Protection policy for personal data

Privacy Policy

Company Privacy Policy

1. Introduction

“EVENT MAKERS DMC” is one of the leading and exclusively specialized Destination and Event Management Companies in Greece, dedicated exclusively to the tailor-made destination management services from accommodation, transportation, venues and catering, to social programmes, activities, entertainment, logistics and events management – in a wide range of destination management fields: incentives, events, meetings, conferences, all over Greece.  “EVENT MAKERS DMC” was established in 2004 by industry Professionals. A common vision of Top Executives in the field of Meetings, Conferences and Incentives in Greece, led them to form a customer-oriented Company that understands / incorporates the needs of our demanding Market. Although, a fairly new Company, Event Makers DMC managed to achieve within a short period of time, recognition and loyalty and as a result developed a portfolio of many important Events in Greece. All of them were delivered with Great Success.

Regulation 2016/679 enshrines the rights of natural persons (data subjects) with regard to the processing of their personal data, while at the same time imposes specific obligations on those handling personal information (data controllers).

The specific policy outlines the basic rules and procedures to be followed by the Company for the protection of personal data in order to ensure its compliance with the European Commission’s General Personal Data Protection Policy (GDPR).

2. Purpose

The purpose of this Privacy Notice is to let you know what personal data we use when we collaborate, for the reasons we use and disclose this data, for the length of time we hold it and how you can exercise your rights in relation to your data in a single and comprehensible manner. We would, also, like to declare that the protection of your personal data is important to “EVENT MAKERS DMC” and that we respect your privacy and we are committed to safeguard it.

3. Policy

3.1. General Principles

The following principles focus on the issue of personal data protection:

  • Legality, objectivity and transparency during processing
  • Restriction of the purpose of the processing
  • Minimize the data being processed
  • Accuracy and update of the data being processed
  • Integrity and confidentiality during processing
  • Restriction of retention / storage  period

3.2. Collection & Processing of Personal Data

“Personal data” definition equals to all the information or the combination of information that could identify directly (i.e. your name) or indirectly (i.e. unique identity card number) a particular person. This means that personal data include details such as email address / home address /

mobile phone number, user names, profile photos, personal preferences and purchasing habits, financial information, and social welfare information).

The collection of personal data occurs due to the performance of the contract between the two parties and the processing occurs to the extent necessary in the context of our activities and for the purpose of servicing you. In particular, “EVENT MAKERS DMC” can collect and process the following data: a) Identity (name, surname), b) Contact details (contact telephones, fax, email address).

The Company only collects personal data that is necessary in order to meet its requirements for the provision of its services. Where additional, optional information is requested, data subjects are being informed at this same time of data collection.
In particular, in order for the Company to operate and provide its services, it receives personal data such as:

  • Name and Surname
  • Contact phone
  • Nationality
  • Passport Number / Identity Card Number
  • Marital status
  • Medical Data (such as eating habits – physical disabilities)
  • Profession
  • Date of Birth

If you choose to sign up or log in to the Company’s website using a third unique sign-on service that testifies to your identity and connects your login information to social media (e.g., LinkedIn, Facebook, Google or Twitter) with the Company, any information or content needed to sign up for or log in, for which you have given the social media provider permission to share with us, such as your name and your email address, is being collected. The collection of other information may depend on the privacy settings you have set up with your social media provider, so please study the privacy statement or privacy policy of the relevant service.

3.3. Purpose of collecting and processing personal data

The Company may collect the above personal data because this is necessary for us to perform our contract with you or to take action upon your request prior to the conclusion of the contract or during the performance of the contract and for purposes serving the legitimate interests of “EVENT MAKERS DMC” as processor. Only authorized employees of the Company are allowed to access your personal data and can do so only for authorized business functions

Specifically:

  1. To execute a contract upon your request or to take action before entering into a contract with you. That is, to: a) evaluate what service is right for you and under what conditions, b) provide you with information about our services, c) manage dispute resolution, d) issue bills, invoices, and manage returns.
  2. To exercise our every legitimate interest. Namely, we use your personal data to: a) manage the contractual relationship with our clients, b) avoid or improve risk management and defend our rights, c) adapt our offer to you by advertising services that suits you.
  3. In cases where we have received your prior consent whenever required.

3.4.  Legitimacy of Processing

The legal basis for the processing of personal data consists from:

  1. The proper and lawful execution of the contracts concluded by the Company for the provision of its services.
  2. Compliance of the Company with the legal obligation derived from the applicable national or Community legislation.
  3. The consent of the Data Subject. In this case, the given consent is specific, explicit, and clear and refers to one or more specific purposes, provided that the processing is not based on any of the above-mentioned 1 to 3 legal bases.
  4. The pursuit of a legitimate interest of the Company.

3.5. Assignment of a Data Subject

In cases where the processing of personal data is based on your consent (consent form), a copy of it with all the information contained therein is kept as evidence of its granting and for convenience in case that revocation is requested. Consent is granted for clear and distinct processing purposes, which have been acknowledged in advance, and you have been fully aware of them when you grant it.

In this case, you have the right to withdraw your consent at any time, and the said revocation does not affect the legality of the processing based on a prior to its revocation consent. The revocation shall be effected with a relevant document submitted in writing or electronically to the Company and is valid from the date of its submission.

4. Disclosure of Third Party Data – Recipients

The Company may have contracts with third parties – external partners in order to provide its services. Personal data may be shared with them so that the project is implemented. The processing of personal data undertaken by third parties in the framework of this cooperation is effected on behalf of the Company, namely acting as executors or further processors.

The Company aims to use only those processors who provide sufficient assurance that appropriate technical and organizational measures will be applied; in such a manner that the processing meets the requirements of the GDPR and the current legislative and regulatory framework and that the protection of the customer’s rights is ensured.

The above award occurs via a written contract signed between the Company and the processor, which binds the latter towards the Company and determines, at least, among other things, the subject matter and duration of processing, the nature and the purpose of processing, the type of personal data that they receive from the Company and the categories of data subjects to which they belong, as well as the responsibilities and rights of the Company.  In addition, personal data may be communicated to State Authorities and Agencies if required by a specific legal provision of National or Community legislation.

5. Security of Personal Data

The Company applies appropriate technical and organizational measures designed to implement the data protection principles at the time of processing means determination as well as at the moment of processing, which meet on a permanent basis the requirements of GDPR and protect the rights of their clients as data subjects.

Such measures are:

  • Minimizing the data processed, i.e. the Company collects and processes only the personal data strictly necessary for processing,
  • Restrict access to data only to persons who need it for the proper and lawful execution of the duties / tasks assigned to them and only to the extent that the access is necessary,
  • Continuous testing and controlling of the processing of personal data and organizational and technical measures implemented adequacy,
  • Direct possibility to exercise rights of data subjects through appropriate forms,
  • Pseudonymization, if it is not required to serve the purpose of the processing, the data is held in such a manner that it can no longer be attributed to a specific customer without using supplementary information, provided that such additional information is kept separately and is liable to technical and organizational measures to ensure that it cannot be attributed to identified or identifiable natural person.

6. Personal Data for Minors

The processing of personal data concerning minors occurs under the strict condition of parents’ or holders’ of parental responsibility prior consent, according to the specific provisions of the legislation currently in force.

7. Transfers of Personal Data to Third Countries within and Outside the EU

The transmission of personal data to a third country or to an international organization may be effected by the Company only provided that the third country or the international organization ensures an adequate level of protection (i.e. provided that the European Commission issues an “Adequacy Decision”).

Otherwise, the Company effects the transmission of personal data to a third country or an international organization only after full update of the Data Subject and procurement of the relevant Consent.

8. Time of Conservation, Destruction of Data

Your personal data is retained only within a reasonable period required for the purpose of its partial processing.

Where the processing of your personal data is based on a legal obligation, the period of retention of such data is determined in accordance with the requirements of the legislation, the length of time during which the competent authorities may carry out controls, the prescribed limitation periods of rights and claims, as well as your own legitimate interests.

Where processing is based on the legitimate interests of the Company, the retention period of the data is determined by the need of each processing purpose and of a reasonable period of time to ensure the effectiveness, traceability and documentation of the processes.

In cases where your personal data is processed on the basis of your consent, the retention period is determined by the possibility of withdrawing it. Once you revoke your consent, your personal information will also be deleted.

Once the maintaining period of personal data that is required by the Company expires, personal data is destroyed. Personal data are effectively destroyed by both electronic and physical records, either through total deletion from the Company’s server or destruction of documents.

9. Rights of Data Subjects.

Under the current legislation on the protection of personal data, you have certain rights as ‘data subjects’. We list your rights below.

  • Right of Access ‐ You have the right to access the personal data of yours that we handle and be informed. You also have the right to receive some information about how we process personal data.
  • Right of Rectification ‐ You have the right to correct your inaccurate personal data and fill in where incomplete. Please note that we may not be able to correct inaccurate personal data you have given us, for example, due to the rules of the airline companies, and that any correction may be charged.
  • Right to Delete ‐ Under certain circumstances, you are entitled to delete your personal data. This is the so-called “right to oblivion”. Please note that this is not an absolute right, as we may have legal or valid reasons to maintain your personal data.
  • Right of Process Limitation – Under certain circumstances, you are entitled to restrict the way we use your personal data. This right means that your data is being processed by us and is therefore subject to restrictions and therefore we can store it but we cannot use it or process it further.
  • Right to Data Portability – You are entitled to receive your personal data (or to send your personal data directly to another data controller). This is only valid in case of data you have provided and the processing is based on a contract or your consent and this processing is done by automated means.
  • Right to submit complaint to the Supervisory Authority – You have the right to contact the Personal Data Protection Authority and file a complaint about the data protection practices followed by the Company.

To exercise your above-mentioned rights, you can contact the Company to send you the appropriate form / application. The Company must respond to your request within 2 months deadline.

10. Basic Definitions & Acronyms

«Recipient» means a natural or legal person, a public authority, a service or another agency to which personal data are disclosed, whether it is a third party or not.

«Personal Data»: every information concerning identified or identifiable natural person («data subject»); the identifiable natural person is the one whose identity can be determined directly or indirectly.

«Processor»: the natural or legal person who processes personal on behalf of the Processing Controller.

«Procession»: every collection, recording, organization, alteration, structure, storage, alteration, recovery, seeking information, use, transmission, limitation or deletion of personal data that the Company obtained or will obtain in the future both at the period of transaction relations with the customers as well as in the framework of update that the Company acquires from third, natural or legal parties or public entities during the exercise of theirs or Company’s legal rights.

«Limitation of procession»: the acknowledgment of saved personal data aiming the limitation of their future processing.

«Consent of the data subject»: every indication of will, free, specific, definitive and in full awareness, to which the customer of the Company declares his agreement via written consent or definitive positive act concerning the procession of its personal data.

«Third Party»: every natural or legal person, public authority, service or entity, excluding the customer, the officer of processing, the executor of the processing and all individuals that under direct supervision of the officer of processing, or of the executor of processing, are authorized to process personal data

«Procession Officer»: the legal person that derives the purposes and the type of personal data procession. For the current Policy’s purposes, Procession Officer is considered the company.

«Subject of data»: any identified or identifiable natural person whose personal data is under procession. For the purposes of the current Policy, as data subject are considered the customers of the Company.

11. How to contact us

If you have questions about the use of your personal information in accordance with this Privacy Notice, please email us at the following address admin@eventmakers-dmc.gr.