Statement of the Controller "Regarding the Protection of Personal Data"

Increasing economic and scientific collaborations, as well as mutual provision for data processing services, have resulted in the exchange of personal data, a trend reinforced by the ever-increasing use of modern telecommunications.

For these reasons, it is necessary that the data is processed with care.

The Controller declares that compliance with the principles governing the protection of data for their processing is its purpose, as it is committed to respecting the individual rights and privacy of individuals. The Data Controller handles personal data with special care and always in accordance with Regulation EU 2016/679, the applicable National Law and the applicable legislation.

For the purposes of this Directive, the following definitions shall apply:

DataSubject: any natural person whose personal data are processed by or on behalf of the Company

PersonalData: any information in relation to an identified or identifiable natural person concerning his physical, physiological, psychological, emotional or economic situation, cultural or social identity.

Processing: processing of personal data ("processing"), any task or series of tasks carried out on personal data, such as, but not limited to, collection, registration, storage, modification, analysis, use, association, blocking, erasure or destruction.

1.Data Controller and YPD
The Data Controller is EMMANOUIL MICHELOUDAKIS, MOTORIST, based in Kalesa Heraklion, 715 00, with vat number 055430273, tax office of Heraklion, and e-mail: ("Data Controller").

2. The Data we process
With your consent, we process the following common and sensitive personal data that you provide when you interact with the Website www. and use the services and functions it provides. These data include in particular the first and last name, contact details, address and content of your specific requests, updates or reports, as well as the additional data that the Data Controller may obtain, including from third parties, in the course of conducting its business activity ("Data").

In order for us to be able to fulfill the requests you make through the contact form and/or to provide updates on side effects, it is necessary that you consent to the processing of data marked with an asterisk (*).

Without this mandatory data or your consent we cannot go any further. On the contrary, the information requested in fields that are not marked with an asterisk and your consent to receive informational material is optional and failure to provide it has no consequence.

In any case, even without your prior consent, the Data Controller may process your data to comply with legal obligations arising from eu laws, regulations and law, to exercise rights in court proceedings, to exercise its own legitimate interests and in all cases provided for, where applicable, articles 6 and 9 of the GDPR Regulation.

The processing is carried out both using computers and in printed form and always entails the application of the security measures provided for by the applicable legislation.

3.Why and how we process your data
The data are processed for the following purposes:

to handle the requests you submit with the "Form", to contact you afterwards or to provide information through it. The legal basis for processing personal data for this purpose is your consent (Article 6(1)(a) and Article 9(2)(a) of the GDPR) and the performance of the contract to which you are a party as a data subject;
to manage adverse reaction reports submitted through the Site or Forms; The legal basis for the processing for these purposes is your consent (Article 6(1)(a) and Article 9(2)(a) of the GDPR), as well as the pursuit of any public interest (Article 9(2)(i) of the GDPR) and legal obligations;
in addition, but only with your optional consent which is the legal basis for the processing pursuant to Article 6(1)(a) of the GDPR:

to receive promotional material (direct marketing) from us;
By selecting the appropriate boxes you agree to the processing of your data for these purposes.

Your data may in any case be processed, even without your consent, for reasons of compliance with laws, regulations, EU law (Article 6(1)(c) of the GDPR Regulation, for the purpose of obtaining statistics on the use of the Website and its proper functioning (Article 6(1)(f)) of the Regulation).

Personal data is entered into the Data Controller's IT system in full compliance with data protection legislation, including security and confidentiality profiles, and is based on principles of good practice, lawfulness and transparency regarding processing.

The data shall be stored for as long as is strictly necessary to achieve the purposes for which it was collected. In any case, the criterion used to determine this period is based on compliance with the deadlines set by law and on the principles of data minimization, storage limitation and rational management of records.

All your data will be processed in printed or automated means, ensuring in any case the appropriate level of security and confidentiality.

4.Principles applicable to processing
We are allowed to process your personal data in order to provide personalized services, in accordance with the law (Article 6(1b) of Regulation (EU) 2016/679) and the relevant National Implementing Law. Your personal data is not used for purposes other than those described in the Statement, unless we obtain your prior permission, or unless this is required or permitted by law.

Personal data are processed in a manner compatible with the purpose for which they were collected.

The principle of proportionality applies to the processing of personal data. Among other things, it creates the obligation not to collect personal data unneeded.

The personal data used should be accurate and up-to-date.

Personal data used, which is no longer accurate and complete, should be corrected or deleted.

Except in cases where by law there is an obligation to keep them for a longer period of time, personal data are not kept for a longer period of time than is necessary for the purposes for which they were collected or processed.

The processing of personal data is carried out in accordance with the principles of good faith. This means that data subjects can rely that processors will show proper care in all data processing matters.

Subjects whose personal data have been processed will be informed accordingly, if they so request. In particular, they have the right to be informed of the purposes for which their data are processed, the type of data they concern, as well as the identity of the data recipients. Where necessary, data subjects also have the right to request the rectification, non-transfer or erasure of their data.

The above rights may be limited only if such limitation is provided for by law. This is the case, in particular, when carrying out scientific research.

In particular, personal data are protected against unauthorized disclosure and any unlawful processing thereof. The measures put in place ensure a level of security commensurate with the nature of the data to be protected and the risks that may arise from their processing.

The controller is responsible for the compliance and application of EU Regulation 2016/679 and the National Implementing Law.

Our employees involved in the processing of personal data are accordingly informed and trained. The procedures for the processing of third-party personal data by agreement shall be set out in writing, having ensured that the third party party processes the personal data in a secure manner and that it complies with the principles set out in this Statement and the GDPR EU. In the event that the third party is found unable to ensure a satisfactory level of security of personal data, we will terminate the cooperation.

5.People who have access to the data
The Data are processed by electronic and manual means in accordance with the procedures and practices related to the aforementioned purposes and are accessible to the staff of the Controller who are authorized to process the Personal Data and the supervisors and in particular the employees belonging to the following categories: technical staff, Information and Network Security personnel and administrative staff, as well as other staff members who need to process the data to carry out their tasks.

The Data may also be shared with countries outside the European Union ("Third Countries"): i) with institutions, authorities, public bodies for institutional purposes; ii) to professional, independent consultants - whether they work individually or collectively - and other third parties and providers who provide the Data Controller with commercial, professional or technical services required for the operation of the Website (e.g. provision of IT services and Cloud Computing) for the purposes mentioned above and to support the Controller in providing the services you have requested; (iii) third parties in the case of mergers, acquisitions, transfers of undertakings or branches thereof, audits or other exceptional transactions;

The mentioned recipients receive only the necessary data for their respective functions and duly undertake their processing only for the purposes mentioned above and in accordance with data protection laws. The Data may also be shared with the other lawful recipients identified from time to time by applicable laws.

With the exception of the above, the Data will not be disclosed to third parties, natural or legal persons, who do not perform commercial, professional or technical duties for the Controller and will not be disseminated. The persons who receive the data will process them, as the case may be, as Data Controllers, Processors or persons authorized to process the personal data for the purposes mentioned above and in accordance with the applicable data protection legislation.

With regard to the transfer of data outside the EU, even in countries whose laws do not guarantee the same level of protection of personal data privacy as that provided by EU law, the Controller informs that the transfer will in any case be carried out in accordance with the methods permitted by the GDPR, such as, for example, based on the user's consent, based on the standard contractual clauses approved by the European Commission, selecting parties participating in international programs for the free movement of data (e.g. EU-US Privacy Shield) or implemented in countries considered safe by the European Commission.

6.Your rights
If you wish, you may request at any time to exercise the rights of articles 15-22 of the GDPR Regulation, to be informed about your personal data kept by us, their recipients, the purpose of their retention and processing as well as their modification, correction or deletion, by sending a relevant e-mail to the addresses shown above, from the e-mail address you have provided, by filling in the relevant application that the Data Controller may provide you with an attached copy of your identity card. You also have the right to review the personal data we hold and generally to exercise any rights provided by the legislation on the protection of personal data.

The personal data that you disclose to the Controller through the Website, either during your registration or at a later stage, are collected and used and processed in accordance with the provisions in force on the protection of personal data of the new European General Data Protection Regulation (EU) 2016/679.

You reserve the following rights in detail:

Right to be informed about your personal data: Upon your request, we will provide you with information about the personal data we keep about you.
Right to rectification and completion of your personal data: If you notify us accordingly, we will correct any inaccurate personal data concerning you. We will fill in incomplete data if you notify us accordingly, provided that such data is necessary for the purposes of processing your data.
Right to delete your personal data: Upon your request, we will delete the personal data we keep about you. However, some data will only be deleted after a set retention period, for example because in some cases we are required by law to retain the data, or because the data is required to fulfil our contractual obligations towards you.
Right to block your personal data: In certain cases provided for by law, we will block your data if you ask us to do so. Further processing of blocked data is only done to a very limited extent.
Right to withdraw your consent: You may at any time withdraw your consent to the processing of your personal data in the future. The lawfulness of the processing of your data remains unaffected by this action, up to the point of withdrawal of your consent.
Your right to object to the processing of your data: You may at any time object to the processing of your personal data in the future if we process your data on the basis of one of the legal justifications provided for in Article 6 (1e or 1f) of Regulation (EU) 2016/679. If you object, we will stop processing your data, provided that there are no legitimate grounds for further processing. The processing of your data for advertising purposes is not a legitimate reason.
7. Security of Personal Data
The Data Controller applies specific technical and organizational security procedures in order to protect personal data and information from loss, misuse, alteration or destruction. Our partners who support us in the operation of this website also comply with these provisions.

The Data Controller makes every reasonable effort to keep the personal data collected only for the period for which it needs these data for the purpose for which they were collected or until their deletion is requested (if this happens earlier), unless it continues to keep them in accordance with the provisions of the applicable legislation.

8.Revisions of the Statement
We reserve the right to amend or revise this Statement periodically, in our sole discretion. In the event that changes are made, Processor will record the date of amendment or revision to this Statement and the updated Statement will be valid for you from that date. We encourage you to periodically review this Statement in order to examine whether there are any changes in the way we handle your personal data.

This is a Declaration of Compliance with the provisions of EU Regulation 2016/679 and the National Implementing Law.

June 2021

TOP εσπα