Our company is committed to protecting the privacy of its customers
and takes seriously its obligation as to the security of their personal data.
We will be clear and honest with regard to the data we collect and the
purposes for which we collect them.
1. Data Processing Manager and Data Protection Officer
The Data Processing Manager is "ESCAPE GAME OVER IKE", based in Katsiba 31, Agios Dimitrios , Athens . You may contact the Data Protection Officer ("DPO") at the following address: email@example.com.
2. The Data We Process
With your consent, we process the following customary and sensitive personal data you provide when interacting with the website and using the services and features it provides. This data includes in particular the name and surname, contact details, the content of your specific requests or references and the additional data the Data Processing Manager can obtain, including from third parties, in the course of his business.
In order to be able to fulfill the requests you submit through the relevant contact form and / or to provide updates about the side effects, it is necessary to consent to the processing of your data. Without these mandatory data or your consent we can not go further. In any case, even without your prior consent, the Data Processing Manager may process your data in order to comply with legal obligations under EU laws, regulations and law, exercise rights in court proceedings, exercise his own legitimate interests and in all cases provided for in Articles 6 and 9 of the GDPR Regulation.
The processing is done by both using computers and in printed form and always involves the implementation of the security measures provided by the current legislation.
3.Why and how we process your data
The data shall be processed for the following purposes:
-to handle your requests to provide information through the website and the contact or booking form. The legal basis for the processing of personal data for this purpose is your consent (Article 6 (1) (a) and Article 9 (2) (a) of the GDPR Regulation)
-to manage reports of side effects submitted through the website or the contact or booking form. The legal basis for processing for these purposes is your consent (Article 6 (1) (a) and Article 9 (2) (a) of the GDPR Regulation).
In addition, but only with your optional consent, which constitutes the legal basis for the processing pursuant to Article 6 (1) (a) of the GDPR Regulation: -To receive advertising material (direct marketing) from the Company.
By selecting the appropriate frames you agree to process your data for these purposes.
Your data may, in any case, be processed, even without your consent, for the purpose of complying with the laws, regulations, EU law (Article 6 (1) (c) of the GDPR Regulation, (Article 6 (1) (f) of the Rules of Procedure) and the safeguarding or defense of legitimate claims in the Company's interest.
Personal data is imported into the Company's IT system in full compliance with data protection laws, including security and confidentiality profiles, and are based on principles of good practice, legality and transparency in terms of processing. Data is stored for as long as it is strictly necessary to achieve the purposes for which it was collected or for as long as you agreed. In any case, the criteria used to determine this period is based on compliance with the deadlines set by the law and the principles of data minimization, storage constraints and rational file management.
All your data will be processed in print or automated media, ensuring in all cases the appropriate level of security and confidentiality.
4. People who have access to the data
Data are processed by electronic and manual means in accordance with procedures and practices related to the above-mentioned purposes and are accessible by the personnel of the Data Processing Manager authorized to process the Personal Data and Supervisors, and in particular the employees belonging to the following categories: technical staff, IT staff and administrative staff, product managers as well as other staff members who have to process the data to carry out their duties.
Data may also be shared in countries outside the European Union:
i) institutions, authorities, public bodies for institutional purposes
ii) professional, independent consultants - whether employed individually or collectively - and other third parties and providers providing the Data Processing Manager with the commercial, professional or technical services required for the operation of the website (e.g. providing IT and Cloud Computing ) for the purposes mentioned above and to support the company in providing the services you have requested.
iii) to third parties in the case of mergers, acquisitions, transfers of undertakings or their branches, controls or other exceptional operations.
The named recipients only receive the necessary data for their respective functions and duly process them only for the purposes mentioned above and in accordance with the data protection laws. Data may also be shared with other legitimate recipients identified from time to time by applicable laws. Except as stated above, data will not be disclosed to third parties, natural or legal persons, who do not perform any commercial, professional or technical duties for the Data Processing Manager and will not be disseminated without your express consent. The individuals who receive the data will process them, as appropriate, as data controllers, processors or persons authorized to process personal data for the purposes mentioned above and in accordance with applicable data protection laws.
Regarding the transfer of data outside the EU, even in countries whose laws do not guarantee the same level of protection of privacy as that provided by EU law, the Data Processing Manager informs that the transfer will in any case be made in accordance with the methods allowed by GDPR, for example based on user consent, on the basis of the standard contractual clauses approved by the European Commission, selecting parties participating in an international program for the free movement of such data (e.g. EU-US Privacy Shield) or carried out in countries that are considered safe by the European Commission.
5. Your rights
You can contact the Data Processing Manager at the email address listed above at any time to exercise the rights under Articles 15-22 of the GDPR Regulation such as, for example, to obtain an up-to-date list of people who have access to the data you may receive confirmation of the existence or non-personal data relating to you, check their content, origin, correctness and location (also in relation to any third country), request a copy, request the correction them and, in the cases provided for in GDPR Regulation, request limitation of processing, deletion, opt out of direct communication activities (including restrictions on certain media), receive advertising material (direct marketing) from the company. Similarly, you can always report observations about specific uses of the data with respect to specific personal situations that are considered to be incorrect or unjustified by the existing relationship with the Data Processing Manager or to file complaints with the Data Protection Authority. You can withdraw your consent at any time, without however affecting the legitimacy of the processing that has taken place before the withdrawal of the consent.
Data Processing Manager and Data Protection Officer
The Data Processing Manager is ESCAPE GAME OVER IKE, based in Katsiba 31, Agios Dimitrios , Athens. You can contact the Data Protection Officer ("DPO") at the following address firstname.lastname@example.org .
The Data We Process
The following data can be processed:
the normal personal data you may provide when using the features of the website, including browser data or requests for use of the services offered on the website (e.g. registration in restricted areas, competitions and other initiatives that may exist on the website, use of applications, requests for information and reports also submitted via communication forms, etc.) as well as data collected from cookies as specified in the Cookies Policy.
Why and how we process your personal data
With your consent, the company may process your normal personal data to ensure that you can take advantage of the services and features available and optimize their performance, gather statistics on how to use it, manage the requests and reports received through the website and manage your registration in any restricted areas and initiatives (e.g. competitions) that may be on the website in accordance with Article 6.1.a of GDPR Regulation. The Company may also process your personal data for the fulfillment of obligations arising from laws, regulations and European Union law: the legal basis for processing for this purpose is Article 6 (1) (c) of the GDPR Regulation.
Additionally, with your voluntary consent, your normal personal information may also be used in official publications of the company or in advertising (marketing), that is, in the context of sending advertising material and / or commercial communications relating to the Company's services to the contact information (e.g., mail, telephone, etc.) or automatic means (e.g. Internet, fax, e-mail, text messaging, mobile apps such as smartphones and tablets, social media accounts, such as Facebook or Twitter, etc.). The legal basis for processing for this purpose is Article 6 (1) (a) of the GDPR Regulation.
Finally, the Company may process your normal and sensitive personal data to protect its rights in court proceedings. All of your data is processed using automated and online tools that are appropriate to ensure full security and confidentiality.
Necessary processing and optional editing
The forms to be filled in on this website require that you provide the personal data that is absolutely necessary for the processing of your messages and requests. These data are marked with an asterisk [*]. If you do not wish to provide them, we will not be able to process your messages / requests. Instead, some forms may provide the possibility of providing personal data that is not strictly necessary for processing your requests: provision of such data is optional and their non-submission has no effect.
Links to other sites
How we store the data and for how long
According to Article 5 (1) (c) of the GDPR Regulation, computers and programs used by the Company are created in such a way as to minimize the use of personal data and identification data. These data are processed only to the extent necessary to achieve the purposes stated in this Policy and will be stored for as long as is strictly necessary to achieve the specific purposes, unless you expressly consent to something else. In any case, the criteria used to determine the storage period is based on compliance with the time limits allowed by law and the principles of minimizing data, limiting the storage or rational management of our records.
How do we ensure the security and quality of your personal information
The Company undertakes to ensure the security of the user's personal data and to comply with the statutory security provisions to prevent data loss, unauthorized or unlawful use of data or unauthorized access to data, with particular but not exclusive reference to Articles 25-32 of the GDPR. The Company uses many types of advanced technologies and security procedures to protect the user's personal data. For example, personal data is stored on secure servers located in protected and controlled access. The user can help the Company update and correct its personal data by announcing any change of address, qualifications, contact information, etc.
People who have access to the data
Persons belonging to the following categories are authorized to process user data: technical and administrative staff, IT staff, product managers, and other staff members who need to process the data to perform their tasks. Data may also be communicated to third countries: (i) to institutions, authorities, public bodies for institutional purposes; ii) to professional, independent consultants - whether working individually or collectively - and other third parties and providers providing the Company with commercial, professional or technical services required for the operation of the Website (e.g. providing IT and Cloud Computing) for the purposes outlined above and to support the Company in providing the services you have requested (iii) to third parties in the case of mergers, acquisitions, transfers of undertakings or their branches, controls or other exceptional operations. The named recipients only receive the necessary data for their respective functions and duly process them only for the purposes mentioned above and in accordance with the data protection laws. Data may also be shared with other legitimate recipients identified from time to time by applicable laws. Except as above, Data will not be disclosed to third parties, natural or legal persons, who do not perform commercial, professional or technical duties for the Data Processing Manager and will not be disseminated. The parties receiving the Data are processed as data processors, processors or persons authorized to process personal data, as appropriate, for the purposes stated above and in accordance with applicable data protection laws. Regarding the transfer of data outside the EU, even in countries whose laws do not guarantee the same level of protection of privacy as that provided by EU law, the Data Processing Manager informs that the transfer will in any case be made in accordance with the methods allowed by GDPR, for example based on user consent, on the basis of the standard contractual clauses approved by the European Commission, selecting parties participating in an international program a for the free movement of such data (e.g. EU-US Privacy Shield) or carried out in countries that are considered safe by the European Commission.
You may exercise at any time the rights provided by GDPR Articles 15-22, including the right to confirm the existence of personal data relating to you, to check their content, origin, correctness, location ( also in relation to any third country), request a copy, request a correction and, in cases provided by law, request limitation of processing, deletion, oppose direct communication activities , or to object to direct marketing activities (which also limited to certain media). Likewise, you can always withdraw your consent and / or make comments on specific issues regarding the processing of your personal data that you believe are wrong or unjustified in your relationship with the company or to file a complaint with the Personal Data Protection Authority . You may contact the Editor and / or the Data Processing Manager at the addresses shown above to submit any claims regarding the processing of personal data by the Company, exercise your legal rights, and obtain an up-to-date list of parties that have access to your data.