PERSONAL DATA PROTECTION POLICY
This Policy was updated on 06/02/2019
- 1. Purpose of this policy:
1.1. The protection of your personal data is very important to the company ‘DIMERA GROUP’. This Policy aims at informing you on the information collection practices of ‘DIMERA GROUP’, including the categories of data it may collect, retain and process, the purpose of their collection, the categories of persons to whom the data are communicated and your rights. ‘DIMERA GROUP’ makes every possible effort to protect your personal data, on the condition that the personal data you have provided are true and accurate.
1.2. The Policy also outlines certain security measures taken by the company in order to protect data confidentiality and provides certain guarantees for things the company will not do.
- 2. Legal and regulatory framework:
2.1. The management and protection of the personal data of visitors/users of the services provided by ‘DIMERA GROUP’ are subject to the terms of this Policy, the relevant provisions of General Data Protection Regulation (EU General Data Protection Regulation - GDPR - Regulation (EU) 2016/679), and the decisions-recommendations of the Hellenic Data Protection Authority and other relevant domestic laws and provisions.
2.2. We reserve the right to change the terms of personal data protection after informing visitors/users and within the existing or any future legal framework.
2.3. If you do not not agree with the terms of personal data protection provided for in this section, you must refrain from using the services of ‘DIMERA GROUP’. You are not obligated to provide the personal information requested, but if you choose to omit this action, we will not be able to offer our products or services or answer any of your questions in several cases.
- 3. Commitment of DIMERA GROUP:
3.1. We at ‘DIMERA GROUP’ consider the protection of the privacy and data of our customers to be of the utmost importance and are committed to providing all our customers with personalised services that meet their requirements in a manner that safeguards their privacy.
3.2. Your personal information (personal data) is used exclusively by ‘DIMERA GROUP’ and its employees in order to respond to your requests and better serve you, in accordance with this Policy. The persons who handle personal information are trained for using appropriate procedures. The representatives and service providers of ‘DIMERA GROUP’ are required to keep your personal information private and not to use them for any purpose other than those serving the provision of specific services to us.
3.3. In addition, ‘DIMERA GROUP’ may ask you in certain cases if we could share information with other reliable third parties. We will inform you when collecting such information if we expect this kind of information sharing with certain third parties, and ‘DIMERA GROUP’ will define the types of businesses at the relevant point of collecting the information, describe the type of information to be shared (such as your address or e-mail address) and share the data with other parties only if you agree.
3.4. We will share the personal data only of clients-users who have accepted this Policy.
- 4. What type of data does DIMERA GROUP collect?
4.1. Any information within the meaning of personal data under the General Data Protection Regulation, the collection of which is not based on the law or the conclusion or execution of a contract, is collected by ‘DIMERA GROUP’ only in the event that you choose to expressly consent.
4.2. We collect the following personal data:
Full name, date of birth, telephone number.
Postal address, e-mail address, telephone number.
TIN, type, place, time of products or services provided.
Contractual Relationship Data.
Contractual documents, information and consent forms, electronic statements of intention.
Transactional Behaviour Data.
Information concerning interests, preferences and participation in events, contests, surveys.
4.3. We do not collect or acquire any type of access to special categories of (“sensitive”) personal data or data that concern criminal convictions and offences of our customers. Customers are obligated to abstain from providing such data that concern them or third data subjects. In the event that customers provide such data to ‘DIMERA GROUP’, these data will be deleted as soon as we are made aware of them. We at ‘DIMERA GROUP’ bear no liability whatsoever towards customers or third parties for any provision and/or processing of sensitive data due to acts or omissions on the part of customers in breach of the above obligation.
4.4. We at ‘DIMERA GROUP’ may collect and store the following personal information about you from the following exhaustive list of sources:
4.4.1. identification data, communication data, transactional data, contractual relationship data and transactional behaviour data when you register as a new member of the PAOKTV service in order to watch the paid programme of the online channel,
4.4.2. identification data, communication data, transactional data, contractual relationship data and transactional behaviour data when you register as a new member of the PAOK Club Card service,
4.4.3. identification data, communication data, transactional data when you carry out electronic purchases of products or services provided by ‘DIMERA GROUP’ through: PAOK FC Official Stores and at the restaurant NAVONA,
4.4.4. Personal contact data when you contact us to submit questions or requests or to ask information concerning the services provided by ‘DIMERA GROUP’.
4.4.5. * identification data and communication data when you book a table at the restaurant NAVONA, managed by ‘DIMERA GROUP’ and situated in the vicinity of ‘MAKEDONIA PALACE’ hotel.
4.4.6. * from publicly available sources.
4.5. The data we collect through the ‘DIMERA GROUP’ website may also be combined with data provided in other cases, e.g. when you call its call centres or participate in contests and promotional actions. The personal data provided to ‘DIMERA GROUP’ in these cases may be incorporated in existing databases and stored in order to simplify the systems used to manage your data.
4.6. ‘DIMERA GROUP’ does not store and collect payment data during electronic or online payments using credit, debit or pre-paid cards. More specifically, after the number, security code, holder’s full name and expiry date of the credit or debit card have been logged and the payment has been completed, these data are automatically transmitted to the competent Bank. The Bank collects these data and carries out the payment before confirming the completion of the transaction for ‘DIMERA GROUP’.
- 5. For which purposes does DIMERA GROUP collect personal data?
5.1. ‘DIMERA GROUP’ collects personal or non-personal data from you for the following purposes:
‘DIMERA GROUP’ may use your personal data to process any transactions concluded with you, such as credit card payments for tickets, season tickets, etc.
‘DIMERA GROUP’ may use the personal or non-personal data of visitors/users for information purposes and promotional actions concerning contests, gifts, discounts on products and services of ‘DIMERA GROUP’ and associated companies and sponsors.
5.1.3. Improvements and adjustments to the website:
‘DIMERA GROUP’ will use this information solely for the reasons for which they were collected and in order to provide you with information. It will also use this information in order to adapt the content of the website to your needs and to improve its compositions, changes and dynamism.
5.1.4. Legal use:
‘DIMERA GROUP’ may collect, store, disclose and, generally speaking, process your personal data when this is required by the Personal Data Protection Regulation and/or the law or when necessary in order to protect our interests and your interests.
- 6. Use of information:
6.1. The information you provide to‘DIMERA GROUP’ or which ‘DIMERA GROUP’ holds may be used by the company:
6.1.1. * to ascertain your identity when you ask questions,
6.1.2. * to help us manage affairs and communicate with you in order to improve the management of the services and products that were, are being or will be provided by the company,
6.1.3. * to carry out marketing analysis and create customer profiles and statistical information,
6.1.4. * to help us prevent and identify fraud or loss,
6.1.5. * to contact you using any means (including post, e-mail, telephone, etc.) in regard to other services and products offered by‘DIMERA GROUP’ and select, authorised associates.
- 7. Data Retention - Storage:
7.1. We at ‘DIMERA GROUP’ store your personal data solely for the time required to provide a service you requested or approved, without prejudice to any legal provisions to the contrary, as is the case with issues governed by commercial and/or taxation legislation, the various applicable legal provisions, etc. In any event, the personal data you provide us and which are recorded in written agreements, contracts and electronic correspondence concerning the execution of a contract or the realisation of a commercial transaction are stored for a period of 20 years (unless specifically provided for, e.g. clause 10 of this Policy) in a physical and electronic archive kept at the legal department, the sales/contracts department and the accounting department of ‘DIMERA GROUP’ or any other third party that directly or indirectly provides the above services or assists the departments in question in the discharge of their duties or provides management services to us.
- 8. Cookies and Webbeacons:
8.2.1. Remarketing Cookies (Facebook Pixel, AdWorks): This displays advertisements to individuals who have visited our website or have used our mobile telephone application. For example, when you leave our website without purchasing anything, remarketing helps us reconnect with you by displaying relevant advertisements on various devices.
8.2.2. Carthook: This helps increase e-commerce revenue through automatic retrieval of abandoned carts. An e-ail campaign is set on the basis of cart automation.
8.2.3. Active Campaigns: This provides comprehensive e-mail marketing, marketing automation and CRM for small enterprises. We may send you newsletters, set automations based on customer behaviour, and benefit from the automation of sales.
8.2.4. Moosend: This concerns electronic marketing and commerce automation software. We may design and send campaigns or begin personalised conversations and contact with you according to a scale.
8.4. What if you do not wish to accept cookies? If you do not wish to accept cookies, your computer can be set to alert you each time a cookie is sent to it, or you can disable the download of all cookies by your Internet browser (check the Help menu of your browser to learn how you can change or correctly update your cookies settings).
8.5. What are webbeacons and how does our company use them? Some of the webpages and newsletters of ‘DIMERA GROUP’ may contain electronic images called webbeacons, also known as one-pixel GIF files, pure GIF files or pixel tags. Their use on websites allows the counting of visitors who have accessed the pages of ‘DIMERA GROUP’. Their use in our product/service promotion e-mail messages and newsletters allows us to measure how many registered users have read the material we are sending. Webbeacons allow us to develop statistical information about the activities and functions that are most interesting to our visitors/users in order to provide more personalised material. They are not used to access personal information without your consent.
8.6. Disabling cookies may affect your ability to use certain products/services on the ‘DIMERA GROUP’ website.
- 9. Credit check:
9.1. In certain cases, ‘DIMERA GROUP’ may carry out certain credit checks with the competent bodies when you request a service or product. If this applies, then it will be listed in the terms and conditions of the activity between you and ‘DIMERA GROUP’ or the company that will carry out the processing.
- 10. Submission of CVs:
10.1. ‘DIMERA GROUP’ collects CV data and accompanying documents directly and solely from individuals interested in cooperation, as these are absolutely necessary in order to assess their suitability for in question. It should be noted that through this (voluntary) submission/dispatch of personal data and information contained in the CV and the accompanying documents, interested parties consent to the collection, storage, use, processing and transmission of these data for the purposes referred to herein. ‘DIMERA GROUP’ takes all the necessary technical and other measures for the secure processing of the personal data of interested parties who submit CVs.
10.2. The personal data contained in CVs are accessed solely, where necessary and depending on the processing purpose, by the authorised staff of ‘DIMERA GROUP’ and/or the staff of third-party associated companies (e.g. ‘Processors’) with which ‘DIMERA GROUP’ has concluded agreements, under the condition of compliance with the relevant confidentiality obligations included in the relevant agreements. Data (where applicable) are processed by‘DIMERA GROUP’ and are sent to interested companies. ‘DIMERA GROUP’ shall not disclose, sell, exchange, assign or otherwise provide personal data from the CVs collected and processed to third parties, whether natural or legal persons, without the consent of the individuals they concern, except in the cases noted above for the needs of covering a vacant post and the selection process and due to the legitimation of Article 6(1b) of the General Regulation. These companies shall process data exclusively for the needs of their cooperation with‘DIMERA GROUP’.
10.3. As regards personal data transmitted by interested parties in the context of sending or submitting CVs, the purpose of processing is the intention of concluding a cooperation agreement following an application by the interested party (“Data Subject”), the control of their qualification prior to the conclusion of the agreement (Article 6(1b) of the General Regulation), the minimum processing of these data necessary to assess the CV and whether its contents cover the needs of the specific position of cooperation with ‘DIMERA GROUP’ and the protection of the interests of ‘DIMERA GROUP’ . Furthermore, the ranking of interested parties in company programmes, the need for communication between ‘DIMERA GROUP’ and the ‘Subject’, use of data (e.g. photographs) on the company's social networking media for the promotion of its actions. It is clear that if interested parties are ranked in advertising programmes of ‘DIMERA GROUP’, the photographs submitted or received during these programmes shall be used on social networking media on its account. This processing is carried out by the company solely for the purposes set out and does not extent to any other processing purposes.
10.4. If the consent of the parties interested in cooperation has been obtained, CV data shall be stored by‘DIMERA GROUP’ for purposes of future use/assessment, in the event of new positions of cooperation with ‘DIMERA GROUP’, for a period of 24 months after submission, following which they shall be destroyed/erased in a secure manner. If no such consent is obtained, after the coverage of the employment position in question for which interested parties sent or submitted their CV, the CV data shall be destroyed/erased in a secure manner within a period of 1 month from the coverage of the position, unless‘DIMERA GROUP’ is legally entitled or obligated to retain such data. This occurs when the interested party does end up working with ‘DIMERA GROUP’, in which case the CV and its accompanying documents shall be retained as long as the project or work agreement remains in effect. Furthermore, any additional data that are requested and are necessary for the needs of insurance-taxation legislation shall be processed solely for purposes directly related to cooperation with interested individuals. Upon the expiry or termination of the cooperation period, such data shall be retained for the period required by law and for the maximum period for the time-barring of claims on both sides, following which they shall be destroyed/erased in a secure manner.
- 11. Disclosure of information:
11.1. Upon the acceptance of this Policy by a client/user, ‘DIMERA GROUP’ may transmit your data (including but not limited to your full name or e-mail address) solely and exclusively to specialised associates, sponsors and strategic partners, in the context of providing you with better and more comprehensive services before, during and after your transaction with us, and for promotional purposes and purposes of contact between the latter and yourself.
11.2. We shall in no case sell or rent your personal data to third parties. These data are used exclusively by ‘DIMERA GROUP’ in order to continuously improve our customer service.
11.3. ‘DIMERA GROUP’ may disclose information solely if legitimately requested for legal or regulatory purposes, in the context of judicial proceedings and/or potential legal proceedings.
- 12. How safe are your data?
12.1. ‘DIMERA GROUP’ employs strict security measures and safeguards to protect your personal data. This includes a number of administrative measures, security Policies, procedures and practices to verify your identity when you call us, data encryption on our website, creation of data backup copies off-site, etc. in order to ensure compliance with all applicable legal requirements.
12.2. We at ‘DIMERA GROUP’ employ security measures at a technical and organisational level aiming at the security of the data collected from you against any intentional or unintentional attempt of handling, loss, destruction and, generally speaking, access to them by unauthorised individuals. Where personal data is collected and processed, the information in question will be transmitted in encrypted form so as to prevent any abuse of the data in question by any third party. Our security measures undergo continuous controls and updates in accordance with the latest technological developments.
12.3. Access to your personal data is limited solely to employees authorised for this purpose, so that they may provide you with products and services by accessing these data.
12.4. Physical, electronic and procedural safeguards, harmonised with personal data protection regulations, have been activated.
12.5. We at ‘DIMERA GROUP’ take every precaution possible to keep your personal data safe. However, due to the nature of the Internet, DIMERA GROUP cannot guarantee the protection of communications or the data stored in its browsers from any unauthorised access by third parties.
- 13. Internet Access:
13.1. If you contact‘DIMERA GROUP’ through the Internet, then we may occasionally use e-mail to contact you regarding our services and products, if you have granted consent to this effect.
13.2. You must be aware that communication through the Internet, such as e-mail messages etc., is not secure unless it has been encrypted.
13.3. ‘DIMERA GROUP’ bears no liability whatsoever for any unauthorised access or loss of your personal information beyond the control of ‘DIMERA GROUP’.
13.6. Access to your Account: If you log in to our services via a personal account, you will remain connected until you Log off from your account. If you are using a public computer or sharing your device with another user, we recommend that you log off and delete cookies from the device each time you use the platform so as to protect your account and your personal information. Otherwise, all other users of the device will be able to see and gain access to your account.
13.7. Contact through the platform website: Should users contact us through the contact form or any other manner, they provide personal data voluntarily and exclusively of their own free will. We will process the personal data in question solely to the extent that it is necessary for the specific purpose.
13.8. Social Networking Sites: Our website may offer the possibility to share items on social networks and other related tools that allow you to share your actions on the website to other applications, websites or mass media, and vice versa. The use of such features allows the exchange of information with your friends or the public in general, depending on the settings you have set on your personal profile. Please consult the Privacy Policies of these social networking services for further information on how they handle your data.
13.9. Special Categories of Data: We ask that you do not send us sensitive personal data via e-mail or disclose such data through the contact platform. The processing of personal data of this category does not serve the processing purpose set forth above in any event.
- 14. Monitoring of communication:
All communication between‘DIMERA GROUP’ and you (including telephone conversations, e-mail messages, etc.) may be monitored and recorded by ‘DIMERA GROUP’ for security, quality assurance, legal and regulatory purposes.
- 15. What are your rights?
15.1. Under the General Data Protection Regulation, as in force, you have the following rights (Articles 12 ff. of the GDPR):
a) the right to access;
b) the right to rectification;
c) the right to erasure, under certain conditions, such as when processing is no longer necessary for the purpose for which the personal data were initially collected and there is no imperative reason to continue processing (or storing) your information;
d) the right to restriction of processing;
e) the right to data transmission;
f) the right to object and the right not to be subject to a decision based solely on automated processing, including profiling;
g) the right to lodge a complaint with the supervisory Authority.
15.2. In other words, you have the right to receive, upon request, free information regarding the personal data we have stored that concern you, to object, upon request, to the processing of data that concern you, valid thenceforth, and to withdraw your consent, and, in accordance with the applicable provisions, the right to rectification, restriction of processing, data transmission, erasure of the data in question and the right to lodge a complaint with a supervisory Authority.
15.3. In such cases, please contact the competent Personal Data Protection department of the company listed below under clause 19 of this Policy in writing via original letter or fax or e-mail.
- 16. Applicable Law and other terms:
16.1. The above terms and conditions of use of‘DIMERA GROUP’ and any amendment, modification or alteration thereof are governed and supplemented by Greek law, EU law and the relevant international treaties. Should any of the above provisions become incompatible with the law, it shall automatically cease to apply and shall be removed from this Policy, without affecting the validity of the remaining terms.
16.2. This Policy constitutes the entire agreement between‘DIMERA GROUP’ and visitors/users of the website and its services, and is only binding on them.
16.3. No amendment to these terms shall be taken into consideration and shall constitute a part hereof unless worded in writing and incorporated herein.
- 17. Amendments:
‘DIMERA GROUP’ may amend, adjust and update this Policy periodically, publishing a new version on its website. You must check our website regularly to ensure that you are satisfied with any changes to this Policy.
- 18. Links:
Our website may contain links to other websites. This personal data protection Policy does not apply in regard to the access of users to other websites.
- 19. Contact:
19.1. ‘DIMERA GROUP’ hereby notifies you that it appoints Thomas Dimitriou and Stylianos Mavridis as its Data Protection Officers, who can be contacted at the following e-mail address: email@example.com.
19.2. Any questions or recommendations can be addressed to the e-mail address below.
19.3. Constant Internet developments in general necessitate the adaptation of our rules concerning the protection of online data from time to time. ‘DIMERA GROUP’ reserves the right to make any recommended changes to these rules at any time.