Information of the Customers of Messinia Properties on the Processing of Personal Data in accordance with the General Data Protection Regulation (GDPR)
The Messinia Properties (hereinafter referred to as “the Firm”), faithful to the commitments made towards its customers, fully respecting and feeling responsible for the security of your personal data, protects your privacy and handles your personal data in line with the assurances of legality and transparency. The personal data we collect and process are dependent on the product or service requested and agreed with you in each individual case.
This personal data protection statement is addressed:
To natural persons who are current or potential clients of the Firm
To natural persons who had such a contractual relationship or were potential clients of the Firm in the past and provides:
Overview of the purposes for which the Firm collects and processes your personal data and the manner in which it does so and it notifies you of your rights under the National Data Protection Law and the General Data Protection Regulation (2016 / 679) of the EU (GDPR)
Information as to who, other than the Firm, and for what purposes can receive your collected personal data
Information on your rights regarding access, correction, deletion and portability of your data.
For facilitating the reading of the present statement, we inform you that “personal data” is also referred to as “personal information”. In addition, by “processing” we refer to the collection, recording, use, adaptation or alteration, protection, disclosure by transmission, dissemination or otherwise making available, storage and erasure/ destruction of your personal data or to any other action related to them.
For the purpose of this informative statement, personal data shall mean any information relating to you that identifies you or by which you can be identified, including but not limited to your name, address, email address and online identifiers such as your Internet Protocol Address (IP Address) or your ID number.
- Categories and origin of personal data we process
1.1 Origin of the Data
As a Firm we collect and process different types of personal data. This data can be collected or produced on our part or we can get it from the following sources:
You, as (current or potential) customers and your authorized representatives
Publicly accessible sources (indicatively Courts, Independent Authorities, Land Registries)
Our Affiliated Partners / Tied Agents
Alternative communication channels (e.g. e-mail, website)
1.2 Categories of Personal Data
1.2.1 Commencement – Maintenance of Customer Relationship
If you are a potential or a current customer, the personal data you provide us with in order to commence or maintain your relationship with the Firm may include:
Name, Address (home / work), contact details (telephone numbers, e-mail address), identification data (ID, Passport etc), Social Security Number, date and place of birth, marital status, occupation, whether you hold/held political office (for politically exposed persons), information relating to and/or verifying your tax residence, financial information (expected annual credit / debit turnover, nature of transactions, source and amount of income, type and amount of assets) and your signature.
The aim of the Firm is defined as the creation, leasing and management of proprietary or leased real estates, the management of real estate, on a fee or contract basis, buying and selling of own real estate, construction works for residential buildings (new works, additions, alterations and renovation works), construction works for non-residential buildings (new works, additions, alterations and renovation works), rental services for tourist vessel, unmanned, rental services of sea and coastal water vessels for passengers with operator, sightseeing and excursion boat services, excursionist’s services of travel agency, promotion tourist services, tourist guides services, travel agency and tour operator activities, insurance agent services.
- The reason why we collect and process your personal data
As mentioned above, we are committed to protecting your privacy and handling your data in a legal and transparent manner. Therefore, we collect and process personal data for one or more of the following reasons:
2.1 To perform a contract
We process personal data with a view to provide our services pursuant to our signed contracts with you. Please note that if you do not provide us with the required information, we will not be allowed to commence or continue our contractual relationship.
The purpose of processing personal data depends on the requirements of each product or service and the contractual terms and conditions provide more details on the purposes relating to the performance of the relevant contract.
2.2 To protect legitimate interests
We process personal data to ensure the legitimate interests pursued by us or third parties. A legitimate interest arises when a business purpose renders the use of your data necessary. Examples of such processing activities include the following:
Creation of legitimate claims and preparation of our defense in court disputes
Prevention of criminal activities through the installation of surveillance systems (closed circuit television cameras – CCTV),
Further development or promotion of products and services
Protection of transactions, property, security and physical integrity of customers, visitors and employees of the Firm.
Disclosure / exchange of your personal data within the Firm for the purpose of updating / verifying your personal data in accordance with the relevant compliance framework on combatting money laundering.
Risk management of the Firm
2.3 Because you have given your consent
If you have explicitly given us your consent (other than the above mentioned grounds for protection of legitimate interests), processing of your personal data is lawful. You have the right to withdraw your consent at any moment.
However, any processing of personal data made prior to the receipt of the withdrawal shall remain unaffected.
- Who are the recipients of your personal data?
In fulfilling our contractual and legal / regulatory obligations, your personal data may be provided to various departments of the Firm or other affiliated companies and Public Entities.
Service providers may also receive your personal data in order to fulfill our obligations under or concession agreements. These service providers and vendors / partners, acting as processors, conclude contracts with the Firm, by which they undertake to preserve the confidentiality and data protection in accordance with the national data protection law and the GDPR.
We may transmit your data for any of the above-mentioned reasons or in case we are requested to do so by a lawful reason or we are authorized under our contractual and regulatory obligations or in case you have given us your consent. Under the above circumstances, recipients of personal data may be:
Supervisory, regulatory, independent and judicial authorities, insofar as there is legal obligation.
Auditors and accountants
Marketing companies and market research companies
File storage companies, archiving and/or file management companies, companies that help us effectively deliver our services to you by offering expertise, solutions and support as well as payment facilities
Purchasing and procurement companies as well as companies managing the creation and support of Internet sites and advertising agencies
Potential or existing buyers, and/or recipients of the transfer and/or assignment, and/or beneficiaries of any charges, title or interest of the Firm under any agreement between the latter and the customer, professional consultants, service providers, suppliers and their sponsors.
- Transmission of personal data to a third country or to an International Organization
Your personal data may be transmitted to third countries (i.e. countries outside the European Economic Area) in cases where this data transmission is required by law, such as, for example, a reporting obligation under tax law, or in case you have given us your consent to perform such a transmission. Processors or those acting as processors in third countries are required to comply with European data protection standards and provide appropriate assurances in accordance with Article 46 of the GDPR.
- To what extent is there an automated decision-making process, including profiling?
In general, we refrain from using automated decision making processes when creating and developing a business relationship. We may automatically process some of your data to evaluate some personal aspects (profiling) in order to conclude or perform a contract with you in the following cases:
To evaluate your investment profile.
For the marketing and communication of products and services of the Firm and other cooperating companies
- How do we handle your personal data for product and service promotion activities (marketing) and to what extent is profiling used for such activities?
We may process your personal data to inform you of products, services, and offers that may be of interest to you.
The personal data we process to this end consist of information you have already provided us with, or data we collect when you use our services. We study all this information to shape an opinion on what we think you may need or what you may be interested in. In some cases, profiling is used, i.e. we process your data automatically for the purpose of evaluating certain personal information in order to provide you with targeted product information.
We may use your personal data to promote our products and services to you only if we have your explicit consent in this respect.
At any moment you have the right to withdraw your consent to the processing of your personal data for marketing purposes, including profiling, by contacting the Firm
- How long do we keep your personal information?
We will keep your personal data at least as long as we have a contractual relationship with you.
Once our contractual relationship is terminated, we keep your personal data upon completion of the statutory limitation period for claims, that is, for a period up to twenty (20) years.
For personal data of potential customers, we will retain your personal data for five (5) years in accordance with the decision of the Hellenic Data Protection Authority.
After the elapse of the above-mentioned time periods, the Firm must permanently and effectively destroy the records/documents where personal data is kept, with the appropriate, if applicable, measures (e.g. incineration, recycling, shredding of documents, anonymization, etc.)
- Your data protection rights
You have the following rights with respect to your personal data retained by the Firm:
Access to your personal data. This allows you, for example, to receive a copy of the personal data retained by us and make sure that we are processing it in a lawful manner, as well as request to receive a copy of your personal data in a structured, commonly used and machine readable format for the transmission of this data to other organizations.
Ask for the correction of your personal data. This enables you to amend any incomplete or inaccurate data we retain.
Ask for the erasure of your personal information (known as the “right to be forgotten”). This allows you to request the erasure of your personal data when there is no valid reason to continue processing it.
Prohibit the processing of your personal data (known as “the right to object”) when we rely on a legitimate interest, but there is something special about your situation that makes you want to oppose processing on that ground. If you file an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate reasons for processing that override your interests and rights.
You also have the right to object in cases where we process your personal data for direct marketing purposes.
Ask for the restriction of the processing of your personal data. This allows you to ask us to restrict the processing of your personal data, that is to it use it only in certain circumstances, if:
it is not accurate
it has been used illegally, but you do not wish us to erase them
it is no longer needed, but you want us to retain them for potential legal claims
you have already asked us to stop using your personal data, but you are waiting for us to confirm if we have legitimate reasons to use it
Ask to have your personal data transmitted directly from us to other organizations of your choice (right to data portability).
To submit your request, you can fill out the relevant form on the Firm’s website and deliver it personally to our branches or send it by post, with the authenticity of your signature certified by a Public Authority.
The Firm is required to respond to any of your requests within thirty (30) days of its receipt. In exceptional circumstances, this deadline can be extended for an additional period of sixty (60) days by contacting you respectively.
Furthermore, you can file a complaint to the Hellenic Data Protection Authority if you believe that your personal data is not processed in accordance with the provisions of this statement.
- How do we protect your privacy?
In order to keep your data safe and protected against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access and any other form of unlawful processing, the Firm keeps its systems, policies and procedures updated.
- Who is responsible for processing your personal information?
Messinia Properties Sipsas Dionisios S.A.
Iatropoulou 17 Street
- With whom can you contact for any questions related to this statement and the exercise of your rights?
Messinia Properties Sipsas Dionisios S.A.
Iatropoulou 17 Street
Email Address: email@example.com The above information supersedes any previous information regarding the processing of your personal data. The Firm may update, supplement or modify it without any prior notification.