR), as well as the pursuit of any public interest (Article 9 (2)(i) of the GDPR) and legal obligations;
in addition, but only with your optional consent which is the legal basis of the processing in accordance with Article 6 (1) (a) of the GDPR:
iii. to receive advertising material (direct marketing) from us.
By ticking the appropriate boxes, you agree to the processing of your data for these purposes.
Your data may in any case be processed, even without your consent, for reasons of compliance with the law, regulations, EU legislation (Article 6 (1) (c) of the GDPR, for obtaining statistical data on the use of the Website and its proper operation (Article 6 (1) (f) of the Regulation).
Personal data is entered into the computer system of the Data Controller in full compliance with data protection legislation, including security and confidentiality profiles, and is based on principles of good practice, legality and transparency regarding processing.
The data is stored for as long as it is absolutely necessary to achieve the purposes for which it was collected. In any case, the criterion used to determine this period is based on compliance with the deadlines set by law and the principles of data minimization, storage limitation and rational file management.
All your data will be processed in printed form or by means of automated instruments, ensuring in each case the appropriate level of security and confidentiality.
4. Principles applied during processing
We are authorized to process your personal data in order to provide personalized services, in accordance with the law (Article 6 (1b) of Regulation (EU) 2016/679) and the relevant National Implementing Law. Your personal data is not used for purposes other than those described in the Statement, unless we obtain your prior permission, or unless required to do so or permitted by law.
Personal data is processed in a manner consistent with the purpose for which it was collected.
The principle of proportionality applies when processing personal data. Among other things, it creates the obligation not to collect personal data without reason.
The personal data used must be accurate and up to date.
Personal data used that is no longer accurate and complete should be corrected or deleted.
Except in cases where there is a legal obligation to maintain them for a longer period of time, personal data shall not be stored for a longer period of time than is necessary for the purposes for which they were collected or processed.
The processing of personal data is done according to the principles of good faith. This means that data subjects can rely on data processors to show due diligence on all data processing issues.
The processing of personal data is done according to the principles of good faith. This means that data subjects can rely on processors to show due diligence on all data processing issues.
Data subjects whose personal data have been processed will be notified accordingly, if they so request. In particular, they have the right to be informed of the purposes for which their data are processed, the type of data they relate to, as well as the identity of the recipients of the data. Where deemed necessary, data subjects also have the right to request the correction, non-transmission or deletion of their data.
The above rights may be restricted only if this restriction is provided by law. This is especially true when conducting scientific research.
In particular, personal data is protected against unauthorized disclosure and any illegal processing. The measures taken ensure a level of security equal to the nature of the data that must be protected and the risks that may arise from processing it.
The data controller is responsible for complying with and implementing EU Regulation 2016/679 and the National Implementing Law.
Our employees who deal with the processing of personal data are up-to-date and trained accordingly. Procedures for processing third-party personal data by agreement will be set out in writing, ensuring that the contracting third party safely processes personal data and complies with the principles set forth in this Statement and the EU GDPR. If the third party is deemed to be unable to provide a satisfactory level of personal data security, we will terminate the cooperation.
5. Persons who have access to the data
The Data is processed electronically and manually, according to the procedures and practices related to the aforementioned purposes and is accessible to the staff of the Data Controller which is authorized to process the Personal Data and to the supervisors and especially the employees who belong to the following categories: technical staff, Information and Network Security personnel and administrative staff, as well as other staff members who must process the data to perform their duties.
Data may also be disclosed to countries outside the European Union ("Third Countries"): i) to institutions, authorities, public bodies for institutional purposes, ii) to professionals, independent advisers - whether working individually or collectively - and other third parties and providers that provide the Data Controller with commercial, professional or technical services required for the operation of the Website (e.g. provision of IT services and Cloud Computing) for the purposes mentioned above and to support the Data Controller in providing the services you requested , iii) to third parties in case of mergers, acquisitions, transfers of companies or their branches, audits or other extraordinary actions
The mentioned recipients receive only the necessary data for their respective functions and duly undertake their processing only for the purposes mentioned above and in accordance with the data protection laws. Data may also be disclosed to other legal recipients as determined by applicable law from time to time.
With the exception of the above, the Data will not be disclosed to third parties, natural or legal persons, who do not perform commercial, professional or technical duties for the Data Controller and will not be disseminated. The data recipients will process the data, as appropriate, as Data Controllers, Data Processors or authorized persons to process personal data for the purposes set out above and in accordance with applicable data protection legislation.
With regard to the transfer of data outside the EU, even to countries whose laws do not guarantee the same level of data privacy protection as provided by EU law, the Data Controller notifies that the transfer will take place in any case via the methods allowed by the GDPR, such as for example on the basis of the user's consent, on the basis of standard contractual clauses approved by the European Commission, by selecting parties participating in international programs for the free movement of data (e.g. . EU-US Privacy Shield) or which are implemented in countries considered safe by the European Commission.
6. Your rights
If you wish, you may at any time request the exercise of the rights referred to in Articles 15-22 of the GDPR, to be informed on your personal data held by us, their recipients, the purpose of their retention and processing, as well as the modification, correction or deletion of same, by sending a relevant e-mail to the addresses shown above, from the e-mail address you have declared, by completing the corresponding application that may be granted to you by the Data Controller with an attached copy of your ID.
You also have the right to review the personal data we hold and in general to exercise any right provided by law for the protection of personal data.
The personal data that you disclose to the Data Controller through the Website, either during your registration or at a later stage, are collected and used and processed in accordance with the current provisions on personal data protection of the new European General Data Protection Regulation (EU) 2016/679.
You reserve the following rights in detail:
• Right to information about your personal data: Upon your request, we will provide you with information about the personal data we hold about you.
• Right to correct and complete your personal data: If you notify us, we will correct any inaccurate personal data concerning you. We will fill-in incomplete data if you notify us, provided that this data is necessary for the purposes of processing your data.
• Right to delete your personal data: Upon your request, we will delete the personal data we hold about you. However, some data will only be deleted after a specified retention period, for example because in some cases we are required by law to retain the data, or because the data is required to fulfill our contractual obligations to you.
• Right to block your personal data: In some cases provided by law, we will block your data if you request it. Further processing of blocked data occurs only in a very limited extent.
• Right to withdraw your consent: You may at any time withdraw your consent for the processing of your personal data in the future. The legitimacy of the processing of your data remains unaffected by this action, up to the point that your consent is withdrawn.
• Your right to object to the processing of your data: You may at any time object to the processing of your personal data in the future, if we process your data on the basis of one of the legal grounds provided for in Article 6 (1e or 1f) of Regulation (EU) 2016/679. If you object, we will stop processing your data, provided that there are no legitimate reasons for further processing. The processing of your data for advertising purposes does not constitute a legitimate reason.
7. Security of Personal Data
The Data Controller implements specific technical and organizational security procedures in order to protect personal data and information from loss, misuse, modification or destruction. Our associates who support us in the operation of this website also comply with these provisions.
The Data Controller makes every reasonable effort to retain the personal data collected only for the period of time for which this data is needed for the purpose for which it was collected or until their deletion is requested (if this happens earlier), unless it continues to retain them in accordance with the legislation in force.
8. Reviews of the Statement
We reserve the right to amend or revise this Statement periodically, at our sole discretion. In the event that changes are made, the Data Controller will record the date of amendment or revision to this Statement and the updated Statement will be valid for you from that date. We encourage you to review this Statement from time to time to see if there are any changes to the way we handle your personal data.
This is a Statement of Compliance with the provisions of EU Regulation 2016/679 and the National Implementing Law.
March 2023