PERSONAL DATA PROTECTION POLICY

Our approach to personal data protection

 

To the company “Polichromo Electronic Publications and Service Provision of Extremely Advanced Technology Company” (of force, Polichromo company, we) we recognize that when we process information about any individual, we must do so responsibly, respecting privacy and complying with data privacy and confidentiality laws.

 

This Privacy Policy ("Policy") describes the types of personal data we process at our company and how it is used and disclosed to our partners, as well as the rights we are committed to providing to data subjects. Our Policy has been revised and adapted to privacy legislation and in particular to the General Data Protection Regulation ("Regulation") 679/2016, effective from 25 May 2018.

 

1. What is personal data?

Personal data is any information relating to you, as a natural person, which enables us to identify you, such as your name, contact details, booking reference number, payment details and information about your access to our website, and Pricing details.

 

We may collect your personal data, for example, when you approach us either by telephone, online or in person to do business with us, when you use our website or other websites accessible through it, or when you contact us.

 

2. What types of personal data does POLICHROMO process?

In general, the type of personal data we collect about you only includes information we need to provide you with services and/or products related to your orders.

 

Therefore, we may process the following types of personal data about you:

- contact information (such as name, home address, telephone number, email address),

- payment account details (credit / debit card details, including card type, card number, security number and expiry date),

- personal identity information, passport information

- tax information such as VAT number and tax office

 

As a general rule, we do not collect and process special categories of personal data, such as data in particular about your state of health, your political views or the alleged commission or conviction of criminal offences. We will only process such data if we are obliged to do so by law (e.g. in particular in relation to our employees), or if you have given your express consent or have expressly disclosed such data publicly and in any case in accordance with the provisions of Regulation.

 

 

2.1. Data of our employees and Human Resources

POLICHROMO collects personal information from candidates seeking employment with our company, including private contact information, professional qualifications and previous work experience in order to be able to make hiring decisions, having all the necessary information. After hiring, we collect information about our employees within the framework of our contractual relationship and for purposes related to it, such as to evaluate their performance, to execute their payroll or for tax purposes. This information about our employees is collected and stored in various corporate databases in accordance with our standard business practices. We may also process similar information about consultants, contractors and other third parties employed by our company to provide products or services to it.

 

2.2. Our Website Visitors - IP Addresses - Cookies

Visitors to our website – general information: POLICHROMO may collect nominal information about you when you visit our website, when you give us such information to receive some information from us (for example when you fill in the contact form and request any information about our services) or when someone wishes to apply for a vacancy in the company.

Also, by using technologies based on cookies, POLICHROMO can collect various data related to your electronic protocol address (IP address). This data is used for various purposes, such as analyzing your movement on our website or for advertising purposes on our behalf.

 

IP Addresses: When you visit our website or open email from us, our servers may record data about your device and the network you use to contact us, including your IP address. An IP address is a series of numbers that identify your computer and are generated when you use the internet.

We may use your IP address to administer our system, investigate security issues, and compile anonymous statistics about the use of our website. We may also associate IP addresses with other personal information we hold about you and use it for the purposes described above (e.g. to better tailor our advertising and promotional materials if you have agreed to receive marketing products).

 

Cookies: We may use third-party web analytics services on our website, such as Google Analytics. The analytics service providers who manage these services use technologies such as cookies to help us analyze how visitors use our website.

Cookies are small data files that are stored on the device from which you use our website. We use them to allow our website to provide the service requested by the visitor, to remember repeat visitors, to improve the user experience of the website, or to perform statistical analyses.

You can manage your online relationships with POLICHROMO using the settings available in most internet browsers. For example, most browsers allow a visitor to choose which cookies can be placed on his or her computer, or to delete or disable cookies. However, disabling cookies may prevent the visitor from using certain features on our website.

 

2.3. Member Registration - Account Opening

During the Member registration process in our Online Store, our Company collects the personal data that you voluntarily declare, specifically your name, surname, e-mail and password. Your above personal data is used by our Company in order to open a Member Account for you, through which you can see the history of your transactions, while at the same time you give your consent by providing these details to the Company to keep the password, in order to allow you to access your Account each time you log in with your password. If you are under 16 years of age, you MUST have your parents' consent before you register on our e-shop.

At the same time, there is cooperation with the Wix.com platform for sending "procedural" emails (for creating a new account, registering a new order, modifying an order, changing the password on the individual account, etc.).

 

2.4. Sign up for the service Newsletters

We will not send you any Newsletter, for any purpose of advertising or promoting our products, if you do not choose to subscribe to our Newsletter service. If you register, our Company will collect your e-mail address and send you informational material regarding the products of our Online Store, any offers on products, gift vouchers and points, advertisements regarding products, commercial collaborations etc.

In the event that you do not wish to receive Newsletters and advertising material in general, you can at any time request to be removed from the recipient list, either by following the relevant link at the end of each e-mail you receive from us, or by sending the relevant request to our email.

From the e-mails that our Company sends you as part of the Newsletters service, cookies record the opening rates of messages you receive from us and the number of clicks, along with the content of the e-mails when you click. If you are under 16, you MUST have your parents' consent before subscribing to our email newsletter.

 

2.5. Buy Products from the Online Store

In our e-shop, it is possible to make purchases either from ordinary visitors, or from visitors who are registered members, through their individual account. For the completion of each online order, its processing and execution, it is necessary to provide, collect and process certain necessary personal information. Our Company uses this data for the execution of the contract between us, i.e. for the execution of your order, with the sale of the products and their delivery to the address you give us, as well as for making the payment on your behalf. Specifically, whether you are a Member or not, your e-mail, first name, last name, address, region, prefecture, postal code, country and telephone number are collected for the completion of your purchases.

 

We will send you an e-mail notification of receipt and fulfillment of the order by the shipping company, or we will use both your e-mail and your telephone number to send you a message in case we encounter a problem in the fulfillment of your order, or for the employee of the transport company that will deliver the products to contact you in case of need and for any other communication with you or notification in accordance with the terms of the Terms of Use (wrong price, shipping delay, etc.).

 

2.6. Payment by credit card

If you choose a credit card to pay for the product(s) you are purchasing, you will automatically be transferred to a secure banking transaction environment. There, you should provide the type and number of the card, its expiry date, CCV for the purpose of payment, filling in all the necessary fields in the (secure) order form.

Transactions are protected by top online RSA Encryption security systems, which guarantee a secure trading environment in most of the world's largest businesses. Our Company does not receive or keep any personal data related to the payment details, except for the successful or non-completion of the transaction, for obvious purposes of service and execution of the order.

 

3. How we process your personal data?

3.1. We will only process your information where:

- you have given your consent (which you can withdraw at any time, as detailed below);

- the processing is necessary for the provision of our contractual services to you;

- the processing is necessary to comply with our legal obligations (e.g. for tax purposes or to prevent a threat to the life, health or safety of one of our customers) and/or

- the processing is necessary to safeguard our company's legitimate interests (e.g. ensuring secure internet connections) or for the interests of our third party recipients/partners who lawfully receive some of your personal information.

 

 

3.2. In particular, we may process your data in the following cases:

- to provide you with the services you request from us

- to archive your data in a filing system/database, for the proper performance of our services to you

- to execute/complete payment for the services we provide you, in accordance with your express authorization and in the context of executing our contract

- for accounting and tax purposes

- for the development and improvement of our services

- for regulatory reporting purposes and to comply with our legal obligations.

 

3.3. Finally, we may use your personal information to send you targeted marketing activities about our products and services (and those of third parties) that we think may be of interest to you, where you have expressly requested and/or consented your to receive such actions from us. These may include indicative emails, e-marketing and notifications and telephone calls. We will only use your personal information to send you electronic marketing materials (including e-newsletters, email, SMS, MMS and iM) if you have opted-in to receive them.

 

 

4. Are your personal data disclosed to third parties?

4.1. We do not sell, rent or trade your personal information, nor will we do so at any time in the future. We may disclose (share, send, or otherwise make available) your personal data to third parties only in the ways set forth in this Policy.

 

4.2. Your personal information may be disclosed to the following third parties:

- to Google, mainly for the provision of the Google Analytics service

- to external consultants (such as lawyers, accountants, auditors and recruitment consultants)

- to our contractors, suppliers and other service providers, including our IT providers and external data hosting service providers that we may use and subcontractors.

- to financial institutions and credit card providers, as expressly authorized by you and for the purposes of performing our contract

- to postal and courier service providers,

- to publishers, printers and distributors of marketing materials

- to organizers of events and exhibitions

- to providers of marketing, research and market analysis and communications services,

- to any third party to whom we may assign or delegate our rights or obligations

- where required or permitted by applicable law, in accordance with our legal obligations

- to government agencies and public authorities, regulatory bodies and enforcement agencies, for the purposes of complying with a valid and authorized request, including a court order or other valid legal process, for fraud protection and for related security purposes.

- To third parties who provide our eshop with services related to the operation of the Online Store, such as developers, data analysts, suppliers, data security service providers and subjects' information, strictly for the purpose of processing their services to us

 

4.3. In any case, our employees who access and process your personal data are fully trained in the appropriate way for such processing and act only on the basis of what they need to know, to satisfy the legitimate business purposes of processing, as above were described.

 

5. Personal data is transferred outside the EU and EEA?

We may disclose your personal information to certain recipients outside the EU and EEA (eg Google). In this case, where such transfers will be necessary by law or for the performance of our contract, we will ensure that they are subject to appropriate contractual and technical safeguards as required by the GDPR and any other applicable law. We will provide you with copies of the relevant assurance documents upon request.

 

 

6. Security of information

6.1 We are committed to safeguarding and protecting your personal data. We constantly implement appropriate technical and organizational measures to ensure a level of security suitable to prevent accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access of your personal data collected, stored or otherwise processed.

 

6.2. POLICHROMO has implemented procedures and security measures in physical and electronic files, in order to protect the personal information, we hold. Regular and systematic checks are implemented at workplaces, such as automatic computer locking, frequent hardware and software upgrades and configuration, in order to minimize the possibility of unauthorized access and exploitation of critical data stored in our archive.

​

We regularly review security measures and will endeavor to protect your personal data as if it were our own. However, we are not responsible for the actions of third parties or their security measures with respect to information that third parties may collect or process through their websites, services or otherwise.

 

6.3. Archiving and storage of physical documents: Our company may keep records in physical, paper form, which contain your personal data (such as contracts, invoices, consent forms, etc.) We keep these records in secure areas protected by security locks and only accessible by as many of our employees or partners as it needs, for purposes described in their employment contract. We use a shredder to destroy physical files to prevent anyone from accessing them without our authorization.

 

6.4. Filing and storage of electronic documents: We have implemented graded access to files containing personal data on our network, which is protected by a VPN (Virtual Private Network). Based on this graded access, special codes are required which are provided only to those of our employees or partners who are required to access these files. Our network is additionally protected by antivirus protection and a firewall, which separates the local network and prevents unauthorized access

 

6.5. File transfer: All internet traffic (file transfer) is encrypted and transferred via 128-bit SSL protocol. Encryption is essentially a way of encoding information until it reaches its intended recipient, who will be able to decode it using the appropriate key.

 

6.6. Email: The data that will be sent to us by email is protected via the SMTP protocol (Simple Mail Transfer Protocol). Our SMTP servers are protected by TLS (sometimes known as SSL) security protocol, which means that email content is encrypted using SHA-2, 256-bit encryption before it is sent over the internet. Email content is decrypted by our local computers and devices.

 

6.7. Recovery and Backup Procedures: Each server has a disk mirroring function for immediate recovery (mirror disk-set RAID-1). The company's equipment is connected to an uninterruptible power supply system (UPS power), so that its operation is not interrupted in the event of a system failure. Backups are created nightly, stored on external hard drives, which are kept in a secure location. If a backup fails, an email is automatically sent to the system administrator.

 

7. Data retention period

7.1. We do not retain your data for longer than is necessary to fulfill the purposes for which it was collected or as required by applicable laws.

 

7.2. The information you provide to us may be archived or stored periodically, in accordance with our relevant security procedures, and will only be kept for as long as is necessary for each purpose for which it was collected, unless the law requires us to keep it for longer period, or delete them sooner, or unless you exercise your right to have your data deleted or restricted (whenever permitted).

 

7.3. For example, according to Directive 1/2011 of the National Authority for the Protection of Personal Data, the recording files from security cameras that are legally installed in our offices should be kept for a specific period of time, according to the purpose for which they are processed. Unless otherwise required by law or necessary in cases where an incident of breach has been observed, these records should be destroyed every 15 business days.

 

8. Protection of Children's Personal Data

We do not collect information through our website from persons known to us to be under the age of 16, and no part of our website is directed to children under 16 years of age.

 

9. Your rights

POLICHROMO ensures that you can exercise all your relevant rights in relation to your personal data that we hold and process, such as the right to access and correct, withdraw your consent, delete or limit the processing of your data, limit or stop direct marketing and providing a copy of your data that we hold in digital format (e.g. pdf) to you or to another service provider that you may indicate to us.

 

For example, at your request, we will:

• we grant you access to copies of your personal data within a reasonable time

• we correct personal information when it is inaccurate

• withdraw your prior consent to the processing of personal information, etc.

 

 

10. Inquiries, complaints and requests to exercise rights

Communications, questions or requests to exercise your rights (e.g. access to data) or complaints can be addressed to elias@flowroot.net, attn. Elias Dritsopoulos

 

Within the EU, individuals have the right to complain about how their information is handled to the relevant supervisory authority. A list of all EU supervisory authorities is available on the European Commission website: http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm.

                    

11. Policy changes

From time to time we may need to modify part of this Privacy Policy. We invite you to regularly check before using our services at: www.flowroot.net