This privacy policy is intended to provide you with information about how we process your personal data, in accordance with Article 13 of the General Data Protection Regulation 2016/679 (General Data Protection Regulation). Because we respect your personal data and your privacy, we declare that the protection of your personal data is our ongoing commitment. This privacy policy informs you about how we protect your personal data as a principal, potential principal, visitor or user of our website, and provides you with information about your rights and how you are protected by Greek and European legislation.

Business Details

Name: Privel Partners IKE

Headquarters: 17 Angelopoulou 17 – 115 25 Athens

Tax ID number : 802323646/ Psychiko (KA’ ATHENS)

Phone: +30 2106773846

(Opening hours 9:00 – 17:30 from Monday to Thursday and Friday 9:00 – 15:00)

Email: info@privelpartners.gr

In this website, the terms “our company”, “we”, “us”, and “our” refer to Privel Partners.

General definitions

Personal data is information that can be associated with a person. Data is considered personal data if the person to whom it relates can be identified, directly or indirectly.

Sensitive personal data or special categories of data are data such as: religious, ideological, political opinions or actions, health information, gender or biometric data, race and national origin, practices or sanctions of an administrative or criminal nature.

Data processing/processing is any activity, operation or series of operations carried out on personal data or sets of personal data, regardless of the process and means (automated or not) applied, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, search, use, review, disclosure by transmission, dissemination or any other form of making available, alignment or combination, interlinking, blocking, erasure, archiving, display and destruction of personal data.

A data file is any structured set of personal data which is accessible in such a way that the person concerned can be identified from the data.

Controller is the legal or natural person who decides on the purpose and means of the processing of personal data.

Processor is the natural or legal person who processes personal data on behalf of the data controller.

Amendment of the privacy statement

This version was drafted on 19.2.2024 and is subject to future amendments in the context of the existing compliance with Regulation 2016/679, on the protection of personal data.

We reserve the right to change this statement and to apply any changes to the information previously collected, as required by law.

If there are material changes to this statement or our information practices change in the future, we will notify you by posting the changes on our website.

It is important that the personal data we hold about you is accurate and valid. We hereby request that you notify us if your personal data changes during your relationship with us.

Our company may amend this Privacy Policy to reflect current privacy practices from time to time. When we make changes to this Policy, we will update the “update date” at the top of this page. We encourage you to review this Privacy Policy from time to time to inform yourself regarding how our company protects your data.

Data processing location

The headquarters of the company is located in Greece, therefore all processing carried out at our premises is within the Greek territory.

Purposes of data processing and legal basis

Our company processes personal data for professional purposes, as it is a tax consultancy and financial services company providing financial and advisory services. In order to provide adequate services, our company is de facto obliged to keep the data of the clients who entrust us with their projects as secure as possible. For this reason, we only retain personal data of our clients for the time necessary, and for the period of time stipulated by law, for the purpose of executing the mandate contract that links the consultant and the client. Included in the mandate relationship is the associated secure storage of the data documents, which takes place mainly by storing them in third party cloud storage, given strong security and adaptation to the requirements of the GDPR. In this way we can keep the data secure so that it is available for use during any tax audit and any other lawful use.

In our company we process your data for different purposes, such as:

-To provide you with financial and tax services under the informal mandate agreement between us.

-To process the services you request from us and to keep you informed of the progress of your business.

-To invoice you for the use of our services or to complete the settlement of your outstanding accounts.

-To respond to your queries or concerns regarding the provision of our services.

-To keep you informed of any developments of financial and fiscal interest in the context of our ongoing cooperation.

-To keep your data in a secure manner so that it is available during the performance of our contract work.

In addition our company may collect personal data such as CVs, degrees, references and other recruitment related documents/information when searching for and recruiting staff.

In the context of all these above purposes we may collect data such as: full name, identification details, date of birth, home address, email, email, landline or mobile phone, CV, etc. as well as data contained in financial statements and tax returns. These data are collected in various ways, such as by telephone, email, orally during a meeting.

Contract performance

Our company processes personal data of the principals in order to execute your project, and in the context of which it is necessary to process the personal identity and contact details of the principal. These data such as, but not limited to, name, telephone number, e-mail address, financial/tax data, are collected in order to execute the project in a comprehensive manner, in the context of which timely coordination with the principal is necessary, and their processing.

Compliance with a legal obligation:

Our company may process your personal data to comply with compliance obligations, including, for example, accounting and tax requirements, which are implemented under its internal policies and procedures. For example, it is necessary to collect the data needed to issue a receipt or invoice.

Regarding the collection of your personal data, our company collects personal data when:

-You access one or more of our services by telephone, electronically or in person.

-You request information about a service, or contact us to ask questions or make complaints.

-We request information about the project in question, where it may contain personal data, to enable us to provide our services.

Cookies – What personal data we collect and for what purpose

During the visit and navigation on our company’s Website, the user’s web protocol address is automatically recorded, through which, however, no identifiable data of the user’s physical identity are revealed, but these are used exclusively for statistical purposes of traffic statistics on our website.

In addition, cookies are collected, to the processing of which you have consented in order to carry out or facilitate the transmission of a communication between it and users – visitors, through the electronic communications network. These cookies are small text files which, if the user-visitor chooses to accept them, based on the relevant settings of his/her computer, are stored on the hard disk of the computer for the above purposes, without, however, taking note of any document or file from his/her computer and without posing any risk to him/her.

If the user – visitor does not wish to collect information through the above-mentioned devices (cookies), he/she can configure his/her web browser to delete the existing devices (cookies) on his/her hard disk and choose either to automatically reject all new devices (cookies), or to be asked each time new devices (cookies) are to be installed on the hard disk of the computer, whether he/she wants to reject or accept them. Nevertheless, users – visitors should be aware that the choice to reject the provisions (cookies) will make it more difficult or impossible to use parts and services of the Website, as it affects the performance and functionality of the Website and may entail the restriction of the user’s access to its content.

The data is processed in order to provide you with access to the information on our Website and for statistical purposes.

Finally, if you choose to use the contact form embedded in our Website and solely for the purposes of communication and provision of services to you, we collect the following data: Full name, email address, telephone number, job description.

The data is processed in order to provide you with access to the information on our Website and for statistical purposes.

Data retention time

Personal data concerning visitors to the Website and/or users of our online services are collected and kept for the absolutely necessary time and then deleted.

Data security

To protect the personal data of users and visitors to our Website, we use secure connection (https://) and data security measures to prevent the risk of loss, misuse, unauthorized access and disclosure of your personal information.

Recipients

Personal data as part of the secure execution of the contract is shared with recognized cloud-based secure data storage companies and data principals. All secure data storage companies have an exclusive and/or parallel headquarters in the European Union and meet the technical security standards prescribed by the GDPR. In addition, the billing data of the services are communicated to the tax authorities.

Data transfers to third countries

No data transfers are made to third countries outside the European Union, as we do not have such purposes. By way of exception, it is simply clarified that some cloud companies, which store in full security and in compliance with the GDPR, may be based not only in the European Union, but also in the USA, under the Privacy Shield. In any case, however, they are subject to the legislation of the GDPR as well.

Data storage period

The personal data collected by our company are collected only for as long as necessary. Our company applies a strict policy of review and retention of data, so that they are not kept beyond the necessary period, in accordance and in line with the guidelines of the bar associations. Our firm also stores the basic personal data needed for tax and accounting purposes for as long as required by the respective tax and accounting legislation, i.e. at least 5 or 10 years, depending on the type of data.

Subjects’ rights

This section sets out your rights in relation to your personal data. These rights are subject to certain exceptions, reservations or limitations.

Please submit your requests responsibly. The Company will respond as soon as possible, and in any event within one month of receipt of the request. If the processing of your request is going to require more time, you will be informed accordingly.

To exercise your rights, you can contact us by email: dpo@privelpartners.gr

The Company will ensure the smooth exercise of your rights below:

1. The right to information/information

You have the right to request and receive clear, transparent and easily understandable information on how we process your personal data.

2. The right of access

You have the right to access your personal data free of charge, except in the following circumstances where there may be a reasonable charge to cover the Company’s administrative costs:

manifestly unfounded or excessive/repeated requests; or additional copies of the same information.

3. The right of rectification

You have the right to request the rectification of your personal data if it is inaccurate or incomplete.

4. The right to erasure

You have the right to request the erasure or removal of your personal data when it is no longer necessary for the purposes for which it was collected, or there is no legitimate reason for its continued processing. The right to erasure is not absolute, to the extent that there is a specific legal obligation or other legitimate reason for the Company to retain your personal data.

5. The right to restriction of processing

In certain circumstances, you have the right to restrict or withdraw further processing of your personal data. In cases where processing has been restricted, your personal data remains stored without further processing.

6. The right to data portability

You have the right to request the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format, and to have us transfer that data to another controller.

7. The right to object

You have the right to object at any time and on grounds relating to your particular situation to the processing of your personal data, unless the Company demonstrates compelling and legitimate grounds for such processing.

Rights relating to automated individual decision-making and profiling.

The Company does not engage in automated individual decision-making, including profiling.

Clarification

You will not have to pay any fee or charge to access your personal data (or to exercise any other right). However, we reserve the right to charge a reasonable fee if your request is manifestly unfounded, repetitive or abusive. Alternatively, we reserve the right to refuse to comply with your request in these circumstances.

With drawal of consent

If exceptionally there is a category of processing that may require consent, in this theoretical case you may withdraw your consent at any time in the event that our processing of personal data is based on your consent. However, this is something that cannot affect lawful processing that took place before you withdrew your consent. If you withdraw your consent, we may not be able to provide certain services to you. We will inform you in such a case when you withdraw your consent.

Obligation to provide data

Understandably, it would be impossible to perform the service contract without taking measures to keep data secure, such as using cloud services, and there would be a reasonable concern about the risk of data loss. The provision by you of the data we need to collect under tax and accounting legislation is an obligation in the performance of the duties under the contract between us.

Targeted advertising

Our company does not engage in targeted advertising to specific persons, nor does it process data for the purpose of profiling.