Effective Date: 15 May 2024
1. Introduction
We take seriously the privacy of our prospective customers and their legal representatives, employees and contact persons (hereinafter jointly referred to as the “Subjects”). For this reason, we strictly follow the following privacy policy, which ensures a high level of protection of the Subjects’ personal data and strictly complies with the applicable legal framework.
This Data Privacy Policy outlines how The Company collects, uses, stores, and protects personal data in the context of email collections and marketing promotions. By providing your personal information, you consent to the practices described in this policy.
2. Processing principles
We fully respect the fundamental rights of the Subjects, and we make the protection of their privacy a priority of our Company. In this context, we follow the following basic principles when processing the personal data of the Subjects:.
2.1 We process personal data lawfully and fairly and are fully transparent with the Subjects about how we handle their personal data.
2.2 We collect and process personal data only for specified, explicit and legitimate purposes as set out in this policy, and do not further process it in a manner incompatible with those purposes.
2.3 We process personal data only to the extent that it is appropriate and relevant for the purposes set out below, while limiting the relevant processing to the extent necessary for these purposes.
2.4 We make reasonable efforts, with the assistance of the Data Subjects themselves, to ensure that the data processed are accurate and, where necessary, updated in relation to the purposes of processing, taking all reasonable steps to delete or correct them promptly in case of inaccuracy.
2.5 We keep the personal data in a form that allows the identification of the Subjects only for the time required for the processing purposes listed below.
2.6 We process personal data in a way that guarantees their security by using appropriate technical or organizational measures.
2.7 We do not intend to further process personal data for a purpose other than that for which it was collected.
2.8 Personal data will not be used for automated decision-making, including profiling.
2.9 Subject to what is stated in this policy, we will not disclose or transfer personal data to any further third parties without the consent of the Subjects, unless required by law or permitted by the contract between us.
2.10 We do not transfer the Subjects’ personal data to a third country or international organization for which there is no adequacy decision by the European Commission in accordance with the GDPR.
2.11. In general, we fully comply with the applicable legislation and comply with all our obligations thereunder, as the controller of the Subjects’ personal data by law.
3. Collection of Personal Data
3.1. Contact us via our website
When you contact us via our website, we collect the following personal information:
- Full Name
- Email Addresses
- Any information you provide in plain text format
4. Use of Personal Data
We use the personal data collected for the following purposes:
- To facilitate communication and provide you with the necessary assistance or information.
- To send you promotional emails, newsletters, and marketing communications.
- To comply with legal obligations and enforce our rights.
5. Consent and Opt-out
By providing your personal information for email collections and marketing promotions, you consent to our use of the data for the stated purposes. You have the right to withdraw your consent at any time. You can opt-out of receiving marketing communications by contacting us directly using the information in Section 10.
6. Data Retention
6.1 We retain the personal data of the Subjects for as long as the purposes for which they were collected and mentioned above remain valid and, in any case, not beyond the period specified by the applicable legislation.
6.2 The Company may retain the personal data of the Subjects even after the fulfilment of the purposes of their collection and processing in the following limited cases:
– If a legal obligation under a relevant legal provision is imposed on us.
– If required for the good organization and operation of the Company, provided that anonymization or pseudonymization of the data takes place.
– Until the statute of limitations has expired for the defense of our rights and legitimate interests before any competent court and any other public authority.
6.3 At the end of the retention period, the personal data of the Subjects are destroyed from our records and system in accordance with the Company’s policy and provided that their retention is no longer required for the fulfilment of the purposes mentioned above.
7. Rights
7.1 Subject to applicable law, the Subjects have the following rights:
– Request access to and obtain a copy of their personal data and information relating to the processing.
– Request the correction of any inaccurate and the completion of any incomplete personal data.
– Request the deletion of their personal data.
– Request the restriction of the processing of their personal data in the cases expressly provided for by law.
– Request the portability of their personal data to another controller in a structured, commonly used, and machine-readable format.
– Object to the processing of their personal data for the cases expressly provided for by law.
– Not to be subjected to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or significantly affects them in a similar way.
The above requests shall be made in writing by postal letter to the Company’s headquarters.
7.2 The Company will respond to every request of the Subjects within one month from its receipt. Upon informing the requester, this period may be extended by a further two months, if necessary, considering the complexity of the request and the number of requests. Reasons will be given for any rejection of the request.
7.3 If the Subjects’ requests do not meet the requirements of the law, the Company reserves the right to either: (a) impose a reasonable fee, considering the administrative costs of providing the information or the communication or execution of the requested action, or (b) refuse to follow up on the request.
7.4 In the case of a personal data breach of the Subjects, which may put their rights and freedoms at high risk and provided that it does not fall within one of the exceptions expressly provided for by law, we undertake to inform the Data Subjects without unjustified delay.
7.5 If there are doubts about the identity of the person submitting the request, we reserve the right to request additional information necessary to confirm his/her identity.
7.6 If the rights of the Subjects are violated, they have the right to lodge a complaint with the Data Protection Authority or another competent supervisory authority.
8. Data Security
8.1 The Company, to ensure the proper use and integrity of the personal data of the Subjects, as well as to prevent unauthorized or accidental access, processing, deletion, alteration or other use thereof, implements appropriate internal policies, while taking all appropriate organizational, technical, physical, electronic and procedural security measures, as well as technological standards, in accordance with applicable laws and regulations.
8.2 The Company’s data processing procedure is carried out in a manner that ensures the confidentiality and physical and logical security of the data, considering the latest developments, the cost of implementation and the nature, scope, context, and purposes of the processing, as well as the risks of varying likelihood of occurrence and severity to the rights and freedoms of the Subjects.
8.3 The processing of the personal data of the Subjects shall be carried out exclusively by the Company’s personnel appointed for this purpose, bound by strict obligations to respect their confidentiality.
9. Third-Party Sharing
9.2 In order to serve the processing purposes stated in this policy,the Company may provide access to or transfer the following types of personal data of the Subjects to the following processors on its behalf and on its instructions:
– Personal data to the company that provides us with maintenance and support services for software programs and databases.
– Personal data to entities to which the Company entrusts the performance of specific actions on its behalf, i.e. its consultants, service staff and other general contractors, including but not limited to providers of communication tools, project management platforms, document management systems and social media platforms.
9.3 The processing of the personal data of the Subjects by the aforementioned entities cooperating with us is carried out under our control and only on our instructions and is subject to the same data protection policy or a policy of at least the same level of protection.
9.4 In the event that we are obliged by a court or other administrative authority, as well as in any other case where we are under a legal obligation to do so, the Company may disclose the personal data of the Subjects up to the extent provided by law, but after informing you of this.
10. Contact Information
If you have any questions or concerns regarding our data privacy practices or wish to exercise your rights under applicable data protection laws, including the right to access, rectify, or delete your personal data, please contact us at: info@couch-heroes.com
11. Changes to the Policy
We may update this Data Privacy Policy from time to time to reflect changes in our data processing practices or legal requirements. The updated policy will be posted on our website, and the revised effective date will be indicated.
By providing your personal information for email collections and marketing promotions, you acknowledge that you have read and understood this Data Privacy Policy and agree to the processing of your personal data as described herein.