Privacy Policy

1.PERSONAL DATA PROTECTION STATEMENT

At "YALOU EMPORIKI & TOURISTIKI S.A." (hereinafter referred to as the "Company"), which is a subsidiary of "TRADE ESTATES SA", we recognize the importance of the personal data (hereinafter referred to as "data") of visitors to the website www.smartpark.com.gr (hereinafter referred to as "the Website" or “Webpage”) and we commit ourselves to respect and protect them, always in compliance with the General Data Protection Regulation of the European Parliament and the legislation in force in general. The Company allows access to them only to authorized persons and takes increased security measures of the data, including from mishandling, unauthorized access, modification, dissemination.
The present Statement and the Privacy Policy shall apply for the website of the Company and its purpose shall be to provide information concerning the collection, storage, use and any other form of processing of the visitors’ and users’ data and information by the Company, acting in its capacity as Data Controller, as well as concerning your rights pursuant to the applicable provisions.

2. DEFINITIONS

«General Data Protection Regulation» or «General Regulation»

Regulation (EU) 2016/679 of the European Parliament and the Council, dated 27th of April 2016, on the protection of natural persons against the processing of personal data and on the free movement of those data and on the repeal of the directive 95/46/EC (General Data Protection Regulation), which have been incorporated in the Greek laws by the Law 4624/2019 (Gov.Gaz. Α’ 137/ 29.8.2019) («Data Protection Authority, implementation measures of the Regulation (EU) 2016/679 of the European Parliament and the Council dated 27th of April 2016, on the protection of natural persons against the processing of personal data, and incorporation of the Directive (EU) 2016/680 of the European Parliament and the Council dated 27th of April 2016 in the national legislation and other provisions»).

«Personal Data»

Any information concerning an identified or identifiable natural person (“data subject”); the identifiable natural person is the person whose identity may be verified, directly or indirectly, especially by a reference to data identifying his/her identity, such as name, identity card number, location data, or to one or more factors specifying the physical, genetic, or social identity of the said natural person.

«Special Category Data» (Sensitive Personal Data)

The Personal Data, which are per se particularly sensitive and are related to fundamental rights and freedoms of natural persons, and require special protection, because the processing of them could significantly endanger the fundamental rights and freedoms of natural persons. Such (Sensitive) Personal Data are the Personal Data which reveal racial or ethnic origin, the political opinions, the religious or philosophical beliefs or trade-union membership, as well as the processing of genetic or biometric data aiming at the unequivocal identification of a person, the processing of health data or data concerning the sexual life of a natural person or the sexual orientation.

«Processing»

Any operation or set of operations which is performed on personal data or on sets of personal data, either by automated means or not, such as collection, recording, organisation, structuring, storage, adaptation or alteration, erasure or destruction, retrieval, use, disclosure by transmission, dissemination or disposition of any other form, restriction, or erasure or destruction.

«Consent» of the data subject

Any indication of free, specific, explicit will, formed in full awareness, through which the data subject demonstrates, by providing a relevant statement or by proceeding to an obvious and clear positive act, that they agree to place their personal data under processing.

«Data Controller»

The natural person or legal entity, the public authority, or service or any other body or organisation, that individually or jointly specify the scope, purpose and method of personal data processing; when the purpose and the method of this processing are specified by EU law or by the laws of a member state, the data controller or the special criteria for their appointment may be provided by EU law or by the laws of a member state.

«Processor»

The natural person or legal entity, the public authority, or service or any other body or organisation processing personal data on behalf of the data controller.

3. PURPOSE OF COLLECTION AND PROCESSING OF PERSONAL DATA

The Company collects and processes only those data that are required for the achievement of the following purposes. More specifically:

3.1. For identification purposes and for establishing contact with you, for the examination, review and handling of the complaint, comment or request you have submitted.

3.2. For the proper and effective operation and management of our website, for the purpose of improvement of our services provided and of your web experience in our site.

3.3. For safety reasons or in order to investigate any case of fraud or other violations of the terms of use of our website or of this policy.

3.4. For the understanding of the way you use and interact with the content of our website using cookies.

3.5. For the management of the contractual relationship with those having transactions with the Company, such as provision of services, execution of works, cash collections, payments, audits, fulfilment of contractual obligations, etc.

3.6. For the guarantee of prevailing legitimate interests of the Company, such as the transmission of data to competent authorities.

4. WHICH CATEGORIES OF DATA WE COLLECT

4.1. Data which the data subject itself communicates when they log-in or/and are navigated in our website or when they are submitting some kind of electronic comment, complaint, question or request and these data are required for the establishment of contact between the Company and the data subject. Furthermore, data which the data subject itself inserts by sending their curriculum vitae for applying to the offered job post, etc. More specifically:

  • Identification data, such as full name, TIN, date of birth, age, sex, country of origin and city of residence
  • Contact details/data, such as e-mail address (email), fixed telephone number or/and mobile phone number
  • Data about education and working experience, fulfilment of military service obligations, curriculum vitae of candidates applying for a job post in the Group, as well as statements of preference in relation to the employment (desirable city/country for work/employment, desirable job position, type of employment etc.). We do not seek to obtain, and we shall not collect special categories of data in relation to a candidate, unless this is permitted or required by the applicable legislation. In exceptional cases that such data (e.g. health data) are communicated to us, we shall process it because you are sending us such data in order to support your prospects for the job. These data shall be submitted for processing only to the extent that this is absolutely necessary for the assessment of the suitability of the applicant for the specific job position and tasks or for compliance with the legal obligation.

4.2. Cookies
As described in detail in the Cookies Policy, we shall collect information using cookies.

4.3. Data of Devices
When you are visiting our website, we receive the URL address of the website from which you have logged in, the data and the time of your visit, the operational system of the device and the browser you are using, as well as the IP address of your device.

4.4. When you are visiting our website, we receive the URL address of the website from which you have logged in, the data and the time of your visit, the operational system of the device and the browser you are using, as well as the IP address of your device:

  • Identity card data and contact details, such as full name or name of the undertaking, in case that the data subject is a legal entity, TIN, Tax Office, address, fixed telephone number, mobile phone number, e-mail address.
  • Data which have been placed under processing in the context of a work, a sale and purchase contract or provision of a service, such as the bank account number, personal data related to performed and completed payments, requests and agreements in the context of implementation of a work or of a cooperation in general.
  • Data in relation to court cases or other legal procedures/proceedings against those transacting with the Company, collected from publicly available sources, databases, court authorities and credit rating agencies.

The Company and its webpage shall address individuals having reached the age of 18 years. If minors voluntarily visit our website, the Company shall bear no responsibility. In case that upon collection of data is made clear that the user is a minor, the Company shall not process their personal data.

5. LEGAL GROUNDS FOR PROCESSING

The processing of your personal data is required for the fulfilment of the aforementioned purposes. Unless otherwise specified upon collection of personal data the legal basis / ground for their processing shall be one of the following:

5.1. The processing is necessary and required for the application and implementation of a contractual relationship (Article 6.1.b. of the General Regulation).

5.2. The processing is necessary and required for the purposes of the legitimate interests of the Company (Article 6.1f of the General Regulation).

5.3. Your express consent to personal data processing has been given (Article 6.1.a of the General Regulation).

5.4.The processing aims at the fulfilment of your obligations provided by law, for example when the relevant data are requested from the tax authorities in the context of audits or in the event of pending cases before supervisory, auditing, regulatory, administrative or judicial authorities (Article 6.1.c. of the General Regulation).

6. DATA RECIPIENTS

Data recipients are the co-workers of the Company responsible for any specific processing.
The Company may communicate, transmit or assign the processing of part or the entire data, to the following persons, provided the relevant legal requirements shall apply, and subject to compliance in any case with the business confidentiality obligation and the obligation for secrecy, such as for example:

  • to responsible co-workers in cases that the database and the data management system is common for all companies or in cases that this transmission is strictly required for the above-mentioned purposes.
  • To third parties (natural persons or legal entities) to which the Company respectively assigns the implementation of certain works to be performed on her behalf.
  • To companies processing, managing and maintaining databases and webpages.
  • To companies providing development, maintenance services, configuration of IT applications, e-mail services, webhosting services including the cloud services.
  • To recruitment consultants, in the context of works required for the assessment and filling of each job vacancy or for other job vacancies that might arise and match the experience and the qualifications of the registered users, as well as for reasons of communication with them as regards the said vacancies etc.
  • to court, administrative, tax or other public authorities, regulatory bodies and lawyers, if this is required and necessary for the purpose of the Company’s compliance with the legislation or/and for the establishment, lodging or support of legal claims or for the defence and support of the Company’s rights.

In all these cases, upon registration, access or/and processing of the visitor’s and the registered user’s personal data, the co-workers, and authorised agents of YALOU EMPORIKI & TOURISTIKI S.A shall be committed to fully comply with the provisions of the Regulation as well as with the applicable legislation on personal data protection. Further, YALOU EMPORIKI & TOURISTIKI S.A shall require from their co-workers, the maintainers of the Webpage, as well as from their individual partners (third parties) to take all necessary technical and organizational measures, including the appropriate policies and procedures, so that the disclosure of Personal Data processed on their own behalf can be prevented. The Company shall guarantee that it will not proceed to any transmission, communication, concession etc. of your personal data to third parties for any purpose whatsoever or for use beyond the information explicitly disclosed by this Policy.

TRADE ESTATES REIC shall not transmit or store the above data to/in third countries. The personal data collected shall be submitted for processing to servers located in the EU or in the EEA.

7. COOKIES POLICY

The cookies are small text files saved in the computer or in your mobile device, when you visit a webpage. They are principally used so that it is guaranteed that your visit in our webpage shall be as easy to use as possible. However, the cookies shall never contain any personal information, that could allow any contact of a third person with the visitor of the website, such as for example by e-mail, etc.

8. DATA RETENTION TIME – UPDATE

In case of a candidate as registered user (user account) in the system, for the filling of a job vacancy, his/her Personal Data shall be maintained in the database for a period of 24 months as of the registration date, and provided that the candidate is not in a recruitment process. This reasonable period of time was selected on the basis of the legitimate interest of the parties and the technical capabilities of the system (article 6 par.1f’ of the Regulation).

Once a year, YALOU EMPORIKI & TOURISTIKI S.A shall request from the registered user:

  • To confirm that he/she wishes to keep the user’s account and his/her Personal Data in the electronic base of the system;
  • To review the correctness of the data retained and to update them provided there are changes in them.

The registered user may at any time change, modify or correct his/her data by logging in his/her account in the Webpage (login) and inserting his/her e-mail and his/her password.

Any candidate wishing for his/her data not to be retained or kept for the above period of time, may exercise the right to erase them, as below provided.

9. TECHNICAL AND ORGANISATIONAL PROTECTION MEASURES

YALOU EMPORIKI & TOURISTIKI S.A, the processors acting on their behalf and their authorized agents shall be contractually committed to apply the appropriate technical and organizational measures for the best possible protection of Personal Data against any coincidental or illegal destruction or loss, alteration, illegal disclosure of Personal Data or illegal access to them and in general against their illegal processing (including the remote access to them), as well as for guaranteeing the recovery option of their availability and the access to them. These measures shall aim at ensuring a safety level that corresponds to the danger that might threaten the specific data, always taking into account the type, kind and the significance of the data, the evolution of technology, the application cost and the nature, scope of application, framework and the purposes of each specific processing, applying at the same time procedures for the regular testing, assessment and evaluation of effectiveness of these technical and organizational measures. In any case, they shall be contractually committed to keep Personal Data secret and confidential and not to communicate or disclose them or allow access to them to any third party without the previous notification of the data subject, except for the cases explicitly provided by law.

YALOU EMPORIKI & TOURISTIKI S.A shall take the necessary technical and organizational measures for data protection, as above described, however, they cannot guarantee the data safety transferred through the Website, or via connected websites or applications. The candidates shall acknowledge and accept, as users of web services, that the transmission and dispatch of information via internet has always inherent risks.

10. ΔΙΚΑΙΩΜΑΤΑ ΥΠΟΚΕΙΜΕΝΟΥ ΔΕΔΟΜΕΝΩΝ

Any visitor or registered user, as data subject, may exercise at any moment his/her rights, as these are provided in the Regulation, and, particularly, in articles 12 to 23 of this Regulation and in the national laws, and, more specifically:

  • the right to receive information and to access his/her data processed by YALOU EMPORIKI & TOURISTIKI S.A, as well as the right to receive supplementary information about their processing;
  • the right to limitation of his/her data processing, that is the suspension of this processing, provided that the accuracy of the data is questioned, there are objections as to their processing or there occurs any other reason prescribed in the respective Greek or European Legislation on Personal Data Protection;
  • the right to update, correct, supplement his/her personal data;
  • the right to submit a request for erasure of the entire or part of his/her personal data, which shall be satisfied provided that there occurs no other legal ground for processing, such as, indicatively, the obligation for personal data processing imposed by law;
  • the right to object, thus raise objections against the processing of his/her personal data, when there is a relevant legitimate interest;
  • the right to portability of his/her personal data.

The data subject may exercise his/her above-mentioned rights as follows:

  • With regard to the right to access, to erase the data partly or entirely, to correct/supplement the Personal Data and to object to their processing, TRADE ESTATES shall provide the registered users with the option to review, correct/supplement their Personal Data through their personal account or to request access, erasure in part or in whole and correction of their data via e-mail correspondence to the e-mail address dpo@trade-estates.gr.
  • With regard to the right of portability of Personal Data, TRADE ESTATES shall provide the registered users with the option to receive /obtain their Personal Data or/and transmit them to another data controller using a structured, commonly used and readable by computer equipment format, which will be indicated by the competent supervisory authority, by submitting a relevant request to the e-mail address: dpo@trade-estates.gr

In case of exercise of any of the aforementioned rights, TRADE ESTATES REIC shall take any possible step towards the satisfaction of the request of the data subject within one (1) month as of the date of its valid submission. In this case, the data subject shall be notified of the retention and maintenance of their minimum necessary personal data for the purpose of guaranteeing the Company’s legitimate interests. It is clarified that in order for the exercise of the aforementioned rights be considered lawful and valid, the identification of the complainant may be required, so that it is guaranteed that the personal data in relation to which any of the above-mentioned acts is requested, shall actually belong to the natural person who requests the execution of the specific act.

11. RIGHT TO WITHDRAW CONSENT

In case that the data subject has declared their consent for the processing of specific personal data by the Company, they have the right to revoke their consent at any moment or to change the degree of their consent already granted, and this revocation shall be effective in the future. The revocation of the consent does not influence the legality of processing based on the consent before its revocation. In case of revocation of the consent, the Company may further process the personal data, provided only that there is another legal ground for the processing.

12. DATA CONTROLLER

Data Controller shall be «TRADE ESTATES REIC». For any information in relation to their data, as well as their processing and protection, any and all data subjects may address the Data Protection Officer of TRADE ESTATES to the email dpo@trade-estates.gr and by using the call line 0030-2162022200.

13. TRANSPARENCY OBLIGATION – RIGHT TO ADDRESS THE DATA PROTECTION AUTHORITY

The competent authority shall be the Hellenic Data Protection Authority. The data subject, provided they consider that they are not satisfied by the method of collection, processing and management of their data, they have the right to file a complaint with the competent supervisory authority (Data Protection Authority, www.dpa.gr, 1-3, Kifisias str., P.C. 11523, Athens, tel.0030 2162022200, email: complaints@dpa.gr). The data subject should have previously informed the Company and this notification should have been preceded by an effort of the data subject to file a relevant complaint with the Company.

14. AMENDMENTS TO THE PRESENT POLICY

YALOU EMPORIKI & TOURISTIKI S.A may amend and update the present Policy at any period of time and for any reason whatsoever, without prior notice, apart from the uploading of the updated statement in their webpage..
The present Policy shall be effective as of September 2024.