Privacy Policy
A. Scope of the Personal Data Protection Policy
The company “BIRO HELLAS”, headquartered in Athens, at Tsakalof Street (hereinafter referred to as the “Company” or “BIRO HELLAS”), aims to inform users of the website BIRO HELLAS(hereinafter the “Website”) about the methods and purposes of processing their personal data through this Privacy Policy (hereinafter the “Policy”). BIRO HELLAS respects the privacy and personal data of all individuals interacting with it. For transparent communication, the Company has published this Policy on its Website to provide sufficient information regarding the personal data it processes as part of its lawful activities.
This Policy complies with the applicable national and EU legal frameworks on personal data protection, particularly the General Data Protection Regulation (EU) 2016/679 (the “Regulation”) and Law 4624/2019.
Specifically, this Policy clarifies the core principles and rules of personal data processing followed by BIRO HELLAS and informs data subjects about the processes conducted, their legal basis, and the data subjects’ rights.
B. Definitions
For the purposes of this Policy, the following terms are defined as follows:
- Personal Data: Any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified directly or indirectly, particularly by reference to an identifier such as a name, identification number, location data, online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that person.
- Processing: Any operation or set of operations performed on personal data, whether or not by automated means, including collection, recording, organization, structuring, storage, adaptation, retrieval, consultation, use, disclosure, alignment, combination, restriction, erasure, or destruction.
- Controller: The natural or legal person, public authority, agency, or other body that determines the purposes and means of personal data processing.
- Processor: A natural or legal person, public authority, agency, or other body that processes personal data on behalf of the Controller.
- Data Subject: The natural person whose personal data is processed, including any user of our Website.
- Consent: Any freely given, specific, informed, and unambiguous indication of the data subject’s wishes, by which they signify agreement to the processing of personal data concerning them through a statement or clear affirmative action.
- Personal Data Breach: A breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data transmitted, stored, or otherwise processed.
- Applicable Legislation: National and EU data protection laws, particularly the General Data Protection Regulation (EU) 2016/679, Law 4624/2019, and decisions, guidelines, and opinions of the Data Protection Authority.
- Lawfulness, Fairness, and Transparency: Data is processed lawfully and fairly, transparently to the data subject.
- Purpose Limitation: Data is collected for specific, explicit, and legitimate purposes and not further processed in ways incompatible with those purposes.
- Data Minimization: Processing is limited to data that is adequate, relevant, and necessary for the purposes.
- Accuracy: Data is accurate and, where necessary, kept up to date.
- Storage Limitation: Data is retained only as long as necessary for processing purposes unless longer retention is required by law or for archiving, research, or legal claims.
- Integrity and Confidentiality: Data is processed securely to protect against unauthorized or unlawful processing and accidental loss or damage.
- Accountability: BIRO HELLAS is responsible for demonstrating compliance with the above principles.
- Name
- Email address
- Subject of communication
- Additional data users wish to share.
Purpose of Collecting and Processing Personal Data
The purpose of collecting and processing personal data is to provide immediate and personalized services by BIRO HELLAS, specifically tailored consulting services to meet the unique needs and requirements of each user. The legal basis for processing user personal data is the Company’s legitimate interest in delivering high-quality services to Website users (GDPR, Article 6(1)(f)).III. Personal Data Collected Through the Use of Cookies
When you browse our Website, certain information related to Website traffic may be collected, such as your Internet Protocol (IP) address, the type of browser you use, etc.Purpose of Processing and Legal Basis
The use of cookies serves the purposes of our legitimate interests, specifically:- Service Provision: Collecting information to optimize the services provided and enhance the overall user experience on our Website.
- User Convenience: Storing your preferences and settings to ensure a smoother and more comfortable browsing experience.
- Website Analysis: Analyzing the functionality of our Website and online services using aggregated statistical data.
IV. Social Media Buttons
Our Website includes social media buttons or widgets from networks such as Facebook, Instagram, and LinkedIn. When a user connects to these networks, a unique digital footprint is created, for which both the Company and the social network act as joint controllers. For more information about the data processing policies and settings options of these networks, you can visit the following pages:Purpose of Collection and Processing
The purpose of collecting and processing this data is to improve the services we provide and enhance the overall user experience when visiting the Website. The legal basis for processing user personal data is the Company’s legitimate interest in delivering high-quality services to Website users (GDPR, Article 6(1)(f)).E. Personal Data of Minor Users
BIRO HELLAS does not target minors and does not wish to collect or process personal data of minors (i.e., individuals under the age of 18). However, since it is not feasible to verify the age of the Website’s users, we kindly request that parents or guardians notify the Company immediately if they become aware of any unauthorized disclosure of data by minors, so that the Company can take necessary protective measures (e.g., immediate deletion of the data). If the Company becomes aware that it has collected personal data of a minor, it commits to deleting the data immediately and taking all necessary measures to protect it.F. Data Protection Impact Assessment (DPIA)
When a type of processing is likely to result in a high risk to the rights and freedoms of individuals, BIRO HELLAS conducts a Data Protection Impact Assessment (DPIA) prior to the processing. The DPIA is a procedure designed to describe the processing, assess its necessity and proportionality, and assist in managing risks by identifying and implementing measures to address them. A DPIA is not required for all types of processing but is mandatory when a type of processing is deemed high-risk. The DPIA considers the nature, scope, context, and purposes of the processing to assess the likelihood and severity of risks to data subjects’ rights and freedoms.G. Ensuring Processors Respect Your Personal Data
In its operations, BIRO HELLAS may transfer data to third parties or allow access to it (legal or natural persons) acting as processors or sub-processors to support its activities and serve its purposes (e.g., transferring data to service providers, website developers, cloud service providers, application development support companies, etc.). Collaborating companies acting as processors or sub-processors on our behalf have contractually agreed and committed to:- Maintain confidentiality and ensure the privacy of data,
- Process data solely for specific purposes and no other,
- Not transfer data to third parties,
- Implement appropriate organizational and technical security measures to ensure data protection,
- Comply with the legal framework for personal data protection, including the GDPR and Law 4624/2019.
H. Data Transfer to Third Parties
User personal data may be transferred to public authorities, independent authorities, etc., in the exercise of their duties, either ex officio or upon a third party’s legitimate interest request, following all lawful procedures and ensuring appropriate safeguards for personal data protection. BIRO HELLAS reserves the right to disclose or transfer personal data to third parties in case parts of its business or assets are sold or merged. If such a business change occurs, the new owners may use your personal data in the same manner described in this Policy.I. Transfer of Personal Data Outside the EU
If the transfer of user personal data collected via our Website to a country outside the European Union (EU) or the European Economic Area (EEA) is required, BIRO HELLAS ensures beforehand that: a) The European Commission has issued an adequacy decision for the third country to which the data will be transferred. b) Appropriate safeguards are in place in accordance with the GDPR for such transfers. Otherwise, transfers to a third country are prohibited, and the Company will not transfer user personal data unless one of the specific derogations provided by the GDPR applies (e.g., the user’s explicit consent and notification about the associated risks, the transfer is necessary for contract execution upon the user’s request, public interest reasons, legal claims, or vital interests of the user, etc.). In cases where international data transfers are necessary, BIRO HELLAS chooses appropriate legal mechanisms and fully complies with the GDPR and applicable laws, informing data subjects accordingly.J. Data Retention Period
User personal data is collected and retained for a predefined and limited period, depending on the purpose of processing. Once this period expires, the data is deleted from BIRO HELLAS‘s records. When processing is required by applicable legal provisions or for a specific retention period, personal data will be stored for as long as the relevant provisions mandate. Data processed based on consent is retained until the consent is withdrawn, without affecting the lawfulness of the processing conducted up to that point.XI. Personal Data Security
All personnel and employees of BIRO HELLAS are responsible for ensuring that personal data maintained and processed by the Company is kept secure and not disclosed or transferred to any third party unless the third party is authorized by the Company to receive and process such information within the context of (a) the lawful activities of BIRO HELLAS, provided they have signed a corresponding confidentiality agreement, or (b) a legal obligation arising from a law or court order.Measures for Data Security
BIRO HELLAS implements appropriate technical and organizational measures to safeguard the personal data it holds and processes. While no method of transmission over the Internet or electronic storage is entirely secure, the Company takes all necessary digital security measures (e.g., antivirus software, firewalls, etc.).Data Protection by Design and Default
- Protection by Design: BIRO HELLAS ensures that during the selection of processing methods and throughout the processing itself, appropriate technical and organizational measures are implemented to enforce data protection principles and incorporate necessary safeguards. This ensures compliance with GDPR requirements and protects the rights of data subjects.
- Protection by Default: The Company ensures that, by default, only personal data necessary for the specific processing purpose is processed.
Staff Training and Awareness
BIRO HELLAS ensures that personnel involved in the collection and processing of personal data are adequately informed and trained.Data Breach Response
In the event of a personal data breach, the Company promptly notifies the Data Protection Authority unless the breach is unlikely to pose a risk to the rights and freedoms of individuals. The Company provides all required information and documentation related to the incident. If the breach is likely to pose a high risk to the rights and freedoms of individuals, BIRO HELLAS promptly informs the affected data subjects unless such notification requires disproportionate effort or if the Company has already implemented appropriate technical and organizational measures to protect the affected data, rendering it unintelligible to unauthorized users. Alternatively, if the Company takes measures to ensure that the risk is no longer likely to materialize, notification to data subjects may not be required.XII. Your Rights
BIRO HELLAS ensures the ability to respond promptly to users’ requests for exercising their rights under applicable legislation. These rights include:- Right of Access:
- Request information regarding the processing of personal data by BIRO HELLAS.
- Access personal data held by the Company.
- Request a copy of the data and check the legality of its processing.
- Right to Rectification:
- Request correction of inaccurate or incomplete personal data.
- Right to Erasure (“Right to be Forgotten”):
- Request the deletion of personal data if there is no lawful basis or legitimate interest for its retention.
- Right to Restriction of Processing:
- Request limited processing of personal data under specific conditions.
- Right to Data Portability:
- Request the transfer of personal data to themselves or a third party.
- Right to Withdraw Consent or Object:
- Withdraw consent for processing at any time, without affecting the legality of prior processing.
- Object to processing conducted by BIRO HELLAS.
Exercise of Rights
To exercise these rights, you may contact BIRO HELLAS at info@birohellas.gr, specifying your request (e.g., rectification, deletion, restriction, objection, access, portability, or withdrawal of consent). When a request is submitted, BIRO HELLAS provides information about the processing actions within one month of receipt and identification of the data subject. This period may be extended by up to two additional months in cases of complex or numerous requests. In such instances, the Company will inform the user within one month of the delay and its reasons. BIRO HELLAS may refuse to fulfill a request, wholly or partially, only if this is permitted by GDPR or national legislation. For requests deemed manifestly unfounded or excessive (e.g., repetitive requests), the Company may charge a reasonable fee to cover administrative costs or refuse to act on the request.XIII. Disclaimer for Third-Party Websites
If the Company’s website contains links redirecting users to third-party websites, BIRO HELLAS informs users that it does not control or assume responsibility for risks or damages (actual or consequential) arising from the use of such websites or their content. Similarly, the Company does not bear responsibility for how third parties process personal data. Nonetheless, BIRO HELLAS takes necessary measures to ensure its website provides a secure environment for users, offering accurate, reliable, and up-to-date information.XIV. Right to Lodge a Complaint with the Data Protection Authority
If you have any complaints about this Policy or personal data protection issues, and BIRO HELLAS has not satisfactorily resolved your request, you may file a complaint with the Hellenic Data Protection Authority (HDPA):- Website: Submit Complaint Online
- Address: 1-3 Kifissias Avenue, Athens, 115 23
- Telephone: +30 2106475600
- Detailed instructions for filing complaints are available on the HDPA website.