Privacy Policy

1. INTRODUCTION

The following Privacy & Personal Data Policy (the “Policy”) applies to the website: www.publo.gr (hereinafter the “Website” or “Site”), which is owned and controlled by the company under the name “MAX INTERNATIONAL CORPORATION ADVERTISING AND COMMERCIAL SOCIETE ANONYME” and distinctive title” MAX INTERNATIONAL S.A. “, with its seat at Kifissias Ave. 340, Psychiko 15451 with Tax ID 800708354 by FAE Athens Tax Office and Commercial Registry ID 137680901000 (hereinafter the “Company”); the main purpose of which is to set forth and disclose the rules according to which the Company, in its capacity of the “Controller” as defined in law, collects, stores, uses and generally processes the personal data of the Website users.

This Policy is entered into on 1/5/2020. The Company reserves the right to modify and update this Policy, whenever it deems necessary, without prior notice, and the respective amendments will take effect as of the time of their upload on the Website. In the event that the Company substantially changes its practices regarding the collection or use of the Data, the processing of the Data that had already been collected will continue to be governed by the Policy under which they were collected, unless the Company informs the user whose Data had been collected at an earlier time and the latter did not object to the change within one (1) month of the relevant notice. 

2. DEFINITIONS

For the purposes of this Policy, the definitions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as “GDPR”) shall apply.

Indicatively:

– “Personal Data or Data” means any information relating to the data subject, i.e. any natural person to whom the data refers and whose identity is known or can be identified such as a name, an address, a date of birth and gender, mobile phone number, e-mail address as well as website usage data, such as an IP address.

– “Data Subject or Subject” means any natural persons to whom the Data refers and whose identity is known to the Company of which the Subject is a client.

– “Processing of Personal Data or Processing” means any operation or set of operations performed whether or not by automated means, such as collection, recording, organization, structuring, maintenance, storage, modification,  export, use, transmission, dissemination or otherwise making available, alignment or combination, interconnection, restriction, erasure or destruction.

– “Controller” means anyone who determines the purpose and means of Processing, such as a natural or legal person, public authority or agency. Where the purpose and means of the Processing are determined by law or regulations of Member State or Union law, the Controller or the specifics for its nomination shall be determined by Member State or Union law respectively.

3. PERSONAL DATA COLLECTED BY THE COMPANY

The Company makes sure to collect only the absolutely necessary Personal Data of its users/clients, which are appropriate and specific for the intended purposes.

The Data collected and processed, depending on the respective agreement that governs the relations between the Company and the user/client, the requested services and the purposes of their collection, include simple personal data, i.e. identification and contact details, such as name and surname , address and general contact details (including email address and telephone number), which are necessary for the identification of the user/client, the communication between the Company and the user/client, the response to any requests and the provision of services to the user/client from the Company. The user/client’s e-mail address may also be used for the mailing of newsletters and promotions of the Company, provided that the user/client in question has given his explicit consent.

Regarding the transactions and online procurement of the Company’s services, the customer can purchase the desired PUBLO plan, through the Eurobank e-pos system. In this case, the client must fill in the following information on the Company’s page to be transferred to a safe environment of Eurobank and to complete the transaction:

1. a) Name and Surname;
2. b) Telephone number and address;
3. c) Object of order or service;
4. d) Time and place of delivery of the goods or provision of services;
5. e) The details of client’s card (mastercard, visa, visa electron) with the card number, the month, and the year of its expiration;
6. f) The authentication number of the card that is imprinted in the space intended for the holder’s signature and that the holder has signed in the relevant field (CVV / VISA or CVC / MC)

The bank will inform the Company by e-mail of the approval or not of charging the card. The user/client is required to follow the account creation process in which they need to fill in some information: username, name and surname (for natural persons) or name (for legal entities), address (street, city, postal code, country), VAT number, e-mail address, as well as a telephone number and a contact e-mail to which the password is sent immediately upon registration to the system. At the same time, some details such as the fax number and the ID number may be filled optionally.

Furthermore, for the sake of Website improvement to better serve the needs of the user/client, the Company conducts measurements of its performance. For this purpose, during the user/client’s visit, the Company automatically collects the following information about the user/client’s computer and visit:

• The network and the provider, through which the user/client has access to the Internet;
• The address of the website from which the user/client logged in directly via a link to the Website (if any);
• The activity of the user/client on the Website;
• The date and time of the user/client’s navigation on the Website;
• The time that the user/client spent on the Website;
• The websites that were visited;
• The Website’s links that the user/client clicked;
• The IP address;
• The operating system of the user/client’s computer and their browser 

4. SECURITY OF THE DATA COLLECTED BY THE COMPANY

The security of Personal Data is a top priority for the Company.

The Company follows strict security procedures for the protection of Data and the avoidance of unauthorized access and undertakes great efforts to protect itself and its users/clients from any unauthorized access or alteration, disclosure or destruction of data that the Company has in its possession. As part of this effort:

– the Website uses an SSL certificate from SECTIGO (formerly COMODO CA Limited), which operates both as an SSL Client Certificate and as SSL Server Certificate with 2048-bit encryption, for the encryption and hence the protection of Data privacy,

– during the credit card billing process, all relevant user information and personal information is encrypted and transferred under the HTTPS communication channel. Encryption is basically a way of encoding information, until it reaches its intended recipient, who will be able to decode it using the appropriate means,

– the Company complies with strict information security standards,

– only authorized personnel of the Company is allowed to access the Data and such access is restricted on a need-to-know basis.

However, the transmission of data via the Internet always comes with some risk. For example, an unauthorized third party may block a transmission or find a way to infiltrate our security measures. Therefore, although the Company has taken all reasonably necessary steps to protect Personal Data, it cannot guarantee that the Data will never be disclosed in a manner inconsistent with this Policy. The Company hereby informs that the transmission of confidential information through e-mail is not the safest way of transmission, as it involves the risk of unauthorized third parties accessing this information. Therefore, the users/clients of the Company must pay special attention when deciding which Data they will send to the Company via e-mail or submit through the Website.

The above measures shall be reviewed and amended, as necessary.

5. LEGAL BASIS OF PROCESSING BY THE COMPANY

The Company processes the Personal Data, where the processing is necessary on the following legal bases, namely:

– to comply with its legal obligations (GDPR art. 6 par. 1(c) and art. 9 par.2(b))

– for the purposes of the Company’s legitimate interests and/or claims, including the defense of its legal rights and interests, as well as for the information and/or participation of users/clients in promotions for new products and/or services, provided their consent has been chosen as the legal basis for such Processing. This Processing based on the legal interests of the Company, is preceded by a consideration that the interest or the fundamental rights and the freedoms of the users/customers that require the protection of their Data prevail over the interests of the Company (article 6 par. 1fGPD),

– where the users/clients have given their explicit consent (GDPR art. 6 par. 1(a) and art. 9 par. 2(a)),

– for the protection of the vital interests of the users/clients of the Company or of another natural person (GDPR art. 6 par. 1(d) and art. 9 par. 2(c)),

– for the purposes of scientific or historical research or for statistical purposes which are proportionate to the purpose (GDPR Article 9 (2)),

– for the establishment, exercise, or defense of legal claims (GDPR art. 9 par. 2(f))

6. COLLECTION AND USE OF CHLDREN DATA

The Company does not collect or use personal data belonging to children under 16 years of age. If any personal information is found to have been collected by a minor under the age of 16 without verifiable parental consent, this information will be deleted as soon as possible. The Company invites anyone who believes that information may have been collected from a minor under the age of 16, to inform the Company immediately by email at: info@publo.gr. 

7. DATA DISCLOSURE BY THE COMPANY

The Company undertakes not to sell, exchange, lend or in any way publish and/or disclose the user/client’s Data to any third party, whether natural or legal person. The Company may transfer personal data of its users to third parties only:

1. if it has the explicit consent of users for the transmission of personal data, or
   2. due to compliance with the relevant provisions of the law and only to the competent authorities, such as the competent police, judicial, administrative, tax and other public authorities and agencies inside and outside the European Union, upon their legitimate request, or
2. if the transfer of the Data to legal and/or natural persons cooperating with the Company becomes necessary for the fulfillment of the requests and/or orders of the users/clients and the execution and proper operation of the contracts between the Company and the user/ client, including notifications to providers of IT products and services, as well as support of all kinds of information and electronic systems and networks, security companies, courier companies, personnel/employees and other contractors, who provide independent services to the Company and act on its behalf and under the orders of the Company, or
3. where the transmission of the Data is necessary to safeguard the legitimate interests of the Company in the collection and repayment of the debts that have arisen, as well as any other legal rights and claims, including notifications to law firms, accounting / tax offices and accounting firms, notaries and bailiffs.

The Company undertakes reasonable efforts so that the Data it transmits is always suitable, relevant, conducive, and not more than what is required in view of the above-mentioned purposes. As for the contractors, servants etc. of the Company, it is noted that such third parties are deemed “processors” acting on behalf of the Company and do not carry out any processing of the Data, that goes beyond the above disclosure purposes; they will take the same data protection measures as does the Company and will process the Data only within and under the explicit and written order of the Company. The Company controls its employees and contractors, so that they have the appropriate training and take the same data protection measures as the Company during the relevant processing, always subject to the terms of security and confidentiality.

8. DATA DISCLOSURE FROM DATA SUBJECTS – SOCIAL NETWORKS

Please note that activating a link from the Website to a third-party website may be subject to additional terms. Users should read and examine separately the terms of use and privacy policy of third-party websites, as the Company has no control over them and hence has no responsibility. If the users/clients voluntarily disclose their personal data through the Website to third parties directly, it is up to the users/clients if they so wish to examine the terms concerning the protection of their personal data. By disclosing their Personal Data to third parties, even if through the Website, the users/clients accept that the Company is not responsible for their potential use by third parties. In case of disclosure by a third party-who uses another person’s Personal Data through the Website without the latter’s prior consent, the Company does not bear any liability, as the Company is not able to know, given the existing technological data ,the identity of the disclosing user.

Social Networks allow users to collaborate and share information with other people. Social Networks include social media, discussion forums, bulletin boards, blogs, and similar features where one can share the content of a webpage and its tools with a friend or colleague. The Company may collect Personal Data to enable users to use it on Social Networks via the Internet. The Company may also enable users to use these Social Networks to post or share personal data with other persons. When using Social Networks, users need to be very careful about what they choose to share with others. 

9. DURATION OF DATA RETENTION

The Data is retained only for as long as is necessary for the purposes of collection and Processing, as detailed herein, or for as long as is required by law.

At the end of this retention period, the Data will be completely deleted or retained anonymously, for example by aggregation together with other data, so that it can be used in an unrecognizable manner for statistical analysis and business planning. 

10. PURPOSE OF DATA PROCESSING

The Company processes and uses the Data

1. for the execution of the agreement between the Company and the respective client or to take measures following the request of the user/client before concluding the agreement (thus, the Company, according to the requirements and the relevant contractual terms, processes Data, for the conclusion, execution and completion of service contracts to potential partners and clients), or
2. for billing and payment of the services, or
3. in order to comply with its legal obligation (the Company is expected and must comply with a variety of regulations and legal provisions, and to follow and apply rules and instructions of the competent supervisory authorities, e.g. Law on Legalization of Revenue from Illegal Activities, Tax Legislation, Payment Companies Act), or
4. for the purposes of its legal interests (thus, the Company may use the Data in order to exercise its rights on a case-by-case basis, in court or out of court, to manage corporate risks, etc.), or
5. for the performance of a duty performed for the public interest, or
6. when the user/client has given their consent, such as for purposes of advertising, direct marketing and in general commercial research of the Company’s products and services (it is reminded, however, that the users reserve the right to revoke their consent at any time, however, any data processing done before receiving your relevant revocation is not affected), as well as
7. when the processing purposes are related to the provision of electronic communications services or the provision of value-added services that the user/client has specifically requested.

11. USERS RIGHTS

As Data Subjects, the users/clients of the Company may at any time exercise the rights provided under the GDPR, including the right to information and access, correction, erasure (right to be forgotten), limitation of processing, portability and the right of objection to processing using the appropriate forms.

In more detail, the users who have disclosed Personal Data to the Company retain the following rights:

1.The right of access to the data that concern them and are in the possession of the Company. Information on: a) all personal data concerning them, as well as their origin, b) the purposes of the processing, the recipients or the categories of recipients, c) the evolution of the processing for the period from the previous notice or update d) the logic of automated processing, e) where appropriate, the correction, deletion or freezing (locking) of data whose processing is not in accordance with the provisions of current legislation.

2. The right of correction. To request from the Controller-Company, without undue delay, the correction of inaccurate personal data concerning you.
3. The right to object to the processing of data concerning you.
4. The right to restrict processing. To ask the Controller-Company to limit the processing when: (i)the integrity of personal data is in question; (ii)processing is illegal and the data subject opposes to the deletion of personal data; (iii) The controller no longer needs personal data for processing purposes.
5. The right to be forgotten. To ask the Controller-Company to delete the Data concerning them. In fact, the Controller-Company has the obligation to delete the Data, provided there is no legal obligation or direct legal interest in retaining them.
6. The right of portability.

Users reserve and may exercise the above rights, as described below, unless there are compelling and legitimate reasons for processing that outweigh their interests and rights. However, in some cases, the withdrawal of consent for the processing of Data may cause the inability of the Company to provide services.

The rights are generally exercised in writing by email to the following email address: info@publo.gr, and free of charge. The user must request specific action, such as correction, temporary non-use, freezing, non-transmission or deletion of personal data. If any of these rights are exercised, the Company will take all possible measures to satisfy the relevant request within thirty (30) days of receipt of said request. The user/client will be informed of the fulfillment of the request, or of the reasons that prevent such fulfillment.

In particular, if the user/client no longer wishes to receive postal letters and/or e-mails from the Company, the Company requests users/clients to so inform the Company by sending an email to info@publo.gr, giving the exact name, postal address and/or their email address. Regarding e-mail advertising, users can in addition to the above, directly and at any time request the Company not to send such emails, by clicking on the deletion link they will find in the advertising e-mail they receive from the Company.

In any case, users/clients always reserve the right to contact the Personal Data Protection Authority, which can accept the submission of relevant complaints, whether in writing at its department of registry (Kifissias 1-3, 115 23, Athens ), or electronically (www.dpa.gr). 

12. APPLICABLE LAW

Greek Law, as formulated according to the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and in general the current national and European legislative and regulatory framework for the protection of personal data, is the governing law of this Policy.

Any dispute arising out of or in connection with the protection of Personal Data will be settled through mediation in accordance with the Mediation Regulation of the Athens Mediation & Arbitration Organization (EODID). In case the dispute (or part of it) is not resolved through mediation, the dispute or the unresolved part of it will be resolved exclusively, finally and irrevocably by an arbitral tribunal, and the arbitration proceedings will be determined and conducted in accordance with the Arbitration Rules of EODID. 

13. DETAILS OF RESPONSIBLE DATA CONTROLLER

The data of the Company which is the exclusive administrator of the website www.publo.gr and acts as the Controller regarding the Data, which it processes for the provision of its services, are as follows:

Company Name: MAX INTERNATIONAL CORPORATION ADVERTISING AND COMMERCIAL SA

Distinctive Title: MAX INTERNATIONAL A.E.

Seat: Psychiko Attica, Greece

Tax ID: 800708354

Tax Office: FAE Athens Tax Office

14. CONTACT

For any clarification and provision of information regarding this Policy, the Company invites its users/clients to contact the Company by post or e-mail at info@publo.gr, or by phone at +30 215 215 0780.