1.1 Welcome to the Privacy Notice of Premium Congress and Social Events Solutions. We respect your privacy and are committed to protecting your personal data. This Privacy Notice informs you about how we treat your personal data as a visitor or user of our website and as a registered member in our recipients lists, and provides information about your privacy rights and how you are protected by law. We are responsible for collecting, managing and processing your personal data.
1.2 We have appointed a Personal Data Protection Officer (“DPO”) who is responsible for overseeing questions raised in relation to this Privacy Notice. For any clarification upon this Privacy Notice, including any requests to exercise your legal rights, please contact our DPO at the following contact information.
Our full contact details are:
Full name of Legal Entity: Premium Congress and Social Events Solutions
Name of DPO: Sotiriadis Stelios
E-mail address: firstname.lastname@example.org
Postal address: PO Box A2753 Triadi, Thessaloniki, Greece
You reserve the right to submit your complaints at any time to the supervisory authority of your country about data protection issues. In Greece, the competent authority is the Hellenic Data Protection Authority, details of which can be found via the following link: www.dpa.gr. We would, however, appreciate the chance to deal with your concerns before you approach the Data Protection Authority, so please contact us in the first instance using the contact details written above.
This version was updated on May 23, 2018. This notice replaces all previous disclosures we may have previously provided about our information practices. We reserve the right to change this notice, and to apply any changes to information previously collected, as permitted by law. If there are substantial changes to this notice or if our information practices change in the future, we will notify you by posting the changes on our website.
It is important that the personal data we hold about you are accurate and valid.
We hereby ask you to keep us informed in case your personal data change during your relationship with us.
We reserve the right to collect, process, store and transfer different kinds of personal data about you, which we have grouped as follows:
We collect personal data about you every time you use our services, when you enter into a contract with us, when you use our website or when you use our telephone center.
5. Why we process your information
We will process your personal data only when the law allows us to. In general, we will use your personal data only:
When it is necessary for the performance of a contract we are about to enter into or have already entered into with you.
When it is necessary for purposes of our legitimate interests (or the interests of a third party) and your interests, and such interests are not overridden by fundamental rights.
When we need to comply with a legal or regulatory obligation.
When you have given us your explicit consent to do so.
In general, we do not rely on your consent as a legal basis for processing your personal data other than in relation to sending direct marketing communications to you, or when we process special categories of personal data. You have the right to withdraw your consent to direct marketing at any time by contacting us using the contact details mentioned in paragraph 1 above.
We intend to use your personal data on legal basis. We reserve the right to process your personal data for more than one legal ground depending on the specific purpose for which we are using your data.
We will use your personal data only for the purposes for which we have collected them unless we reasonably consider that we will need to use them for any other reason and that reason is compatible with the original purpose. If you wish to get an explanation as to whether the processing for the new purpose is compatible with the original purpose, please contact us. If we need to use your personal data for an irrelevant purpose, we will notify you to explain the legal basis that allows us to do so.
Our website may include links to third-party websites, microsites, plug-ins and applications. By clicking on these links you may give the right to third parties to collect or share data about you. We do not control these third-party websites and we are not responsible for their own privacy statements. In case of additional services provided to you by third parties, you should be aware that Premium may only be the processor on behalf of these third parties. Therefore, whenever you make use of these links or microsites or when you leave our website, we suggest that you read the privacy notice of the third parties.
We do not knowingly collect any information from anyone under the age of 15. Our website and services are aimed exclusively at people who are at least 15 years of age or older.
If you are below 15, do not use or provide any information on this website or on or through any of its features, do not register on the website, do not make any purchases through the website, and do not provide any information about yourself to us, including your name, address, telephone number or email address.
If we find out that we have collected or received personal data from a child under the age of 15 (apart from data for reservation and ticketing purposes), we will erase that information unless consent or authorization has been given by the guardian of the child.
If you believe that we may have information from or about a child under 15 (apart from data for reservation and ticketing purposes), please contact us.
To best serve you, we reserve the right to share your personal data with service providers who provide support services to us or help us promote our products and services. Service providers are third parties providing services on our behalf. They are contractually restricted from using your information in any way other than to help us provide you with our services.
More specifically, in order to facilitate your travel arrangements, we often have to share your personal data with third parties such as tourist accommodation establishments, conference venues, airlines, airport operators, customs authorities and travel agents. We also share your personal data with third parties providing services to you or us, such as airport assistance companies.
We also reserve the right to disclose your personal data to a third party when you ask us to do so or when we consider it to be required by law.
Our servers, storing and protecting your data, are located within the European Economic Area (EEA). Whenever we need to transfer your personal data outside the EEA, we provide a similar degree of protection by ensuring that at least one of the following safeguards is implemented:
Please, contact us for any clarification you may need on the specific mechanism used by us when transferring your personal data outside the European Economic Area.
We have put in place appropriate security measures (incuding encryption, anonymization or/and pseudonymization procedures where required) to prevent your personal data from being accidentally lost, altered, disclosed, used or accessed in an unauthorised way. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who need to know them in order to fulfill their professional duties. They will only process your personal data upon our instructions and they are subject to a duty of confidentiality. We have put in place procedures for handling any suspected personal data breach and will notify you and any competent authority of any violation when we are required by law to do so.
We will only retain your personal data for as long as necessary to fulfill the purposes for which we have collected them, including the fulfillment of any legal or accounting or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of your personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
15. Your rights
You have the right to:
If you wish to exercise any of the rights described above, please contact us.
We reserve the right to ask for specific information from you in order to confirm your identity and to ensure your right to access your personal data (or exercise any of your other rights). This is a security measure to ensure that personal data are not disclosed to any person who is not entitled to receive them. We also reserve the right to contact you to ask you for further information in relation to your request, in order to speed up our response.
We try to answer all legitimate requests are answered within one month. It may take us occasionally though more than one month to respond to your request if it is particularly complex or if you have submitted a number of requests. In this case, we will notify you and keep you updated.
Definitions according to the EU “General Data Protection Regulation” 679/2016 (GDPR):
Personal data are information that can be related to a person. Data are considered personal if the person they concern can be identified, either directly or indirectly. Relevant examples are the individual’s name, identity card number, date of birth, gender. location data and contact details. It does not include data where the identity has been removed (anonymous data).
Sensitive personal data or special categories of personal data include data such as: religion, ideological, political views or activities, health, genetic or biometric information, racial and ethnic origin, administrative or criminal proceedings and sanctions.
Profiling is any form of automated processing of personal data consisting of the use of personal data in order to evaluate certain personal aspects relating to an individual.
Data Subject is a physical person to whom personal data relate.
Data Processing / Processing is any activity, operation or set of operations performed on personal data or sets thereof, irrespective of the process and means (automated or not) applied such as collection, recording, registration, organization, structuring, storage, adaptation or alteration, retrieval of information, search for information, use, revision, disclosure by transmission, dissemination or otherwise making available, alignment or combination, interconnection, restriction, erasure, archiving, viewing or destruction of personal data.
Data file is any structured set of personal data which is accessible in such a way as to make it possible to deduce the person in question from the data.
Disclosure means making personal data accessible.
Data Protection Impact Assessment is a systematic process for identifying, evaluating and documenting the risks and impact of personal data processing activities on the rights of individuals.
Data Controller is the natural or legal person of the public or private sector who determines the purposes and means of the processing of personal data
Data Processor is the natural or legal person processing personal data on behalf of the Data Controller.