2. Data controller and DPO
The Data Controller is Fanis Gerodimos (“Controller”).
You can contact the Data Protection Officer (“DPO”) at the following address:
85 17th NOEMVRI st. PYLAIA
P.O. 55 534 THESSALONIKI
3. The Data we process
The following data can be processed:
the usual personal data that you may provide when using the Site features, including browser data or requests to use the services offered on the Site, as well as data collected from cookies as set forth in the Cookies Policy;
4. Why and how we process your personal data
With your consent, the Company may process your personal information in order to ensure that you can benefit from the services and functions available and optimize their performance, collect statistics on its use, manage the requests and reports received through the Website and manage your registration in any restricted areas and initiatives that may exist on the Website pursuant to Rule 6.1.a. of GDPR. The Company may also process your personal data to comply with obligations arising from European Union laws, regulations and law: the legal basis for processing for this purpose is Article 6 (1) (c) of the GDPR Regulation.
In addition, with your voluntary consent, your usual personal data may also be used in the official publications of the company or in advertising activities, that is, in the context of sending advertising material and / or commercial communications relating to Company services to contact information. which are reported using traditional methods and / or methods of communication (eg mail, telephone, etc.) or automated means (eg Internet communications, fax, email, etc. text messages, mobile apps such as smartphones and tablets, social media accounts, eg Facebook or Twitter, etc.). The legal basis for processing for this purpose is Article 6 (1) (a) of the GDPR Regulation.
The personal data of users wishing to be included in the company database with businesses and professionals will be processed (though not restrictedly collected, registered, organized, stored) for the purpose of providing the service, as well as promoting services and products. of the company and in accordance with personal data protection legislation. The use of the service by these users implies that they consent to the company processing their data in the context of providing the service.
Finally, the Company may process your usual and sensitive personal data to protect its rights in litigation.
All of your data is processed using automated and electronic tools that are designed to ensure complete security and confidentiality.
5. Required processing and optional processing
The forms to be filled out on this Website require that you provide the personal information that is strictly necessary for the processing of your messages and requests. These data are marked with an asterisk [*]. If you do not wish to provide them, we will not be able to process your messages / requests.
On the contrary, some forms may allow the provision of personal data that is not strictly necessary to process your requests: the provision of such data is optional and failure to submit it has any consequence.
6. Browsing data
If you only visit the Website (that is, without sending any messages or using any of the available services / features), your data processing is limited to browsing data, that is, the data that is required to be sent to the Site for the operation of computers running the Website and Internet communication protocols. This category includes, for example, the IP addresses or computer domains used to visit the Website and other parameters related to the operating system used to link to the Website. The Company collects such and other data (such as the number of visits and the time spent on the Site) for statistical purposes only and in anonymous form, in order to monitor the operation of the Website and improve its performance. This data is not collected to link to other user information or to identify users. However, this information, by its nature, may allow the Company to identify users through the processing and connection to data held by third parties. Browsing data is usually deleted after being processed in anonymous form, but may be stored and used by the Company to identify and identify perpetrators of any computer crimes committed against or through the Website. Without prejudice to this possibility and the provisions of the Cookies Policy, the browsing data described above is only cached in accordance with the law.
7. Links to other sites
8. How we store data and for how long
Pursuant to Article 5 (1) (c) of the GDPR Regulation, computers and programs used by the Company are created in such a way as to minimize the use of personal and identification information. Such data shall be processed only to the extent necessary to achieve the objectives set out in this Policy and shall be stored for as long as is strictly necessary to achieve the specific objectives pursued. In any case, the criterion used to determine the storage period is based on compliance with deadlines permitted by law and the principles of data minimization, storage restriction or rational management of our records.
9. How we ensure the security and quality of your personal data
The Company undertakes to ensure the security of the user’s personal data and to comply with the security provisions provided by law to prevent data loss, illegal or irregular use of data or unauthorized access to data, with particular but not exclusive Reference to Articles 25-32 of GDPR. The Company uses many types of advanced security technologies and procedures to protect the user’s personal data. For example, personal data is stored on secure servers located in protected and controlled access facilities. The user can help the Company update and correct their personal information by announcing any change of address, qualifications, contact details, etc.
10. People with access to the data
Persons belonging to the following categories are authorized to process user data: technical and administrative personnel, IT personnel, product managers, and other staff members who must process the data to perform their duties.
The Data may also be disclosed to third countries: (i) institutions, authorities, public bodies for institutional purposes; (ii) professionals, independent consultants – whether working individually or collectively – and other third parties and providers providing the Company with commercial, professional or technical services required to operate the Website (eg IT and Cloud Computing) for the purposes set out above and to support the Company in providing the services you requested; iii) to third parties in the event of mergers, acquisitions, transfers of business or branch offices, audits or other extraordinary transactions. The said recipients receive only the data necessary for their respective functions and duly process them only for the purposes set forth above and in accordance with data protection laws. The Data may also be disclosed to other legal recipients identified from time to time by applicable laws. Except for the foregoing, the Data will not be disclosed to third parties, natural or legal persons, who do not perform commercial, professional or technical tasks for the Controller and will not be disseminated. Parties receiving the Data process as Data Controllers, Processors or persons authorized to process personal data, as appropriate, for the purposes set out above and in accordance with applicable data protection law.
With regard to the transfer of data outside the EU, even in countries whose laws do not guarantee the same level of protection of personal data confidentiality as that provided by EU law, the Processor informs that the transfer will in any case be carried out in accordance with by methods permitted by the GDPR, such as user consent, on the basis of standard contractual clauses approved by the European Commission, selecting parties participating in an international program a for the free movement of such data (eg EU-US Privacy Shield) or carried out in countries that are considered safe by the European Commission.
11. Specifically, the service provides the user with the facility
a) search from the company database a business or professional natural person using as keywords the business name or the name of the professional or the type and location of the business or professional by typing the county, district or street of the seat.
(b) identify the geographical map available on the web site exactly where the place of business or the searcher is located, how to access it, as well as points of interest near the place of business or professional
(c) to promote to the company its own particulars (in particular the name or name, type and location of business) to include it among the companies and professionals included in the company database. To this end, the user fills out the Free Registration form. It is specified that this form is filled out only by the person who wishes to register it at https://sarahlawrence.com/ , and the registration of his / her information by a third party expressly or for free is expressly prohibited.
12. For the convenience of the users of the service and by criterion of the category of business or professional persons on the homepage of the website there are the most popular categories of business and professional, so the user can select one of them and identify the place of interest, can quickly look for the information he is looking for. The Company has designed the website https://sarahlawrence.com/ so that its users can visit it without having to reveal their identity unless they so desire. Users of the Website are requested to provide information about their personal data only if they wish to order products, register on the Website and / or email email@example.com . The service provided on this web site, as well as the content published on it, including maps, photos or videos may be used for personal, non-professional use only. Commercial use of the Website is prohibited. Every order execution and delivery of products requires the collection of personal information. Any supporting documents and documents certifying and identifying the customer are kept strictly confidential and controlled only by the responsible responsible department of the Company. The User’s submission, presentation and display of his / her personal data, means that he / she consents that such data be used by the Company for the above reasons. Therefore, the ordering of products by the user through the website https://sarahlawrence.com/ and acceptance of this transaction, means the acceptance by the user to receive and process for the above reasons and within the above frameworks. by the user of the personal data provided by the user.
14. The User is responsible for accessing this Website and the Service and is obliged to use the Website for lawful purposes and in accordance with good ethics. It is expressly agreed that users of the Service will be prohibited from using technical means to access the site’s database. For example, software for automated extraction of data for personal or professional use is not permitted.
17. Content and service are provided ‘as is’. The company is not responsible for the availability, integrity, validity, completeness of the information. Applying routing from address to address or point of interest is the result of an algorithm and may not be possible as soon as possible. The company is not responsible for the decisions of users based on information available on or available through this site. Each user is solely responsible for protecting their personal equipment and software against viruses.
18. The Company cannot guarantee that the Service will be available at any time without interruption and that it will operate without errors and disturbances. Due to technical conditions, which are not affected by the company, interruptions may occur, especially in the event of the unavailability of the Internet or the website, as well as a temporary interruption of service. This also applies to maintenance and updating measures. The user declares that he / she is in compliance with such measures as possible outside the normal working hours and that they are reported in a timely manner and with the relevant adverse effects to a reasonable degree. Such temporary unavailability of the service is not a defect. The company is not liable for any damage caused to the user due to the use and / or unavailability of the service, the information on this website.
19. Your rights
You may at any time exercise the rights granted by Articles 15-22 of the GDPR, including the right to confirm the existence of personal data relating to you, to check their content, their origin, their correctness, their location ( also in relation to any Third Countries), request a copy, request a correction and in cases provided for by law, request a restriction of their processing, delete them, oppose direct communication activities , To object to direct marketing activities (which also limited to certain media). Likewise, you can always withdraw your consent and / or make comments on specific issues regarding the processing of your personal data that you consider to be incorrect or unjustified in your relationship with the Company or to file a complaint with the Personal Data Protection Authority . You can contact the Processor and / or DPO at the addresses listed above to make any requests regarding the processing of personal data by the Company, to exercise your legal rights, and to obtain an up-to-date list of parties having access to your data.
20. Users can contact the company by +30 6984127763 or by sending an email to https://sarahlawrence.com/ . Through the above modes of communication the user can also confirm his personal data held by the company in his information systems, request correction, change or deletion. In case the user wishes to be removed from the database maintained by the company, he / she must send a signed statement of deletion from the company’s information system to https://sarahlawrence.com/ . Otherwise, where the company does not receive the user’s signed statement for deletion from its information system, it reserves the right to retain the user’s personal data while providing the service and sending promotional messages.
22. Transaction security
The Company is committed to ensuring the security and integrity of the data it collects about the users of its website and therefore takes the necessary steps to protect the personal data that users provide in any way. These procedures protect users’ data from any unauthorized access or disclosure, loss or misuse, and change or destruction. Sarahlawrence.com uses the SSL protocol, with 128-bit encryption (the most powerful one today), for secure online trading. This encrypts all of the user’s personal information, including his credit card number, name and address, so that they cannot be read or modified during their transfer to the Internet. The SSL (Secure Sockets Layer) protocol is today the world-wide-web standard for the certification of web sites for web users and for the encryption of data between web users and web servers. An encrypted SSL communication requires all information sent between a client and a server to be encrypted by the shipping software and decrypted by the receiving software, thereby protecting personal information when transmitted. In addition, all information sent with the SSL protocol is protected by a mechanism that automatically checks if the data has been modified during transport. In case the user chooses to pay by credit card, credit card transactions are made with the Bank’s security system under the name “Piraeus Bank”.
All card payments are processed through Piraeus Bank’s online payment platform and uses TLS 1.2 encryption with 128-bit encryption protocol (Secure Sockets Layer – SSL). Encryption is a way of encoding information until it reaches its designated recipient, who can decode it using the appropriate key.