DATA CONTROLLER/ PERSONAL DATA PROCESSOR
HOMESTORY L.P., 3rd Klm Palaiokastritsa , 49100, Municipality of Central Corfu Greece, Tel: +30 2661023032
The above mentioned responsible party for the processing of personal data is dedicated to protecting your privacy & personal data during your browsing experience over our website.
Any question regarding this policy and our privacy practices should be sent by email to [email protected] or you can call +302661023032
This Policy describes:
The kind of personal data we collect about you, the means through which we collect your personal data, the purposes for which we collect and use your personal data, the period for which we retain your personal data, about the third parties (individuals, legal entities and/or organizations) with which we share your personal data, about the countries to which your personal data may be transferred, about the means by which your personal data remain protected, about your rights regarding your personal data, about the cookies we use in our website
The personal data we collect about you
We may collect, store and use personal data about you, as indicatively are: your first and last name, address, telephone number, profession, fax number, e-mail address, profession, your ID/Passport number and TIN number and general contact details, information about your activities on your website and about the device used to access it, i.e. your IP address and geographical location;
We also may use any other personal information shared with us. For instance, personal data may be collected when you fill out the “Contact Us” form, sign up for our newsletter, post comments on our blogs, or otherwise provide us directly with personal data when you require our services.
Data protection law recognise certain categories of personal data as sensitive and therefore requiring greater protection, i.e information about your health, ethnicity, religious confession, genetic data, criminal records.
We do not usually collect sensitive data about you unless there is a legitimate reason for doing so in order to provide efficiently our expertise services. If you choose to provide sensitive information to us for any reason, the act of doing so constitutes your explicit consent, where such consent is necessary and valid, for us to collect and use that information in the ways described in this Privacy statement or as described at the point where you choose to disclose this information.
Personal data collected directly by you
The information we collect about you from you includes:
– Basic information, such as your first and last name, your profession and your title or position;
– Contact information, such as your postal address, email address and phone number(s);
– Financial information, such as payment-related information;
– Information required in the context of our Know-Your-Client Policy for our clients’ identity authentication and verification, which may include special categories of data as the law requires (according to L. 4557/2018 and Directive (EU) 2015/849);
– Technical information, such as information from your visits to our website or in relation to materials and communications we send to you electronically;
– Other information related to your request or inquiry, or that you provide when you communicate, engage or otherwise interact with us in the course of providing services to you, which may include special categories of personal data;
– Preliminary information regarding your case in order to assess the latter, check for any potential conflict of interests and provide you with our quotation for the establishment of our relationship;
– Data included in the client’s file: All data provided by your end upon the establishment of our business relationship and the signing of any services agreement;
– Any other information relating to you which you may provide to us.
Personal data received indirectly from third parties
We may collect or receive information about you from third parties, such as our clients, representatives and professional advisers, content providers, government authorities and public sources and records; associate website portals through which you request information; subcontractors acting on our behalf who provide us with technical, payment or delivery services, our business partners, advertising networks analytics providers and search information providers.
Personal data automatically collected
MEANS through which we collect your personal data
We collect your data in the following ways:
- When you fulfill our contact form “Contact Us”, we collect your first name, last name, your email address, your phone number & the data disclosed voluntarily by your end in order to describe your inquiry. The fields “First Name”, “Last Name” and “Email Address” are compulsory in order for us to be able to communicate with you regarding your enquiry;
- When you subscribe to our Newsletter, we collect your first name, last name, your email address and your interest in particular practice areas in order for us to be able to send you newsletters, updates and informative emails. Remember that you may unsubscribe from the Newsletter at any time without cost through the “Newsletter” section of our website;
- When you communicate with us through any means as indicatively are: email, phone etc we collect the personal data voluntarily disclosed by your end in order for you to describe your inquiry and further information that may be requested by our side in order for us to assess your case;
- Upon engaging with the client, we request the fulfillment of a certain form concerning the client’s identity authentication and verification in compliance with the requirements set forth by L. 4457/2018 and the Directive (EU) 2015/849.
If the client denies or fails to provide us with such a piece of information, then we may not be able to provide and deliver the requested services;
- We collect data in the course of providing consulting services to you.
PURPOSES for which we collect and use your personal data
We collect and process your personal data for the following purposes:
- To provide the services you asked for;
- To reply to the inquiries, you address to us through any means;
- To send you informative emails, newsletters, updates, invitations to events etc
- To carry out our obligations under any contracts/agreements entered into between you and us;
- To keep a record of your relationship with us;
- To conduct analysis research so we can understand how we can improve our services;
- To notify you of changes to our services;
- To send you communications (campaigns, promotions etc) that may be of interest to you;
- To ensure our compliance with applicable laws, regulations, both domestic and European, as in force, including the anti-money laundering and terrorist financing requirements and sanctions screening;
- For legitimate business purposes;
- To establish, exercise, defend our legal rights;
- Any other legitimate reason.
PERIOD for which we retain your personal data
Your personal data are stored for no longer than is necessary for the purposes for which they are collected and processed.
Personal data which are collected in the context of anti-money laundering and terrorist financing compliance are stored in hard copies or digital form for a period of five (5) years after the termination of the business relationship with our firm or the date of the transaction. Upon the end of the above period, we delete your personal data, unless their retention for a longer period of time is allowed or imposed by a provision of the law or regulatory decision. In any case, the period during which your personal data are stored cannot be longer than ten (10) years.
ACCESS OF THIRD PARTIES (individuals, legal entities and/or organizations) to your personal data
Your personal data are shared and disclosed only among our members and partners, our external associates, employees, collaborators and trustworthy third parties – service providers with which we have established long-term and reliable cooperation only for the purpose set out on this policy such as service providers, associated portals/businesses for the purpose of completing tasks and providing services to you on our behalf.
We do not sell or rent your information to third parties and we do not share your information with third parties for marketing purposes.
We make sure that our external associates and trusted third parties – service providers comply with data protection requirements and implement all necessary technical and organizational measures to protect your personal data. Third parties are not allowed to use your personal data for their own purposes, unless you have requested us to do so, or we are required to do so by law, for example by a court order or for purposes of prevention of fraud or other crime.
Personal Data transfers OUTSIDE THE EU
Your personal data are used and transferred within the European Union and the European Economic Area. In case that your personal data are transferred to a third country outside EU or EEA, we ensure full compliance with the regulatory framework, taking into consideration the adequacy decisions issued by the European Commission and standard contractual clauses (SCC).
MEANS by which your personal data REMAIN PROTECTED
We adopt and implement all the necessary technical and organizational measures to secure the safe collection and use of your personal data and protect them from unauthorized access, use, disclosure, alteration or destruction.
Information that you provide us via telephone or direct communication by visiting our offices is registered in a CRM System. This system has passwords ensuring that the access will be provided only to our qualified employees.
While we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us at your own risk over the web.
RIGHTS regarding your personal data
Right of access
You have the right to obtain confirmation as to whether or not personal data you are being processed, and, where that is the case, access to the personal data and the following information:
(a) the purposes of the processing;
(b) the categories of personal data concerned;
(c) the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
(d) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
(e) the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
(f) the right to lodge a complaint with a supervisory authority;
(g) where the personal data are not collected from the data subject, any available information as to their source;
(h) the existence of automated decision-making, including profiling, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged
consequences of such processing for the data subject.
Where personal data are transferred to a third country or to an international organisation, you
have the right to be informed of the appropriate safeguards relating to the transfer.
Right to rectification
You have the right to obtain without undue delay the rectification of inaccurate personal data concerning you. If you change contact details or if you find any other information we hold as inaccurate or out of date, please contact us via email, telephone or post (see below)
Right to erasure (“right to be forgotten”)
You have the right to request and obtain the erasure of your personal data without undue delay where one of the following grounds applies:
(a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
(b) you withdraw your consent on which the processing is based;
(c) you object to the processing and there are no overriding legitimate grounds for the processing;
(d) the personal data have been unlawfully processed;
(e) the personal data have to be erased for compliance with a legal obligation to which we are subject;
(f) the personal data have been collected in relation to the offer of information society services.
Right to restriction of processing
You have the right to obtain the restriction of processing where one of the following applies:
(a) the accuracy of the personal data is contested by you, for a period enabling us to verify the accuracy of the personal data;
(b) the processing is unlawful and you oppose the erasure of the personal data and requests the restriction of their use instead;
(c) we no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims;
(d) you have objected to processing pending the verification whether our legitimate grounds override yours.
Right to data portability
You have the right to receive your personal data, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from us, where:
(a) the processing is based on your consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) or on a contract pursuant to point (b) of Article 6(1) of GDPR; and
(b) the processing is carried out by automated means.
You have the right to have your personal data transmitted directly from us to another controller, where technically feasible.
Right to object
You have the right to object, on grounds relating to your particular situation, at any time, to processing of your personal data which is based on point (e) or (f) of Article 6(1) of GDPR, including profiling based on those provisions. Under these circumstances, we have the right to process the personal data unless the we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms.
Where personal data are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing. Where you object to processing for direct marketing purposes, the personal data will no longer be processed for such purposes.
You can exercise the above rights by sending an email to [email protected], or send us a post to “Compass Greece”- Homestory L.P., 3rd km Paleokastritsa, 49100 Corfu, Greece
By using our website, our social media (such as Facebook, Twitter, Linkedin and Instagram), subscribing to our services, you agree that, unless you disabled them within your internet browser, we can place cookies on your device and use that data in accordance with this Policy.
Any changes future change, will be posted on this website.
Competent domestic authority
The competent domestic authority for data protection is the Hellenic Data Protection Authority (www.dpa.gr). In case that you consider that our firm violates the applicable data protection legislation, you have the right to file a complaint before the Hellenic Data Protection Authority.