PRIVACY POLICY

1. INTRODUCTION

Whyagency.gr is the official website of the company under the distinctive title DIGITALWISE, with registered offices at 245-247, Mesogeion Avenue, Athens Attica (P.C. 15451), (TIN) & VAT number EL 800673546, e-mail: [email protected], tel. (+30) 2121043200.

The Company has taken the appropriate technical and organisational measures which ensure that processing of your personal data complies with the General Data Protection Regulation (EU) 2016/679 (GDPR). Especially, whyagency.gr adopts internal policies and implements measures which meet the principles of data protection by design and data protection by default.

This Privacy Policy applies to the Website’s Users. Therefore, the words “you”, “your” and generally the use of the second plural form refers to any User. Throughout the Privacy Policy, the use of first plural form (terms “we”, “us”, “our” etc.), refer to the Company. Users should comply with the Privacy Policy, while browsing/ using the Website/ Services. By using this Website, you agree to be bound by this Privacy Policy. In case you disagree with the Privacy Policy, you must refrain from any action, interaction, access and use of the Website.

2. SCOPE AND AIM

While browsing through different webpages of the Website, we may ask you to disclose some personal data in order to provide you with our Services. This Privacy Policy (hereafter Privacy Policy) describes the type of your personal data which are subject to the processing, the way and the context in which your personal data are collected, the purposes and means of the processing of your personal data, the lawfulness of processing, the entities to which your personal data may be disclosed, the purpose limitations, the storage period, the measures we take to ensure lawful and fair processing and the principles relating to processing of your personal data. It also includes information about your rights and data protection. The Privacy Policy applies only to processing of personal data by the Company for purposes of the Website’s Services and operation.

3. DEFINITIONS

Personal data or Data: Any information relating to an identified or identifiable natural person (data subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data,

an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

Processing: Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

Data controller: The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the Controller or the specific criteria for its nomination may be provided for by Union or Member State law;

Processor: A natural or legal person, public authority, agency or other body which processes personal data on behalf of the Controller;

Consent of the data subject: Any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;

Recipient: A natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;

Third party: A natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;

Supervisory authority: An independent public authority which is established by a Member State pursuant to Article 51 G.D.P.R.

For any other term please read the Terms of use.

4. HOW WE COLLECT YOUR DATA

We collect your personal data either directly from you, or through other sources. We usually collect your data through this Website and/ or in other ways (social media, cookies, analytics tools, e-mails, telephone etc.). In this case data processing may also be subject to another privacy policy (e.g. Social Media privacy policy).

5. OUR PRINCIPLES RELATING TO PROCESSING OF YOUR PERSONAL DATA

• On this Website we process your personal data lawfully, fairly and in a transparent manner (‘lawfulness, fairness and transparency’).
• We collect your personal data for specified, explicit and legitimate purposes.
• Your data are not further processed in a manner that is incompatible with those purposes (‘purpose limitation’).
• Furthermore, your personal data that we process are adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’).
• Your personal data are accurate and, where necessary, kept up to date. We take every reasonable step to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’).
• Your personal data are kept in a form which permits identification of you for no longer than is necessary for the purposes for which the personal data are processed (‘storage limitation’).
• Your personal data are processed in a manner that ensures appropriate security of them, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’).

6. DATA CONTROLLER

For any processing of personal data carried out by us, solely for the following purposes, the company DIGITALWISE is the Data Controller. The Data Controller determines the purposes and means of the processing of your personal data.

7. DATA – LAWFULNESS OF PROCESSING – PURPOSES – STORAGE PERIOD

In this section you can retrieve information about the categories of your Personal Data we process, the Processing of such data in relation to the purpose we pursue on a case-by-case basis, the legal basis for each processing activity and the storage period.

PROCESSDATAPURPOSELEGAL BASISSTORAGE PERIOD
Collecting/
processing data
when
communicating
with Users
(Contact form)
Full name, phone number, e-mail, subject, messagesWe process your personal data to answer your questions/ respond to your requests etc./ provide you with informationWhen you seek information about our services, we process your Data in order to take steps at your request, prior to entering into a contract.We will store your Data for one year from the last time you have contacted us, unless a contract is concluded between the Company and you
Collecting/
Processing data
to Respond to
questions/
requests/
complaints
Name, e-mail, phone number, messages, requests and other informationWe process your personal data to answer your questions/ respond to your requests etc./ provide you with information/ support/ solve a problem/ handle a complaint you have submitted1. Processing is necessary for the performance of a contract to which you are party
2. When you seek information about our services, we process your Data in order to take steps at your request, prior to entering into a contract.
3. Legitimate Interests (to communicate with Users)
We retain your personal data collected through any private communication for a period of one year from the last time you have contacted us, unless there is another legal basis (e,g, contract or legal obligation) to process them
Collection/ use
of our followers’
data on social
media and/or
other platforms
Fans’/ Followers’ profile name, comments, reviews, contact details, messages, reactions/ likes/ shares/ comments on Social Media platforms (the Company’s accounts/ pages on Facebook, Instagram, LinkedIn, YouTube, TikTok, Google Maps)1. Respond to users’ messages / reviews.
2. Communicate with the Users.
3. Review comments etc.
4. Social Media Accounts management
1. Consent
2. When you seek information about our services, we process your Data in order to take steps at your request, prior to entering into a contract.
3. Legitimate Interests (to communicate with fans/ followers)
Your personal data will be retained for as long as you remain a fan/ follower/ member/ subscriber of our pages/ accounts or for as long as your activity (posts, comments, reactions, reviews etc.) remains on our social media accounts/ pages
Collecting information from Cookies Analytics Web Beacons PixelsInformation collected through Cookies, activity data, visits to the Website, Website usage statistics, IP, browser type, type of terminal device, log filesCollection of information through Cookies, contributes to the smooth and efficient operation of the Website, to the recording and retention of your preferences while browsing the Website and to improvement of your experience while using the Website. It also allows statistical analysis of your activity on the Website; improves the way it operates, enhances its security and fraud/ cyber-attack prevention, and helps in personalizing the content of the Website and the ads displayed in other places on the internet, as well as in measuring and analyzing the effectiveness of the ads etc.Depending on the purpose of each Cookie and the Data that may be collected through its use. [ Consent given by accepting Cookies. Legitimate interest pursued by the Data Controller (secure and efficient operation of the Website) Processing is necessary for the performance of a contract to which you are party ]Cookies’ storage time depends on the type of each cookie. Cookies are either temporary or persistent. Cookies can be deleted: 1) automatically at the time of expiration, 2) manually through your browser, 3) through the Cookie Consent Management (if available)

We collect and process your personal data only for legitimate purposes, as the above-mentioned. We may process your personal data for purposes other than those for which your personal data were initially collected, only where the processing is compatible with the purposes for which your personal data were initially collected. We may also process your personal data, if processing is necessary for compliance with a legal obligation to which the Company is subject.

8. SPECIAL CATEGORIES OF PERSONAL DATA

We will not collect or process special categories of Data. You shall refrain from sending to us special categories of Personal Data, unless necessary. The Company shall not be liable for any damage incurred to you or a third party due to your acts/ omissions, regarding special categories of Data. In case you send us Special Categories of Personal Data you consent to the processing of these data by the Company to provide you with its services.

9. PROCESSING OF CHILDREN’ S DATA

Only adults shall use the Website’ s Services. Therefore, we do not collect or process children’s Data for the purposes of providing the Website’s Services. The Company shall not be liable for any and all damages arising from any use of the Website by a child.

10. CONSENT

We may ask for your consent to the processing of personal data relating to you. This may include ticking a box or expressing your understanding while browsing through different webpages of the Website. Ticking that box or the expression of your understanding, is a clear affirmative action, which is considered as a freely given, specific, informed and unambiguous indication of your agreement to the processing of your personal data for the above-mentioned purposes, where the processing of your data is based on your consent. You may withdraw your consent at any time, without affecting the lawfulness of processing based on your consent before your withdrawal.

We will provide you all the information you need to express your agreement (consent) to the processing of personal data relating to you, where processing is based on your consent. You may retrieve this information through this Privacy Policy.

11. DATA PROVISION

If you refuse to disclose your Personal Data to us, we may not be able to provide you with information about our services.

12. PROCESSORS & RECIPIENTS

We may need to disclose your Personal Data to authorized recipients/ processors for (i) the maintenance / repair of our equipment (PCs, servers, hardware) that support the operation of the Website, (ii) the development of the Website and for other purposes (hosting etc.).

Where processing is to be carried out on behalf of the Company, we use only processors providing sufficient guarantees to implement appropriate technical and organizational measures in such a manner that processing will meet the requirements of the GDPR and ensure the protection of your rights. Some of the recipients and/or processors: i) Meta Platforms Ireland Limited (Instagram & Facebook), ii) Google Ireland Limited (You Tube, Analytics, Google Maps), iii) LinkedIn Ireland Unlimited Company (LinkedIn), iv) TikTok Technology Limited, v) Microsoft Corporation (email hosting).

Meta Privacy Policy: https://www.facebook.com/about/privacy.

LinkedIn Privacy policy: https://www.linkedin.com/legal/privacy-policy.

TikTok Privacy Policy: https://www.tiktok.com/legal/page/eea/privacy-policy/el.

Microsoft Privacy Policy: https://privacy.microsoft.com/el-gr/privacystatement.

Google Privacy Policy: https://www.google.com/intl/en/policies/privacy/.

The Company uses Google Analytics to track the Website’s traffic. For more information: https://marketingplatform.google.com/about/analytics/terms/us/.

The Company and Google LLC. are Joint Controllers for some of the processing activities, while for other processing activities Google and the Company are sole Controllers.

Google determines some of the purposes and means of the processing of personal data collected through its technology. For each processing activity for purposes and means determined by Google, Google is the sole Controller. Google may use your personal data for its own purposes, such as profiling and combination with other data from user accounts in other services. The processing of your Personal Data under the Google Analytics service, either by the Company or by Google, is carried out on the basis of your prior consent.

Google LLC is an active participant in EU-U.S. Data Privacy Framework.

13. TRANSFER OF PERSONAL DATA TO A THIRD COUNTRY

A transfer of your personal data to a third country (outside E.E.A.) may take place where the Commission has decided that the third country ensures an adequate level of protection. In the absence of a decision, we may transfer personal data to a third country only if the processor has provided appropriate safeguards, and on condition that enforceable data subject rights and effective legal remedies for data subjects are available. Otherwise, we will transfer your data to a third country only under GDPR conditions (data subject’ s consent, contract, vital interests etc.).

14. YOUR RIGHTS

The Company protects your personal data and respects your rights and freedoms. As Data Subject you can exercise:

1. the right to be informed on the processing of your personal data,

2. the right of access to your personal data and to information relevant to processing. You have the right to obtain from the Company confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data and relevant information,

3. the right of rectification of your personal data. You have the right to obtain from The Company without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement,

4. the right to erasure of your personal data. You have the right to obtain from the Company the erasure of personal data concerning you without undue delay and the Company will have the obligation to erase personal data without undue delay where one of the following grounds applies: (a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; (b) you withdraw consent on which the processing is based, and where there is no other legal ground for the processing, (c) you object to the processing and there are no overriding legitimate grounds for the processing; (d) the personal data have been unlawfully processed; (e) the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the Company is subject; (f) the personal data have been collected in relation to the offer of information society services,

5. the right to restriction of processing. You have the right to obtain from the Company restriction of processing where one of the following applies: (a) the accuracy of the personal data is contested by you, for a period enabling the Company to verify the accuracy of the personal data; (b) the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead; (c) The Company no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims; (d) you have objected to processing, pending the verification whether the legitimate grounds of the Company override those of you,

6. the right to data portability. You have the right to receive the personal data concerning you, which you have provided to the Company, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the Company to which the personal data have been provided, where: (a) the processing is based on consent or on a contract and (b) the processing is carried out by automated means,

7. the right to object to the processing of your personal data, the right not to be subject to a decision based solely on automated processing, including profiling and the right to withdraw your consent at any time,

8. the right to withdraw your consent at any time, without affecting the lawfulness of processing based on your consent before withdrawal, where the processing is based on consent.

To be informed about or exercise the above rights, you need to apply by writing to the Company with registered offices at 245-247, Mesogeion Avenue, Athens Attica (P.C. 15451) or via e-mail: [email protected]. We are ready to handle your request with respect to your rights and privacy. Otherwise, if the Data Controller does not take action on your request, you could lodge a complaint to a supervisory authority (www.dpa.gr).

We take all efforts to facilitate the exercise of your rights. We will not refuse to act on any request of yours for exercising your rights, which are described above, unless we are not in a position to identify the Data Subject.

We will respond in writing to such requests from you, without undue delay and in any event within one month of receipt of your request. In this case we will provide you with information on action taken on behalf of your request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests. We will inform you of any such extension within one month of receipt of the request, together with the reasons for the delay.

We will communicate any rectification or erasure of personal data or restriction of processing carried out to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort.

Otherwise, if we do not intend to act on your request, we will inform you without undue delay and at the latest within one month of receipt of the request, of the reasons for not taking action.

Where requests from a data subject are manifestly unfounded or excessive, in particular because of their repetitive character, the Company may either: (a) charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the action requested, or (b) refuse to act on the request.

15. STORAGE & SECURITY OF PERSONAL DATA

Taking into account the nature, scope, context and purposes of processing as well as the risks of varying likelihood and severity for the rights and freedoms of natural persons, the Company implements appropriate technical and organisational measures to ensure that processing is performed in accordance with the GDPR. The Company reviews and updates those measures, where necessary.

Personal data collected through the Website’s contact form are stored at Microsoft servers (EU-U.S. Data Privacy Framework active participant). Whyagency.gr uses SSL certificate for secure encryption and transmission of your information.

The Company is not responsible for risks that threaten the protection of your Personal Data which are outside our control, as well as for risks due to acts/ omissions of a third party, force majeure, or fortuitous events.

The Company shall not be liable for any damage caused by risks appearing in websites of companies listed on our Website, that have received or continue to receive our services (clients), even if Users are referred to said websites by hyperlinks, banners etc. placed on the Website. Liability for the content, information, visitors’ safety and protection of their personal data, as well as the quality of services provided, lies with owners and administrators of said websites, which Users visit at their own risk.

16. DATA PROTECTION OFFICER

The Company has designated a data protection officer (DPO), e-mail: [email protected].

17. DISPUTE RESOLUTION

Any dispute between the Company, Users and third parties will be resolved through friendly negotiations between them. If any dispute cannot be resolved through friendly negotiations within a maximum of two (2) months, the Company and the Users also agree to participate in any other arbitration, mediation, or other alternative dispute resolution proceedings available for such disputes. If any dispute cannot be resolved by these procedures within a maximum of two (2) months, any lawsuit, action, or proceeding arising out of [or related to] the processing of personal data for the above – mentioned purposes, shall be heard exclusively in the Courts of Athens Greece, and you irrevocably submit to the jurisdiction of such courts in any such lawsuit, action, or proceeding.

18. UPDATES TO THE PRIVACY POLICY

The Company reserves the right to amend this Privacy policy. Any changes will be post on this web page. You should periodically check whether changes have been made by the Company. Last update: 27/05/2024.