1. INTRODUCTION
Whenever you contact our Company or use our services, you disclose personal information (personal data) to us. The purpose of this Privacy Policy is to inform you (as a natural person) about what Personal Data (PD) we collect, why we collect it, what is the legal framework that allows its processing and how you can exercise your rights, i.e. to ask us for information, its deletion, it’s possible updating, etc.
It also shows our compliance with the law and in particular with the EU Regulation 679/2016, on the Protection of Personal Data, and our respect for the privacy and security of PD. It applies to PD that you provide to us as well as to PD that we collect (as Data Controller) in the course of our activities.
This Privacy Policy was posted on our website on 20.06.24 and supersedes any previous version. It is addressed to any natural person who has or intends to have any kind of relationship with us.
Please review this Privacy Policy to learn more about the type of information we collect and how we use that information.
2. WHO WE ARE
ARTION was founded in 1995 and is active in the provision of tax, accounting and consulting services in order to provide comprehensive support to modern businesses and organizations.
Our mission is to design and provide high quality services, tailored to the specific needs of our clients, with the aim of creating a long-term relationship of trust.
More information is available at www.artion.gr and the corporate presentation can be found at https://artion.gr/wp-content/uploads/2024/04/ARTION-PROFILE-corrected-me-allinial.2024.pdf
3. WHAT DO WE PROCESS
Personal Data (PD) is any information through which your identity as a specific natural person can be verified, directly or indirectly.
We, as a matter of obligation, process (i.e.: collect, manage, store, delete) PD in the course of carrying out our business functions and, often, in the context of our compliance with laws and regulations.
You (as an individual) are not obliged to provide us with the PD we may request from you but, in the event of your refusal, we may not be able to provide you with services or respond to your requests consistently, promptly and with quality.
When you call us, send us an e-mail-postal-fax, visit our website, ask questions, register as a subscriber, request our cooperation or do business with us, we may or should ask you for Personal Data (PD) depending on the nature of the relationship between us.
You may also choose to voluntarily provide us with additional PD (such as in the case of sending a CV) or additional information (such as tax or commercial information) as part of your information or to explore cooperation.
Also, if you choose to register or log in to the ARTION website using a third party registration service that authenticates your identity and links your social media login information (e.g. LinkedIn, Google or Twitter) to ARTION, we collect any information or content needed to register or log in that you have given the social media provider permission to share with us, such as your name and email address. The collection of other information may depend on the privacy settings you have established with the social media provider, so please review the privacy statement or policy of the relevant service.
By registering and/or submitting your personal data to ARTION, you also consent to the use of that data in accordance with this Privacy Policy. Your personal data will not be used for any other purposes unless we obtain your permission, or unless required or permitted by law or professional standards. For example, if you register on the ARTION website and provide information about your preferences on the ARTION website, we may use your personal information to provide you with information about your preferences. When you submit your CV to us in order to apply online for a job at ARTION, we will use the information you provide to see if you meet ARTION’s existing job opportunities. In some cases where you have signed up for certain services, we may temporarily store your email address until we receive confirmation of the information you provided via email ((i.e. by sending an email to the email address you provided as part of your registration to confirm your registration request).
4. HOW WE COLLECT THE PERSONAL DATA WE PROCESS
Information (personal data) may be collected in a number of ways. Indicative examples:
- Information you disclosed to us during your communication with us (e.g. by email or telephone) for any information or updates.
- Information we receive from your use of our services (e.g. participation in a seminar).
- We use various types of technologies to collect and store information, including the use of Cookies.
- When you visit and interact with our website, certain information may be automatically collected, such as: your computer’s Internet Protocol (IP) address, browser type or operating system. The aim is to calculate the number of visitors to our website and the effectiveness of communication. We do not manage or process geolocation data.
- You wanted to attend or attended one of our events.
- You have subscribed to our e-newsletter.
- You have expressed an interest in hiring or working with us.
We also receive personal information indirectly, in the following scenarios:
- From our partner organisations.
- An employee of ours gave us your contact information.
- We may use information from advertising networks, our customers or third parties to inform you about issues that may be of interest to you.
- Personal information about the individual is available to the public, (e.g. chambers of commerce).
When you contact us, we keep a record of our contact messages so that we can resolve any requests you may have. We do not allow access to your information to unauthorized entities, especially without your consent.
In some cases, our customers or partners provide us with access to the data of their customers, suppliers or third parties (who may be natural persons) as part of the relationship between us. In these cases, our Company acts as a “Processor” of personal data. Consequently, in these cases, different provisions of GDPR 679/2016 apply, with which we comply.
5. HOW WE USE THE PD
We keep your personal data only for as long as necessary, depending on the purpose of the processing and this Privacy Policy.
For example, we may need to use your PD to respond to your complaints or queries about our services and therefore we may retain personal data for a reasonable period of time after the service provided (e.g. period of potential claims). We may also need to retain your personal data for accounting purposes (the retention period is defined by legislation relating to tax authorities or financial units).
If we no longer need PD, we delete them or make them anonymous by removing all the details that identify you.
We use (process) the information we collect, as described above, only for a specific purpose. In addition, we use your data when there is a legal basis for processing it, and for the purpose of, but not limited to:
- provide you with our services;
- contact you to let you know about new services that may be of interest to you;
- process your payment or prevent or detect potential fraud;
- answer any questions you may have asked us;
- defend our legitimate interests.
Where we use your personal information for direct marketing purposes, promotional communications about new services or other offers that we believe may be of interest to you, you have the opportunity to exercise your rights (see Section 8) by informing us that you do not wish to receive such communications from us in the future (see Section 10). Indicatively, our ways of communication in this context are:
- sending printed information material only for a specific purpose related to our services;
- sending electronic information material (newsletter) only for a specific purpose relating to our services;
- sending a customer satisfaction questionnaire for the purpose of improving our services.
6. HOW LONG WE KEEP YOUR PERSONAL DATA
The retention period (storage) of personal data depends on the legal basis of the processing (lawfulness of processing), such as:
- In the case where the lawfulness of processing is the exercise of legitimate interest, the processing of personal data will be carried out for as long as it is deemed necessary for the pursuit of the Company’s intended purpose and for as long as it is still required until the limitation period of any relevant claims has expired.
- In case where personal data is provided consensually by the individuals themselves, e.g. in the context of registration for the website services, we will retain your data for as long as we maintain a contractual relationship with you (both in paper and electronic form) or until the consent given is withdrawn. If, for whatever reason, consent is withdrawn, we will keep it for as long as it is still required until the limitation period for any relevant claims has expired.
- If we have asked your permission (consent) to process your personal data and we have no other legitimate grounds to continue this processing, and you withdraw your consent, we will delete your personal data. However, where you unsubscribe (e.g. from marketing communications or the newsletter), we will retain your email address to ensure that we do not send you any forms in the future.
- Where the legal basis of processing is for the performance of a contract or to take action at your request prior to entering into a contract, then we will retain your data for as long as you maintain a contractual relationship with us or for as long as we are required by law to do so, or we will retain it for as long as is still required until the limitation period for any relevant claims has expired.
- For security reasons, a CCTV system with two cameras is in operation at two of the Company’s offices (processing is necessary for the purposes of the legitimate interests pursued by the controller). The data is kept on the recorder for less than 14 days. An impact assessment study has been carried out and found negligible risk.
7. WITH WHOM WE SHARE YOUR PD
We do not disclose or share PD with other companies, organisations and individuals for the purpose of direct or indirect advertising and communication.
We disclose or share PD with third parties in the following circumstances:
- With your consent: we share PD with companies, organisations and individuals when we have your explicit consent.
- For external processing: We provide PD to our external partners and to companies or individuals we trust to process them for our own use and in accordance with our Privacy Policy and appropriate confidentiality and security measures, as required by Regulation EU 679/2016.
- For lawful purposes: We share PD with relevant public authorities when required and for the purpose of complying with laws, regulations, etc.
- In the context of scientific research: We may provide anonymized PD in the context of scientific or statistical studies.
- For the purposes of the legitimate interest we pursue: We may share PD with shareholding affiliated companies, taking all measures required by data protection and security legislation. In this context, data may be transferred to courier companies or financial institutions (e.g. to complete a contract).
8. YOUR RIGHTS
Our customers, users of our services, visitors to our website and natural persons who have some kind of cooperation with us have, under the Regulation on the Protection of Personal Data, the following rights (which should not be contrary to the relevant legislation).
Your rights, in relation to PD, are:
- Information and access to personal data: you have the right to receive clear and understandable information about how your personal data is used and your relevant rights. This Privacy Policy provides you with relevant information.
- Right of access & rectification: You have the right to access, correct or update your personal data at any time.
- Right to data portability: You may receive the PD you have provided to us, in a structured, readable and interoperable format, and transfer it to another organisation. This right is given to you where your personal data has been provided under your consent or in the performance of a contract.
- Right to erasure PD: You have the right to request that we delete hyour personal information in certain circumstances. You may always exercise your right in accordance with the requirements of the relevant legislation (e.g. you cannot request deletion of PD where employment law or tax authorities require to be kept for a longer period of time).
- Right to restrict processing of PD: You have the right to ask us to restrict the processing of your PD in certain circumstances, including processing for direct marketing.
- The right to complain to the Independent Authority for the Protection of PD http://www.dpa.gr or to any national Data Protection Authority about how we process your personal data.
- Right to withdraw your consent: If you have given your consent to our processing of your PD, you have the right to withdraw your consent at any time (if yuou do so, this will not affect the lawfulness of the processing we have already done for as long as we have had your valid consent up to the date of withdrawal). You can withdraw your consent to our processing of PD at any time by contracting us at the details listed on section 13.
If such a request is considered unfounded or excessive, a “reasonable cost” may be requested to deal with the request or even rejected. In either case, the decision will be justified.
On how to exercise your rights, see Section 10.Further information and advice on your rights can be found on the website of the Hellenic Data Protection Authority (http://www.dpa.gr/) or any national data protection authority in your country.
9. OUR OBLIGATIONS
Among our obligations is the principle of accountability, with regard to the principles governing the processing of PD (legitimacy, objectivity and transparency, purpose limitation, minimization of PD, accuracy of PD, retention period limitation, security, integrity, and confidentiality).
We process PD only if one of the following legal conditions (legal basis) applies. We determine the legal basis, for the processing of PD, depending on the purpose for which we have collected and used your personal data. In each case, the legal basis (lawfulness of process) may be:
- CONSENT: the data subject (you) has consented to the processing of PD (e.g. you have given your consent for us to send you newsletters). You can withdraw your consent to the processing of PD at any time by contacting us at the details provided in section 13.
- CONTRACT IMPLEMENTATION: where the processing of PD is necessary for the implementation of a contract to which the natural person (you) is a party or to take steps at the request of the natural person prior to entering into a contract.
- LEGISLATIVE COMPLIANCE: where processing is necessary for us to comply with legal requirements (e.g. labour or tax legislation).
- OUR INTENDED INTERESTS: processing is necessary for the purposes of the legitimate interests we pursue unless your interest or fundamental rights and freedoms as a natural person prevail. Where it is necessary to understand our customer, to promote our products/services and to operate our websites and apps effectively. For example, we will rely on our legitimate interest when analysing the content viewed on our websites and apps to understand how they are used. It is also in our legitimate interest to conduct marketing analyses to determine which products and services may be relevant to the interests of our customers and potential customers.
In addition, we implement appropriate technical and organizational measures to protect the Company and our partners from unauthorized access to or alteration, breach or destruction of the PD in our possession.
Specifically:
- We encrypt many of the PD necessary for the provision of our services
- We control data collection, storage and processing practices, including physical security measures, to protect against unauthorized access to systems and processes.
- Access to PD is restricted and controlled, and those with access are subject to strict contractual confidentiality obligations.
- Where external partners (for maintenance or support purposes) potentially have access to PD, relevant annexes to existing cooperation contracts or NDAs cover the requirements of the Regulation.
- A set of documented instructions, procedures, forms, etc. contributes to the implementation of the relevant legislation.
Throughout the entire processing cycle (from collection to destruction of PD) we take appropriate technical and organisational measures to ensure the confidentiality, integrity and availability of PD. We require similar measures from third parties that handle or process PD on our behalf.
Our services and website are not directed to children under the age of 16. We do not knowingly process PD of children under the age of 16.
However, the transmission of information over the internet is not completely secure. Although we will do our best to protect your personal data as part of our partnership, we cannot guarantee the security of the PD at the stage of transmission, and therefore you provide it at your own risk.
10. ACCESS TO YOUR INFORMATION
Within the framework of the rights granted to you by the Data Protection Regulation, you can request the updating, correction or restriction of processing or deletion of your own PD (see your rights in Section 8).
You can exercise your rights by sending an email to [email protected]
requesting a Subject Access Request (SAR) form, completing it and sending it to us. We are obliged to reply to you within one month of receiving your request.
11. COOKIES POLICY
INFORMATION
At ARTION we think it is important that you know what cookies we use on our website and why we use them. Our aim is to provide you with the right information and the best browsing experience on our website.
Why do we use cookies
We use Cookies to improve the operation of the www.artion.gr, to ensure proper browsing, easy login and smooth navigation on its individual pages. At the same time Cookies allow us to present promotional & educational content relevant to your interests and needs.
Cookies also help us to analyse how visitors use our website, how they navigate and where they struggle. In this way we can continually optimise the operation of the site and address any problems that may arise.
All information collected from these cookies is only used to improve the experience, structure and content of the www.artion.gr.
What are cookies
Cookies are pieces of information in the form of very small text, stored in the browser you use on your PC, on your Smartphone & tablet (Chrome, Mozilla, Firefox etc.), helping our website to function more efficiently. Cookies in no way cause damage to users’ computers or to the files stored on them. The information stored in Cookies is used for identification & optimization purposes.
CATEGORIES OF COOKIES
1) Necessary Cookies
They allow the execution of basic functions of the website; without these absolutely necessary Cookies the smooth operation of the website is directly affected but the personal navigation experience is also degraded as basic functions are underperforming.
2) Performance cookies
Performance Cookies collect information about how visitors use the website. They allow us to see which pages they visit most often or show us if they experience a problem while browsing. These cookies do not collect information that identifies the visitor. All information collected by these Cookies is aggregated and used only to improve the way the site works.
3) Functionality Cookies
These cookies “remember” your preferences when you browse our site, so that we can recommend the appropriate services based on your needs. With these Cookies you enjoy a personalised version of the site, making it much easier to find what you are looking for.
4) Advertising Cookies
These Cookies are used to provide advertisements more relevant to you and your interests. They are also used to send targeted advertising or offers in order to reduce bulk, unwanted and meaningless advertising messages. They also help us measure the effectiveness of advertising campaigns.
5) Cookies Analytics
These are a subset of the Functionality Cookies and enable us to evaluate the effectiveness of the various features of our website so that we can continually improve the experience we offer you.
Specifically:
Third party vendors, including Google, may display Company advertisements on internet sites.
Third party vendors, including Google, may use cookies to inform, optimize and display advertisements based on a user’s previous visit to our website www.artion.gr.
Our www.artion.gr website may also utilize cookies from your previous visit for re-marketing.
Users can opt out of such use of cookies by Google, here.
You can set your browser to notify you each time before a cookie is downloaded and you can decide whether to accept or reject it. In this case, please note that you may not be able to use all of its features.
Our website www.artion.gr may use Google Analytics features for display advertising (e.g., re-marketing, Google Display Network reports, Doubleclick Campaign Manager integration, and demographic and interest reporting).
visitors can opt out of Google Analytics for display ads and customize Google Display Network ads.
Using Ad Settings, Ad Settings, visitors can opt out of Google Analytics for display ads and customize Google Display Network ads.
Here are the Google Analytics opt-out options for the web.
Our website www.artion.gr complies with the Google Adwords Interest-Based Ads Policy and restrictions for sensitive categories .
Our website www.artion.gr uses iterative marketing with Google Analytics for web advertising.
Our www.artion.gr website and third-party vendors, including Google, use both an Original Manufacturer Cookie (such as the Google Analytics Cookie) and a Third-Party Cookie (such as the DoubleClick Cookie) to update, optimise and serve ads according to some users’ previous visits to our www.artion.gr website.
Our www.artion.gr website and third-party vendors, including Google, use both an Original Manufacturer Cookie (such as the Google Analytics Cookie) and a Third-Party Cookie (such as the DoubleClick Cookie) to run reports on how Artion’s ad impressions, other uses of advertising services, and interactions with those ad impressions and advertising services are related to visits to our www.artion.gr website.
Our website www.artion.gr
may use data from Google’s interest-based advertising or third-party audience data (such as age, gender and interests) with Google Analytics.
We reserve the right to change this Cookies policy at any time. Please see at Section 1) when this Policy was last revised. Any changes to this Policy will be effective once the revised Policy is made available on our website at www.artion.gr.
Third party advertisers and other businesses we partner with may use their own cookies to collect information about your activities on our www.artion.gr website. We do not control these cookies.
12. LINKS TO OTHER WEBSITES
Where we provide links to other organisations’ websites, this Privacy Policy does not cover how the other organisation processes personal data. We encourage you to read the privacy policy of the other website you are visiting
13. CONTACT US
ΑRTION S.A.
For the Attention of the Data Protection Officer
9, Pournara, GR 151 24 Marousi Attiki
Tel. +30 210 6009062
Fax +30 210 6395971
Monday-Friday: 8.00-20.00