The company under the name “Museotek S.A.” (here in after the “Company”), with registered offices in Ampelokipoi, Athens, 27 Kifisias Avenue, Postal Code 115 23 and Tax Identification Number 801708180, Athens Tax Office, tel. 2160026191 as the owner of this website (hereinafter the “Website”) hereby informs its visitors/users/members/customers regarding the kind and amount of data that it may collected and process in its capacity as Data Processor, during the purchase of their ticket and their use of this Website, and assures them that any processing of their personal data is performed with their interests in mind and in accordance with the principles of lawfulness, transparency, accuracy availability and integrity in all its forms, and also to inform them that it is fully harmonised with the EU General Data Protection Regulation (hereinafter “GDPR”) and that it implements the Appropriate Technical and Organizational Measures (Α.Τ.Ο.Μ.) in order to protect your personal data and ensure the privacy of its customers / users.
By reading below you shall be fully informed with regard to how we process your personal data (collection, management, use, storage, third-party transfer, protection), how long it is maintained and the rights that you may exercise at any time, regarding your data.
PERSONAL DATA – UPDATE – RIGHTS
- What is Personal Data: any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person,
- What is Data Processing: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;.
- What data we collect: Upon purchasing a ticket, if the purchase is made online via the online payment platform “www.museotek.net/en”, or upon subscribing to our newsletter, users of our Website supply us with their email addresses. PLEASE NOTE that of all the data required by the online payment platform, we collect and process your email only and no other personal information.
- Purpose of processing your information: We process your Data for informing you of our Company news, events and offers.
- Lawfulness of the processing of your Data by our Company: The processing of your data is performed in accordance with the agreement we entered into upon your subscription to our newsletter. If your data has been obtained during your Ticket’s sale/purchase process, then the terms of par. 3, Article11 of Law 3471/2006 shall apply, according to which “Where a natural or legal person obtains from its customers their electronic contact details for electronic mail, in the context of the sale of a product or a service, the same natural or legal person may use these electronic contact details for direct marketing of its own similar products or services provided that customers clearly and distinctly are given the opportunity to object, free of charge and in an easy manner, to such collection and use of electronic contact details when they are collected and on the occasion of each message in case the customer has not initially refused such use.”
- Recipients of your Data: The recipients of your data are:
Under no circumstances does our company transfer/disclose your personal data to any third party.
If you have any questions regarding your Data being processed by our Company, feel free to contact us at the following email address: [email protected]
- Our Company and your Personal Data: Our Company:
- Maintains the confidentiality of the personal data you share with us.
- Does not transmit your data to third parties, other than those referred to in Article 6 hereof, without your written permission.
- Takes organizational and technical security measures for data processing that protect the reasonable and physical security thereof, such as secure software, physical protection, pseudonymisation, and encryption.
- Our systems by design and by definition ensure that we will be able to fulfil our obligations under the General Data Protection Regulation (GDPR).
- Will immediately notify you of any incident concerning a breach of your personal information.
- Complies with the legal framework for data protection and in particular with the General Data Protection Regulation (GDPR) in its capacity as data processor.
- Transfer of your Data abroad: Your Data is NOT transferred abroad.
- Retention period – Deletion of your Data: Our company retains your data on an electronic file for ten (10) years or until you ask us to stop sending you information on our events. After the lapse of the 10-year period, or if you so ask, your data (i.e. your email address) is fully and unrecoverable deleted.
- Security of your Data: Any processing of your Data is performed only by our authorized employees who are contractually bound to confidentiality with regard to the processing of your data and solely for the purposes mentioned above. We have taken the necessary and appropriate organizational and technical measures to secure and protect your Data from any form of accidental or unlawful processing both on a physical level and at a reasonable security level (indicatively physical security procedures, graded access, protection of computer software systems and network equipment). These measures are reviewed and amended whenever appropriate.
- Your Rights:
Our Company takes all and any necessary action both during the collection stage and in any subsequent processing stage of your personal data, so that you are fully able to exercise your legal rights as described in this briefing.
- Right of access to your personal data.
This means that you have the right to be informed by us on how and whether we process your Data. If we do process your Data, you may ask to be informed about the purpose of the processing, the type of Data we keep, who we give it to, how long we store it, whether automated decision making takes place, but also about your other rights, such as rectification or erasure of data, restriction of processing and submitting a complaint to the Data Protection Authority.
- Right to rectify inaccurate personal data.
If you find that there is an error in your Data, you may submit a request for it to be corrected (e.g., correction of name) at the following email address: [email protected]
You may ask us to delete your data if it is no longer necessary for the above mentioned processing purposes or you wish to withdraw your consent in the event you have previously submitted such consent.
- Right to Data portability.
You may ask to receive from us the Data you have provided us in a readable form or ask us to transmit it to another processor.
- Right to restrict processing.
You may ask us to restrict the processing of your Data for as long as the review of your objections as regards the processing is pending.
- Right to object to the processing of your Data.
You may object to the processing of your Data and we will immediately stop processing your Data unless there are other legitimate reasons that take precedence.
- Exercising your rights:For any request and exercise of rights, in relation to your personal data, you may contact us via email at: [email protected]
- Response Time to Your Requests: We reply to your Requests free of charge without delay, and in any case within (1) one month after we receive your Request. However, if your Request is complex or there are too many Requests to process, we will notify you within a month if we need an additional period of two (2) months, within which we will respond. If your Requests are manifestly unfounded or excessive, in particular due to their recurring nature, the Company may impose a reasonable fee, taking into account the administrative costs of providing information or performing the requested action, or refuse to further process the Request by giving you a reasoned reply. To inquire about the processing stage of your requests email [email protected]
- Automated decision making – profile: We do not make decisions, nor do we perform profiling, based on the automated processing of your Data.
- Update for amendments hereto: We update this Policy whenever necessary. We update this Policy whenever necessary. If there are any significant changes to the Policy or to the way, we use your Personal Data, we will post it at URL https://museotek.net/en/privacypolicy/ on our website before the changes come into force and we will notify you in any appropriate manner. We encourage you to read this Policy at regular intervals to know how your Data is protected.