ADDITIONAL ACT FOR THE PROTECTION OF PERSONAL DATA (GDPR)

Dear Madam / Sir,

We ask for your consent so that we can continue to remain in contact with you!
If you wish to receive our services and our informational messages, you do not need to take any action and you simply accept the following terms of use through the login form of our application, through our online system or through our call center.

However, if you do not wish to do so, do not accept the terms, close this document, remove our application from your system and contact our company at the email: info@radiotaxi-parthenon.gr in order to request the deletion of your data from the system.

Based on the EU GDPR directive - (General Data Protection Regulation) for the protection of personal data, effective from May 25, 2018, and respecting this new legislation and your personal data, we need your consent in order to serve you and send you informational messages regarding our services and products. Please note that for the archiving of your data, we comply with everything provided by the new regulation, with security and confidentiality, and no one else has access to this data. For more detailed information, please carefully read the following GDPR terms.

Today, the following contracting parties

  • 1. On the one hand, the COMPANY with:
    • Company Name: RADIOTAXI PARTHENON
    • Distinctive Title: RADIOTAXI PARTHENON
    • Registered Office: 27 EVRITANIAS STREET, AIGALEO, POSTAL CODE 12243
    • VAT Number: EL090206940
    • Tax Office: AIGALEO
    • E-MAIL: info@radiotaxi-parthenon.gr (for the Data Protection Officer “Data” (DPO))

  • 2. On the other hand: You, the subscriber, hereinafter referred to as the “CONTRACTING PARTY”.

Taking into consideration

  • 1st) The provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27/4/2016 (General Data Protection Regulation – hereinafter “GDPR”).

  • 2nd) That the contracting parties have a corporate or other relationship with acceptance of cooperation terms (hereinafter the “Main Agreement”), within the framework of which the “COMPANY” stores and processes personal data as processor on behalf of the “CONTRACTING PARTY” and in accordance with Annex A, and therefore the contracting parties must draw up this present act in accordance with the provisions of the “GDPR”.

  • 3rd) That the contracting parties are aware of and fully comply with the “GDPR” and the overall legislative and regulatory framework for the protection of personal data.

“We agree and mutually accept the following:”

Radiotaxi Parthenon

1. Processing of Personal Data

The term “personal data”, as used in this Additional Act, refers to information concerning natural persons, such as full name, postal address, email address, contact telephone number, as well as those listed in ANNEX A, which identify or may identify the identity of the “CONTRACTING PARTY”, hereinafter “Data”.

Processing of “Data” means any operation or set of operations performed with or without the use of automated means, on personal “Data” or on sets of personal “Data”, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, transmission, dissemination or any other form of disclosure, alignment or combination, restriction, erasure or destruction.

The “Data” requested from the “CONTRACTING PARTY” and processed by the “COMPANY” are the minimum necessary data required for the relationship between the “CONTRACTING PARTY” and the “COMPANY” and for the operation of the “Main Agreement”. For this reason, the “CONTRACTING PARTY” must declare to the “COMPANY”:
• identification and contact information, indicatively name, surname, home address, work address, date of birth, telephone, landline and mobile, email, as well as anything referred to in ANNEX A.

Purpose of Processing

The purpose of processing the “Data” of the “CONTRACTING PARTY” is the smooth execution of the services provided by the “COMPANY” in accordance with the law and the service of the “CONTRACTING PARTY” during their cooperation. This purpose includes:

  • For the “COMPANY” to provide services to the “CONTRACTING PARTY”.

  • For the “COMPANY” to provide possible invoicing services for its services to the “CONTRACTING PARTY”.

  • For the “COMPANY” to process the balance and payments of the “CONTRACTING PARTY”.

  • For communication through information or advertising with the “CONTRACTING PARTY” regarding its services.

  • For the “COMPANY” to respond to questions from the “CONTRACTING PARTY” arising from complaints and/or requests.

  • For the “COMPANY” to comply with regulatory requirements and respond to requests from public authorities.

  • For the “COMPANY” to protect the confidentiality of the “CONTRACTING PARTY’s” data and ensure the handling of personal data matters.

Recipients of the “Data”

  • The “COMPANY” and its employees within the scope of their duties.

  • Our representatives and/or subcontractors for the purpose of supporting, promoting and executing the transactional relationship.

  • The competent Authorities, indicatively Cyber Crime Unit, police bodies, Public or Judicial Authorities.

  • Debtor Information Companies, for overdue debts.

  • Technical support, software and network equipment partners of the “COMPANY”.

The Personal “Data” of the “CONTRACTING PARTY” are stored and processed only within Greece. In the event of transfer of “Data” abroad, the “COMPANY” ensures that the legal requirements are met in accordance with Articles 44 and following of the “GDPR”.

1.1 – 1.6 (Obligations, Subcontractors, Access Restriction)

1.1. The “COMPANY” shall process personal “Data” only for the purposes of the “Main Agreement” and for as long as the “Main Agreement” remains in force. It shall process “Data” only in accordance with the respective written instructions of the “CONTRACTING PARTY” and to the extent necessary for the fulfillment of its obligations.

1.2. The partners/subcontractors/appointed persons of the “COMPANY” are bound in writing by confidentiality, non-transfer to third parties without permission, implementation of technical/organizational security measures (indicatively secure software, physical protection, pseudonymization, encryption), notification of breach incidents and compliance with the “GDPR”.

1.3. The “COMPANY” ensures that those who gain access to “Data” have technical knowledge, integrity, awareness/commitment to confidentiality, compliance with instructions, and knowledge that a breach may result in civil/criminal liability.

1.4. Access to “Data” is strictly limited to the absolutely necessary persons.

1.5. The “CONTRACTING PARTY” consents to assignment to subcontractors under a written agreement that ensures an equivalent level of protection and rights of audit/instructions.

1.6. The “COMPANY” does not correct/delete/restrict processing on its own initiative but only following written notification. Requests from data subjects are forwarded without delay.

2. Security of Personal Data

2.1. The “COMPANY” takes appropriate technical and organizational security measures to protect the “Data” from destruction/loss/alteration/unauthorized access/disclosure, in accordance with Articles 28 and 32 of the “GDPR”. If it is unable to fulfill its obligations, it notifies and, following instruction, stops processing and deletes or restores the data.

2.2. In the event of a “Data” breach, it notifies in writing without undue delay and no later than within 72 hours, summarizing the effects and corrective actions. It keeps a record of breaches and provides documentation if requested.

2.3. Processing is allowed only by authorized persons. Organizational/technical measures exist (physical security, graded access, protection of systems/network). A Security Policy exists in accordance with the “GDPR”.

3. Network Security

The “COMPANY” takes all appropriate technical and organizational measures that guarantee the security of electronic communications networks or the services provided to the “CONTRACTING PARTY” concerning the transfer or transmission of “Data”, including measures to ensure confidentiality.

4. Cooperation of the Parties

4.1. The “COMPANY” responds without delay to reasonable requests, assists with compliance with security obligations, breach reports, impact assessments and consultations (Articles 32–36).

4.2. In the event of a request from an Authority/third party, it notifies the “CONTRACTING PARTY” within 24 hours with a copy. If the request comes from a data subject, it does not respond without prior approval, subject to the law.

4.3. No copies are created without approval, except for backups or regulatory obligations.

4.4. It maintains documentation of lawful processing beyond the duration of the “Main Agreement”.

4.5. The “CONTRACTING PARTY”, with 10 days’ notice, may conduct an assessment/audit. In case of non-compliance, the “COMPANY” takes reasonable measures for immediate remediation.

4.6. The “COMPANY” ensures the possibility of exercising legal rights and information regarding: identity, purposes, recipients, transfers and right of access.

Rights of the Data Subject

  • Right to information regarding the purpose, type of data, recipients, storage period and automated decision-making.

  • Right to correction of inaccurate “Data”.

  • Right to erasure when the data are no longer necessary or when consent is withdrawn where required.

  • Right to portability of “Data” in readable format or transmission to another controller.

  • Right to restriction of processing while objections are being examined.

  • Right to withdrawal/objection where required and cessation of processing when there are no overriding legitimate grounds.

5. Deletion of Personal Data

5.1. The “COMPANY” retains the “Data” only for as long as necessary for contractual obligations or as required by law.

5.2. After termination of the agreement, the “Data” are retained for a period defined by law, currently 5 years or longer, indicatively for tax documents, where required.

5.3. After termination of the “Main Agreement” or when the data are no longer necessary and provided that a written request is made, it securely destroys all “Data”, subject to legislation, and provides confirmation within 15 days if requested.

6. General Terms

6.1. The definitions/terms of the “Main Agreement” apply unless expressly agreed otherwise. In no case are the parties released from obligations under applicable legislation and especially the “GDPR”.

6.2. For the exercise of rights, the “CONTRACTING PARTY” may contact the DPO at the email specified at the beginning of this document.

6.3. They may also contact the “COMPANY” offices in person.

6.4. Right to lodge a complaint with the Hellenic Data Protection Authority (1-3 Kifisias Ave., P.C. 11523, Athens, tel. 2106475600, contact@dpa.gr).

6.5. This enters into force from May 25, 2018 and repeals any previous related agreement.

ANNEX - A

The nature, duration and purpose of processing the “Data” are defined in the “Main Agreement”. Below are the possible additional types of “Data” collected within the framework of the “Main Agreement”. It is expressly stated that no access/storage/processing is obtained for special categories of “Data”, such as health “Data”.

  • Basic personal identification “Data”: name, surname, father’s name, mother’s name, date of birth, identity card number, photograph, nationality, marital status, children.

  • Contact details: address, email, telephone numbers, social media, such as LinkedIn.

  • Basic “Data” relating to contracts/relationships and interest in products/services of the “COMPANY”.

  • Customer history related to services: taxi calls, routes, communications from the “COMPANY”.

  • Geolocation from the passenger application or from internet applications.

  • Registration of vehicle routes according to customer orders and the ability to display data to drivers for execution.

  • Route history with detailed data and processing/storage/resending/deletion of data.

  • Information messages, such as closed roads, weather conditions, etc.