Effective date ……………………
Thank you for visiting the website https://www.helleniccoin.com/ (hereinafter the “website”) owned and run by the company under the name “HELLENIC COIN ………….., and with the distinctive title “Hellenic Coin” with a business address at ……………………………………. (hereinafter: “HELLENIC COIN” or the Company”).
«General Data Protection Regulation»
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)
‘Personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
«Special categories of personal data»
Personal data which are, by their nature, particularly sensitive in relation to fundamental rights and freedoms merit specific protection as the context of their processing could create significant risks to the fundamental rights and freedoms. . Special Categories of personal data are personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation
‘Processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
‘Consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
“Personal data breach’ means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed;
Services” means [describe the services provided].
HOW WE COLLECT PERSONAL DATA
Directly from you: We collect personal data directly from you when you visit our website, when you request information, submit a request, create an account, perform a transaction.
By automated means through the use of the website: When you visit the company’s website, we may collect data from you based on your browsing and using our services. This data may include search history, address IP, screen resolution, browser you used, operating system and settings, access times and URL reference as well as data collected through cookies (See Policy cookies).
From third parties: If you connect to https://www.helleniccoin.com/ through a third-party service (e.g. Facebook), this third-party service may send us information, such as your registration information and profile from that service. This information varies and is controlled by or authorized by you through your privacy settings in the third-party service. Also, and to the extent required and permitted by applicable law and within the context of due diligence under national and international standards to prevent money laundering, terrorist financing and circumventing trade and economic sanctions we may use data collected from third-parties and service providers and/or partners, and combine it with information we have about you.
WHAT PERSONAL DATA WE COLLECT
When you visit the website https://www.helleniccoin.com/ we collect the following personal data, which (data) may vary depending on the use performed by each visitor (contact form, account information etc):
Telephone (mobile, landline)
Any information you include in the text of the contact form
The information you provide to create an account and specifically :Full legal name (including former name, and names in local language), proof of identity (e.g. passport, driver’s license, or government-issued ID), residential address, proof of residence, full legal name of all beneficial owners, directors, and legal representatives of corporate entities , percentage of ownership for Individual/corporate owners, Contact information of owners, principals, and executive management (as applicable), Proof of identity (e.g., passport, driver’s license, or government-issued ID) for corporate legal representatives
…………….(please be as specific and detailed as possible)
Browsing data such as address IP, screen resolution, browser used, operating system and settings, access times and URL and data collected through (cookies).
The purpose of the data collection/processing is to provide information to all users, existing and prospective clients, about the company and the services offered, to effectively communicate with the users and clients, to enable you create and manage your individual or corporate account with Hellenic Coin, to promote and perform the contractual relationship with our clients and to protect the security of transactions. Specifically, we use your data:
To enable you to access and use our website and the services we provide through our website
To enable you to create and manage an account with Hellenic Coin
To enable you to complete Transactions on the Platform;
To respond to customer requests.
To administer, deliver, improve, and personalize the Service.
To communicate with you in relation to other products or services offered by Hellenic Coin and/or its partners.
To send you notices and commercial communications,
To perform marketing and promotional campaigns
To be able to detect and prevent cases of fraud, abuse, security incidents and other harmful activities and to perform security and risk assessments.
To ensure the company’s compliance with legal obligations
To improve our services and improve the user experience, for the purposes of controlling, troubleshooting and improving the functionality and quality of our online services and generally to optimize and tailor our web platform to your needs, making our website easier and more efficient to use.
LEGAL BASIS FOR PROCESSING
The legal basis for the processing of personal data collected in accordance with the above is:
processing of the personal data is necessary for the performance of the contract between you and HELLENIC COIN, specifically to provide the services and/or information requested.
processing is necessary for the purposes of the legitimate interests pursued by HELLENIC COIN or by a third party. HELLENIC COIN will always balance your rights and interests in the protection of your personal data against HELLENIC COIN’s rights and interests or those of the third party.
processing is necessary for compliance with a legal obligation to which HELLENIC COIN is subject (such as tax law or lawful law enforcement requests).
your consent, in order to process your personal data for direct marketing purposes, to provide personalized offers, or any other instance where consent is required under applicable law.
The company also reserves the right to regularly communicate with our customers by telephone, mail, email, SMS or any other means of communication, using the contact information which has been obtained lawfully, within the context of the company’s contractual relationship with the user (article 11§ 3 of N. 3471/2006) provided that the user has not opposed this communication. This communication may include an update on services provided, research to improve the services provided to the Customers and other promotional activities and to serve similar purposes.
SOCIAL MEDIA SHARE BUTTON
HELLENIC COIN has official social media accounts, specifically on Facebook, Instagram, Reddit, YouTube and Twitter. On its website, the company incorporates an additional social media share button for Facebook, LinkedIn and Twitter, inviting website visitors and users to follow the company in the respective social media (follow/like) as well as upload posts and comments. During your use of the social media we may collect certain personal data (such as your profile data in the corresponding medium).
The purpose of the data processing is to make visible and promote the company’s image and services, to provide updates or to communicate with you, responding to the messages/comments you send us.
The legal basis for processing is your consent, which you provide when you actively click on the social media share button, the “like” or “follow” button on the Company’s social media. You can withdraw your consent at any time in the same manner in which you provided it, i.e. by clicking “unlike” or “unfollow”.
PERSONAL DATA RECIPIENTS
Hellenic Coin will not share your Personal Data with third parties (other than its partners in connection with their services to Hellenic Coin) except if you have given your consent. In brief, for the fulfilment of the each of the above processing purposes and within the scope of the responsibilities and duties of each recipient, the recipients of the user’s data may be:
The employees of the company
Payment service providers and financial institutions;
Customer communications platforms;
Tax and other authorities or other public authorities in case of audits
External partners providing accounting services, audits, Internet services, technical support services or other services necessary for the operation of the website and the performance of the services by the company.
We may also share personal data with financial institutions, insurance companies or other companies in the case of a merger, divestiture, or other corporate re-organisation and notify you of such sharing of your information to be able to exercise any of your rights where applicable.
Additionally, we need to advise you that we are subject to and we have implemented international standards to prevent money laundering, terrorist financing and circumventing trade and economic sanctions under the applicable European (e.g. Dir. (EU) 2018/843 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL, amending Directive (EU) 2015/849 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, and amending Directives 2009/138/EC and 2013/36/EU) and national legislation, which requires us to undertake due diligence on our customers. This may include the use of third-party data and service providers which we will cross-reference with your personal information
It should be noted that when storing, accessing and/or processing the user’s personal data, the employees and agents of the company fully comply with the relevant provisions of the European General Data Protection Regulation 2016/679 on the protection of Data as well as with current Greek legislation and jurisprudence on the protection of personal data. The company requires of its employees, its website hosting and service providers, as well as its third party partners to take all necessary technical and organisational measures (including appropriate policies and procedures) to prevent unauthorised disclosure of users’ personal data to which they gain access, and implement procedures for the management and processing of personal data in a manner that is lawful and protect such data according to GDPR imposed obligations.
We retain your personal data for the duration of our contractual relationship. The personal data we process is not retained for a longer period than is necessary for the performance of the contract and any services directly related to it:
a. when we provide a service, your personal data is retained for as long as it is necessary to fulfill the service and for a period of …………. from the completion of the specific service and at least for as long as it is defined by the legal (tax or other) obligation.
b. when you open an account, your data is retained for as long as you keep your account active and for a period of …………. from the time you decide to terminate/disable your account and at least for as long as it is defined by the legal (tax or other) obligation.
c. In case you contact us via email, your personal data is retained for as long as necessary to respond to your request and for a period of time ………. after the completion of the request.
We will also retain personal data:
To the extent required by law (for example, in order to comply with tax legislation)
In order to comply with court proceedings (any ongoing or future court proceedings)
To establish, exercise or defend our legal rights, personal security of the users and the public.
However, some necessary personal data regarding your contractual relationship with the company as well as information concerning your notification on the processing of your data and your consent, where applicable, may be retained so as to establish the lawfulness of processing of user data by the company and the legal claims of the parties.
TECHNICAL AND ORGANISATIONAL MEASURES
The company, its employees, processors, assistants, agents shall implement appropriate technical and organisational measures to ensure, as much as possible, the most appropriate protection of personal data against accidental or unlawful destruction, loss, alteration, unlawful disclosure or access to them and any unlawful processing, as well as to ensure the possibility of restoring availability and access to them. Such measures include:
the pseudonymisation and TLS 1.2 encryption of personal data;
access control policies and procedures;
Incident response plan and procedures
Testing, assessment, and evaluation procedures of our technical and organisational measures’ effectiveness in order to ensure that the security measures in place are up to date and comply with the legal and technical developments.
Implementation of measures that enable us to ensure the ongoing confidentiality, integrity, availability and resilience of our processing systems and services;
Implementation of measures that enable us to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident.
In addition, as mentioned above, the company requires of its employees, its website hosting and service providers, as well as its third party partners to treat personal data as confidential and take all necessary technical and organisational measures (including appropriate policies and procedures) to prevent unauthorised disclosure of such data, and implement procedures for the management and processing of personal data in a manner that is lawful and protect such data according to GDPR imposed obligations.
These measures also serve so as to demonstrate that processing is performed in accordance with GDPR, obviously taking into account the nature, scope, context and purposes of processing as well as the risks of varying likelihood and severity for the rights and freedoms of natural persons, while applying appropriate procedures for the regular testing, evaluation and evaluation of the effectiveness of the techniques and organisational measures.
Under the GDPR (articles 12-22) you have the following rights:
Request a copy of your personal data.
Withdraw your consent when this is the legal basis of the processing of your personal data.
Request that your personal data be corrected if it is inaccurate.
Request erasure of the personal data you have provided, under the conditions set out by law.
Request restriction of processing, under the conditions set out by law.
Request the portability of your personal data, if you have provided us with the data and the processing is based on consent or performance of a contract and processing is based on automated means.
Oppose some form of processing of your personal data by the company.
To exercise any of the above rights, you may contact us via e-mail: email : firstname.lastname@example.org , or via phone at : ……………….. or via mail at: …………………………
We will take all possible measures to satisfy your request within a reasonable period, no later than one (1) month after the submission of the request and proper proof of your identity. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests. Please note that the absolutely necessary user data may be retained, in order to safeguard the legal interests of the Company.
Please note that depending upon the circumstances and the request, we may not be permitted to provide access to personal data or otherwise fully comply with your request; for example, where producing your information may reveal the identity of someone else. We reserve the right to charge an appropriate fee for complying with your request where allowed by applicable law, and/or to deny your requests where, in the Company’s discretion, they may be unfounded, excessive, or otherwise unacceptable under applicable law.
Finally, each user has the right to submit a request to the company inquiring on how the company processes and protects your personal data, and if you consider that your rights are infringed, you have the right to file a complaint with the Data Protection Authority (http://www.dpa.gr/, Kifisias 1-3, P.C. 115 23, Athens, email@example.com, 210 6475600).
Please be aware that the content and services of this site are not intended for persons under 18 years of age. No personal data must be submitted to the company through the website by visitors under 18 years of age. If we become aware that a user under the age of 18 has provided personal data without the explicit consent of the parent or legal guardian, we will immediately delete, after receiving such information or request, the relevant data in accordance with the applicable company policy.
The company may change this policy. Please check the effective date at the top of the policy to see when it was last revised. Every revision will be implemented as soon as we publish the revised policy.
If we make substantive changes to this policy that broaden our rights to use the personal data that we have already collected from you, we will inform you and provide you with a choice for the future use of these data.