Personal data policy

Update on the Processing of Personal Data

We would like to inform you that for the iotsoft the protection of personal data is of paramount importance. For this reason, we take appropriate technical and organizational measures to protect the personal data we process and to ensure that the processing is always carried out in accordance with the obligations imposed by the legal framework, both by the company itself and by third parties that process personal data on behalf of the company.

This Privacy and Data Protection Policy applies to the services we provide to our customers, to communications and promotions for any interested party and to the website  www.iotsoft.gr and its online services.

What is GDPR

The General Data Protection Regulation (GDPR) 2016/679 is the new regulatory framework of the European Union (EU) in this area. The object of the law is to establish the conditions for the processing of personal data, the protection of the rights and freedoms of natural persons, in particular the right to protection of personal data.

Controller or Processor

The company with the distinctive title "iotsoft", located at Poseidonos 6A, Panorama 25100 Aigio, with e-mail contact [email protected] and tel: +302102208768 as legally represented, informs that, for the purposes of carrying out its business activities, it processes the personal data of its customers in accordance with the applicable national legislation and the European Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation, hereinafter referred to as the "Regulation") as applicable. The company iotsoft, depending on the specific characteristics of the contract it signs with its customers, may act sometimes as controller and sometimes as processor.

When the company iotsoft determines itself the purpose and manner of processing of the personal data it manages (e.g. in relations with its employees, in the manner of processing the contact details of its customers) then it acts as a controller, in accordance with Art. 7 of the GDPR.

When the company iotsoft acts as a service provider to the customer by offering IT systems implementation and support services and thus processes personal data on behalf of its customer, then it is considered as a processor pursuant to Art. 8 of the GDPR, while its customer is considered to be the controller of the processing of personal data. The company is subject to the provisions of Article 4(4) of the GDPR. iotsoft, when acting as a processor is committed to its client-processor to take the necessary technical and organizational measures to be able to guarantee the protection of the personal data it processes, in accordance with the requirements of the GDPR.

For any matter relating to the processing of personal data, please contact the Data Protection Department and the Data Protection Officer (DPO) of iotsoft, to the following contact details:

email: [email protected]

Telephone: +302102208768

What categories of personal data we process and for what purpose

We process your personal data only for legitimate purposes.

1. Personal data you provide us for products and service implementation
   Demo or Presentation: service in which you provide us with the opportunity to contact you to organise a presentation of our business solutions (as controller or processor). The personal data recorded in our information systems for the above purpose are: name, email, mobile/landline phone.

The legal basis for the above processing is the performance of our contractual obligations (GDPR Article 6(1)(b)), in case there is a contract between us and the above service is provided in the context of that contract or in case we are in negotiations for the conclusion of a contract between us or your explicit and free consent (GDPR Article 6(1a)).

1. Periodically the iotsoft organizes surveys, promotional activities, business meetings for the presentation and evaluation of its products and services. It also participates in exhibitions, conferences, business events in Greece and abroad (as controller). The personal data provided to us in the context of business cooperation (business cards, contact forms) may be registered in our information systems for communication and information purposes about the company's products and services and activities, by phone and/or email. Personal data for the above purpose are: full name, email, mobile/landline phone, profession, job position.

The legal basis for the above processing is the performance of our contractual obligations (GDPR Article 6(1)(b)), in case there is a contract between us and the communication is made in the context of the contract and the legitimate interest of our company (GDPR Article 6(1)(f)), which consists in the need to promote its business, when the communication is made to our potential customers.

1. IT systems implementation and support services (as the processor), our employees may gain access to personal data in our customer's database, and/or use applications and connections that allow remote communication and service provision. These services are implemented by taking all appropriate organizational and technically feasible measures to protect personal data This access is implemented by taking the best information security measures that are feasible.

The legal basis for the above processing is the performance of our contractual obligations (GDPR Article 6(1)(b)).

1. IT systems implementation and support services (as the processor), a transfer of personal data may be required with the transfer of the customer database to the premises of iotsoft for the provision of specialised technical services. In this case, international best practices for Information Security are followed and explicit consent of the client is required.

The legal basis for the above processing is the performance of our contractual obligations (GDPR Article 6(1)(b)).

1. Subscribe to the Newsletter

Your subscription to the Newsletter is done through a double opt-in process, where your explicit contribution to the sending of newsletters about products-services, new companies and trends in the IT and Communications sector is guaranteed (as controller)The personal data registered in our information systems for the above purpose are: name, email, mobile/landline phone.

The legal basis for the above processing is your expressed and free consent (ΓΚΠΔ άρθρο 6 παρ.1ά)).

• Personal data from the use of electronic services on our website

1. Through the website, iotsoft uses cookies (small text files placed on your device) and similar technologies and services that use the IP address to provide its web sites as well as its mobile applications and electronic services (as controller).

Read Cookies Policy

• Προσωπικά δεδομένα δημοσιευμένα από τρίτους

1. Στα πλαίσια του έννομου συμφέροντος της iotsoft να δημιουργεί αγοραστικό ενδιαφέρον για τα προϊόντα και υπηρεσίες της, ενδέχεται να επεξεργαζόμαστε πληροφορίες που είναι δημοσιευμένες στο διαδίκτυο σε μηχανές αναζήτησης και social media εφαρμογές (Google, LinkedIn, Facebook, Twitter, Instagram) (as controller).

Νομική βάση για την ανωτέρω επεξεργασία είναι το έννομο συμφέρον της εταιρείας μας (ΓΚΠΔ άρθρο 6 παρ.1΄στ).

• Προσωπικά δεδομένα για τις εμπορικές συναλλαγές

1. Διατηρούμε στα Πληροφοριακά μας συστήματα και στις συμβάσεις με τους πελάτες και προμηθευτές μας, προσωπικά δεδομένα για τις εμπορικές συναλλαγές (πωλήσεις, αγορές, πληρωμές κλπ), στοιχεία επαφών για τις εν λόγω διαδικασίες (as controller).

Η νομική βάση για τη συγκεκριμένη επεξεργασία, είναι η συμμόρφωση της εταιρείας με έννομη υποχρέωση (ΓΚΠΔ άρθρο 6 παρ.1΄γ) και συγκεκριμένα με φορολογική υποχρέωση.

Παιδιά

Με την παροχή της συγκατάθεσής σας δηλώνετε υπεύθυνα πως είστε άνω των 16 ετών. Εάν είστε κάτω των 16 ετών, μπορείτε να χρησιμοποιήσετε την ιστοσελίδα μας και τις υπηρεσίες της μόνο με τη συμμετοχή και την έγκριση ενός γονέα ή κηδεμόνα.

Πώς και γιατί χρησιμοποιούμε τα προσωπικά δεδομένα σας

Ενδέχεται να χρησιμοποιήσουμε τις πληροφορίες που συλλέγουμε για τους παρακάτω σκοπούς:

1. Eγγραφή σας στον παρόντα διαδικτυακό τόπο ή σε μια υπηρεσία του
2. Aποστολή των συνθηματικών (username, password) για demo παρουσιάσεις.
3. Αποστολή ενημερωτικών δελτίων ή τηλεφωνική ενημέρωση για προϊόντα-υπηρεσίες, δράσεις  και νέα της iotsoft
4. Υλοποίηση σύμβασης υπηρεσιών iotsoft

Πού κοινοποιούνται τα  προσωπικά σας δεδομένα  

Through the website, iotsoft ενδέχεται να διαβιβάζει τα προσωπικά δεδομένα που παρέχονται από τα φυσικά πρόσωπα σε τρίτους στις παρακάτω περιπτώσεις και για συγκεκριμένους σκοπούς.

1. Πιστοποιημένοι συνεργάτες της iotsoft (Εκτελούντες την επεξεργασία). Πρόκειται για εταιρείες με πιστοποιημένους συμβούλους υλοποίησης και υποστήριξης στα προϊόντα και υπηρεσίες της iotsoft, οι οποίοι μπορεί να χρησιμοποιήσουν τις απαραίτητες πληροφορίες για να παρέχουν τις εν λόγω υπηρεσίες. Υπάρχει πάντα συμβατική σχέση μεταξύ της iotsoft και του Πιστοποιημένου Συνεργάτη με τις απαραίτητες δεσμεύσεις εμπιστευτικότητας και λήψης των κατάλληλων οργανωτικών και τεχνικών μέτρων για την προστασία των προσωπικών δεδομένων.
2. Άλλα τρίτα μέρη, λόγω νομοθεσίας: Ενδέχεται να κοινοποιήσουμε τα απαραίτητα προσωπικά δεδομένα σας σε τρίτα πρόσωπα, όπως ιδίως αστυνομικές, δικαστικές ή εισαγγελικές αρχές, φορολογικές αρχές και ασφαλιστικοί φορείς, για να συμμορφωθούμε με τη νομοθεσία ή για να ανταποκριθούμε σε μια υποχρεωτική νομική διαδικασία, για να προστατεύσουμε τα δικαιώματα ή την ασφάλεια της εταιρείας iotsoft.
3. Άλλα τρίτα μέρη, για την υλοποίηση των υπηρεσιών iotsoft: Υπάρχουν περιπτώσεις που θα πρέπει να κοινοποιήσουμε τα απαραίτητα προσωπικά δεδομένα για την απρόσκοπτη λειτουργία κάποιων ηλεκτρονικών υπηρεσιών (datacenter, hosting, κλπ).
4. Άλλα τρίτα μέρη με τη συγκατάθεσή σας. Εκτός από τις κοινοποιήσεις που περιγράφονται στην παρούσα Πολιτική Απορρήτου και Προστασίας Προσωπικών Δεδομένων, ενδέχεται να χρησιμοποιήσουμε από κοινού πληροφορίες σχετικά με σας με τρίτα μέρη, εφόσον δώσετε την ελεύθερη και ρητή συγκατάθεσή σας .

1. Στην Αρχή Προστασίας Δεδομένων Προσωπικού Χαρακτήρα, σε περίπτωση που ανακύψει περιστατικό παραβίασης των προσωπικών σας δεδομένων.

Personal Data Storage Period

The period of data storage is decided based on the following specific criteria depending on the case:

When the processing is imposed as an obligation by provisions of the applicable legal framework, your personal data will be stored for as long as the relevant provisions impose.

When the processing takes place during a contract, your personal data is stored for as long as it is necessary for the execution of the contract and for the establishment, exercise, and/or support of legal claims based on the contract.

When the processing carried out is based on your consent, your personal data is kept until it is revoked. This can be done by you at any time. The withdrawal of consent does not affect the lawfulness of the processing that was based on the consent during the period before its withdrawal.

Personal Data Security

Through the website, iotsoft implements appropriate technical and organisational measures to ensure the secure processing of personal data and to prevent accidental loss or destruction and unauthorised and/or unlawful access, use, modification or disclosure. In any event, the way the Internet works and the fact that it is free to anyone does not allow guarantees to be given that unauthorised third parties will never be able to breach the technical and organisational measures in place, gaining access and possibly using personal data for unauthorised and/or illegitimate purposes.

In cases where, either due to the use of new technologies or due to the large-scale processing of special categories of data, it may entail a high risk to the rights and freedoms of our customers, the iotsoft before carrying out such processing, carry out an assessment of the impact of the envisaged processing operations on the protection of personal data (DPIA).

Actions in the event of a breach of your personal data.

In the event that a breach of your personal data is detected and this breach may cause a risk to your rights and freedoms,  iotsoft, when acting as a controller, undertakes to notify without delay and, if possible, within 72 hours from the moment that becames aware of the fact of the violation, to the Personal Data Protection Authority. When iotsoft acts as a processor, it undertakes to notify the incident of the breach of your personal data to the controller without delay. If it is indeed an increased risk to your rights, iotsoft will be quick to inform you about it, unless, using the appropriate technical and organizational means at its disposal, it manages to eliminate the risk.

What are your rights in relation to your personal data

Any person whose data is processed by the iotsoft has the following rights:

Right to Information:

You have the right to be informed about the identity and contact details of us, or our representatives, the contact details of the data protection officerDPO), the purposes of the processing for which the personal data is intended, as well as the legal basis for the processing, the recipients or categories of the recipients of the personal data. Within the framework of the principle of transparency that governs the operation of our company, you can contact us requesting further information on how your personal data is processed and how to exercise your rights by submitting the respective requests. Your requests will be answered without delay in any case within a month from your request. This time frame can be extended by two more monthsif necessary, taking into account the complexity of the request and the number of requests.

Right of access:

You have the right to be aware of and verify the lawfulness of the processing and to ask us for copies of the personal data processed. Therefore, you have the right to access the data and to obtain additional information about the processing. You also have the right to access more specific information on the content and how to exercise your individual rights.

Right to rectification:

You have the right to review, correct, update or modify your personal data

Right to erasure:

You have the right to request the deletion of your personal data when we process it on the basis of your consent or in order to protect our legitimate interests. In all other cases (such as, but not limited to, where there is a contract, an obligation to process personal data imposed by law, public interest), this right is subject to specific limitations or does not exist as the case may be (e.g. we are entitled to refuse to erase your personal data for the purpose of establishing, exercising or supporting our legal claims).

Right to restrict processing:

You have the right to request restriction of the processing of your personal data in the following cases: (a) when you dispute the accuracy of the personal data and until verification, (b) when you oppose the erasure of personal data and request the restriction of their use instead of erasure, (c) when the personal data are not necessary for the purposes of processing, but are necessary for the establishment, exercise, support of legal claims, and (d) when you object to the processing and until verification that there is no personal data.

Right to object to processing: 

You have the right to object at any time to the processing of your personal data where, as described above, it is necessary for legitimate interests pursued by us as data controllers, as well as to processing for direct marketing purposes. In particular, you have the right to object to any decision taken solely on the basis of automated processing, including profiling, which produces legal effects concerning you or significantly affects you. By way of exception, you may object to automated decision making that concerns you, where that decision is either necessary for the conclusion or performance of the contract we have entered into with you or is based on your explicit and free consent.

Right to portability: 

You have the right to receive, free of charge, your personal data in a format that allows you to access, use and process them by commonly used processing methods. You also have the right to ask us, where technically feasible, to also transmit the data directly to another controller. This right exists for data that you have provided to us and is processed by automated means on the basis of your consent or in performance of a relevant contract.

Right to withdraw consent: 

Finally, the iotsoft informs you that where processing is based on your explicit and free consent, you have the right to freely withdraw it, without prejudice to the lawfulness of the processing based on your consent, before you withdraw it.

To withdraw your consent, you can contact the Personal Data Protection Department of iotsoft, to the following contact details:

email: [email protected].

In case you wish to contact the Data Protection Officer (DPO)

email: [email protected] and phone: +302102208768

You can also use the unsubscribe options by clicking on the corresponding link in our electronic communications.

Right to complain to the CPVO 

In the event of a breach of your personal data, you have the right to lodge a complaint with the Personal Data Protection Authority (www.dpa.gr): Call Centre: +30 210 6475600,

Fax: +30 210 6475628,

E-mail: [email protected].

Update date: 12/08/2022