Personal Data Protection and Privacy Policy

Contents 

1. Introduction 

2. Definitions 

3. General Terms and Conditions for the Protection of Personal Data 

4. Data we collect 

5. Data we collect automatically 

6. Cookies 

7. When we delete your data 

8. Underage Users 

9. Who we share personal data with 

10. Purposes of Processing 

11. Legal Basis 

12. Security 

13. Data retention and deletion 

14. Your rights 

15. Processing Manager 

16. Data Protection Officer (DPO) 

17. Changes in Policy 

18. Acceptance of the Terms 

19. Final provisions 

1. Introduction 

Protecting your personal data is not just a legal obligation for us. It is an ethical commitment and a key objective of our Company. We fully respect your rights and make every effort to provide you with complete and effective information. Our priority is to ensure that the information you share with us is fully protected. For this reason, on the one hand, we are particularly demanding with regard to the privacy policy and the conditions for recording personal data, and on the other hand, we are always at your disposal for any questions, clarifications or comments regarding the protection of your personal data. 

We hereby inform you about the data we process and store when you use our website and how we use this data. 

By accepting this privacy policy, you agree to the collection, processing and use of personal data by the Company, in accordance with the General Data Protection Regulation (EU) 2016/679 (hereinafter GDPR), the national legislation (Law 4624/2019) and the following privacy policy. 

Please read this policy carefully to understand how and why we collect, use and store your personal data. 

You can generally visit the CARISMED website without us requiring your personal data, apart from your IP address, which is automatically collected and is necessary to establish the temporary “connection” of a terminal to any website. The rest of your personal data is only acquired if you provide us with this data, for example, when you register on the website in order to receive updates (newsletter), participate in a branded survey or enter into a contract. 

The processing of the personal data of the users of the website is governed by the following terms, by the relevant provisions of the applicable legislation on personal data for the protection of the individual from the protection of personal data, the instructions and regulatory acts of the Personal Data Protection Authority. 

2. Definitions 

Personal Data is information or a combination of information that can directly or indirectly lead to the identification and identification of a person. This means that personal data includes information such as email address, home address, telephone number, photographs, personal preferences and shopping habits, financial information and welfare information. They may also include unique numeric identifiers such as your computer’s IP address, as well as cookies (see below). 

Processing of personal data is any operation or set of operations which is performed on personal data, such as the collection, recording, organisation, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure to third parties, dissemination, association, combination, restriction, erasure and destruction of personal data of natural persons. 

A personal data breach is a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access of personal data transmitted, stored or otherwise processed. 

Controller is the natural or legal person, public authority, agency or other body that determines the purposes and means of the processing of personal data. 

Processor is the natural or legal person, public authority, agency or other body that processes personal data on behalf of the Controller. The Processor shall process the data on behalf of and in accordance with the instructions of the Controller and shall not take decisions in relation to the means and purpose of processing, but shall comply with the protection framework set by the Controller. 

A third party is any natural or legal person, with the exception of the data subject, the controller, the processor and persons who, under the direct supervision of the controller or the processor, are authorised to process personal data. 

3. General Terms and Conditions for the Protection of Personal Data 

The processing of your personal data is confidential and CARISMED takes all reasonably necessary technical and other means to ensure the confidentiality of such processing. Access to your personal data is only available to the authorized, where applicable and depending on the purpose of processing, personnel of CARISMED, as well as authorized third parties. 

The data we store and analyze are used for statistical purposes only (indicatively, in order to constantly improve our website and its content). The data stored in our files are the name of the Internet service provider you use, the website from which you visited the CARISMED Website, the individual pages of the CARISMED Website that you browsed, your IP address, as well as the date and duration of your browsing the Website. 

4. Data we collect 

Personal data is information that can directly or indirectly lead to the identification of the person, such as name and surname, address, telephone number, date of birth, location data or e-mail address. We collect, process and store personal data so that we can provide you with our services. 

The data we may collect, always with your consent, are the following: 

• Full name 
• E-mail address 

• Contact telephone (mobile or landline) 
• Address residence 
• Country of residence and language 
• Date of birth 
• Category of occupation 

• Results of questionnaires you have agreed to answer or information submitted to us by you when you participated in a survey 
• Records of contact with you whether by phone, email, social media or any other means 
• Information that may be automatically collected by your computer system, such as IP address, operating system, browser type and other technical information. 

To give a visual overview of the details, we use tables, which allow us to inform you in a transparent, understandable and easily accessible way in simple and understandable language. Below we present the data we collect. As there are different types of data, we have grouped them into categories to make the presentation easier to understand. 

When you visit the website	Time, date, duration of visit, user’s place of origin, IP Address and other data related to the connection protocol. This information is collected to inform us about your visit to the website. We limit the collection of data to the strictly necessary, in order to achieve compliance with the principle of data minimisation.
When you register on the website to receive our newsletter, i.e. when you “Subscribe”	Email address (email)
Every time you contact us in any way (by email, by phone, by using the contact form)	Full Name, Phone, Email This information is necessary so that we can respond in a timely and effective manner to your comments, complaints and queries, and to provide you with adequate information about our services. The above data, in the event that we contact you in the context of resolving a dispute or in relation to questions, comments and observations you have addressed to us, are retained as provided in Section 13.

5. Data we collect automatically 

When you use our website, we also collect information automatically, some of which may constitute personal data. These include items such as: 

• language settings, IP address, location, device settings, device settings, device operating system, activity data, time of use, redirect URL, status report, user information (information about browser version), operating system, browsing result (single visitor or registered visitor), browsing history, type of data viewed. 
• pixel tags (pixel tags, web beacons, GIFs or similar tools) used to measure the volume of use of a website and statistically increase response rates. Pixel tags allow us to measure the number of users visiting specific secondary pages of a website and helps us to calculate and optimize its performance. 
• data collected with e-tracker technologies, which are not used for the personal identification of the visitor to the website and are not consolidated with personal data about the bearer of the pseudonym without the explicit and clear consent of the person concerned. 

If you want to browse anonymously, you need to make the appropriate settings in your browser. 

6. cookies 

CARISMED uses devices (cookies) in order to carry out or facilitate the transmission of a communication between itself and the user, through the electronic communications network. These provisions (cookies), if you have accepted their use when you enter our website, are small text files that are stored locally in the cache of your internet browser. Cookies make it possible to identify your internet browser, but without taking note of any document or file from your computer. 

From this data, pseudonymised profiles are created for use. Cookies or pixel tags can be used. This data is collected anonymously to be used for marketing purposes and to optimise our services. All visitor data is stored using an anonymous user ID and can be aggregated into a usage profile. Cookies may be used to collect and store this data, but the data remains strictly anonymous. The data will not be used to personally identify a visitor and will not be aggregated with personal data. The collection and storage of data can be refused at any time during the use of the website. 

This website uses the following cookies in order to carry out or facilitate the transmission of communication between us on the internet: 

Necessary cookies: necessary cookies enable users to browse the website and use various functions. 

Performance cookies: performance cookies collect information about users’ browsing behaviour. Thus, they help to improve the functionality of the website and to find the programs and services that users are most interested in. We use performance cookies in order to (i) extract statistics on how our website is used; and (ii) evaluate the non-personalized behavior of users in order to improve our website. 

Google Analytics: we use the service “Google Analytics” in order to evaluate how visitors interact with this website. For this purpose, Google Analytics uses cookies, which store information such as the time and frequency of the visit, as well as the source that led the user to the specific website. 

You can configure your computer’s browser in such a way that it either warns you about the use of cookies in certain areas of this website or does not allow the acceptance of the use of cookies in any case. 

7. When we delete your data 

We delete your data after the purpose for which we collected it has been completed. The exact deletion rules are described in Section 13 on Data Retention. Different rules apply depending on the purpose of the processing. The data collected shall also indicate the time period of deletion applied. When the storage period expires, the data is deleted accordingly. 

We delete your personal data at your request in the following cases: 

(a) if you have registered on our website to receive notifications and updates (newsletter) by email, your personal data will be deleted if you choose to unsubscribe from the newsletter via the “unsubscribe” option. 

(b ) if you notify us of your wish to exercise your right to be forgotten in accordance with Article 17 of the GDPR, requesting us to delete all your personal data that we have stored. 

8. Underage Users 

CARISMED restricts the use of this Website to adult users only. Our intention is not to collect personal data of minors who may have access to its website, in violation of the above. 

However, since this cannot be ensured/confirmed by CARISMED, any underage users of the website who transmit, through the website, their personal data to CARISMED, are required and expected to have obtained the consent of their parental guardians or guardians, if any. It is recommended that adults exercise proper supervision of minors under their responsibility when they are browsing the Internet and especially this Website. 

9. Who we share personal data with 

The confidentiality of the data of visitors to our Company’s Website is an inviolable rule for us. For this reason: 

– Any registration and processing of your personal data is done strictly on behalf of CARISMED only by the absolutely necessary personnel and partners of the company, who are bound by confidentiality. Your data is not transmitted or otherwise shared with unauthorized third parties. 

– We do not use service providers to process your personal data. 

– With regard to any hyperlinks that may be included on our website, if they are provided by third parties, this privacy policy does not apply, but the respective privacy policy of each website applies. 

– In the event that our data sharing policy changes for any reason, we will update this privacy policy, which you will find posted on our website at all times, and we will inform you of any significant changes in any appropriate and necessary way. 

In accordance with the Personal Data Protection Regulation, we are obliged to disclose personal data to public or judicial services or Independent Authorities, if it is required by a provision of law or a prosecutor’s order or a court decision/order, to the extent required by law or strictly necessary for the prevention, detection or prosecution of criminal offences and fraud. 

In principle, our Company does not transfer your personal data to third countries (outside the EU or the EEA) or international organisations that do not ensure an adequate level of protection (based on an adequacy decision, etc.). Any transmission follows and complies with the relevant provisions of the applicable legal framework, in particular Art. 44 et seq. GDPR. 

10.Purposes of Processing 

We use your personal data solely to provide you with our services in an optimal way and to achieve our statutory purposes. We are able to assure users of our website that we constantly make every effort to safeguard your data in the most optimal and effective way. 

Thus, the processing of your data by CARISMED is done for the following purposes: 

• Improving our services: we store and process the data you provide us as a visitor to the website in order to extract statistical results regarding the users of the website and our services. This way we can make targeted improvements to our services and the content of our website. You can always as a visitor to the website limit the data you provide us to the minimum data required for browsing the website. 
• information about our actions: we register the contact information you provide us with in order to inform you about new actions, programs and services that we believe may be of interest to you. You can in any case refuse to receive such messages, either by selecting the “unsubscribe” option or by sending an email to ……………………. 

• other communications: there may be times when we will contact you by email, post, telephone or text message, depending on the contact details you have shared with us. 
• security, fraud detection and prevention: we use the information, which may include personal data, to prevent fraud and other illegal activities. We also use this information to investigate and detect cases of fraud. We may also use personal data for risk assessment and security purposes, including user authentication. 
• legal proceedings and compliance: in some cases we may need to use the information provided, which may include personal data, to manage and resolve legal disputes or complaints, for regulatory investigations and compliance or to enforce the agreement(s) or to comply with lawful requests from law enforcement authorities, to the extent required by law. 

In particular, the actions below are related to our purposes and our online presence:  

• in order to ensure that our website works in the most efficient way on all your devices. 

• in order to comply with our obligations arising from a contract with you and to comply with our obligations under the law. 
• to invite you to participate in interactive activities through our website. 
• to invite you to participate in events that we organise in a physical or online space and then to contact you if you register for the event. 
• to ask you to participate in surveys we are organising. 
• to contact you in order to settle any disputes that may have arisen between us. 

• to notify you of any changes to our terms of use. 
• to satisfy any legitimate interests we may have. 
• exceptionally in the following cases: (i) when required by law (e.g. security and prevention of illegal activities), (ii) where it is necessary in order to establish, exercise or defend our rights and legitimate interests; and (iii) where it is necessary to safeguard your vital interests or the vital interests of any other natural person. 

11.Legal Basis 

We only collect personal data when it is absolutely necessary and the purpose is legitimate and has been previously identified. 

The legal basis for the processing may vary from time to time, but it can usually be summarised as one of the following: 

• you have given us your free and express consent, 
• there are legitimate interests that do not conflict with your rights, 
• we aim to meet obligations under a contract between us and 
• we have a legal obligation to collect and process your personal data (e.g. obligation under tax law etc.). 

12. Security 

CARISMED makes every effort and implements reasonable procedures to prevent access to and misuse of information, including personal data. We use appropriate systems and procedures to protect information that includes personal data. We also implement security procedures and technical and physical restrictions on access and use of personal data on our servers and conduct regular internal audits and inspections to ensure the security of information. These measures are reviewed and modified when necessary to ensure that your personal data is kept more secure. 

Only authorised personnel are allowed to access personal data in the course of their work. 

Our site has an SSL certificate installed to encrypt and secure your personal and browsing data. 

13. Data retention and deletion 

We retain your information, which may include personal data, for the minimum period of time we deem necessary to provide you with our services, to comply with applicable laws, to resolve disputes with various parties and as otherwise necessary for the purposes of our business, including the detection and prevention of fraud or other illegal activities. All personal data we hold is subject to this Privacy Policy. In particular, we process and store your data: 

• when you use our website as a user. The data you provide us with is kept for as long as necessary to enable us to extract the statistical results for which you have consented to process your data – 
• when you use our services as a contractor, your personal data is retained throughout the duration of our contractual relationship and until the completion of the financial and other obligations arising from it, and for twenty (20) years from the completion of our cooperation, whether you are an individual (natural person) or a company (legal entity), i.e. the period of time necessary under the law for the limitation of any related claims; 
• when you contact us to submit a query or request, your personal data will be retained for the entire period required to process your query and manage your response to it; 
• when you have subscribed to our newsletter, in order to receive notifications and updates by email, your personal data will be kept until you choose to unsubscribe from the newsletter via the “unsubscribe” option; 

• some of your personal data may be retained to enable our business to comply with its legal or regulatory obligations and to enable it to administer its rights (for example, to bring claims before the courts). Where there is a legal obligation to keep your data, it will not be used for any other purpose. 

If you have questions about a specific retention period for certain types of personal data, please contact us at the contact details below. 

14. Your rights 

You have the right to receive free of charge specific information about the data that CARISMED has stored about you. In addition, the GDPR and national law give you the following rights: 

1. Right of Access : The right to know what personal data we collect and how it is processed (Article 15 GDPR) 

2. Right to rectification of personal data : The right to update your personal data in the database (Article 16 GDPR) 

3. Right to be forgotten: you can request the deletion of all your personal data (Article 17 GDPR) 

4. Right to restrict processing: you can restrict the processing of personal data (Article 18 GDPR) 

5. Right to portability: you can request the transfer of your data in an editable format (Article 20 GDPR) 

6. Right to refuse processing: you may at any time withdraw your consent to the continued processing of your personal data. (Article 21 of the GDPR) 

7. Right to lodge a complaint with the supervisory authority: you may lodge a complaint against CARISMED with the Data Protection Authority or any other authority designated by the Greek state or the supervisory authority for personal data of any EU Member State in which you have your habitual residence. 

15. Processing Manager 

The Data Controller, i.e. the legal person that determines the purposes, conditions and manner of processing of personal data, is exclusively CARISMED. 

For the purposes of this privacy policy, you may contact the data controller at the following email address …………… if you wish to object to the collection, processing or use of your personal data by CARISMED, in accordance with applicable data protection legislation and this privacy policy. 

16. Data Protection Officer (DPO) 

The Data Protection Officer (DPO), i.e. the person who facilitates CARISMED’s compliance with the provisions of the General Data Protection Regulation and mediates between the various stakeholders (e.g. supervisory authorities, data subjects), is defined as ………………………. 

For the purposes of this privacy policy, you may contact the Data Protection Officer (DPO) at the following email address: ………………………………………… if you wish to object to the collection, processing or use of your personal data by CARISMED in accordance with applicable data protection legislation and this Privacy Policy. 

17. Changes in Policy 

We reserve the right to amend this privacy statement to comply with any legal or regulatory obligations. In addition, as the Company and our business are constantly evolving, this Privacy Policy may change. If you would like to see changes made from time to time to this Privacy Policy on the use of Cookies, please visit the Privacy Policy to view them. If we make material changes or changes that affect you, we will contact you by any appropriate and necessary means. 

18. Acceptance of the Terms 

The use of the services of this website implies the unconditional acceptance of the terms of the privacy policy. 

19. Final provisions 

The protection of personal data is important to us. We will take the necessary technical and organisational measures to protect data. Please remember that you are the owner of your data. The less information you provide, the more control you have. For example, if you want to browse anonymously and do not want your browsing behaviour to be evaluated, you should make the appropriate settings in the browser. 

If we use service providers, we should mention: “the service providers cooperating with us who process your data as Processors, on our behalf and in accordance with our instructions, have agreed and contractually committed with our Company to maintain confidentiality, not to send data to third parties without our permission, to take appropriate security measures and to comply with the legal framework for the protection of personal data”.