1. General Information
GRP respects your data. With this policy we wish to inform you about:
– What personal data we process.
– The purposes and the legal basis for the processing of the data.
– The retention period.
– The recipients of the data.
– Your rights regarding your personal data and how to exercise them.
Via our website, the internet and in person, we collect certain information that may lead to your direct or indirect identification. According to European and national legislation, this information (e.g. name, postal address, contact number, e-mail address, curriculum vitae, etc.) is personal data and can identify you directly or indirectly (here in after referred to as “Personal Data” or “Data” and you are the “Data Subjects”).
Processing of Personal Data means any operation or set of operations carried out, whether by automated means or not, on personal data or on sets of personal data, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, search for information, use, disclosure by transmission; their dissemination or any other form of disposal, their association or combination, restriction, erasure and destruction.
The Data Controller of your personal data is “G.R.P. REAL ESTATE SOCIETE ANONYME FOR THE CONSTRUCTION AND EXPLOITATION OF REAL ESTATE” (“T16”) with registered address at 16, Tzaferi Street, Athens (Gazi), P.C. 118 54, TIN 998475770 Gemi No. 007541501000, Telephone: +30 2103422006, E-mail: firstname.lastname@example.org.
2. Basic principles for the processing of your data
We process your data in a lawful and transparent manner, in accordance with European legislation (General Data Protection Regulation 679/2016 EU – GDPR) and national legislation (Law 4624/2019 etc.). We collect and process your data for explicit, legitimate and specified purposes only and only the data necessary for the processing purposes.
We keep the data for as long as it is appropriate, in accordance with the laws, purposes and policy of the company, and we make sure that it is as accurate as possible.
We make every effort to ensure that your data is secure and protected from unlawful processing, accidental or fraudulent loss and destruction, as well as unauthorized access. We have implemented a detailed information security program and security controls based on the sensitivity of information and the magnitude of the risk of our activity, taking into account the best practices of modern technology and the cost of their implementation. We have adopted the appropriate internal security policies, procedures and technologies that ensure data security, we have trained our executives and staff to adhere to the rules of confidentiality of data. Our staff and third-party partners are committed in writing to maintaining the confidentiality and security of the data to which they have access.
The website www.t16.gr is encrypted by the SSL (Secure Sockets Layer) protocol which uses methods of encrypting the data exchanged between two devices (most commonly computers), establishing a secure connection between them over the internet, which results in the protection of your personal data, as well as other sensitive data (e.g. commands or investigations of the data controller). You can recognize that you are in a protected connection by the characters https:// and the lock symbol that appears in the address bar of your browser.
3. Purpose and legal basis of the processing of your data
As a rule, our Company collects and processes your data only when you provide them directly and voluntarily, either through the website or otherwise.
However, this rule cannot be applied whatsoever in two cases in the context of the operation of the Website: i) certain data, which is collected automatically during your visit to our website and ii) the data collected with the help of cookies and similar technologies.
3.1. Automatic data collection when you visit the website
When you visit our website, our server collects the so-called server log files, namely:
- Date and time at the time of entry to the website.
- The amount of data sent to bytes.
- The browser and the operating system you used when you entered the website.
- Your IP address (Internet Protocol address) when you enter the website. The IP address is personal data, along with the date and time of your visit, although we cannot identify you alone with this information.
The reason (legal basis and purpose) for which we collect your IP address and keep it in log files is our legitimate interest to ensure the security of networks, information and services from accidental events or illegal or malicious actions that compromise availability, authenticity, integrity and confidentiality of the data stored or transmitted (e.g. control of “denial of service” attacks) and on the other hand, our legal obligation to provide the most secure environment possible for the processing of your personal data (Article 6(1)(f) and (c) of the GDPR). The data will not be transferred or used in any other way. However, we reserve the right to check server log files if specific indications of illegal use are found.
We embed videos from YouTube with Google’s enhanced data protection feature. This means that Google will only store your data if you click play on the video. The data Google receives when a video is viewed is:
- Your IP address.
- The specific address of our page from which you accessed.
- The name of the browser.
- The date and time of access.
- Cookies that already exist and through which your browser can be clearly identified.
We would like to point out that Google may receive additional data through cookies that have already been stored from other websites you have visited. We have no influence on how and to what extent this data is used by Google, which is the only one responsible for this processing. More information can be found here.
3.2. Contact us via contact form, via E-mail or by phone
In the context of contacting us through a contact form or e-mail, we collect your name and E-mail address as well as any other information you may provide to us during our communication. This data is stored and used exclusively to respond to your request. The legal basis for the processing of such personal data, is your consent (Article 6(1)(a) of the GDPR). Your data will be deleted after the final processing of our communication. This will be the case if it can be inferred from the circumstances that the communication has been completed, provided that there are no legal claims to store such data.
3.3. Customers, Partners and Visitors
In the context of servicing the contract between us (e.g. lease of business premises to you, possibly secretarial services, even to organization, or contract for the supply of materials and services from you) we will collect and process your personal and professional data, such as name, VAT number, profession, home or work address, possibly IBAN, billing and financial transaction data, etc. The legal basis for the processing of your data is the performance of the contract between as as well as our legal obligation (Article 6(1)(b) and (c) of the GDPR) and your data will be kept for ten years after the termination of our cooperation, except for those whose retention is required for a longer period of time by the relevant legislation (e.g. tax legislation). We will also process your contact details for sending you news from our site as well as offers and other updates by sending a newsletter, and the legal basis for the processing is our legitimate interest and your alleged one (Article 6(1)(f) of the GDPR). You have the right to opt-out of the reception of our newsletter at any time.
On the legal basis of consent (Article 6(1)(a) of the GDPR) we may process customer and visitor data such as photos or videos from events taking place on the premises of T16, for the purpose of publishing them on our website and our pages on social media and promoting and T16 and/or the events.
3.4.Creation of a Database of Visitors and other interested parties for sending our newsletter
With your consent we may send you the newsletter of T16, to inform you about upcoming events, news and offers. The legal basis of the processing is your consent (article 6(1)(a) of the GDPR) and you may opt-out at any time.
3.5. Submission of a CV
When you submit a CV to our Company in person, by e-mail, or through any third party websites (including, without limitation, LinkedIn), you provide us with your personal data included in your CV such as first and last name, education details, previous jobs, special knowledge, professional skills and preferences, etc., as well as other information that you consider appropriate to disclose to us, like e.g. your photo.
We keep your data for three years and the legal basis for processing your personal data for this purpose is your consent (Article 6(1)(a) and Article 9(2)(a) of the GDPR).
3.6. Social networks
Our Company, in order to respond to your relevant requests or queries, may process the username you have on Facebook and Instagram as well as other information that is publicly available through your profile (e.g. phone, email, etc.). The legal basis of the processing is your consent (Article 6(1) of the GDPR).
The Company takes all necessary security measures (technical and organizational) for the security of data processing through social networks such as, but not limited to, the limitation of persons who have access to the management of its accounts. We would like to inform you that our Company bears no responsibility for the way or the means that social media platforms process your data.
4. Who has access to the data – Data transfers
Your Data are accessible to the authorized personnel of the company who are authorized to respond to your requests as well as to any other authorized person who must process your data in the context of his/her work duties. In addition, for its operation, our company cooperates with third-party service providers, legal or natural persons, professionals, independent consultants, who provide us with commercial, professional or technical services (e.g. provision of IT services, mailing) for the purposes mentioned above and to support the Company, in whole or in part, in relation to its activities. Where applicable, these natural/legal persons will act as Independent Data Controllers, Data Processors or persons authorised to process personal data for the same purposes mentioned above, with the same safeguards and in accordance with applicable law.
Before the third party receives the Personal Data, we: (1) complete the legal control of privacy to evaluate the privacy practices and risks associated with these third parties, (2) obtain guarantees by contract from these third parties that they will process Personal Data in accordance with our instructions as well as this Policy and existing Legislation; that they will promptly inform our company of any Privacy Incident, including any inability to comply with the standards set forth in this Policy and existing legislation, or Security Incident, that they will cooperate in the timely rectification of any documented Incident, that they will assist us in responding to the data subjects’ requests as defined below and that they will allow our company to conduct an audit and oversee their practices during the processing regarding compliance with these requirements.
Finally, data may be further transmitted to institutions, authorities and public bodies for legitimate purposes.
With the exception of the above, the Data will not be disclosed to third parties, natural or legal persons and will not be disseminated.
Our company does not transfer Personal Data outside the European Union, and in case we need to do so (e.g. for the use of Cloud services) we will do it under the terms and safeguards provided by Articles 44 et seq. of the GDPR such as, for example, by obtaining your consent, the implementation of model contractual clauses approved by the European Commission, or by choosing countries that are considered safe by the European Commission.
5. Minor’s data
If we need to process data of minors, the processing will be carried out only with the written and explicitly expressed consent of the persons who have parental responsibility for the minor. In any case, we make reasonable efforts to verify that consent is given or approved by the person who actually has parental responsibility over the child, i.e. by authenticating identity and any other available information.
6. Your Rights
You can contact the Data Protection Officer of our Company by E-mail, at the addresses that appear in paragraph (1) at any time, in order to exercise your rights under Articles 15-22 of the GDPR, i.e. the rights of access, correction, deletion (where permitted), restriction of processing, portability, opposition GDPR.
You may, for example, request to receive an up-to-date list of people who have access to your data, obtain confirmation of the existence or deletion of personal data relating to you, check its content, origin, correctness and location (also in relation to any third country), request a copy, request its correction and in the cases provided for in the GDPR, request the restriction of their processing or their deletion. Similarly, you can always report comments on specific uses of your data that are considered incorrect or unjustified or submit complaints to the Hellenic Data Protection Authority, 1-3 Kifisias Street, P.C. 115 23, Athens, Call Center: +30-210 6475600 or to the e-mail address http://www.dpa.gr/
You may withdraw your consent at any time, without affecting the lawfulness of the processing carried out prior to the withdrawal of consent. However, we reserve the right to further processing if we demonstrate compelling reasons that need to be protected that override your interests, fundamental rights and freedoms or if the processing serves to exercise or defend legal claims.
7. Cookies and similar technologies
What are cookies
Cookies are files containing small amounts of information that are stored on your device when you visit a website. They are then sent back to the website on each subsequent visit or to another website that recognizes those cookies.
We may store cookies on your device if it is strictly necessary for the operation of this website. For all other types of cookies we need your permission, which you can give us in total or for some categories.
Cookies make it easier for you to navigate the various websites, remember your preferences and generally improve the user experience. They also make sure that the promotions and ads you see online are more relevant to your interests. They do not personally identify the user, only the device used, through a randomly generated identifier.
Types of cookies we use
- a) Functionality cookies (strictly necessary)
These cookies are responsible for basic functions of the website. They are necessary for you to be able to browse our website and to access the secure sections of the website. The provision of the main internet services of the website is not possible without these cookies.
- b) Statistical analysis cookies
These cookies collect information about how you use our website, such as the website from which your visit originated, the pages you visit most often, the browser you used, etc. We use them for the purpose of analysing traffic and improving the performance of our website. They collect aggregated, anonymous statistical information that cannot lead to the identification of the visitor.
About Google Analytics
You may block your data collection altogether through Google Analytics by installing the add-on in your browser:
- c) Advertising (targeting) Cookies These cookies use information about your browsing in order to make advertisements and offers more relevant and targeted, to limit the number of times a promotional activity/advertisement appears on your device and to help measure the effectiveness of an advertising/promotional campaign. In addition to our own cookies, third-party advertising network cookies are placed on your device on our behalf.
You can see in detail the cookies we use here.
Performance and Statistical Analysis
When you visit our website, we provide you with the opportunity to choose in an easy and simple way whether or not to install non-necessary cookies (and related technologies), all or by category. You also have the option to change your relevant preferences at any time, even during the same session.
Additionally, you can set your browser to inform you about the setting of cookies and you can either decide individually or in total to accept them, or block their acceptance in some cases. Each browser differs depending on how it handles the cookie settings. This is described in each browser’s help menu, which explains how you can change your cookie settings. Follow the links below depending on the browser you are using:
Please keep in mind that you need to adjust the settings individually in each browser and each device you use. We also inform you that any restriction of cookies will prevent you from fully using some of our services and will not allow us to improve and personalize your navigation on our website.
Athens, November 2021