Development of nine Safe and Secure Truck Parking Areas in Greece
Action number 2019-EL-TMC-0264-W
Data Protection & Privacy Policy
<Company name> (hereinafter “Ministry”, “We” or “Us”) presents its data protection and privacy notice.
The protection of your privacy throughout the course of processing personal data as well as the security of all business data are important concerns to us. We process personal data that was gathered during your visit of our products confidentially and only in accordance with statutory regulations. Data protection and information security are included in our corporate policy.
<company name> is the controller responsible for the processing of your data; exceptions are outlined in this data protection notice. Our contact details are as follows:
<company name>
<company address>
<zip> <area>
GREECE
E-mail: <e-mail>
Telephone: +30 <phone>
Throughout the use of the software, we collect the following data:
The users’ username, email, and password when registering with the software.
We may generate or use third party authentication tokens to provide or gain access to systems related to the services we offer, for example an SSTPA invoicing system for generating the customer’ s invoice.
A company administrator registers all users, so we process the user’s company, its address and VAT registration number.
We require information regarding the professional automobile reserving the parking lot. The information we gather includes the make or brand of the vehicle, its type and plate number.
The drivers first and last name and gender.
The booking details, entrance, and exit date and time, exceeded time and extra cost.
Personal data consists of all information related to an identified or identifiable natural person, this includes, e.g. names, addresses, phone numbers, email addresses, contractual master data, contract accounting, and payment data, which is an expression of a person’s identity.
We collect, process, and use personal data (including IP addresses) only when there is either a statutory legal basis to do so or if you have given your consent to the processing or use of personal data concerning this matter, e.g. by means of registration.
We as well as the service providers commissioned by us, process your personal data for the following processing purposes:
Legal basis: Predominantly, legitimate interest in direct marketing on our part and in the enhancement of our products and services, as long as this is carried out in compliance with data protection regulations and competition law regulations resp. contractual performance resp. consent.
Legal basis: Fulfillment of our legal obligations within the scope of data security and predominantly, legitimate interest in resolving service disruptions as well as in the protection of our offers.
Legal basis: Legitimate interest on our part in the assertion and defense of our rights.
Each time you use the internet, your browser is transmitting certain information which we store in so-called log files.
We store log files to determine service disruptions and for security reasons (e.g., to investigate attack attempts) for a period of <num> days and delete them afterwards. Log files which need to be maintained for evidence purposes are excluded from deletion until the respective incident is resolved and may, on a case-by-case basis, be passed on to investigating authorities.
In log files, the following information is saved:
IP address (internet protocol address) of the terminal device used to access the online offer;
Internet address of the website from which the online offer is accessed (so-called URL of origin or referrer URL);
Name of the service provider which was used to access the online offer;
Name of the files or information accessed;
Date and time as well as duration of recalling the data;
Amount of data transferred;
Operating system and information on the internet browser used, including add-ons installed (e.g., Flash Player);
http status code (e.g., “Request successful” or “File requested not found”).
This online offer is not meant for children under 18 years of age.
Principally, we store your data for as long as it is necessary to render our online offers and connected services or for as long as we have a legitimate interest in storing the data. In all other cases we delete your personal data with the exception of data we are obliged to store for the fulfillment of legal obligations (e.g. due to retention periods under the tax and commercial codes we are obliged to have documents such as contracts and invoices available for a certain period of time).
In the context of our online service, cookies may be used. Cookies are small text files that may be stored on your device when visiting our online service.
We distinguish between cookies that are mandatorily required for the technical functions of the online service and such cookies and tracking mechanisms that are not mandatorily required for the technical function of the online service. It is generally possible to use the online service without any cookies that serve non-technical purposes.
By technically required cookies we mean cookies without those the technical provision of the online service cannot be ensured. These include e.g. cookies that store data to ensure smooth reproduction of video or audio footage. Such cookies will be deleted when you leave the website.
You can manage your cookie and tracking mechanism settings in the browser and/or our privacy settings. The settings you have made refer only to the browser used in each case.
If you wish to deactivate all cookies, please deactivate cookies in your browser settings. Please note that this may affect the functionality of the website.
When visiting our websites, you will be asked in a cookie layer whether you consent to our using of any marketing cookies. In our privacy settings, you may withdraw the consent with effect for the future or grant your consent at a later point in time.
Our online offers include the use of plugins provided by various social and other networks. These plugins are additional features made available by the network providers. As a default setting, these plugins are inactive.
To enhance the protection of your data when visiting our website, we use a “2-click solution” to integrate the plugins into the page. This 2-click solution keeps your visit to our websites from being recorded and possibly evaluated by the providers of the respective plugins by default.
If you do not wish the providers of the respective networks to receive data about your use of this online offer and possibly to store or further use this data, you should not activate the respective plugins.
Activating plugins
You yourself can decide whether you want to interact with the respective provider’s network and whether your data is to be transmitted to the respective provider or not. Only if you click on the button provided (“Agree”) will the respective plugin be activated and integrated into the page, and the content of the respective plugin be transmitted from the server of the associated provider directly to your browser. A second click will then allow you to perform the desired interaction with the network. If you decide to activate a plugin, you give us permission to process your data based on your consent.
Collection of data by providers
When a plugin is activated, your internet browser establishes a direct connection to the respective provider’s servers. Even if you do not have a user account with the provider or are not currently logged in to such an account, this connection notifies the respective provider that your internet browser has called up the corresponding page of our online offer.
If you already have a user account with a provider of a network and are already logged in when you visit our websites, the operator of the respective network may be able to assign the visit to your personal user account as soon as you activate plugins. This may enable the provider to analyze your usage behavior and store it in a profile.
In addition, your IP address and other data about your browser settings will be transmitted by your internet browser directly to a server of the respective provider and may be stored there.
Further processing of data by providers
Plugins are additional features made available by network providers. We therefore have no influence on the further processing of the data that the respective network providers’ plugins collect and store. To find out more about the purpose and scope of each provider’s activities to collect, further process, and delete data, as well as about your respective rights and data protection options, please consult the respective provider’s privacy policy.
Deactivate the plugin
If you activate a plugin, the activation applies to the specific plugin only, and only for as long as you visit the page into which the plugin is integrated. If you no longer wish to use an activated plugin, it can be deactivated by reloading the website. Please note that this does not affect data that has already been transmitted.
We use plugins from the providers listed below:
This online offer uses the YouTube video platform, which is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“YouTube”). YouTube is a platform that enables the playback of audio and video files.
In order to enhance your data protection when visiting our website, the YouTube content is integrated into the page in “enhanced privacy mode.” This means that the video will only be loaded and a connection to YouTube, including a transmission of log data to YouTube, only established once the corresponding plugin has been activated. If the plugin is activated, data will also be transmitted to YouTube and the Google DoubleClick advertising network contacted. This may trigger further data processing operations over which we have no control. If the YouTube video is loaded, cookies are also used.
To find out more about the scope and purpose of YouTube’s activities to collect, further process, and use data, about possible transfers of personal data to third countries such as the United States, about your rights and the data protection options available to you, please consult YouTube’s privacy policy.
This online offer uses Google Maps map services. Google Maps is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).
Loading the map requires that you activate the corresponding plugin. If you activate the plugin, data will be transmitted to Google and the Google DoubleClick advertising network contacted. This may trigger further data processing operations over which we have no control. If the map is loaded, cookies are also used.
To find out more about the scope and purpose of Google Maps’ activities to collect, further process, and use data, about possible transfers of personal data to third countries such as the United States, about your rights and the data protection options available to you, please consult Google’s privacy policy.
Our online offers may contain links to internet pages of third parties, in particular providers who are not related to us. Upon clicking on the link, we have no influence on the collecting, processing, and use of personal data possibly transmitted by clicking on the link to the third party (such as the IP address or the URL of the site on which the link is located) as the conduct of third parties is naturally beyond our control. We do not assume responsibility for the processing of personal data by third parties.
Our employees and the companies providing services on our behalf, are obliged to confidentiality and to compliance with the applicable data protection laws. We take all necessary technical and organizational measures to ensure an appropriate level of security and to protect your data that are administrated by us especially from the risks of unintended or unlawful destruction, manipulation, loss, change, or unauthorized disclosure or unauthorized access. Our security measures are, pursuant to technological progress, constantly being improved.
We are committed to processing data in accordance with its responsibilities under the GDPR. We protect the data according to:
The system communicates with other modules and between the system and external systems over HTTPS, securing the communication and transfer of data. All communications are authorized to block communications with other entities. We perform all internal communications at the extranet level to provide security against external attempts to access the system.
The system stores all personal and sensitive information with encryption at rest, rendering the data useless in the event of a breach. Firewalls and intrusion detection systems protect the service, mitigating the risk for a denial of service or a distributed denial of service attack.
We enforce short time-to-live (TTL) for tokens and perform user re-authentication when privileged actions take place to mitigate cryptographic risks as:
Regarding brute-force attacks, we only allow a certain number of unsuccessful tries before blocking the associated IP address.
To enforce your rights, please use the details provided in the “Contact” section. In doing so, please ensure that an unambiguous identification of your person is possible.
You have the right to obtain confirmation from us about whether or not your personal data is being processed, and, if this is the case, access to your personal data.
You have the right to obtain the rectification of inaccurate personal data. As far as statutory requirements are fulfilled, you have the right to obtain the completion or deletion of your data. This does not apply to data which is necessary for billing or accounting purposes or which is subject to a statutory retention period. If access to such data is not required, however, its processing is restricted (see the following).
As far as statutory requirements are fulfilled you have the right to demand for restriction of the processing of your data.
As far as statutory requirements are fulfilled you may request to receive data that you have provided to us in a structured, commonly used and machine-readable format or – if technically feasible – that we transfer those data to a third party.
Additionally, you may object to the processing of your personal data for direct marketing purposes at any time. Please take into account that due to organizational reasons, there might be an overlap between your objection and the usage of your data within the scope of a campaign which is already running.
In addition, you have the right to object to the processing of your personal data at any time, insofar as this is based on “legitimate interest”. We will then terminate the processing of your data, unless we demonstrate compelling legitimate grounds according to legal requirements which override your rights.
In case you consented to the processing of your data, you have the right to revoke this consent at any time with effect for the future. The lawfulness of data processing prior to your withdrawal remains unchanged.
You have the right to lodge a complaint with a supervisory authority. You can appeal to the supervisory authority which is responsible for your place of residence or your state of residency or to the supervisory authority responsible for us. This is:
Hellenic Data Protection Authority
Address:
Kifissias 1-3
115 23 Athens
Greece
Postal address:
Kifissias 1-3
115 23 Athens
Greece
Telephone: +30-210 6475600
e-mail to: contact@dpa.gr
We reserve the right to change our security and data protection measures. In such cases, we will amend our data protection notice accordingly. Please, therefore, notice the current version of our data protection notice, as this is subject to changes.
If you wish to contact us, please find us at the address stated in the “Controller” section.
To assert your rights please use the following link: <url>
To notify data protection incidents please use the following link: <url>
For suggestions and complaints regarding the processing of your personal data we recommend that you contact our data protection officer:
Data Protection Officer
<company name>
<zip> <area>
GREECE
Or
e-mail to: <e-mail>
Effective date: 03.01.2023
