The company by the name “BFLEX Single Member IKE” and the distinctive title “bFlex” with its headquarters in Athens, on Veikou number94-96, and is legally represented, with Tax number (Α.Φ.Μ.) 801403704, Tax Office (Δ.Ο.Υ.) of A’ Athinon and GEMI Number (ΑΡ. ΜΑΕ 156080703000) telephone of communication +302109222195, electronic address “www.bflex.io” e-mail email@example.com and compliance with the national and communal legal frame for the protection of personal data as it is valid each time and has worked out the present Confidential Policy and gives to the visitor/user the following information on the elaboration of the personal data and the exercise of his/her rights as the subject of this elaboration.
Person Processing Personal Data (“The Controller”)
The controller is the CEO of the company Mr. Robbert van der Meer telephone of communication +30 21 0922 2195, e-mail firstname.lastname@example.org and is responsible for the processing, collection, filing and, in general, the elaboration of the personal data of the users of the present site. As those are collected and filed through it, through the office as well as the ones connected with the website of the pages through the social network (from now on referred to as the “Company” or “we” or “ours).
Purpose of Processing
The Company processes only the absolutely necessary personal data of the visitors/users of the site or/and the pages in the means of social network, which are only and exclusively used for the following purposes, always with the goal of the achievement of the best possible provision of services and are:
1.Giving information on the Company services provided and, especially, the provision of individualized and updated information corresponding to the needs of the Company clients.
2.The drawing up, establishment and management of agreements in a pre- agreement stage (for instance: telephone communications or through electronic mail messages); at an agreement level (e.g. agreements, invoices, payments) and post agreement stage.
3.Offering quality services to users / visitors and customers of the company and improvement through this kind of information of those services offered by the Company.
4.The safeguarding of the right function of the site and the provision of new or the improvement of the already offered services on the site.
5.Answering any possible questions of requests submitted by the visitor/user through the relevant form of communication on the site or to the electronic address www.bflex.io”.
6.The mailing of notices, which the user has activated and concern requests which he has stored and are of interest to him. The elements we preserve about the research items filed are the filters which the user has selected. Any change of frequency, the discontinuation or and the crossing out of any relevant notifications are possible at any time.
7.The mailing of any newsletters regarding our products and services , which are offered through the site or about any new services offered or any special offers. The discontinuation of this mailing is possible at any time.
8.The confirmation and identification of the client on any occasion necessary.
9.The research regarding the satisfaction of the customers in connection with the interior studies on marketing and the demographics. This goes along with the non-personal data for the analysis and observation of the consumers’ profile so that we can be continuously improving our products and services and we can understand what can be of interest to our clients.
10.The compliance of the Company with its legal obligations.
11.The compliance of the company with the obligations imposed by the existing legislation, for instance tax legislation.
Legal basis of processing
The company collects personal data either from the user himself (or “the subject of the data”) through the office or the site or the pages of the social network of the Company or through the Company itself, mainly through the use of the cookies.
Specifically, the collection, the registration, the organization, the filing, the deletion, the destruction of any other kind of processing is based on: a) the performance (drawing up, function, dissolution) of the agreement between the Company and the customer and the taking of measures before the drawing up of the agreement, b) the protection of the legal interests of the Company including the pursuit of its business goals in a pre-agreement stage, in response to the required communication for the enlargement of transaction possibility, but to a post agreement stage as well as the compliance of the Company with the obligations coming from the legal regulatory and supervising frame (e.g. tax legislation) as well as the decisions of any authorities (public, supervising, independent, district attorney’s etc.), or courts (regular or arbitration ), d)in the fulfillment of the Company duties performed towards the public interest and e) to the previous absolute consent of the visitor/user, in case the processing is not based on any of the above stated legal bases of processing.
There are cases, indicatively, communication, advertisement, promotion of research, which can be revealed to third persons, such as third companies providing services, which appear on the Net through emerging windows, which, because of this reason will become responsible for the processing of the personal data of the user.
Those mentioned above, will become aware of the data concerning the user so that they can answer his applications for information regarding the company’s services and products. In this case it will be specifically required from the user to give his/her obligatory special and absolute consent for the processing and the communication of this data, by choosing a special box with the indication “I accept”.
Categories & Source of Data
The Company selects only the absolutely necessary personal data and processes the following personal data:
-Data for exchanges in the pre conventional, conventional and post conventional stage: name and surname, age, country of residence and residence address, number on Tax Records, relevant Tax Office (Δ.Ο.Υ.) identity card number, driver’s license, passport number, date of birth, country of birth, family conditions (e.g. family status and number of dependent persons) financial and tax information (e.g. certificates of revenues, E1, E9), access to accounts of Common benefit and telecommunications, insurances of residences and cars.
– Given data on payments: numbers of bank accounts and credit cards.
-Given data upon submission of a question or the showing of interest for communication with the Company from the visitor/user: name/surname, telephone of communication, address of electronic post (e-mail). We will use all this information only to give answers with regard to your question or in order to communicate with you.
-Given data for the sending of notifications upon the registration of the visitor/user in the newsletter and the relevant information that may interest him/her upon his/her request registered on the relevant area of the Internet: address of e-mail. We will use this information only to communicate with you through newsletter, while your relevant consent may be revoked any time and through any means.
-Data provided by the user himself through the pages of the Company on the means of social network in order to receive information as far as the services provided or the financial offers given by our Company.
-Data already published in the means of social network maintained by the Company on condition that there has been previously given permission of consent for the processing of the personal data.
-Data concerning the interests and preferences that help us to suggest specific pieces of property to the customer or visitor/user that may be of interest to him.
-Given data for the research regarding the satisfaction of our customers.
Data from the exchanges of the visitor/user either through the natural area of the Company or through the net areas: indicatively details regarding the history of the co- operation with the company.
Recipients of the data
In no case are we going to publicize your personal data to third recipients, we will only have them processed by authorized employees of the company who are limited to the information that is necessary for the purpose of each specific processing and, depending on the case, by the members of the Administration of the Company or by its secondary companies, always absolutely confidentially.
However, your personal data may become known to public authorities in order that the Company may comply with its legal and tax obligations, but also before Courts in order to exercise and defend the rights of the Company.
Moreover, for the fulfillment of its goals and for the provision of services to be offered it is possible to make known your personal data to other, third companies, which act pursuant to our orders (as they are performing the processing) with the purpose of providing you with the best service (as well as external collaborators, technicians, companies providing services and maintenance of the Site, lawyers, companies providing services, communication and marketing, companies providing accounting, consultative and controlling services etc.)
The processors have certified the Company in writing that they apply suitable technical and organizing measures and secure the protection of the personal data of the employees of the Company and, in general, they comply with the legal frame, existing at any time, for the protection of the personal data. They have also been tied up that they will not send any data to third persons without the permission of the Company. Finally, they have undertaken the obligation to support the Company in relation to the exercise of the rights of its personnel: Access and to be informed, Completion or /and Rectification, Portability, Restricting the Processing, to Object, Withdrawing of Consent and Erasure/Right to be Forgotten according to the existing legislation.
In these cases the data remain stored to entities serving the company and are maintained in security. This means that no third person can further process your personal data unless special order has been given to him.
Transfer of Personal Data to Third countries
In case of the merging or/and acquisition of the company the personal data that have been collected within the frame of the Net is possible to be made known to the corresponding third parties after clear prior information.
When the processing takes place on the basis of the performance of the agreement or/and the taking of pre-agreement measures with the intention of performing the agreement, the personal data are stored for any length of time that is necessary for the foundation, performance, support or objection of the legal rights that result from the agreement until they are legally abolished. It is possible that these data are maintained for a longer period for the fulfillment of the legal and agreement obligations of the Company (such as court actions, tax legislation).
Within the frame of communication with the customers and to the extent that the disposal of personal data is based on the consent of the data subject, the personal data are kept until the revocation of your consent. This can be affected any time. The revocation of the consent does not affect the legal status of the processing which was based on this consent during the time preceding its revocation.
In case the consent is given for the sending of informative report (newsletter) this is maintained for the length of time for which the newsletter is sent by the Company and, in any case, not more than six (6) months from the termination of its transferring.
The documentary evidence required for the function of the conventional relation, which completes the customers’ file, maintained by the Company partly in digital form. At the end of the time periods stated above, the personal data are destroyed in a secure manner.
What procedure is followed for the protection of personal data
The Company gives basic priority to the protection of personal data concerning the data subject. For this reason it takes all the necessary organizational and technical measures using the most recent and advanced methods in order to secure the largest possible safety.
The security of the Internet site is achieved through cryptography, such as the use of SSL (Secure Sockets Layer) for the protection of the personal information (such as name, surname, address of the electronic post) during the period that the data was transferred to the Internet. This is identified through the lock that appears on the program of your search in case of an SSL connection.
The personal data are basically kept in digital form. We possibly keep the documents in a physical file, which documents include personal data when this is necessary (tax data, contracts, original declarations of withdrawal etc.) taking the necessary security measures
The measures under question are reexamined and amended whenever it is considered necessary.
Which are the rights of the users/ data subjects
The data subject has the following rights:
1.Right to Access and be informed of Information on the personal data that concern someone and as long as this goes through processing by the company, which is responsible for this processing, the goals and the legal bases of it, the categories of the data, the recipients of them the categories of these recipients, the period of time of the filing, the rights and the principle of processing.
2.Right of Completion or/and Rectification on the personal data, which are incomplete or incorrect respectively.
3.Right of Portability, this means that he can ask for and receive the personal data that concern him in readable form or to ask for their transfer to another person responsible for the processing on condition that the processing is based on his consent and effected through automatic means.
4.Right of Restricting the Processing as long as either their processing is illegal or there is no longer any purpose for this processing on condition that there is no legal reason for its preservation.
5.Right to Object to the processing of the personal data if there are no other pressing and legal reasons that are imposing and legal and are prevailing over his rights. Moreover, there is granted the right to oppose to the processing of your data for advertising reasons.
6.Right of Withdrawing of Consent of the personal data if they are no longer necessary for the reasons of processing mentioned above or the subject of the data desires to revoke its consent in case it is the unique legal basis for it and in reservation of the obligations and the legal rights of the Internet for their preservation on the basis of the legislation and the regulatory orders as existing.
7.Right to Erasure/Right to be Forgotten of personal data if they are no longer necessary for the purposes of elaboration mentioned above, or the data subject wishes the revocation of his consent in case that it is the only legal basis with, a reservation regarding the obligations and the legal rights of the cite and their preservation on the basis of the legislation and the regulatory orders, valid at any time.
8.Right to complaint to the appropriate supervisory Authority of data protection if the data subject considers that the processing of one’s personal data violates the national and regulatory frame for the protection of personal data. Appropriate supervising authority in Greece is the Principle of Protection of Personal Data (Postal address: Kifisias 1-3 Athens tel. +30 2106475600 e-mail email@example.com, web: www.dpa.gr).
Manner of exercising the rights
The rights mentioned above can be exercised in writing at the Headquarters of the Company in Athens, Veikou 94-96 or by telephone at +302109222195 through digital means at the electronic address “www.bflex.io” and email address firstname.lastname@example.org.
The Company makes every effort to immediately respond without any delay to the request of the data subject and, in any case, the latest within thirty (30) days and only in case this is not possible, the Company will give information regarding the necessary extension of the deadline given above, which will not exceed the extra sixty (60) days.
However if the requests are obviously unfounded or they are unduly exercised, the company can impose the payment of a reasonable amount, taking into consideration the administrative cost for giving out information or for the realization of the activity required or to refuse to proceed any further with the request.
Giving information on any possible changes of the present Policy