PRIVACY POLICY – PERSONAL DATA PROTECTION STATEMENT

Introduction

This document defines the way personal data provided to the company “PANAGIOTIDIS E.E. ROOFTOP GREECE AROUND FILM PRODUCTION AND ADVERTISING SERVICES” based in Thessaloniki, 26th October St. 28 – Anagenisis 2, Postal Code 54627, phone: 2313065242, email: [email protected], with G.E.M.I number 142151906000 and VAT number 800822937 (hereinafter referred to as “the company”), is processed and protected.

The company processes personal data of individuals in accordance with the General Data Protection Regulation (EU 2016/679, hereinafter referred to as “the Regulation”), applicable laws, and for the purposes defined in this policy as well as in all related documents. It takes all necessary measures, including appropriate technical and organizational measures, to ensure the secure processing of personal data.

This privacy policy applies to anyone who interacts or engages with the company in any manner and applies to every point of physical presence and installation of the company, as well as to any digital environment and application within the company’s statutory operations and the provision of its services and products through any physical or electronic means.

The company reserves the right to review, revise, and modify the privacy policy, with the latest version always available on its website at www.rooftopadvertisement.com.

Definition of Personal Data

Personal Data refers to any information relating to an identified or identifiable natural person (the data subject). Examples of such information include name, address, date of birth, gender, mobile phone number, email address, password, and IP address.

General Principles of Personal Data Processing

The company processes your personal data in a lawful, fair, and transparent manner.

Personal data is processed for specific, explicit, and legitimate purposes and is not further processed in a way that is incompatible with those purposes.

The company ensures that data is accurate and up to date. Personal data is relevant to the purpose of processing, appropriate, and limited to what is necessary for that purpose. Personal data is kept in a form which permits identification only for as long as necessary for the purposes of processing or for serving legal obligations.

Personal data is processed in a way that ensures appropriate security, including protection against unauthorized or unlawful processing and accidental loss, destruction, or damage, using appropriate technical or organizational measures.

The company recognizes the importance of protecting minors, but does not provide services or products directly to minors and thus does not knowingly process minors’ personal data.

Categories of Personal Data Collected, Purpose, and Legal Basis for Collection

The company collects, stores, and processes the following categories of personal data:

Transmission of Personal Data – Data Recipients

The company restricts access and processing of data to authorized employees for the fulfillment of the above purposes. Outside the company, personal data is transmitted only as necessary for the purposes of processing to the following categories of recipients:

To third-party contractors of the company acting as processors on our behalf, providing adequate assurances for the implementation of appropriate technical and organizational measures so that the processing meets the requirements of the Regulation and ensures the protection of the data subject’s rights, such as IT companies, accountants, lawyers, legal advisors, security companies, courier companies, financial institutions, payment service providers, internet service providers. To public, regulatory, judicial, and other authorities when required by applicable law or to comply with a related request.

Duration of Processing and Retention of Personal Data

The company retains personal data for as long as necessary based on the relevant processing purpose and as required by applicable law, until their statute of limitations. Specifically:

If related judicial actions are ongoing within the above timeframes, personal data will be retained until the issuance of a final court decision.

The duration of data processing may be extended to fulfill a legal obligation based on a legal provision, to fulfill a duty carried out in the public interest or in the exercise of official authority vested in the company, for public interest reasons, for archival purposes in the public interest, or for scientific or historical research purposes, for statistical purposes, taking appropriate technical and organizational measures and in accordance with the principle of data minimization, including pseudonymization and anonymization, as specified in the Regulation.

Rights of the Data Subject

• Right of Access: The right to request information about the personal data we process.
• Right to Rectification: The right to request the correction of inaccurate personal data.
• Right to Erasure (“Right to be Forgotten”): The right to request the deletion of personal data provided the company does not have a legal or justified reason to retain it.
• Right to Restrict Processing: The right to request the restriction of processing, on a case-by-case basis.
• Right to Data Portability: The right to receive a copy of the personal data in a structured, commonly used, and machine-readable format, and to request its transmission to another entity.
• Right to Object to Processing based on Legitimate Interests: The right to object to the processing of personal data based on our legitimate interests.

To exercise the above rights, you can contact us in writing via email at [email protected]. The company may request verification of your identity.

Right to Lodge a Complaint with the Competent Authority

You have the right to lodge a complaint with the competent authority, the Hellenic Data Protection Authority, located at Kifisias Ave. 1-3, 115 23 Athens, tel. 210 6475600, email: [email protected].

Last Version: May 2022