PRIVACY POLICY

1. Subject

The Company “SUSTAINABLE URBAN PLANNING CONSULTANTS- CITY PLANNING ENGINEERS LIMITED PARTNERSHIP” based at Pentelis 27, Palaio Faliro (hereinafter “the Company”) through this Policy aims to inform the users of the website https://supco.gr/ (hereinafter “website”) regarding the processing of their personal data. The Company as Data Controller collects and processes users’ personal data, with absolute transparency, for legal purposes and in accordance with the applicable data protection legislation.

2. Terms

For the purposes of this Policy, the following terms have the following meanings:

"Data Protection Legislation": General Data Protection Regulation (EU) 2016/679 (hereinafter “GDPR”), law 4624/2019, Decisions, Guidelines and Opinions of Hellenic Data Protection Authority and, the relevant legislation about the protection of Personal Data.

"Personal Data": means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

"Processing": means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

"Data Controller: means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

«Data Subject»: Natural person whose data are processed. In this case the user of the website is the Data Subject.

3. Collection and processing of users' Personal Data

3.1. Personal Data we collect from the contact form

In case you wish to contact us by filling out the contact form, we collect your personal data such as name, email, and the content of your message, in order to contact you.

Purpose
Contact with clients/users
Legal Basis
The processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.

4. Data retention period

Personal data shall be retained for as long as necessary for data collection purposes, as specified in section I, unless otherwise specified by law.It is our Company’s responsibility, once the retention period expires, to ensure that your data will be safely deleted or destroyed in accordance to explicitly described standards and specifications, apart from your data that we use with your consent. That data will be retained until you recall your consent.

5. Security

Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the Company implements the appropriate technical and organizational measures to ensure a level of security of your personal data. Although no method of transmission over the Internet or method of storage is completely secure, we take all necessary security measures for your data.

6. To whom your personal data are disclosed and/or transmitted

Your personal data may be transmitted to third parties, who have been entrusted with the processing of personal data on behalf of the Company. In any case, the third parties to which user data may be transmitted are contractually bound to the Company to ensure the obligation of confidentiality and offer adequate assurance for the implementation of necessary technical and organizational measures provided by the Data Protection Legislation. At the same time, your personal data may be transmitted to public authorities, independent authorities, etc. in the exercise of their duties or at the request of a third party citing a legitimate interest and in accordance with legal procedures.

7. Data Transfers to countries/organizations outside EU/EEA.

Your personal data, are not transferred to countries/organizations outside the European Union (EU) or the European Economic Area (EEA). However, in case your personal data is transferred to a country outside the European Union (EU) or the European Economic Area (EEA), we will ensure that the data transfer is done legally. Otherwise, transmission to a third country is prohibited and the Company will not transmit your personal data to a country/organization outside the European Union (EU) or the European Economic Area (EEA).

8. Rights of the data subject

The General Data Protection Regulation provides you with rights and options that we are committed to satisfying. Thus, you may:

  1. request information about your stored personal data and the way it is processed. If you so wish, we shall provide a copy of your personal data undergoing processing, free of charge (Right of Access).
  2. request rectification of inaccuracies or errors, correction of incomplete data or an update of your data (Right to rectification).
  3. request erasure of personal data, if no longer retained for specific, legal or stated purposes (Right to erasure or Right to be forgotten).
  4. request restriction of processing a) when the accuracy of the personal data is contested, b) when the processing is unlawful (but you oppose the erasure of the data), c) when the data is no longer needed for the purposes of the processing, and d) for as long as the verification whether the legitimate grounds of the controller override those of the data subject are still pending.
  5. object on grounds relating to your particular situation, at any time, to processing of personal data, especially when this data is processed for direct marketing purposes or profiling. More specifically, you may object to a decision based solely on automated processing. In such a case, you may exercise your right of intervention (Right to object - Automated individual decision-making).
  6. receive your personal data in a structured, commonly used and machine-readable format or transmit this data to another controller at your behest, where technically feasible and at all times under the specific conditions of the law (Right to data portability).
  7. revoke your once granted consent for your data processing at any time. As a result, we will not be allowed to continue the data processing based on this consent in the future.

You may address your requests via email to info@supco.gr, or you can call us at 2109317175. The Company shall answer all your requests within one (1) month. In the extremely rare cases that such a fulfillment is proven unfeasible, we shall immediately inform you explaining the reasons in detail. If you believe that the GDPR provisions for the protection of your personal data are being violated, you may file a complaint to the Hellenic Data Protection Authority (DPA) www.dpa.gr.

9. Modifications of the Privacy Policy

The Company may modify this Privacy Policy at any time in order to ensure compliance with regulatory changes or to meet its operating needs and its legal obligations.