Data Protection Policy
DATA PROTECTION POLICY
ALTER EGO MEDIA S.A. (hereinafter the “Company”), acting as the “Data Controller,” is responsible for processing your personal data on the website tovima.com (hereinafter the “Website”). In this Policy, the terms “we” or “us” refer to the Company.
This Policy aims, in accordance with Article 13 of the General Data Protection Regulation (EU Regulation 2016/679, hereinafter “GDPR”), to inform you about the use of your personal data, describe the framework under which we collect, retain, and use the personal data of visitors to the Website (“Personal Data”), explain our relevant obligations, and outline the rights of visitors to the Website concerning the processing of their data.
If you have any questions regarding this Policy and how we process your personal data, you can contact the Data Protection Officer (DPO) of the Company:
Data Controller
ALTER EGO MEDIA S.A.
340 Syngrou Avenue, Kallithea Greece, Postal Code 176 73
Phone: +30 210 754 7000
Contact details of the Data Protection Officer (DPO): dpo@alteregomedia.org
Definitions
Personal Data: any information relating to an identified or identifiable natural person, whose identity can be directly or indirectly verified, in particular by reference to an identifier such as, but not limited to, name, telephone number, email address, identification number, tax identification number (TIN).
Special Categories of Personal Data: personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic data, biometric data used for the purpose of uniquely identifying a person, data concerning health, or data concerning a person’s sex life or sexual orientation.
Data Subject: the identified or identifiable natural person to whom Personal Data relates.
Processing: any operation or series of operations carried out with or without the use of automated means on personal data or sets of personal data, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction.
Data Controller: For the purposes of this policy, Data Controllers refer to the companies of the Group, which individually or jointly determine the purposes and the means of processing Personal Data.
Data Processor: a natural or legal person, public authority, agency, or other body that processes Personal Data on behalf of the Controller.
Consent: any freely given, specific, informed, and unambiguous indication of the Data Subject’s wishes by which they, by a statement or by a clear affirmative action, signify agreement to the processing of Personal Data relating to them.
Personal Data Breach: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data transmitted, stored, or otherwise processed.
Collection and Processing of Personal Data
As a general principle, we process your data through the Website only when you actively provide it (e.g., when you communicate with us via email).
However, certain data is collected either with the help of cookie files (for more information regarding the use of cookies, please refer to our relevant policy) or automatically during your visit to the Website.
Specifically, due to the way the internet operates, as soon as you visit the Website, our server records your IP address, which constitutes personal data, even if we cannot identify you solely based on this information. Additionally, it collects some other information, such as the date and time of your visit.
The legal basis for collecting and storing data in special log files is our legitimate interest in ensuring the security of networks, information, and services from random events or illegal or malicious actions that jeopardize the availability, authenticity, integrity, and confidentiality of stored or transmitted data (e.g., monitoring “denial of service” attacks) and to effectively address any technical issues.
This processing is in accordance with the relevant legal framework, as it does not involve serious risks to your rights and freedoms. According to the GDPR and national legislation, this processing is allowed to be based on our legitimate interest.
In the table below, you can find information about the purposes of processing personal data collected through the Website, the categories of such data, and the legal basis for their processing:
- Contacting the Company
Personal Data Full Name, email address, and any other details that may be included in your request. Important Note: In your message, please only provide the necessary information related to the issue at hand and avoid mentioning personal data of yourself or third parties. | Processing Purpose We process this data in the context of serving you, so that we can handle your request and communicate with you by responding to your message. | Legal Basis The data is processed within the framework of serving the legitimate interests of the Company (Article 6(1)(f) GDPR). In this case, it is to fulfill your requests, maintain, and improve the Company’s communication with visitors. |
- Sending a newsletter
Personal Data Email address | Processing Purpose We use your email to send you updates on news, offers, and other matters that we believe may interest you. | Legal Basis We process the data you provide to us based on your consent (Article 6(1)(a) of the GDPR), which you have the right to withdraw at any time and request the deletion of your data. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. |
The newsletter is sent through ‘MailChimp,’ a platform for sending newsletters provided by Rocket Science Group, LLC, 675 Ponce De Leon Ave NE 5000, Atlanta, GA 30308, United States. You can review the detailed privacy policy for the protection of personal data by Mailchimp.
Registered user access to the Website is accomplished through user registration on the helioskiosk.gr website and is governed by its own terms, in addition to the present policy.
The accuracy of the information submitted in all cases is the responsibility of the visitors themselves. Please refer to the section of the policy regarding your rights for information on correcting your details.
The personal data provided by visitors to the Website is used exclusively for the purpose for which it was submitted, as stated at the respective collection point.
Disclosure to Third Parties
The Company may disclose the aforementioned personal data to companies providing IT support and website support services. For more information regarding the recipients of your data, you can contact the Company’s DPO at the email address dpo@alteregomedia.org.
Security
The Company processes your personal data in a manner that ensures their protection. Specifically, the processing of your personal data is carried out exclusively by personnel commissioned for this purpose or by partners who are bound to the Company with the same obligations of protection of your personal data. The Company takes all appropriate organizational and technical measures to secure the data and protect them from accidental or unlawful destruction, accidental loss, alteration, unauthorized disclosure or access, and any other form of unlawful processing. Among other things, it adopts internal security policies, trains its personnel, and employs a variety of technologies to ensure the security of your data (e.g., SSL certificate, encryption, certified hosting providers).
Retention Period
The personal data you submit to the Website is retained only for as long as necessary for the purposes for which it was collected or as required by the relevant legal framework.
Rights of Individuals
In this section, your rights regarding your personal data are presented. These rights are subject to certain exceptions, reservations, or limitations.
Please submit your requests responsibly. The Company will respond as soon as possible and in any case within one month from the receipt of the request. If the examination of your request requires more time, you will receive relevant information. To exercise your rights, you can contact the Data Protection Officer (DPO) at the email address dpo@alteregomedia.org.
The Company ensures that you can exercise the following rights seamlessly.
- Right to information/update:
You have the right to request and receive clear, transparent, and easily understandable information about how your personal data is processed.
- Right of access
You have the right to access your personal data free of charge, except in the following cases, where a reasonable fee may be charged to cover the Company’s administrative costs:
- manifestly unfounded or excessive/repeated requests, or
- additional copies of the same information.
- Right of rectification
You have the right to request the correction of your personal data if it is inaccurate or incomplete.
- Right to erasure
You have the right to request the deletion or removal of your personal data when they are no longer necessary for the purposes for which they were collected, or there is no legal basis for their continued processing. The right to erasure is not absolute if there is a specific legal obligation or other legitimate reason for the Company to retain your personal data.
- Right to restriction of processing
In certain cases, you have the right to restrict or cease further processing of your personal data. When processing is restricted, your personal data is stored without undergoing further processing.
- Right to data portability
You have the right to request your personal data that you have provided to us in a structured, commonly used, and machine-readable format, and to transmit this data to another data controller.
- Right to object
You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data, unless the Company demonstrates compelling legitimate grounds for the processing that override your interests, rights, and freedoms.
- Rights related to automated individual decision-making and profiling
The Company does not engage in automated individual decision-making, including profiling.
- Withdrawal of consent
We inform you of your right to withdraw your consent at any time, without affecting the lawfulness of the processing based on the consent before its withdrawal.
Submitting a complaint
For further information and advice regarding your rights or to submit a complaint, you can contact the Hellenic Data Protection Authority at tel: +30-210 6475600, website: http://www.dpa.gr
Social Media
Facebook Page
The Website maintains an official page on the Facebook social media platform https://www.facebook.com/www.tovima.gr/), which is linked to the Website through hyperlinks.
You can contact us through our Facebook page by using the “send message” function.
In order to respond to your inquiries, we process the username you have on Facebook, as well as other information that is publicly available through your profile (e.g., email address). We process this data in the context of serving the legitimate interests of the Company (Article 6(1)(f) GDPR), in this case, to address your requests, maintain, and improve the Company’s communication with visitors. Access to and use of the Facebook page are subject not only to Facebook’s policies but also to this Privacy Policy.
In case you choose to click “LIKE” on our page, it implies that you give your consent to see the news and promotional activities (via the news feed) that we carry out through the Facebook page. If you do not wish to receive such updates, you can click the “UNLIKE” option at any time.
Responsible for the operation of Facebook in the European Union is Facebook Ireland Limited, Hanover Reach, 5-7 Hanover Quay. You can learn about the processing of your data by Facebook at the following links:
https://el-gr.facebook.com/policy.php?CAT_VISITOR_SESSION=c7b73ebc78d1681ade25473632eae199
https://el-gr.facebook.com/business/GDPR
The Website maintains an official page on the Instagram social media platform (https://www.instagram.com/tovima.gr/).
Through Instagram, you have the ability to follow the Website’s account and comment on its posts, providing data for processing on the platform.
Instagram, whose operation in the European Union is managed by Facebook Ireland Limited, Hanover Reach, 5-7 Hanover Quay, has its own policies regarding cookies and data protection, over which we have no control and cannot influence.
Access to Instagram takes place solely at your own responsibility, and we encourage you to carefully read its privacy policy, as you accept it by using its services.
The Website maintains an official Twitter account (https://twitter.com/tovimagr/).
Through Twitter, you have the ability to follow the Website’s account, retweet, and comment on its posts, providing data for processing on the platform.
Twitter, owned by Twitter, Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, has its own policies regarding cookies and data protection over which we have no control and cannot influence.
Access to Twitter takes place solely at your own responsibility, and we encourage you to carefully read its privacy policy, as you accept it by using its services.
General information about social media
According to decisions of the Court of the European Union, the Company, as the administrator of the page through which it processes the personal data of visitors on social media, may be considered jointly responsible for processing with the respective provider. This relationship concerns exclusively and only the processing actions of the visitor’s data through the page, such as, for example, indicating a like on a post. This processing is based on the visitor’s consent, as detailed above.
The Company takes all appropriate technical and organizational measures to ensure the security of data processing through social media, including, for example, limiting access to individuals managing each page.
The Company is responsible only for the manner and means of processing your data for the purposes it sets (communication, information, and promotional activities) and to the extent that it exercises control over your data. However, it assumes no responsibility for the manner or means by which each social media platform processes your data. The terms of use of each social media platform where your comments are submitted apply accordingly.
In any case, we urge you to exercise particular caution regarding the content you submit to our pages on social media, especially when providing your own or third-party personal data. Additionally, please ensure that the page you are communicating with is indeed the official one.
Comments on Social Media and Website
The Company encourages users to submit comments on posts and/or pages it maintains on social media, fostering an open dialogue with respect for different opinions.
The Company does not have a general obligation to monitor the content submitted by users on these platforms; however, it makes efforts to ensure a safe online environment.
Therefore, the administrators of the Website reserve the right to remove any type of content deemed to violate its terms of use, such as offensive, obscene, pornographic, threatening, advertising content or content that violates intellectual property rights or contains false statements about the user’s identity, while also retaining the ability to block users who submit such content.
If you believe that user-generated content hosted on the Company’s social media pages violates or otherwise infringes upon our terms of use, please contact the administrators directly.
For commenting on the Website, we use the Disqus platform (717 Market Street, San Francisco, CA 94103), which stores comments and user data according to its own privacy policy.
Changes to this Policy
Our goal is to continuously review and update this Policy to comply with relevant legal and regulatory requirements while providing the best protection for your personal data. Any updates will be communicated through the Website.
Latest Update: 15/02/2022