1. Introduction
This Privacy Policy (hereinafter referred to as the “Policy”) applies to George Rorris (hereinafter “We” or “The artist”) and to the personal data processed by George Rorris. We are committed to protecting the confidentiality and privacy of Personal Data and complying with the relevant provisions of the “General Data Protection Regulation” EU2016/679 hereinafter referred to as “GDPR”.
2. Definitions
- Personal Data: is any information that refers to and describes an individual, such as: identification data (name, age, residence, occupation, marital status, etc.), physical characteristics, education, work (past service, work behaviour, etc.), financial status (income, assets data, financial behaviour), interests, activities, habits. The person (natural person) to whom the data relates is called the data subject.
- Violation of personal data: a breach of security that results in accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access to personal data that has been transmitted, stored or otherwise processed.
- Data Controller: the individual or legal person who determines the purposes and manner of processing the Personal Data.
- Data Processor: a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller
- Processing of personal data: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
- Third party: means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
3. Who is the Data Controller
We are responsible for the processing of personal data, which is processed as part of the provision of its services, maintains and processes your personal data with confidentiality and respect for your privacy, taking the necessary technical and organizational measures to further protect them.
4. Our Principles
We are bound to abide by the following principles of processing of personal data Article 5 GDPR:
- Legality, fairness and transparency
- Limitation of purpose: collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
- Data Minimization: adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
- Accuracy / quality of data: Personal data must be accurate and, where necessary, updated
- Storing: Personal data must be kept no more than necessary or required by law
- Integrity and confidentiality: Safety must be guaranteed, in particular protection against unauthorized or unlawful treatment and against accidental destruction or damage, using appropriate technical or organizational measures
- Accountability
5. Collection of Personal Data
We collect information about you, in the following cases:
- When you contact us directly through our website to request information about the products we offer
- If you buy services from us
- If your personal data is transmitted to us by Companies, Affiliates or other third parties
- During the pre-shipment stage so that we can contact you to ship the products to you
- When you contact us directly, through our website or through ads we have posted on other websites or in the press, for a job posting by sending your resume
We also occasionally collect data from third parties that may legally provide us information about our clients or records that we may legally have access to, such as our external partners, Credit Information and Fraud Prevention Agencies, lawyers, public services (administrative, tax, judicial, regulatory authorities, insurance funds) or other public or private law.
The personal data we process is for the purposes described in more detail below.
Please help us keep your information up to date by informing us of any changes to your personal information
6. What Kind of Personal Data We Collect About You
The following categories of data about you may be collected and further processed as described in this Policy:
- Contact Information (e.g. Full Name, Address, Phone Number, Email)
- Payment Information (e.g. desired payment method)
- Identification data (e.g. IP address)
- Customer History (e.g. Satisfaction Rate, Purchase Data, Transaction Data, Complaints)
- Apps / websites / social media data (e.g. cookies)
7. Categories of Personal Data Subjects
The categories of subjects include:
- Clients
- Prospective Clients
- Suppliers
- Natural persons in their capacity as employees, directors or partners in a legal entity
- Third parties involved in events related to the sale of our services
- Our employees
8. What are the Purposes of Processing & the Legal Basis of the Data Processing
The processing of personal data is based on one of the “legal bases” as referred to in Article 6 § 1 of the GDPR. An explanation of the legal processing bases is available in Annex 1 hereto. The legal basis on which the processing of each use of your data is based refers to each processing purpose
Sales – for sales processing, customization, and sales management. [Article 6§1 (a), 6§1 (b) and 6§1 (f) GDPR]. Provision of personal data in connection with the sale of services is a contractual obligation and failure to provide them will interfere with the proper performance of the contract or make it impracticable
Customer Support – to answer questions and support our services. [Article 6§1 (a), 6§1 (b) and 6§1 (f) GDPR]
Promotions and Marketing – for answering questions and for informing you about our news and our services [Article 6§1 (a) and 6§1 (f) GDPR] Consensus on marketing can be revoked at any time, with effect for the future.
Keeping our Legal Interests – e.g. to improve our services, prevent and detect fraud against us [Article 6§1, (f) GDPR]
Compliance with our Legal Obligations – for compliance with our legal obligations with police, regulatory, tax, accounting, auditors, judicial authorities and services [Article 6§1 (c) GDPR]
The provision of personal data as above is a statutory obligation which depends on the specific request.
Processing Special Data Categories: According to Article 9 § 1 and 2 of the GDPR, special categories of data may be processed only in the specific cases specified by law, including the consent of Art. 9-2 (a).
9. How We Ensure Security of Personal Data
We ensure that personal data is processed, in accordance with policies and procedures consistent with the purposes of processing. For example, the following security measures are used to protect personal data against unauthorized use or any other form of unauthorized processing:
- Access to personal data is restricted to a limited number of persons authorized for these purposes only.
- The staff of the competent departments responsible for managing your contract are bound by confidentiality clauses with only limited and graded access to the services necessary to complete the service.
- Sensitive data is stored on a PC with strictly authorized access. They are also in paper form locked in lockers where only authorized persons have access.
- We select reliable partners who are bound in writing in accordance with Article 28 § 4 of the GDPR with the same obligations with regard to the protection of personal data. We reserve the right to control them under Article 28 § 3 (h)
- Computer systems used to process data are technically isolated from other systems to prevent unauthorized access, for example through hacking.
- In addition, access to such IT systems is monitored on a permanent basis in order to detect and prevent illegal use at an early stage.
10. For How Long We Store The Data
We store personal data for as long as required by the respective processing purpose and any other permitted linked purpose. We use the following criteria to determine how long your personal data will be retained:
- If you buy products we keep them for the duration of our contractual relationship. When you bid on an ad, we keep it for the duration of the promotion
- When you contact us to request a query we retain it for as long as it takes to process your query
- When you create an account we keep it until we are asked to delete it or after a period of inactivity determined in accordance with local regulations and guidelines.
- When you give your consent to direct marketing notifications we hold your personal data until you cancel your registration or request its cancellation or after a period of inactivity determined in accordance with local regulations and guidelines
Information that is no longer needed is safely destroyed or anonymized.
Specifically for the data we process based on your consent (e.g. for marketing purposes), they are retained until the relevant consent is obtained and until it is revoked
We restrict access to your data to those who need to use it for this purpose
11. Who Are The Recipients Of The Personal Data
The personal data we collect may be transmitted to third parties, provided that the legitimacy of the transfer is justified.
Furthermore, where the legality of the transmission is justified, personal data may be disclosed to the following categories of recipients:
- Our clients individuals or companies, for whom we act as “Data Processors”, who they are the “Data Controllers”.
- Our employees or partners who may process your personal data under our guidance.
- Cooperating companies within their competences.
- External partners who are bound in writing in accordance with Article 28 § 4 of the GDPR with the same obligations with regard to the protection of personal data.
- Any supervisory authority as required by the applicable supervisory framework.
- Any public or judicial authority where required by law or judicial decision.
We use a variety of service providers that collaborate in providing the services listed.
12. Where does the Processing take place
Our customers’ personal data is processed within the European Economic Area (EEA).
If an inquiry is required to provide services outside the EEA then this will be done with your explicit consent. Article 49, paragraph 4 (a).
13. Personal Data breach
In the event of a breach of the security and integrity of personal data held by us, we will take the following measures: (In accordance with Articles 33 and 34 of the GDPR):
- It will examine and evaluate the procedures needed to limit the breach
- It will assess the risk and its impact on the rights and freedoms of data subjects.
- It will try to reduce as much as possible the damage that is or may be caused.
- It will notify within 72 hours of knowledge of the breach, if required
- Assess the impact on privacy and take appropriate measures to prevent another breach.
14. Your Right as a Data Subject and How You Can Exercise them
You have the right to request access to your personal data, correction / deletion of your personal data, restriction of processing, the right to object to the processing and / or to exercise your right to data portability.
If data processing is based on your consent, you can revoke your consent at any time, with future validity.
In more detail, you have these rights:
a. Access: The right to be informed about the processing of Data by us, and the right of access to the data.
b. Correction: The right to request correction or supplementation of your data if it is incorrect or incomplete.
c. Deletion: Right to request deletion of your data: This right can be satisfied if:
- The data are no longer necessary for the purposes for which they were collected
- If there is no legal basis for processing beyond consent.
- If you exercise your right of opposition (see below)
- If the data were processed contrary to the applicable laws
- If the data need to be deleted in order to comply with a legal obligation
We reserve the right to refuse this right if the processing of data is necessary for compliance with our legal obligation, for reasons of public interest or for the foundation, exercise or support of legal claims (Article 17 § 3)
d. Restriction of processing: Right to flag data for the purpose of limiting its processing. For example, when you have questioned the accuracy of your personal data, for the period it will take to verify.
e. Data Portability: The right to receive your data in structured, commonly used and machine-readable formats, and to request it to be transmitted, both to you and to another person who will process it.
f. Right to object: The right to object at any time to the processing of your data, including profile compilation, also where the reason for processing relates to direct marketing.
We will review your request and respond to you within one month of receipt of the request either for its satisfaction or for objective reasons that prevent it from being satisfied or, given the complexity of the request and the number of requests, within a further time limit two months. (Article 12 (3))
The exercise of these rights is free of charge to you by sending an application to the Data Controller by email or through our stores. Abuse of the above rights (Article 12 § 5) may impose a reasonable fee.
If you are dissatisfied with the use of your data by us or our response to the exercise of these rights, you are entitled to file a complaint with the Privacy Authority (DPA).
You can exercise your rights in the contact details listed below.
15. Data Processor Contact Details
For any questions regarding the processing of your personal data and the exercise of your rights above, you may contact by phone at [+30] 210 7775017, or by e-mail: info@georgerorris.com
16. Contact Information of the Private Authority (DPA)
Telephone: | +30 21064.75.600 |
e-mail: | contact@dpa.gr |
Postal Address: | Kifisias Avenue 1-3, Zip Code 115 23, Athens |
17. Cookies
Cookies are important for the effective functioning of the site www.georgerorris.gr and for enhancing your online experience. Click “Accept cookies” to continue or select “More information” to view detailed descriptions of cookies and choose whether to accept certain cookies or not.
What are cookies?
Cookies are small text files that contain information stored in your computer’s web browser while browsing at www.georgerorris.gr. These cookies can be removed at any time, as you can modify your browser settings to reject some or all cookies. Most browsers help with information on how to accept cookies, disable cookies, or alert you when downloading a new cookie.
We use cookies to continuously improve the functionality of our site, your effective browsing, and to link and navigate the pages.
Information generated by the cookie file about your use of the Website (including your IP address) will be transmitted and stored on Google, in its servers.
If you do not accept cookies, you may not be able to use some features of our Service and we recommend that you leave them enabled.
For more information on cookies, please visit: www.allaboutcookies.org
18. Log files
We may collect information that your browser sends each time you visit our site. This log data may include information such as your computer’s IP address, browser type, browser version, the pages you visit, the time and date of your visit, the time spent on those pages and other statistics.
In addition, we may use third-party services such as Google Analytics to collect, monitor and analyse this type of information to improve the functionality of our website and our services. These third-party service providers have their own privacy policies on how they use this information, and we recommend that you read them.
Google also recommends that you install the Google Analytics Exclusion Browser Add-on –s://tools.google.com/dlpage/gaoptout – for your web browser. The Google Analytics Exclusion Browser Add-on enables visitors to prevent Google Analytics from collecting and using their data
For more information on Google’s privacy practices, please visit the Google website at http://www.google.com/intl/en/policies/privacy.
19. Commercial Communication – Newsletter
The visitor / user may visit this website www.georgerorris.gr which is maintained and managed by George Rorris and his team, without revealing its identity and without providing any personal information, subject to its acceptance of related cookies (see above).
Generally, you do not need to submit personal data to us online, but we may ask you to provide certain personal information in order to obtain additional information about our services and our events. We may also request your permission for certain uses of your personal information and you may either consent to or deny such uses.
However, in order for the visitor / user to receive electronic information material (eg Newsletters, offers, etc.) sent by George Rorris or his team, in order to keep abreast of our services, the economy and, in general, the visitor/user may provide its express consent with respect to its registration with the Website services and the assignment to us of the information which is reflected in the relevant contact form. You will be able to unsubscribe from the relevant recipient list at any time by following the instructions in each communication. If you decide to opt out of a service or communication, we will try to delete your data as soon as possible, although we may need some time and / or information before we can process your request
The personal information collected is stored on password-controlled restricted access servers, and we use specific technologies and procedures to enhance the protection of such information against loss or misuse as well as to protect it from unauthorized access, disclosure, modification or destruction. However, although we make every effort to protect the foregoing, it cannot be guaranteed that these technologies and processes will never and in any way be affected.
To this end, if any visitor / user becomes aware of any unlawful, malicious, inappropriate or improper use of personal data that is in any way linked to the use of the Website, he undertakes to immediately notify us.
20. Updating the Privacy Policy
This policy is revised when there is a significant change. This review will be available on our website www.georgerorris.gr.