Privacy Policy

DAMASOL LIMITED is a company providing digital services through an innovative online platform that enables users to create and manage events, event invitations, guest lists, RSVP responses and customizable templates. The platform is designed to offer a seamless and user-friendly experience for any user seeking efficient event organization tools. On that end, DAMASOL LIMITED takes private information seriously and, therefore, it has formed the present policy not only in compliance with the General Data Protection Regulation but also out of inherent respect of the right in privacy, as a key-factor of its business mentality.

The present Privacy Policy aims at providing all the necessary information regarding the private data processing procedure, in the context of using https://ethileo.com/ (hereinafter the “Site”), including the data shared by the user himself or gathered by his interaction with the Site. To be more specific, hereby you can find information such as which data of yours does DAMASOL LIMITED collect and how they are used, the recipients of your data, the retainment period, the purpose of their processing, your privacy rights to be exerted and who to revert to in case of a data incident. So, please read carefully this private policy, since it is essential for your own protection as a private data subject.

DEFINITIONS

Some of the terms used in this policy have a legal meaning as specifically defined in Article 4 of the new General Data Protection Regulation (https://eur-lex.europa.eu/legal-content/EL/TXT/HTML/?uri=CELEX:32016R0679&from=EL). Here are some of the basic terms you will need to know:

“Personal data” means any information relating to an identified or identifiable natural person. An identifiable natural person is one whose identity can be established, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or one or more factors specific to the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.

“Processing” means any operation or set of operations carried out with or without the use of automated means on personal data. It includes, but is not limited to, the collection, recording and organization of personal data.

“Consent” means any freely given, specific, explicit and informed indication of intent by which a natural person signifies his or her agreement, by means of a statement or explicit affirmative action, to the processing of his or her personal data.

“Data Controller” means the natural or legal person, or public authority, or agency or other body which determines the purposes and means of the processing of personal data.

“Data processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

“Recipient” means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.

“Third party” means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.

“Personal data breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access of personal data transmitted, stored or otherwise processed.

“Current legislation“: the relevant national and EU legislation on personal data protection, in particular the General Data Protection Regulation (EU) 2016/679 (hereinafter “GDPR”), the Greek Law 4624/2019, as applicable, as well as the Decisions, Directives and Opinions of the Greek Data Protection Authority.

Furthermore, the collection and processing of personal data is governed by the following principles, according to the new General Data Protection Regulation, which on our end we apply at all stages of the processing procedure, i.e., we conform with:

• Legitimacy, objectivity and transparency
• Purpose Limitation
• Accuracy
• Limitation of the storage period
• Integrity and confidentiality

SOURCE OF PERSONAL DATA

We collect personal data either directly from the data subjects themselves (for example, when users create an account or use our Services), indirectly through our users when they enter personal data relating to their event guests, or automatically through cookies and similar technologies, server logs and technical files, as further described in this Privacy Policy and our Cookies Policy.

CATEGORIES OF DATA SUBJECTS

The data subjects whose personal data may be processed through the use of our Site and Services include registered users of the platform, event guests whose personal data is entered by users for the purposes of event organization, as well as visitors of our Site.

WHICH PERSONAL DATA WE PROCESS

The personal information that we process is related to the scope of our services provision and your interaction with our Site. In any way, if you are an interested party that wishes to benefit from our services, we only process the information that you disclose to us under these circumstances and in the context of fulfilling our obligations towards you, arising from each professional relationship.

In particular, in order to register to our services, we require the provision of your full name and your email address. If you link your Google account, we also get information from that account. The information we get from that service depends on your settings and it’ s privacy policy, so please check what it is. Furthermore, in the case you wish to register to our newsletter list, we inform you that the personal data of yours that we gather are your name and e-mail.

Minors are not allowed to access the services of our Site. If, however, underage users voluntarily visit our Site and their minority cannot be verified in any way, then we cannot be held responsible.

DATA COLLECTED THROUGH THE GUEST MANAGEMENT SERVICE

When you use the Guest Management features of our platform, you may upload or manually enter personal data of your guests. This data may include: First and last name, Email address, Phone number, Number of attendees, Guest group or category, Special categories or notes, Table assignment, RSVP status (attending / not attending / maybe).

DAMASOL LIMITED processes this data solely for the purpose of enabling you to organize and manage your event.

You acknowledge that you are responsible for ensuring that your guests have been properly informed about the processing of their personal data for the above purposes, in accordance with applicable data protection laws. DAMASOL LIMITED does not contact your guests directly.

INFORMATION & CONTENT COLLECTED AUTOMATICALLY

In view of the above, we notify you that upon your visiting our Site we automatically collect information about how you make use of our services, such as the website that linked you to us, the date of your visit, or the frequency and duration of your activities on our Site. In addition, our servers, logs and other technologies automatically collect certain information to help us administer, protect and improve our services. In particular, the obtained information contains cookies, IP addresses, browser data and browser version identification data. For further notice, please read carefully our Cookies Policy that constitutes an integral part of the present Privacy Policy. We share personal information with third parties only in accordance with this policy or applicable law.

Also, we collect information about you when you subscribe to our newsletter and when you email us through the email address provided on our website.

We will process this data on the basis of your consent to sign up for our newsletters.

HOW WE USE YOUR PERSONAL DATA

• We process your personal data as a registered user and customer of our platform (such as your name, contact details etc) in order to enable the purchase of services, manage your account, provide access to the purchased functionalities and generally perform our contractual obligations towards you. The legal basis for this processing is Article 6(1)(b) GDPR.
• We process guest data in order to provide and support the Guest Management functionalities of our platform, including the creation of guest lists, tracking RSVP responses, organizing seating arrangements and facilitating the overall event planning process. The legal basis for this processing, is Article 6(1)(b) GDPR, as such processing is necessary for the performance of the contract between you and our Company, namely for the provision of the Guest Management services you have chosen to use.
• We collect your name and contact data, if you register at our newsletter & for promotional purposes on the legal basis of your explicit
• Same as before, we collect your name and contact data, where you contact us prior to registering or purchasing any service, in order to provide you with preliminary information and support regarding the services offered through our Site, on the legal basis of your explicit consent.
• We collect device information, such as the web browser type and the language you use on the scope of improving our Sites performance thus setting default options (such as language) on the legal basis of the legitimate interest of our business.
• We also collect information about your computer, your visits and the use you are making of our Site (e.g., your IP address, your geographic location, your browser, how you access our Site, the duration of your visit and the number of page views) for statistical purposes on the legal basis of the legitimate interest of our business.

In this point, we stress that we only collect and generally process the data that is absolutely necessary, relevant and appropriate for the purpose of each processing.

PROVIDING EXPRESSED CONSENT

By registering on our Site and where required or subscribing to our newsletter list, you provide us with your explicit consent to the processing of your personal data, pursuant to the terms of this Policy. Your consent is given freely and can be revoked anytime as easy as it was given.

THE RECIPIENTS OF YOUR PERSONAL DATA

As of standard practice, we do not share your personal data with third parties unless it is necessary for the operation of the Site or if you consent to such disclosure. Indicatively, we may share your data with the following recipients:

✓ Our authorized personnel, developers, technical partners, agents and any third party who maintains a professional relationship with us, solely to the extent necessary for the provision, support and improvement of our services.

✓ Professional service providers, such as hosting providers, IT support teams, marketing and analytics partners, advertising collaborators, email delivery services and website administrators who contribute to the operation, security and performance of the Site.

✓ Well-established third-party service providers approved by you, such as social networking platforms or other integrated third-party tools that you choose to use through our Services.

We do not disclose your personal data to third parties outside the European Union in countries where there is no appropriate data protection regime. However, should such a data transfer need to take place, the transfer to third countries will be made in accordance with the requirements of Regulation (EU) 2016/679 and any implementing Greek law and only in full compliance with applicable law.

THE DURATION OF PERSONAL DATA RETAINMENT

We will keep your personal data for a predetermined and limited period of time, in order to fulfill our obligations. Therefore, we hold your personal data as long as you have an account with DAMASOL LIMITED, unless a different retention period is provided or permitted by applicable legislation. We may continue to retain your personal data even after the completion of the relevant purpose of processing, respecting the principle of proportionality and only on the basis of “absolute necessity of knowledge” to comply with legal or regulatory requirements, resolve disputes, or prevent fraud and abuse.

Guest data entered through the Guest Management features is retained only for as long as necessary for the organization and completion of the relevant event. Once the event is completed or deleted by the user, the associated guest data is also deleted, unless a longer retention period is required for legal reasons or explicitly requested by the user.

TAKING APPROPRIATE TECHNICAL & ORGANIZATIONAL MEASURES

On our end, we have taken all the appropriate security measures in order to prevent accidental loss of personal data or to prevent unauthorized access. In addition, we have procedures in place to deal with any data security breaches. In particular, we have taken every organizational and technological precaution to prevent the loss, misuse or alteration of the users’ personal information. We store all personal data provided by users on secure cloud servers protected by passwords and firewalls.

However, the user acknowledges that sending information over the internet presents inherent security problems and for that reason DAMASOL LIMITED cannot guarantee the security of data transmitted over it. Therefore, we prevent you from disclosing sensitive personal information online. Likewise, please note that we cannot guarantee the security of data, information, etc. received by e-mail.

PRIVACY RIGHTS

We inform you that you can exert the right to:

• Access to your data: Τhe right to request access to your personal data, in accordance with Article 15 of the GDPR. By requesting access, you can be informed of the categories of your personal data that we hold and process, the purposes of their processing, the categories of recipients to whom the data have been or will be communicated, the period for which they will be stored, the existence of a right to rectification or erasure of data or restriction of their processing or a right to object to their processing.

• Correction of your data in case of inaccuracy: Τhe right to demand the correction of inaccurate data as well as the completion of incomplete data concerning you, by presenting any necessary document showing the need for correction or completion pursuant to Article 16 of the GDPR.

• Erasure of your data: In the cases that you no longer wish your personal data to be processed and maintained, you have the right to request their deletion, provided that the data are not kept for a specific legitimate and stated purpose, in accordance with Article 17 of the GDPR.

• Restriction of your data processing: Τhe right to request the restriction of the processing of your personal data, under the conditions of Article 18 GDPR.

• Object to your data processing: Τhe right to object at any time and on grounds relating to your particular situation to the processing of personal data relating to you where the processing is based on Article 6 para. 1(e) or (f) of the GDPR.

• Withdrawal of your consent: You have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal. You may withdraw your consent by clicking the “unsubscribe” link included in our newsletter emails or by contacting us at info@………
• Transfer of your data to another entity: Τhe right to receive or request the transfer of your data, in unreadable form, from us to another controller, if you wish, pursuant to Article 20 GDPR.
• Complaining to the Data Protection Authority in the event of an unfortunate incident of data breach

We will evaluate and respond to your afore-mentioned requests/claims within one month of receipt, deadline that may be extended for an additional two-month period in exceptional circumstances depending on the nature and complexity of the claim.

The exercise of any of the rights described above can take place by contacting us via email at: info@…………….

In the case you wish to complain for our handling of your personal data, you have the right to contact the competent supervisory authority.

The competent supervisory authority is the Hellenic Data Protection Authority (DPA), which is located at 1-3, Kifissias Street, Athens, P.C. 11523, tel. 2106475600 and by email contact@dpa.gr.

LINKS TO THIRD-PARTY WEBSITES

This Privacy Policy applies only to the services provided by us. The Services may contain links to other websites not operated or controlled by us (the “Third Party Sites”). The policies and procedures we described here do not apply to the Third Party Sites. The links from the services do not imply that we endorse or have reviewed the Third Party Sites. We suggest contacting those sites directly for information on their privacy policies.

UPDATE OF PRIVΑCY POLICY

The Site may need to update this Policy by posting a new version on the Site or in connected applications.

The user is expected to check this page regularly to ensure that it complies with any changes to the terms of this Policy. DAMASOL LIMITED may notify users of changes made to this Policy through notifications that will appear on our Site.

COMMUNICATION

In the case you have further questions or comments regarding this Policy, do not hesitate to contact us at info@ethileo.com