Preamble

This Policy, which has been designed in accordance with the statutory provisions of the General Data Protection Regulation of the European Union (Regulation 2016/679) (“GDPR”) which enter in force on May 25, 2018, L. 4624/2019 and the other European and national legislation, has been adopted by the company under the trade name “Event Plus Travel Organization of Events Tourist Products S.A.” (ΕΒΕΝΤ ΠΛΑΣ ΤΡΑΒΕΛ ΔΙΟΡΓΑΝΩΣΗ ΕΚΔΗΛΩΣΕΩΝ ΤΟΥΡΙΣΤΙΚΩΝ ΠΡΟΙΟΝΤΩΝ ΑΝΩΝΥΜΗ ΕΤΑΙΡΕΙΑ) and the distinctive title “Event Plus Travel S.A.” (the “Company” or “we / us”).

We are an event production company that organizes wide scale of tailormade corporate conferences meetings and events specialized in various services (handling of entire event production, hospitality services (accommodation, transportation, product launch events, organizing tailormade team building activities, handling inspirational speakers, providing branding, concept design, graphic design, video production, audio visuals  support, etc.). Our  registered office is in Kallithea of Attica (50 Praxitelous Str, 176 74) and our contact details, to which all formal communication shall be addressed, is: Tel. +302111820920, +302111820950, E-mail: info@eventplus.gr. The Company’s website is www.eventplus.gr (the “Website”).

General Provisions

Our Company respects your privacy and is committed to protecting your personal data (the “Personal Data”). This Policy explains and describes the way, practices and policies in which our Company, in its capacity as Data Controller, uses, collects, transfers, processes, discloses and protects your Personal Data which we collect from you or you communicate to us through the Website and / or when you register and use the services provided through the Website and / or when you use the services provided by our Company (participation in conferences / meetings /events and use in general of the services that we provide).This Policy also determines our policies regarding the secure processing of Personal Data.

By entering the Website and / or making use of our services and providing your Personal Data to us (either directly or indirectly by allowing another person to do so on your behalf), you consent and accept that this Policy will apply to the way that the Company uses your Personal Data and you consent to the Company collecting, transferring, processing, using and disclosing your Personal Data, as described in detail in this Policy. In case that you do not agree with any part of this Policy, you must refrain from visiting, using the Website and providing your Personal Data. If you do not provide your Personal Data or withdraw a consent that you have given under this Policy, this may adversely impact the services that the Company can provide to you and we may not be able to provide services to you.

If you have any question regarding this Policy you may address and contact with the Company via e-mail using the following e-mail addresses: info@eventplus.gr

Changes to the Policy

This version was last updated on 23th September 2022. We may need to update this Policy from time to time and post the most up-to-date version on the Website at any time without announcement. If there are any significant changes then we may post a relevant announcement relating to the amendments on the Website or inform you by sending a notification via e-mail and/or sms. Please check the Website from time to time in order to determine whether there have been any updates and review from time to time this Policy in order to keep informed about the way in which we use and protect the Personal Data we collect.

It is important that the Personal Data we hold about you is accurate and current. Please keep us informed if your Personal Data changes during your relationship with us.

Third-party links

This Website may include links to third-party websites, plug-ins and applications or include third party websites. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. This Policy does not apply to these websites, we do not control and we are not responsible for the privacy policies or practices of such websites or for their privacy statements. When you choose to visit a linked site, you agree that our Company is not responsible for the availability of this site and agree that our Company does not control, sign or is responsible in any way whatsoever for the way in which your Personal Data are addressed in these websites, the content of such websites and the use of such websites from other individuals

When you leave our Website, we encourage you to read the privacy notice of every website you visit so you understand how they will process your Personal Data.

2. This Policy does not in any way cover the relations between you as users of the Website and any services and practices that are not subject to the control of the Company and / or owned by the Company. In view of the nature and the great amounts of information on the internet, the Company shall not be responsible in any case, including, without limitation, in cases of the Company’s negligence, for any kind of damages sustained by you who use the sites, services, selections and contents of the Company’s Website on your own initiative and being aware of the terms of this Policy.

Collection and Use of Personal Data

Personal data, or personal information, means any information about an individual from which that person can be identified.

We may collect, use, store and transfer different kinds of personal data about you, to assist us with providing the best services to you.

Α. In particular, we may collect, store and use the following types of Personal Data:

• information provided by you for the purposes of contacting with our Company, signing in our advertising/informative/promotional programmes regarding the organization of future events/conferences/meetings (the “Informative Programmes”) by completing the registration form and using our services;
• any other information that you choose to disclose to us (either through the Website or otherwise) which is pertinent to the fulfilment of your personal requests and fall within our scope of business (organization of conferences, events etc.) – this information may extend in this instance to your family members;
• any information that you choose to disclose to us for the purposes of signing and performing an agreement / contract with our Company;
• data sent by third parties (e.g. companies, tourism agencies) within the context of co-operation and provision of information.

More specifically, the Personal Data we may collect from you either during the use by you of the services of our Website, your communication with us and your registration to Informative Programmes, through the use of our services (participation in conferences/events/meetings etc.) or through agreements / contracts with the you (e.g. Company’s employment agreements) is the following:

• Personal data, such as name, last name, middle name, email address, telephone number, type and identification form number (e.g. passport, identity card), home address, date of birth, nationality, etc.
• Financial data, such as credit card details (card type, credit card number, name referred in the card, expiration date and security code) and billing information, such as business card, credit card number, T.I.N. and Tax Office, if an invoice is requested
• Employment data, such as employment, position / title, employment location.
• Medical data related to your health: indicatively food and other allergies, mobility problems, which are collected and registered at your request for your convenience.
• Information you provide about your advertising preferences when participating in surveys, contests and promotions.
• Technical data: When you use the Website, we may collect information automatically, some of which may be Personal Data. These may include data such as language settings, IP address, location, device settings, device operating system, activity details, usage time, redirect URL, status report, user information (information about the version of the browser, how you use the Website and its services), the operating system, the browsing result and the browsing history.

1. In the above mentioned context, we may collect Personal Data in one of the following cases:

• When you use the services of the Website or you use our services (participation in conferences/meetings/events etc.) or when you sign in our Informative Programmes by completing the registration form or when you choose to receive marketing/informative/promotional newsletters from us;
• When you contact or enter into agreements / contracts with us;
• From third parties (e.g. companies, public organizations, tourism agencies) co-operating with us for the purposes of providing our services (organizing conferences/meetings/events etc.)

Purposes of Processing and Legal Basis

1. The Company uses your Personal Data, as provided by law. We typically use your Personal Data in the following cases and for the following purposes:

• For the purpose of executing and performing an agreement / contract concluded or a contract to be concluded by our Company
• Fulfillment of requests and management of your relationship with the Company: We can use the information we collect to satisfy your requests regarding the services we provide through our Website or whatsoever and to answer to your questions and requests
• Marketing Actions and Promotions: We may also use your data for marketing actions and to inform you about new offers / categories of services by sending to you promotional information (newsletters) through e-mails and / or sms, as permitted by law and subject to your explicit consent.
• Security, detection and fraud prevention: We use the information, which may include Personal Data, to prevent fraud and other illegal activities. We also use this information to investigate and detect cases of fraud. We may also use your Personal Data for risk assessment and security purposes, including user authentication. For these purposes, your Personal Data may be disclosed to third parties, such as law enforcement authorities, as permitted by applicable law, and to external consultants.
• Legal procedures and compliance: In some cases we need to use the information provided, which may include Personal Data, to manage and resolve legal disputes or grievances, for regulatory investigations and compliance, or to implement the agreement (s) with you or to comply with lawful requests from law enforcement authorities, to the extent required by law (e.g. compliance of the Company with its legal or tax obligations, or for the protection of its vital interests or your interests (or that of a third party) or when the processing is necessary for the purposes of the legal interests pursued by the Company).

If we use automated personal data processors that have legal effects or that significantly affect you, we will take appropriate steps to protect your rights and freedoms, including the right to human intervention.

1. Legal Basis for Processing

The legal basis for the processing of your Personal Data in accordance with the above is:

• the execution of a contract between us: the use of Personal Data may be necessary for the execution of an agreement between us, the use of the services of the Website, the response to your requests in the context of the agreement between us;
• in connection with some of the above purposes we rely on our legitimate interests; we use Personal Data for our legitimate interests, such as providing you with the best and most relevant content for the Website, emails and newsletters, for the improvement and promotion of our products and services and the content of the Website, to collect any amounts owed to us, as well as for management purposes, fraud detection and other lawful purposes. When we use Personal Data to serve our legitimate interests, we always give priority to your rights and interests regarding the protection of such Personal Data over our own rights and interests;
• with regard to some of the above mentioned purposes we also rely, where applicable, on our obligation to comply with applicable law.

Where required by applicable law, we will seek your consent before processing your Personal Data, especially for direct marketing purposes.

You may withdraw your consent at any time whatsoever by contacting us at any of the addresses in the preamble of this Policy.

Processing of sensitive data

In some cases, we might process special categories regarding your Personal Data (“sensitive data”). Sensitive data are defined as Personal Data that reveal your gender or national origin, political beliefs, religious or philosophical beliefs, participation in trade union organizations, genetic data, biometrics data with the purpose of identifying a physical person, health and sexual life or sexual orientation. For example, we may process sensitive data that you have made publicly available. We may also process sensitive data, on occasion, for the support, exercise or defense of legal claims. We may also process your sensitive data if you have previously given your explicit and special consent, in a specific context for a specific purpose.

Protection and Retention of Personal Data

The Company takes appropriate legal, organizational and technical measures in order to protect your Personal Data in accordance with the applicable legislation for privacy and data security. The Company implements various security technologies and procedures in order to protect your Personal Data from any illegal destruction, loss, misuse or modification, as well as against any unauthorized or illegal processing, use or disclosure.

We retain your Personal Data, for as long as we deem necessary, for providing our services, complying with applicable law, resolving disputes with various parties and whatever else may be required for the purposes of our business, including detecting and preventing fraud or other illegal activities. In addition, we will delete all your Personal Data if you have asked us not to contact you in the future. All Personal Data we retain are subject to this Policy. If you have questions about a specific retention period for certain types of Personal Data, please contact us at the contact details found in this Policy.

The Company will delete or re-identify your Personal Data once they are no longer required for the provision of its services and/or for its business purposes and/or for the performance of a contract the Company has entered into and/or for legal purposes, or as required otherwise by the applicable legislation for the protection of Personal Data from time to time.

Disclosure of Personal Data to Third Parties

1. Save as otherwise provided in this Policy, we are bound not to sell, rent or otherwise publish or disclose your Personal Data to third parties (individuals or legal entities) unless:
2. a) you have provided explicit written consent and (i) the third party (individual or legal entity associate/ supplier / service provider of the Company) has provided sufficient guarantees in respect of the technical and organizational measures governing the processing to be carried out and (ii) the third party (individual or legal entity associate / supplier/ service provider of the Company) has entered into a written contact with the Company which imposes on the third party obligations identical to those imposed on the Company under the provisions of Personal Data protection;
3. b) required in order for the Company to comply with the respective legislation and only to any competent public prosecutor, police, criminal investigation and judicial authorities in response to their requests.
4. c) in connection with any legal/judicial proceedings or impending legal/judicial proceedings.
5. d) in order for the Company to establish, exercise or defend its legal rights –including information to regulatory, prosecution οr other authorities for the purposes of fraud prevention and anti-counterfeiting, unauthorized use and illegal activities-.

Unless otherwise provided in this Policy, we are bound not to transfer your Personal Data in third countries outside the European Union without your prior written consent unless the Company and the recipients of such Personal Data have entered into and use the standard contractual clauses approved by the European Commission and annexed to the Commission Decision of 5^th February 2010 on standard contractual clauses for transfer of personal data to processors established in third countries (2010/87/ΕU).

Your Rights

As a subject of data, you are entitled to legal rights regarding the personal data we collect from you. We will respect your rights and will sufficiently deal with your concerns.

The following list contains information regarding the legal rights your are entitled to exercise and which arise from the provisions of GDPR and the applicable national legislation which implements or supplements GDPR or otherwise is related to the processing of individuals’ Personal Data together with the binding directives and Codes of Practice issued from time to time by the respective supervisory authorities:

• Right to be informed: You can ask for information regarding your personal data, the processing of such data, as well as the legal basis for such processing and all details related to it.
• Right of access and correction.
• Right to delete: You can ask us to delete your personal data, where Personal Data are no longer necessary in regards to the purposes they have been collected or have been processed or for the provision of any services.
• Right to restriction the processing of your Personal Data.
• Right to object to the processing of your Personal Data.
• Right to portability to another data controller, i.e. your right to receive data in appropriate format, so that their transfer to another data controller is technically feasible.

In order to exercise your above-mentioned rights or for any enquiry you may contact with us:

• By sending an e-mail to the following e-mail address info@eventplus.gr or
• By sending a letter to the address set out in the Preamble of this Policy.

You are also entitled to withdraw at any time the consent you have provided (in cases that its provision is necessary) regarding the processing of your Personal Data (without retroactive effect) following one of the two (2) ways described above.

Furthermore, you (a) are entitled to lodge a written complaint before the competent supervisory authority regarding the protection of your Personal Data, i.e. the Data Protection Authority (1-3, Kifisias Avenue, P.C. 115 23, Athens, +30 210 6475600, e-mail contact@dpa.gr) and (b) have the right to an effective judicial remedy in case you consider that your Personal Data have been violated.

Applicable Law

The processing and protection of your Personal Data is governed by the terms of this Policy, the provisions of GDPR and the applicable Greek legislation which implements or supplements GDPR or otherwise is related to the processing of individuals’ Personal Data together with the binding directives and Codes of Practice issued from time to time from the respective supervisory authorities (see European Commission).