PRIVACY POLICY FOR SCORIP

 

This document (the “Privacy Policy”) is a legal document aiming to inform the Visitors of the Website and the Customer/ Users of the Website/ Service about their rights regarding the processing and protection of general and personal data that come to the control of the Provider under this Agreement.

This Privacy Policy explains the kind of information and data which will be processed by the Provider, how they will be processed, and it informs the Data Subject about its rights and tools available to control the processing of its Personal Data.

Please read carefully. By visiting the Website and/or subscribing and/or contacting the Provider and/or purchasing a Licence and/or accessing and using the Service you agree with the terms of this Privacy Policy and you are bound by them.

 

1.    DEFINITIONS

“Administrator Account” means an account created by the Provider through which the Customer and/or its representatives and/or employees will access and use the Service;

“Administrator” means the natural person, designated by the Customer, as the authorized person to manage the Administrator Account;

“Agreement” means the Terms and Conditions, the entire content of the Website and any terms embodied in a quotation given by the Provider to the Customer for the purchase of a Licence in accordance with the Terms and Conditions whether embodied in the Terms and Conditions or displayed elsewhere on the Website;

“Consent” means freely given, specific, informed and unambiguous consent given by the Data Subject by which authorises the Provider to process any personal data of the Data Subject that may come in the Provider’s control due to the use of the Website or the Service by the Data Subject;

“Controller” means the natural or legal person, public authority, agency or other body, which alone or jointly with others determines the purposes and/or the means of the processing of personal data;

“Customer” means the legal entity to whom a Licence is granted by the Provider, in accordance with the Terms and Conditions and/or the legal entity which contacts the Provider through the Website and/or via e-mail;

“Customer Data” means all data, works, materials, which the Customer uploads or stores on the Platform, transmitted by the Platform at the instigation of the Customer, supplied by the Customer to the Provider for uploading to, transmission by or storage on the Platform, or generated by the Platform as a result of the access and/ or use of the Service by the Customer;

 

“Cross-border processing” means:

(a)   processing of personal data which takes place in the context of the activities of establishments in more than one Member State of a controller or processor in the Union where the controller or processor is established in more than one Member State; or

(b)   processing of personal data which takes place in the context of the activities of a single establishment of a controller or processor in the Union but which substantially affects or is likely to substantially affect data subjects in more than one Member State.

“Customer’s Personal Data” means the personal data of any individual which are provided by the Customer to the Provider in accordance with the Terms and Conditions of the Agreement;

 

“Data Subject” means the person who can be identified by the Personal Data processed by the Provider and includes the Visitors of the Website, the Customer and/or any persons authorized by the Customer to access and use the service according to the Terms and Conditions of the Agreement;

 

“Designated address” means the e-mail address provided by the Customer to the Provider in the Online Form and/or in the Online Order Form;

“Effective Date” means the date upon which the Provider, following the payment of the Licence Fee by the Customer, creates an Administrator Account for the Customer;

“Expiration Date” means the last calendar day of the Licence Term, upon which the access and use to the Service by the Customer is terminated; 

“Free Trial Licence” means a permission given by the Provider to the Customer to access and use the Service, free of charge for a period of 14 calendar days;

“Intellectual Property Rights” means all intellectual property rights wherever in the world, whether registrable or unregistrable, registered or unregistered, including any application or right of application of such rights (including copyright and related rights, database rights, confidential information, trade secrets, know-how, business names, trade names, trade marks, service marks, passing off rights, unfair competition rights, patents and rights in designs);

“KPI data” means any data uploaded or inserted on the Service by the Administrator and/or the Users during the use of the Service and which relate to key performance indicators and/or any reports resulting from the use of the Service by the Customer;

“Licence” means the permission granted by the Provider to the Customer to access and use the Service, through the Website;

“Licence Fee” means an amount of money payable by the Customer to the Provider, for the purchase of the Licence΄

“Licence Term” means the period during which the Customer is permitted to access and use the Service according to the Terms and Conditions of the Agreement;

“Online Form” means an online form other than the Online Order Form, published on the Website by the Provider;

“Online order Form” means an online form published on the Website by the Provider, which the Customer must complete and submit to the Provider, in order to purchase a Licence for the Basic Online Package;

“Pseudonymisation” is processing of personal data is such a manner the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified it identifiable person;

“Personal data” means any data relating directly or indirectly to a person by which the person may be identified. Personal Data does not include any data that is anonymized, aggregated, de-identified or compiled on a generic basis and which does not name or identify a specific individual directly or indirectly;

“Personal Data Breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data transmitted, stored or otherwise processed;

“Processor” means the natural or legal person, public authority, agency or other body which processes personal data on behalf of the Controller;

“Processing” means the collecting, recording, using, storing, amending, adapting, disclosing, transferring, transmitting, structuring, using, combining, deleting, destroying of any personal data that come in the control of the Provider in the course of use of the Website or the Service by the Data Subject;

“Profiling” means any form of automated processing of personal data regarding the evaluation of certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, interests, reliability, behaviour, location or movements;

“Provider” means the company Thomas Poutas International Associates Ltd, which provides the Service;

“Recipient” means the person or legal entity, public authority, agency or another body, to which the Personal Data are disclosed;

“Restriction of processing” means the marking of stored personal data with the aim of limiting their processing in the future;

“Service” mean the online business management “Software as a service” application, named SCORIP;

“Subscription” means the submission of an Online Form Order to the Provider by the Customer, through the Website;

“Terms and Conditions” means all the documentation containing the provisions of the Agreement, namely the Online Order Form, the main body of Terms and Conditions, including the amendments to that documentation from time to time;

“Third Party” means the person or legal entity, public authority, agency or body other than the data subject, controller, processor and persons authorised by the processor or the controller and who process personal data;

“User” means a natural person accessing and using the Service under the Licence of the Customer;

“Visitor’s Personal Data” means the personal data of a Visitor;

“Visitor” means a natural person who navigates through the Website;

“Voluntary Termination” means the termination of the Licence by either party, before the Expiration Date;

“Website” means the website SCORIP.COM and through which the Service is provided;

 

2.    GENERAL PRINCIPLES

Each party shall comply with the Data Protection Laws in respect to the processing of the Personal Data of any Data Subject.

The Customer warrants to the Provider that it has the legal right to disclose all Personal Data that it does in fact disclose to the Provider, under or in connection with the Agreement.

Any Personal  Data disclosed by the Customer and processed by the Provider must be required by or related to the Agreement.

The Provider shall only process the Personal Data provided by a Customer/ Data Subject, from the date and time that the Customer contacts the Provider and/or subscribes to the Service and/or purchases a Licence and/or during the Licence Term and not for more than 90 days after the Expiration Date, unless otherwise is provided in this Privacy Policy.

If the Customer instructs the Provider to process Personal Data in a way that infringes the Personal Data laws, the Provider shall inform the Customer promptly and decline to follow the instructions.

The Provider shall assign the process of Personal Data only to authorized persons who have committed themselves to confidentiality or are under appropriate obligation of confidentiality.

The Provider and the Customer shall each implement appropriate technical, organisational measures to ensure an appropriate level of security of Personal Data of any Data Subject, who is affected by the processing of its Personal Data under the Agreement.

The Provider is hereby authorized by the Customer to assign the processing of the Customers Personal Data to third parties, acting as sub-processors on behalf of the Provider.

The Provider shall make available to any Data Subject all information necessary to demonstrate its compliance with its obligations under the Data Protection Laws.

The Provider shall process only Personal Data which are required for the use of the Website, the purchase of a Licence, the provision to the Customer/Users of access and use of the Service, the provision of the Service, billing, communication between the Provider and the Customer and/or the Data Subject and the Termination/ renewal of α Licence.

The Provider shall use “cookies” to store and track user information. The Visitor of the Website and/or the Customer and/or the User will be offered the option to disable or control the “cookies”, by setting a preference within their browser.

 

3.    COLLECTION OF GENERAL DATA AND INFORMATION

The Visitor/ Customer/ User hereby grants to the Provider a non-exclusive licence to collect, store, copy, reproduce, distribute, publish export, adapt, edit and translate the Visitor’s/ Customer’s general data and information to the extent reasonably required for the performance of the Provider’s obligations and the exercise of the Provider’s rights under the Agreement.

The Visitor/ Customer also grants the Provider the right to sub-license these rights to its hosting, connectivity and telecommunication service providers to the extent reasonably required for the performance of the Provider’s obligations and the exercise of the Provider’s rights under the Agreement, subject to the national and European Legislation regulating the protection of personal data and subject to any express restrictions provided in the Privacy Policy and the Agreement. The Visitor/Customer/User agrees and consents to cross-border processing of such general data and information.

The Customer warrants to the Provider that the general data will not infringe the Intellectual Property Rights or other legal rights of any person and will not be in breach of any provisions of the law, statute or regulation in any jurisdiction and under any applicable law.

The Provider shall create a back-up copy of the general KPI Data provided by a Customer (and not by a Visitor) at weekly basis and the Provider shall ensure that such copy is sufficient to enable the Provider to restore the Service to the state they were at the time the back-up was created and shall retain and securely store each such copy for a minimum period of 7 days. The Provider shall keep the last back-up copy created before the Expiration Date, for a period of 90 calendar days.

The Provider may collect general data such as KPI Data, browser types and versions used, operating system used by the accessing system, the websites from which an accessing system reaches the Website, the sub-websites, the date and time of access to the Website, the IP address of the Visitor and/or User and/or Customer and/or any other similar data and information that may be used in the event of attacks on the information technology systems of the Provider.

The general data and information collected by the Provider is needed for the performance of the Provider’s obligations under the Agreement,  to deliver the content of the Website, to optimize the content of the Website, to ensure the viability of the information technology system and the Websites technology of the Provider and to assist law enforcement authorities with necessary information for criminal prosecution in case of cybercrimes.

The general data analysis is conducted anonymously and statistically and aims to increase the data security and data protection of the Website and the Service.

The Provider may use “cookies” to store and sometimes track user information. Cookies can be disabled or controlled by setting a preference within the browser.

 

4.    PERIOD OF PROCESSING OF PERSONAL DATA

The Provider shall process the Personal Data only for the period necessary to achieve the purpose of the processing, pursuant to the provisions of the Agreement and/or as far as this is allowed by the European Legislation or any legislation to which the Provider is subject to.

The purpose of the processing depends on the activities of the Customer in relation to the Website and/or the Service

When the purpose for which the Personal Data ceases and/or the period allowed by the law expires, the Personal Data are erased in accordance with the legal requirements.

 

5.    TYPE OF PERSONAL DATA PROCESSED

The Provider does not process any Personal Data of Visitors.

 

The Provider processes Personal Data  such as name, surname, telephone number, address and email address of the Customer and such as the Administrator and the Users who are accessing and using the Service under the Customer’s Licence.

If the Customer and/or any Data Subject corresponds with the Provider, the Provider may retain the content of the e-mail messages, e-mail address and the Provider’s responses.

 

6.    OBLIGATIONS OF THE PROVIDER

The Provider shall process the Personal Data only for the period necessary to achieve the purpose of the processing, as far as this is allowed by the European and national legislation to which the Provider is subject to.

The Provider will block and/or erase routinely, any Personal Data for which the purpose of processing is not applicable and/or processing period has expired.

The Provider shall take all reasonable measures to ensure that for the processing of Personal Data, uses standard, industry-wide, commercially reasonable security practices, for protecting the Personal Data the Provider processes.

The Provider is obliged, where possible, to apply Pseudonymisation to Personal Data processed under the Agreement.

The Provider shall not process any Personal Data provided by the Customer at the payment of the Licence Fee and the Provider shall ensure that such Personal Data will be erased immediately after the completion of the payment.  

The Provider shall not rent or sell Personal Data to Τhird parties.

The Provider shall store Personal Data on servers or databases hosted in a secure environment. For this purpose, the Provider may apply cross-border processing, in accordance with the provisions of the Privacy Policy.

The Provider shall not disclose any Personal Data to any Third parties, unless required to do so by law or subpoena or if the Provider believes that such action is necessary to conform  with the law, comply with legal processes served on the Provider or affiliates or to investigate, prevent or take action regarding illegal activities, or in order to enforce the Agreement or to take precautions against liability, to investigate and defend the Provider against third-party claims or allegations, to assist government enforcement agencies, or to protect the security or integrity of the Website and exercise and protect the rights, property or personal safety of the Provider, the visitors of the Website or the users of the Service.

In case the Provider assigns to independent contractors, vendors, suppliers (collectively as “Independent Contractors) the processing of Personal Data, the Provider is obliged to:

(a)  Protect the Personal Data which the Provider processes under the Agreement in accordance with the Terms and Conditions and the Privacy Policy;

(b)  Not use or disclose Personal Data which the Provider processes under the Agreement for any other purpose other than the purchase  of products or services for which the Provider has contracted with the Independent Contractors;

(c)  The Provider shall ensure that the Independent Contractors operate in compliance with GDPR.

Although the Provider is located in EU, it might transfer Personal Data in European and non-European countries such as USA. The Provider may only transfer Personal Data, processed pursuant to the Agreement, outside the EU, where the Provider has lawful basis to do so and provided that the recipient is: (a) in a country which provides an adequate level of protection of personal data or (b) bound by Standard Contractual Clauses for data transfers between EU and non-EU countries. The Provider shall ensure that any contractual agreement with such a recipient contains such Standard Contractual Clauses, as to ensure adequate safeguards for the transfer of data to recipients in third countries, which do not ensure an adequate level of data protection.

In case of Personal Data Breach, because of security breach, the Provider shall promptly notify the Customer and the Data Subject, to whom the compromised Personal Data belong, as required by law.

Since the content and services provided by the Provider through the Website and the Service are not directed towards children, if the Provider discovers that it has collected Personal Data from a child under the age of 16, without parental consent, the Provider shall delete the Personal Data of the child within and not later than in 30 days.

 

7.    RIGHTS OF THE DATA SUBJECT

 

7.1.       RIGHT OF CONFIRMATION

The Data Subject has the right to obtain from the Controller a confirmation as to whether the Data Subject’s Personal Data are being processed by the Controller.

 

7.2.       RIGHT OF ACCESS

The Data Subject has the right to know which Personal Data are processed by the Controller and to be informed in writing by the Controller.

Additionally, the Data Subject may request to be informed about:

(a)  The purpose of the processing;

(b)  The categories of Personal Data that is being processed;

(c)  The recipients or categories of recipients to whom the Personal Data have been or will be disclosed;

(d)  The envisaged period for which the Personal Data will be processed and if the period cannot be determined, the Controller shall inform the Data Subject as to the criteria applied to determine the period;

(e)  The existence of the right to request from the Controller rectification or erasure of Personal Data or restriction of processing of Personal Data concerning the Data Subject;

(f)   The right to lodge a complain with a supervisory authority;

(g)  Where the Personal Data are not collected from the Data Subject, any available information as to their source;

(h)  The existence of automated decision-making, such as profiling and at least in those cases, meaningful information about the logic involved, as well as the significance and envisaged consequences for the Data Subject.

Where Personal Data are transferred to a third country or to an international organisation, the Data Subject has the right to be informed about the appropriate safeguards in relation to the transfer.

The Controller shall provide a copy of all Personal Data undergoing processing. For any further copy, the Controller may request reasonable fee based on administrative cost. Where the Data Subject’s request is submitted electronically, the information shall be provided in commonly used electronic form.

7.3.       RIGHT TO RECTIFICATION

The Data Subject may request the rectification of inaccurate, incomplete, or false of his/her Personal Data .

7.4.       RIGHT TO BE FORGOTTEN

The Data Subject may request and obtain by the Controller the erasure of any Personal Data of the Data Subject and the Controller shall erase such Personal Data when one of the following grounds applies and as long as the processing is no longer necessary:

(a)  The Personal Data is no longer necessary for the purposes or activities for which it was collected or otherwise processed;

(b)  The Data Subject withdraws its consent under the provisions of GDPR and where there is no other legal ground for the processing;

(c)  The Data Subject objects to the processing pursuant to the provisions of GDPR and there are no overriding legitimate grounds for the processing;

(d)  The Personal Data has been unlawfully processed;

(e)  The Personal Data must be erased for compliance with a legal obligation of the Controller to which the latter is subject.

 

7.5.       RIGHT OF RESTRICTION OF PROCESSING

The Data Subject may obtain from the Controller restriction of processing where one of the following apply:

(a)  The accuracy of the Personal Data is contested by the Data Subject, for a period enabling the Controller to verify the accuracy of the Personal Data;

(b)  The processing is unlawful, and the Data Subject opposes the erasure of the Personal Data and requests the restriction of their use instead;

(c)  The Controller no longer needs the Personal Data for the purposes of the processing, but they are required by the Data Subject for the establishment, exercise or defence of legal claims;

(d)  The Data Subject has objected the processing pursuant to Article 21(1) of the GDPR pending the verification whether the legitimate grounds of the Controller override those of the Data Subject.

 

7.6.       RIGHT TO DATA PORTABILITY

The Data Subject has the right to receive the Personal Data concerning him or her and which are processed by the Controller in a structured, commonly used and machine-readable format. The Data Subject shall have the right to transmit those data to another controller without hindrance from the Controller, provided that the processing is based on consent or a contract and the processing it carried out by automated means as long as the processing is not necessary for the performance of a task carried out in the public interest or in exercise of official authority vested in the Controller.

Furthermore, the Data Subject has the right to have Personal Data transmitted from one controller to another, where technically feasible and doing so does not affect adversely the rights and freedoms of others.

 

7.7.       RIGHT TO OBJECT

The Data Subject shall have the right to object on grounds relating to his or her situation, at any time, to the processing of its Personal Data and/or profiling.

In the event of an objection, the Provider shall no longer process the Personal Data, unless the Provider demonstrates compelling legitimate grounds for the processing, which override the interests, rights, and freedoms of the Data Subject or for the establishment, exercise, or defence of legal claims.

If the Provider processes Personal Data for direct marketing purposes, the Data Subject shall have the right to object at any time to the processing of its Personal Data for such marketing. This includes profiling to the extent that it is related to such direct marketing. If the Data Subject exercise its right, the Provider will no longer process the Personal Data for these purposes.

In addition, the Data Subject shall have the right to object to the processing of its Personal Data by the Provider when such processing relates to scientific or historical research purposes or statistical purposes, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

 

7.8.       AUTOMATED INDIVIDUAL DECISION-MAKING, INCLUDING PROFILING

The Data Subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning the Data Subject or similarly affects him or her, as long as :

(a)  The decision is not necessary for entering into, or the performance of the Agreement between the Customer and the Provider;

(b)  The decision is not authorised by the European Union or Member State law to which the Controller is subject, and which also lays down suitable measures to safeguard the Data Subjects rights and freedoms and legitimate interests;

(c)  The decision is not based on the Data Subject’s explicit consent.

If the decision is necessary for entering into, or for the performance of the Agreement between the Customer and the Provider or it is based on the Data Subject’s explicit consent, the Provider shall implement suitable measures to safeguard the Data Subject’s rights, freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express its point of view and contest the decision.

7.9.       RIGHT TO WITHDRAW DATA PROCESSING CONSENT

The Data Subject shall have the right to withdraw its consent to processing its Personal Data at any time.

8.    PROCESSING OF PERSONAL DATA

The Provider processes Personal Data that the Customer and/or the Data Subject provides, to contact the Provider, purchase/renew/ terminate a Licence, operate, maintain, and provide to the Customer the features and functions of the Website and the Service and to comply with its obligations under the Agreement.

If the Customer/ Data Subject removes content from the Website and/or the Service, copies may remain viewable in cached and archive pages or if other Users have copied or stored the Data Subject’s content.

The Provider may process Customer’s Personal Data to inform the Customer about special offers, new products and services, new additional features of the Service, provided that the Customer explicitly consents to such process, by clicking on the relevant checkbox, when filling in an Online Form or an Online Order Form. The Customer and/or the Data Subject may withdraw its consent by clicking on the relevant link, contained in each notice given by the Provider.

The Provider uses cookies every time a Visitor visits the Website or a Customer/ Administrator/ User access and uses the Service. Additionally, the Provider provides custom, personalized content, and information, monitor the effectiveness of the Service, monitor the aggregate metrics such as total number of visitors and traffic, diagnose or fix technology problems reported by the Customer/Administrator/Users and help the Data Subject efficiently access his/her information after they log in.

The Provider processes Customer’s Personal Data, when the Customer contacts the Provider, fills in and submits to the Provider an Online Form and/or subscribes and/ or when the Provider creates and Administrator Account for the Customer and/or when the Administrator creates the accounts for the view-only Users of the Service. The Personal Data are collected and stored exclusively for internal use by the Provider. Any further transfer by the Controller to one or more processors must be for purposes attributable to the Provider.

By contacting the Provider, submitting an Online Form, subscribing, accessing, and using the Service, the Customer’s /Data Subject’s IP address and the date and time of the action may be stored. The purpose of storage is to prevent the misuse of the Service and/or to investigate committed offences. Such data shall not be passed on to third parties unless there is a statutory obligation to pass on the data or if the transfer serves the aim of criminal prosecution.

The processing of the Personal Data of the Customer and/or the Data Subject is necessary to enable the Provider to contact the Customer and/or the Data Subject, to provide the purchased Licence and to offer to the Customer and/or the Data Subject contents or services which are only offered to the Customer and/ or registered Users. The Data Subjects are free to change their Personal Data they disclose to the Provider at any time or to have them completely deleted, provided that the deletion will not affect the Provider’s rights and ability to perform its obligations under the Agreement or its obligation imposed by any law to which the Provider it subject.

DISCLAIMER

The Provider shall not be responsible and does not undertake any duty to protect any Personal Data voluntarily disclosed by the Data Subject in public areas and/or public bulletin boards and/or in public classified advertisement within the Website. Additionally, the Provider will not be responsible and/or liable for any processing of Personal Data of the Data Subject which the Data Subject has voluntarily disclosed in the Messages, Groups or in the Profile Page within the Website, where other Users are authorized by the Customer to have access.

DENIAL OF DISCLOSURE

The  Customer/ Administrator/ User may decline to submit Personal Data through the Website and/or the Service, in which case the Provider may not be able to provide certain aspects of the Service.

 

CONTACT IN CASE OF QUESTIONS OR REQUESTS REGARDING PRIVACY POLICY

If the Data Subject wishes to exercise any of the above rights, he or she may at any time directly contact the Provider’s Protection Officer or another employee of the Controller at info@scorip.com