1. About us
1.1 Welcome to the Privacy Notice of Premium Congress and Social Events Solutions. We respect your privacy and are committed to protecting your personal data. This Privacy Notice informs you about how we treat your personal data as a visitor or user of our website and as a registered member in our recipients lists, and provides information about your privacy rights and how you are protected by law. We are responsible for collecting, managing and processing your personal data.
1.2 We have appointed a Personal Data Protection Officer (“DPO”) who is responsible for overseeing questions raised in relation to this Privacy Notice. For any clarification upon this Privacy Notice, including any requests to exercise your legal rights, please contact our DPO at the following contact information.
Our full contact details are:
Full name of Legal Entity: Premium Congress and Social Events Solutions
Name of DPO: Sotiriadis Stelios
E-mail address: firstname.lastname@example.org
Postal address: PO Box A2753 Triadi, Thessaloniki, Greece
You reserve the right to submit your complaints at any time to the supervisory authority of your country about data protection issues. In Greece, the competent authority is the Hellenic Data Protection Authority, details of which can be found via the following link: www.dpa.gr. We would, however, appreciate the chance to deal with your concerns before you approach the Data Protection Authority, so please contact us in the first instance using the contact details written above.
2. Changes to the Privacy Notice and your obligation to keep us informed about changes
This version was updated on May 23, 2018. This notice replaces all previous disclosures we may have previously provided about our information practices. We reserve the right to change this notice, and to apply any changes to information previously collected, as permitted by law. If there are substantial changes to this notice or if our information practices change in the future, we will notify you by posting the changes on our website.
It is important that the personal data we hold about you are accurate and valid.
We hereby ask you to keep us informed in case your personal data change during your relationship with us.
3. Categories of information we collect
We reserve the right to collect, process, store and transfer different kinds of personal data about you, which we have grouped as follows:
• Identity Data include name, father’s name, last name, user name or similar identifier, occupation, title, date of birth and gender.
• Contact Data include email address and telephone numbers.
• Financial Data include bank account and payment card details (for on-site registrations).
• Transaction Data include details about payments to and from you, and other details of products and services you have purchased from us.
• Technical Data include Internet Protocol (IP) address, login data, browser type and version, time zone and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website .
• Profile Data include your username and password.
• Usage Data include information about how you use our website, products and services.
• Marketing and Communication Data include your preferences in receiving marketing/promotional material from us and from third parties, as well as your preferences for communicating with us.
• Health Data provided by you so that we serve you better and meet your special needs (for example, providing access to people with disabilities).
4. How we collect your information
We collect personal data about you every time you use our services, when you enter into a contract with us, when you use our website or when you use our telephone center.
5. Why we process your information
We will process your personal data only when the law allows us to. In general, we will use your personal data only:
When it is necessary for the performance of a contract we are about to enter into or have already entered into with you.
When it is necessary for purposes of our legitimate interests (or the interests of a third party) and your interests, and such interests are not overridden by fundamental rights.
When we need to comply with a legal or regulatory obligation.
When you have given us your explicit consent to do so.
In general, we do not rely on your consent as a legal basis for processing your personal data other than in relation to sending direct marketing communications to you, or when we process special categories of personal data. You have the right to withdraw your consent to direct marketing at any time by contacting us using the contact details mentioned in paragraph 1 above.
6. Purposes for which we will use your personal data.
We intend to use your personal data on legal basis. We reserve the right to process your personal data for more than one legal ground depending on the specific purpose for which we are using your data.
7. Change of purpose.
We will use your personal data only for the purposes for which we have collected them unless we reasonably consider that we will need to use them for any other reason and that reason is compatible with the original purpose. If you wish to get an explanation as to whether the processing for the new purpose is compatible with the original purpose, please contact us. If we need to use your personal data for an irrelevant purpose, we will notify you to explain the legal basis that allows us to do so.
8. Third Party Links
Our website may include links to third-party websites, microsites, plug-ins and applications. By clicking on these links you may give the right to third parties to collect or share data about you. We do not control these third-party websites and we are not responsible for their own privacy statements. In case of additional services provided to you by third parties, you should be aware that Premium may only be the processor on behalf of these third parties. Therefore, whenever you make use of these links or microsites or when you leave our website, we suggest that you read the privacy notice of the third parties.
9. Cookies, web beacons and other similar technologies
10. Children’s privacy.
We do not knowingly collect any information from anyone under the age of 15. Our website and services are aimed exclusively at people who are at least 15 years of age or older.
If you are below 15, do not use or provide any information on this website or on or through any of its features, do not register on the website, do not make any purchases through the website, and do not provide any information about yourself to us, including your name, address, telephone number or email address.
If we find out that we have collected or received personal data from a child under the age of 15 (apart from data for reservation and ticketing purposes), we will erase that information unless consent or authorization has been given by the guardian of the child.
If you believe that we may have information from or about a child under 15 (apart from data for reservation and ticketing purposes), please contact us.
11. Who else can have access to your information.
To best serve you, we reserve the right to share your personal data with service providers who provide support services to us or help us promote our products and services. Service providers are third parties providing services on our behalf. They are contractually restricted from using your information in any way other than to help us provide you with our services.
More specifically, in order to facilitate your travel arrangements, we often have to share your personal data with third parties such as tourist accommodation establishments, conference venues, airlines, airport operators, customs authorities and travel agents. We also share your personal data with third parties providing services to you or us, such as airport assistance companies.
We also reserve the right to disclose your personal data to a third party when you ask us to do so or when we consider it to be required by law.
12. Countries that have access to your information
Our servers, storing and protecting your data, are located within the European Economic Area (EEA). Whenever we need to transfer your personal data outside the EEA, we provide a similar degree of protection by ensuring that at least one of the following safeguards is implemented:
• We will only transfer your personal data to countries that, according to the European Commission, provide an adequate level of protection for personal data. For further details, see European Commission: Adequacy of personal data protection in non-EU countries.
• Wherever we use specific service providers, we reserve the right to use specific contracts approved by the European Union, which provide the same personal data protection as in Europe. For further details, see European Commission: Model contracts for the transfer of personal data to third countries.
• Wherever we use providers based in the United States of America, we reserve the right to transfer data to them if they are part of the Privacy Shield, which requires them to provide similar protection for personal data shared between Europe and the US. For further details, see European Commission: EU-US Shield.
Please, contact us for any clarification you may need on the specific mechanism used by us when transferring your personal data outside the European Economic Area.
13. Data security
We have put in place appropriate security measures (incuding encryption, anonymization or/and pseudonymization procedures where required) to prevent your personal data from being accidentally lost, altered, disclosed, used or accessed in an unauthorised way. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who need to know them in order to fulfill their professional duties. They will only process your personal data upon our instructions and they are subject to a duty of confidentiality. We have put in place procedures for handling any suspected personal data breach and will notify you and any competent authority of any violation when we are required by law to do so.
14. Retention of your information.
We will only retain your personal data for as long as necessary to fulfill the purposes for which we have collected them, including the fulfillment of any legal or accounting or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of your personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
15. Your rights
You have the right to:
1. Request access to your personal data (commonly known as a “Data Subject Access Request This enables you to receive a copy of the personal data we hold about you and to confirm that we are processing them lawfully.
2. Request correction of the personal data we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, although we reserve the right to ask you to validate the accuracy of the new data you provide to us.
3. Request erasure of your personal data. This enables you to ask us to erase or remove personal data when there is no good reason for us to continue processing them. You also have the right to ask us to erase or remove your personal data in cases when you have successfully exercised your right to object to processing (see below), when we may have processed your information unlawfully or when we are required to erase your personal data to comply with local regulations. Note, however, that we may not be able to comply with your request for erasure for specific legal reasons which will be notified to you, if considered to be necessary, when you submit your request.
4. Object to processing of your personal data when we are relying on our legitimate interest (or on the interests of a third party), and in this case you have reason to wish to object to processing on this ground, as you believe it affects your fundamental rights and freedoms. You also have the right to object when we are processing your personal data for direct marketing purposes.
5. Request restriction of processing your personal data. This enables you to ask us to suspend the processing of your personal data in the following cases: (a) if you want us to verify the accuracy of the data, (b) when our use of the data is unlawful, but you do not want us to erase them, (c) when you want us to retain your data even if we no longer require them as you may need them to establish, exercise or defend legal claims, if it is necessary for you to validate, exercise or defend any legal claims; or (d) when you have objected to our use of your data but you have to verify whether we have overriding legitimate grounds to use them.
6. Request the transfer of your personal data to you or to a third party. We will provide to you, or a third person you have designated, your personal data in a structured commonly used machine-readable format. This right applies only to automated information for which you initially gave your consent for us to use in cases where we used the information to enter into a contract with you.
7. Withdraw consent at any time if we are relying on consent to process your personal data. However, this is something that can not affect the lawfulness of any processing carried out before withdrawing your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will notify you in such a case at the time you withdraw your consent.
If you wish to exercise any of the rights described above, please contact us.
16. What we may need from you.
We reserve the right to ask for specific information from you in order to confirm your identity and to ensure your right to access your personal data (or exercise any of your other rights). This is a security measure to ensure that personal data are not disclosed to any person who is not entitled to receive them. We also reserve the right to contact you to ask you for further information in relation to your request, in order to speed up our response.
17. Time limit to respond
We try to answer all legitimate requests are answered within one month. It may take us occasionally though more than one month to respond to your request if it is particularly complex or if you have submitted a number of requests. In this case, we will notify you and keep you updated.
Definitions according to the EU “General Data Protection Regulation” 679/2016 (GDPR):
Personal data are information that can be related to a person. Data are considered personal if the person they concern can be identified, either directly or indirectly. Relevant examples are the individual’s name, identity card number, date of birth, gender. location data and contact details. It does not include data where the identity has been removed (anonymous data).
Sensitive personal data or special categories of personal data include data such as: religion, ideological, political views or activities, health, genetic or biometric information, racial and ethnic origin, administrative or criminal proceedings and sanctions.
Profiling is any form of automated processing of personal data consisting of the use of personal data in order to evaluate certain personal aspects relating to an individual.
Data Subject is a physical person to whom personal data relate.
Data Processing / Processing is any activity, operation or set of operations performed on personal data or sets thereof, irrespective of the process and means (automated or not) applied such as collection, recording, registration, organization, structuring, storage, adaptation or alteration, retrieval of information, search for information, use, revision, disclosure by transmission, dissemination or otherwise making available, alignment or combination, interconnection, restriction, erasure, archiving, viewing or destruction of personal data.
Data file is any structured set of personal data which is accessible in such a way as to make it possible to deduce the person in question from the data.
Disclosure means making personal data accessible.
Data Protection Impact Assessment is a systematic process for identifying, evaluating and documenting the risks and impact of personal data processing activities on the rights of individuals.
Data Controller is the natural or legal person of the public or private sector who determines the purposes and means of the processing of personal data
Data Processor is the natural or legal person processing personal data on behalf of the Data Controller.