GDPR Policy – ERA | Congresses, Events, Incentives, Business Travel, Tourism

Personal Data Protection Policy

Preamble

This Policy has been designed in accordance with the statutory provisions of the General Data Protection Regulation of the European Union (Regulation 2016/679) (hereinafter “GDPR”) which shall enter in force on May 25, 2018.

The main scope of business of the company under the trade name ΕRA CONFERENCE ORGANIZATION TOURISM ENTERPRISES LIMITED LIABILITY COMPANY (LTD) (hereinafter “ERA”) is the organization of conferences, events and business and educational travels. ERA’s registered office is in Athens (17, Asklipiou Street) and this is the address to which all formal communication shall be addressed. ERA’s website address is www.era.gr (hereinafter the “Website”). ERA’s contact number is +30 210.36.34.944. If a user that enters the Website has any question regarding this Policy he/she may address and contact with ERA via e-mail using the following e-mail addresses: CCharalambous@era.gr and ICharalambous@era.gr .

This Policy describes the way in which ERA uses and protects the personal data (hereinafter the “Personal Data”) of the individuals (hereinafter the “Data Subjects”) which are communicated to ERA when Data Subjects either using the services provided through the Website or using the services provided by ERA (participation in conferences/events and use in general of the tourism services that ERA provides) or entering into agreements with the Data Subjects (e.g. ERA’s employment agreements). This Policy also describes the way in which ERA collects, transfers, processes, uses and discloses the Personal Data of the Data Subjects and determines its policies regarding the secure processing of Personal Data.

By providing your Personal Data to ERA (either directly or allowing another person to do so on your behalf), the Data Subjects agree that this Policy will apply to the way that ERA uses their Personal Data and the Data Subjects consent to ERA collecting, transferring, processing, using and disclosing their Personal Data, as detailed in this Policy. In case that the Data Subjects do not agree with any part of this Policy, they must not provide their Personal Data. If the Data Subjects do not provide ERA with Personal Data or withdraw a consent that they have given under this Policy, this may affect ERA’s ability to provide services to them or negatively impact the services ERA can provide to them.

This Policy does not in any way cover the relations between the Data Subjects who use ERA’s Website and any services that are not subject to the control of ERA or owned by ERA. In view of the nature and the great amounts of information on the internet, ERA shall not be responsible in any case, including, without limitation, in cases of ERA’s negligent act or omission, for any kind of damages sustained by the Data Subjects who use the sites, services, selections and contents of ERA’s Website on their own initiative and being aware of the terms of this Policy.

Collection and Use of Personal Data

Α. ERA collects Personal Date in the following cases:

the Data Subjects use its services (participation in conferences/events and use in general of tourism services that ERA provides) and when the Data Subjects, by using ERA’s Website, sign in the advertising/informative/promotional programmes regarding the organization of future events/conferences (hereinafter “Informative Programmes”) by completing the registration form;
the Data Subjects contact with ERA through its Website;
ERA enters into agreements with the Data Subjects;
ERA receives them from third parties (e.g. companies, tourism agencies) within the context of co-operation and provision of information

Β. In the above-mentioned context, ERA may collect, store and use the following types of Personal Data:

information provided by the Data Subjects for the purposes of contacting with ERA, signing in ERA’s Informative Programmes and using its services;
any other information that the Data Subjects choose to disclose to ERA (either through its Website or otherwise) which is pertinent to the fulfilment of Data Subjects’ personal requests and fall within ERA’s scope of business (organization of conferences, events and business and educational travels) –this information may extend in this instance to family members of the Data Subjects;
any information that the Data Subjects choose to disclose to ERA for the purposes of signing and performing an agreement with ERA;
data sent by third parties (e.g. companies, tourism agencies) within the context of co-operation and provision of information.

More specifically, information that ERA may collect from the Data Subjects either during the use by them of the services of its Website, their communication with ERA and their registration to Informative Programmes, or through the use of ERA’s services (participation in conferences/events and use in general of tourism services that ERA provides) or through agreements with the Data Subjects (e.g. ERA’s employment agreements) is the following:

Personal Details (e.g. Name, Surname, Contact Address, Contact Number, E-mail address)
Financial Data (e.g. Credit Card Information)
Employment Data (e.g. Employment, Position / Title, Employment Location)

ERA uses the Personal Data of Data Subjects for the following purposes:

in order to provide to the Data Subjects the services requested;
in order to inform the Data Subjects about the services provided;
in order to fulfil the requests of the Data Subjects from time to time regarding the services provided through ERA’s Website;
in order to answer to questions and requests addressed to ERA by the Data Subjects;
in order to inform the Data Subjects about new offers/categories of services by sending to them promotional information (newsletters) through e-mails and/or sms, unless the Data Subjects have requested not to receive such promotional information (newsletters);
for ERA’s internal purposes and in order to secure the quality of services provided;
in order for ERA to perform an agreement that ERA has entered into;
for other purposes as provided or required by law (e.g. ERA to comply with its legal obligations or for the protection of its/Data Subjects’ vital interests or in cases that processing is necessary for the purposes of the legitimate interests pursued by ERA).

Protection of Personal Data of Data Subjects

ERA takes appropriate legal, organizational and technical measures in order to protect the Personal Data of the Data Subjects, as well as technical measures for the protection of the Personal Data of the Data Subjects in accordance with the applicable legislation for privacy and data security. ERA implements various security technologies and procedures in order to protect the Personal Data of the Data Subjects from any illegal destruction, loss, misuse or modification, as well as against any unauthorized or illegal processing, use or disclosure.

ERA will delete or re-identify the Personal Data of the Data Subjects once ERA no longer requires it for the provision of its services and/or for its business purposes and/or for the performance of a contract ERA has entered into and/or for legal purposes, or as required otherwise by the applicable legislation for the protection of Personal Data from time to time.

Non Disclosure of Personal Data to Third Parties

Save as provided otherwise in this Policy, ERA bounds not to sell, rent or otherwise publish or disclose the Personal Data of the Data Subjects to third parties.

Furthermore, ERA bounds not to disclose the Personal Data of the Data Subjects to third parties (individuals or legal entities) unless:

a) the Data Subjects have provided explicit written consent and (i) the third party (individual or legal entity associate/ supplier/ service provider of ERA) has provided sufficient guarantees in respect of the technical and organizational measures governing the processing to be carried out and (ii) the third party (individual or legal entity associate/ supplier/ service provider of ERA) has entered into a written contact with ERA which imposes on the third party obligations identical to those imposed on ERA under the provisions of Personal Data protection;
b) required in order for ERA to comply with the respective legislation and only to any competent public prosecutor, police, criminal investigation and judicial authorities in response to their requests;
c) in connection with any legal/judicial proceedings or prospective legal/judicial proceedings;
d) in order for ERA to establish, exercise or defend its legal rights –including information to regulatory, prosecution οr other authorities for the purposes of fraud prevention and anti-counterfeiting, unauthorized use and illegal activities-.

ERA bounds not to transfer Personal Data of the Data Subjects in third countries outside the European Union without the Data Subjects’ prior written consent unless ERA and the recipients of such Personal Data have entered into and use the standard contractual clauses approved by the European Commission and annexed to the Commission Decision of 5^th February 2010 on standard contractual clauses for transfer of personal data to processors established in third countries (2010/87/ΕU).

Data Subjects’ Rights

The Data Subjects are entitled to exercise the following rights arising from the provisions of GDPR and the applicable legislation which implements or supplements GDPR or otherwise is related to the processing of individuals’ Personal Data together with the binding directives and Codes of Practice issued from time to time by the respective supervisory authorities:

The right to be informed about the processing of their Personal Data, as well as the legal basis for such processing and all details related to it (the processing);
The right of access and rectification of their Personal Data concerning him or her;
The right to erasure their Personal Data in case the Personal Data are no longer necessary for the provision of any services;
The right to restrict the processing of their Personal Data;
The right to object to the processing of their Personal Data;
The right to Personal Data portability to another data controller, i.e. the right of the Data Subjects to receive data in appropriate format, so that their transfer to another data controller is technically feasible.

In order to exercise the above-mentioned rights or for any enquiry the Data Subjects may contact with ERA:

Through the respective contact form or by sending e-mail to the following e-mail address info@era.gr or
By sending a letter to the address set out in the Preamble of this Policy.

The Data Subjects are also entitled to withdraw at any time the consent they have provided regarding the processing of their Personal Data (without retroactive effect) following one of the two (2) ways described above.

Furthermore, the Data Subjects (a) are entitled to lodge a written complaint before the competent supervisory authority regarding the protection of their Personal Data, i.e. the Data Protection Authority (1-3, Kifisias Avenue, P.C. 115 23, Athens, +30 210 6475600, e-mail contact@dpa.gr) and (b) have the right to an effective judicial remedy in case the Data Subjects consider that their Personal Data have been violated.

Links to other sites

ERA through its Website may contain links to third party websites or include third party websites. This Policy does not apply to these websites and ERA is not responsible for the privacy policies or practices of such websites. If the Data Subjects choose to visit a linked site, they agree that ERA is not responsible for the availability of this site and agree that ERA does not control, sign or is responsible in any way whatsoever for:

the way in which the Personal Data of the Data Subjects are addressed in these websites;
the content of such websites;
the use of such websites from other individuals

ERA encourages the Data Subjects to procure in advance and check always the disclaimers and privacy policies published in each website or mobile application before disclosing any Personal Data.

Applicable Law

The processing and protection of Personal Data of the Data Subjects is governed by the terms of this clause, the provisions of GDPR which shall enter in force on May 25, 2018 and the applicable Greek legislation which implements or supplements GDPR or otherwise is related to the processing of individuals’ Personal Data together with the binding directives and Codes of Practice issued from time to time from the respective supervisory authorities (see European Commission).

Amendments

ERA reserves the right to update this Policy from time to time and post the most up-to-date version on the Website at any time without announcement. If substantial changes have been made ERA may post a relevant announcement relating to the amendments on the Website or inform the Data Subjects by sending a notification via e-mail and/or sms. ERA encourages the Data Subjects to check the Website from time to time in order to determine whether there have been any amendments, as well as to review from time to time this Policy in order to keep informed about the way in which ERA protects the Personal Data it collects.

If the Data Subjects proceed with the use of the Website of ERA, this entails their agreement with this Policy and any updates. If a Data Subject does not agree with the terms for the protection of Personal Data provided in this Policy he/she must not use the services provided by ERA.

This Policy was updated on May 21, 2018.