Privacy Policy
Personal Data Security Policy

A. For ordinary website visitors:

The personal data collected are further categorized into the data of ordinary visitors and the data of the users of the website services, as follows: During your navigation on the website, data is collected about the use of the website ("usage data") for purposes of analyzing the use and monitoring and improving the website and the services provided. Usage data may include IP address, geographic location, browser type and version, operating system, referral source (from which page you arrived at the website), duration of visit, page views and navigation paths of the website, as well as information about the timing, frequency and manner of use of the website and its services by you. The source of the usage data is Google Analytics. How Google Analytics collects and processes data can be found here: www.google.com/policies/privacy/partners.

The above personal data of website visitors is limited to the information required for the operation and improvement of this website and our services in accordance with the applicable personal data legislation. The Company collects and processes data exclusively for the purposes of the legal and proper operation of the website and to offer visitors and users of the website the best possible user experience.

B. For corporate customers:

In the context of using the website (https://filakiskreata.gr) personal data is collected and processed in the event that the Customer expresses interest (i) in one of the Company's products (ii) for cooperation with the Company and ( iii) for communication with the Company.

In particular, in all the cases under (i) to (iii) above in which the Customer, a natural or legal person, expresses interest in some of the Company's services, data is collected which, depending on the type of business, may also be personal data and which include the following: company name, contact person, management details, postal code, telephone numbers, email, activity. The above personal data of the users of the website services are used by the Company in order to contact you for the purposes of information about its products and services.

C. as Responsible and Executor of the Processing, in accordance with the EU General Data Regulation. 2016/679

1. Clarifications on the processing of personal data of Customers

By purchasing services/products made by the Customer through his communication with the Company, he declares that he wants the Company to undertake on his behalf the completion of a task or the mediation between the Client and a third party for the completion of a task in the capacity of the Company as a provider of internet services and software applications.
The Company, based on the information/data declared by the Customer on its website/order form, should include him in a homogeneous category and calculate, based on his statements, the appropriate and proportional product/service for the Customer. In order to do this, it is necessary for the Customer to declare the specific categories of personal data of its customers to which the Company will gain access for the provision of specific services and support and which will be indicated in the relevant fields of the order form. These data are objectively essential for the fulfillment of the purpose and the operation of the service provided. Correct and complete information on the information requested by the Company constitutes an obligation of the Customer. It is possible that inaccurate or incomplete information on the information requested by the Company may establish the right to request the Company even to cancel or terminate the service provided at any time.
For as long as the service contract remains in force, the Company will process the data of the Customer or customers following a specific, case-by-case order that is necessary for its operation, based on the express consent that the Customer has granted it herein stage through the service/product order or at any other subsequent stage.
After the Customer places the software/service order, completed in all fields, the Company will proceed, for the reasons mentioned above, in each act or series of acts of processing the Customer's data and with the help of automated means such as e.g. collecting, registering, organizing, correcting, storing, adapting, changing, retrieving, searching for information. The Company also uses automated means to complete the order and provide the service. Through these automated means, the Company can make decisions more quickly, with greater accuracy, transparency and consistency. However, in these cases, regular relevant checks are carried out by competent employees of the Company.
The Company, in the context of protecting its legal interests, frequently carries out checks, through certified automated means, for reasons of preventing fraud against it or the leakage of personal data of Customers or other third parties.
The Company will keep the Customer's data for as long as a contractual relationship between them is maintained exclusively in electronic form. In the event that, for any reason, this is interrupted, the Company will keep them for as long as is required until the statute of limitations for any related claims has passed. However, in any case the Company will keep the data for a period of up to one (1) year from the end of the cooperation between them.
The Customer can exercise, as the case may be, the following rights: the right of access (to find out which of his data we process, why and their recipients), rectification (to correct any deficiencies or inaccuracies of the data), deletion (right to oblivion) ​​(deleting them from the Company's records, however, if their processing is no longer necessary), restriction of processing (in case of questioning the accuracy of the data, etc.), portability (that the Customer receives his data in structured and commonly used format). These rights are exercised at no cost to the Customer, by sending a relevant letter or e-mail to the Data Protection Officer, unless they are repeated frequently and due to volume, they have administrative costs for the Company, in which case the Customer will bear the relevant costs.
If the Customer exercises any of these rights, the Company will take all possible measures to satisfy the Customer's request within thirty (30) days of receiving the relevant request, after the Company informs either of its satisfaction, or of the objective reasons that prevent its satisfaction.
In addition, the Customer may at any time object to the processing of his personal data for the purposes of the service contract, by revoking his consent. However, this will eventually lead to the termination of the Customer's contract and non-provision of services by the Company, because (according to what was mentioned above) no service operates without an express written agreement regarding the rights and obligations regarding the processing of personal data the customer's.
Data security is an absolute priority for the Company. To achieve this, all modern and appropriate technical (encryption, anonymization, etc.) and organizational measures are applied, the response of which the Company checks at regular intervals.
The Customer's data will be transmitted to the Company's departments that are responsible for the completion of the service provided and for its correct and uninterrupted operation. Examples include the technical support department, the legal department, the accounting department, etc.
The Customer's data may also be transmitted and made accessible by legal and/or natural persons with whom, from time to time, the Company maintains contracts for the proper provision of the services offered. Also, the data, in the context of the operation of the Customer's insurance contract, may be transmitted to various services, public authorities, etc. However, in this case, these legal and/or natural persons will process the Customer's personal data exclusively for the purpose of providing services to the Company and not for their own benefit, acting as processors. In each transmission, the Company always takes every measure so that the data that will be transmitted is always the minimum necessary and that the conditions for legal and legitimate processing will always be met.
It is expressly clarified that the Company does not use the Customer's personal data for commercial purposes nor does it share personal data with unauthorized persons.
For any matter concerning the processing of your data, you can contact us at the email: Also, the Customer always reserves the right to address the competent authorities, where he can submit the relevant complaints. For Greece: Personal Data Protection Authority (Kifissias 1-3, Т.К. 115 23, Athens), or electronically (www.dpa.gr).
2. Technical and organizational security measures:

For the Company, the protection of the Personal Data of the visitors and users of this website and the respect of the individual's privacy on the internet is a self-evident commitment. All necessary organizational and technical measures are taken to ensure the security, availability and validity of the data of visitors and users of this website. It ensures that your personal data is safe. In order to prevent unauthorized access or disclosure, appropriate physical, electronic and managerial procedures are in place to safeguard and secure your personal data collected.

Technical security mechanisms for the protection of personal data applied by the Company:

Access to the system via a key pair (username / password): Each user has their own unique user/key combination to access the application. Only specific authorized persons of the Company have access to manage orders concerning personal data of Customers.
Key lifetime definition: It is possible to define in the application, the lifetime of a key, beyond which the key is not valid and the user does not have access to the application.
Key complexity level: The access key complexity level is set.
Graded access to information and data: Each user has access only to the data related to his work.
Graded access to indexes and lists: Each user has access only to predefined indexes and lists.
Access exclusively following an explicit Order from the Client and preparation of a processing file: Each user receives from the Client a specific Order concerning access to personal data for which the user prepares, after the completion of the work, a personal data processing file form in which the actions are recorded carried out (logging (Logging) Logging (Logging) of all changes to personal data).
Define user groups: The ability to create groups of users with the same access rights is implemented.
Data export: Possibility to export personal data (in various formats) upon request of the natural person or the Customer to satisfy the corresponding requirement of the Regulation.
IP lock per user: The ability to lock access to the application only from a specific IP address or range of addresses is implemented
Ability to completely delete personal data without affecting records in the application database.
Implementation of technical security protocols for the servers used by the Company, namely:
Third party technical service providers:

The Company may use third-party technical service providers who host, store, manage and maintain the website, its content and the data collected as well as other technical service providers (e.g. email services) to communicate with you on cases where it has received your express consent for such communication. The Company only uses third party service providers who agree to use only the personal information provided to them only for the purpose for which it was provided (eg technical services, website technical support) and who agree and warrant that all processing in which they engage will be legal and compliant with the provisions of applicable personal data legislation.
The Company does not sell, distribute or lease your personal information to third parties unless required by law to disclose such information. More specifically, the Company may disclose your personal data to third parties when this disclosure is necessary for the creation, exercise or defense of legal claims, either in the context of judicial proceedings or relevant summons of Competent Authorities or in the context of administrative or extrajudicial proceedings or for the purpose of preventing or stopping an attack on its computer systems or networks or protecting its rights or property.
The server and data center used by the website is located within the European Union and is therefore subject to compliance with the provisions of applicable personal data legislation. The data collected through this website is not transmitted to companies outside the European Union.
Period of processing of Personal Data

The storage and processing of the data of customers of the services of the website is done exclusively and only as permitted by law or in accordance with your express consent only for as long as is necessary to satisfy the purposes of the processing (as defined above) or until disagree with the use of your personal data by the Company or until you withdraw your consent.
In the event that it is required by law or in the event that it is required for the legal claim or defense of the Company against legal claims to retain personal data for a longer period of time, the Company will retain the personal data for a longer period of time.
Designation of Personal Data Protection Officer

The Privacy and Security Policy of the Company is in full harmony with the Regulation of the European Union 679/2016 on the
Protection of Personal Data. For this purpose, the Company has appointed as Personal Data Protection Officer Mr. Fragopoulos,
who is designated as responsible for any issue related to the application of the above Regulation by the Company and with which the users
and any interested party can contact us by e-mail at info@filakiskreata.gr