PRIVACY POLICY
A. Scope of the Personal Data Protection Policy
The company “MAKAN,” headquartered in Ioannina, at Handeli & Barka Street (hereinafter referred to as the “Company” or “MAKAN”), aims to inform users of the website Home – Makan PR & Marketing(hereinafter the “Website”) about the methods and purposes of processing their personal data through this Privacy Policy (hereinafter the “Policy”). MAKAN respects the privacy and personal data of all individuals interacting with it. For transparent communication, the Company has published this Policy on its Website to provide sufficient information regarding the personal data it processes as part of its lawful activities.
This Policy complies with the applicable national and EU legal frameworks on personal data protection, particularly the General Data Protection Regulation (EU) 2016/679 (the “Regulation”) and Law 4624/2019.
Specifically, this Policy clarifies the core principles and rules of personal data processing followed by MAKAN and informs data subjects about the processes conducted, their legal basis, and the data subjects’ rights.
B. Definitions
For the purposes of this Policy, the following terms are defined as follows:
Personal Data: Any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified directly or indirectly, particularly by reference to an identifier such as a name, identification number, location data, online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that person.
Processing: Any operation or set of operations performed on personal data, whether or not by automated means, including collection, recording, organization, structuring, storage, adaptation, retrieval, consultation, use, disclosure, alignment, combination, restriction, erasure, or destruction.
Controller: The natural or legal person, public authority, agency, or other body that determines the purposes and means of personal data processing.
Processor: A natural or legal person, public authority, agency, or other body that processes personal data on behalf of the Controller.
Data Subject: The natural person whose personal data is processed, including any user of our Website.
Consent: Any freely given, specific, informed, and unambiguous indication of the data subject’s wishes, by which they signify agreement to the processing of personal data concerning them through a statement or clear affirmative action.
Personal Data Breach: A breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data transmitted, stored, or otherwise processed.
Applicable Legislation: National and EU data protection laws, particularly the General Data Protection Regulation (EU) 2016/679, Law 4624/2019, and decisions, guidelines, and opinions of the Data Protection Authority.
C. General Principles of Personal Data Processing
MAKAN ensures that personal data processing complies with the following principles:
- Lawfulness, Fairness, and Transparency: Data is processed lawfully and fairly, transparently to the data subject.
- Purpose Limitation: Data is collected for specific, explicit, and legitimate purposes and not further processed in ways incompatible with those purposes.
- Data Minimization: Processing is limited to data that is adequate, relevant, and necessary for the purposes.
- Accuracy: Data is accurate and, where necessary, kept up to date.
- Storage Limitation: Data is retained only as long as necessary for processing purposes unless longer retention is required by law or for archiving, research, or legal claims.
- Integrity and Confidentiality: Data is processed securely to protect against unauthorized or unlawful processing and accidental loss or damage.
- Accountability: MAKAN is responsible for demonstrating compliance with the above principles.
D. Personal Data Collected, Purpose, and Legal Basis
I. Data Collected via Contact Form
Through the contact form, users can communicate with the Company. Required fields include:
- Name
- Email address
- Subject of communication
- Additional data users wish to share.
Purpose and Legal Basis: The purpose is to enable direct contact and optimal service. The legal basis is the Company’s legitimate interest in providing high-quality services (GDPR Article 6(1)(f)).
II. Data Collected During Website Navigation
When browsing the Website, demographic data (e.g., country of residence) and preferences are collected, as well as data related to customer surveys and offers.
Purpose and Legal Basis: To provide personalized services tailored to user needs. The legal basis is the Company’s legitimate interest in offering specialized consulting services (GDPR Article 6(1)(f)).
III. Data Collected via Cookies
While navigating the Website, technical data such as IP addresses, browser type, and site traffic details may be collected.
Purpose and Legal Basis: (Details omitted; specify further if necessary).
Purpose of Collecting and Processing Personal Data
The purpose of collecting and processing personal data is to provide immediate and personalized services by MAKAN, specifically tailored consulting services to meet the unique needs and requirements of each user. The legal basis for processing user personal data is the Company’s legitimate interest in delivering high-quality services to Website users (GDPR, Article 6(1)(f)).
III. Personal Data Collected Through the Use of Cookies
When you browse our Website, certain information related to Website traffic may be collected, such as your Internet Protocol (IP) address, the type of browser you use, etc.
Purpose of Processing and Legal Basis
The use of cookies serves the purposes of our legitimate interests, specifically:
- Service Provision: Collecting information to optimize the services provided and enhance the overall user experience on our Website.
- User Convenience: Storing your preferences and settings to ensure a smoother and more comfortable browsing experience.
- Website Analysis: Analyzing the functionality of our Website and online services using aggregated statistical data.
Additionally, the legal basis for processing includes your explicit consent, as required under Article 6(1)(a) of the GDPR, for storing cookies on your device. Information generated by cookies may also be shared with our partners (e.g., technical support consultants, legal advisors) or competent authorities if deemed necessary.
All our partners are bound by confidentiality obligations and are required to implement appropriate technical and organizational measures to safeguard your personal data.
IV. Social Media Buttons
Our Website includes social media buttons or widgets from networks such as Facebook, Instagram, and LinkedIn. When a user connects to these networks, a unique digital footprint is created, for which both the Company and the social network act as joint controllers.
For more information about the data processing policies and settings options of these networks, you can visit the following pages:
Purpose of Collection and Processing
The purpose of collecting and processing this data is to improve the services we provide and enhance the overall user experience when visiting the Website. The legal basis for processing user personal data is the Company’s legitimate interest in delivering high-quality services to Website users (GDPR, Article 6(1)(f)).
E. Personal Data of Minor Users
MAKAN does not target minors and does not wish to collect or process personal data of minors (i.e., individuals under the age of 18). However, since it is not feasible to verify the age of the Website’s users, we kindly request that parents or guardians notify the Company immediately if they become aware of any unauthorized disclosure of data by minors, so that the Company can take necessary protective measures (e.g., immediate deletion of the data). If the Company becomes aware that it has collected personal data of a minor, it commits to deleting the data immediately and taking all necessary measures to protect it.
F. Data Protection Impact Assessment (DPIA)
When a type of processing is likely to result in a high risk to the rights and freedoms of individuals, MAKAN conducts a Data Protection Impact Assessment (DPIA) prior to the processing. The DPIA is a procedure designed to describe the processing, assess its necessity and proportionality, and assist in managing risks by identifying and implementing measures to address them. A DPIA is not required for all types of processing but is mandatory when a type of processing is deemed high-risk.
The DPIA considers the nature, scope, context, and purposes of the processing to assess the likelihood and severity of risks to data subjects’ rights and freedoms.
G. Ensuring Processors Respect Your Personal Data
In its operations, MAKAN may transfer data to third parties or allow access to it (legal or natural persons) acting as processors or sub-processors to support its activities and serve its purposes (e.g., transferring data to service providers, website developers, cloud service providers, application development support companies, etc.).
Collaborating companies acting as processors or sub-processors on our behalf have contractually agreed and committed to:
- Maintain confidentiality and ensure the privacy of data,
- Process data solely for specific purposes and no other,
- Not transfer data to third parties,
- Implement appropriate organizational and technical security measures to ensure data protection,
- Comply with the legal framework for personal data protection, including the GDPR and Law 4624/2019.
H. Data Transfer to Third Parties
User personal data may be transferred to public authorities, independent authorities, etc., in the exercise of their duties, either ex officio or upon a third party’s legitimate interest request, following all lawful procedures and ensuring appropriate safeguards for personal data protection. MAKAN reserves the right to disclose or transfer personal data to third parties in case parts of its business or assets are sold or merged. If such a business change occurs, the new owners may use your personal data in the same manner described in this Policy.
I. Transfer of Personal Data Outside the EU
If the transfer of user personal data collected via our Website to a country outside the European Union (EU) or the European Economic Area (EEA) is required, MAKAN ensures beforehand that:
a) The European Commission has issued an adequacy decision for the third country to which the data will be transferred.
b) Appropriate safeguards are in place in accordance with the GDPR for such transfers.
Otherwise, transfers to a third country are prohibited, and the Company will not transfer user personal data unless one of the specific derogations provided by the GDPR applies (e.g., the user’s explicit consent and notification about the associated risks, the transfer is necessary for contract execution upon the user’s request, public interest reasons, legal claims, or vital interests of the user, etc.). In cases where international data transfers are necessary, MAKAN chooses appropriate legal mechanisms and fully complies with the GDPR and applicable laws, informing data subjects accordingly.
J. Data Retention Period
User personal data is collected and retained for a predefined and limited period, depending on the purpose of processing. Once this period expires, the data is deleted from MAKAN‘s records. When processing is required by applicable legal provisions or for a specific retention period, personal data will be stored for as long as the relevant provisions mandate. Data processed based on consent is retained until the consent is withdrawn, without affecting the lawfulness of the processing conducted up to that point.
XI. Personal Data Security
All personnel and employees of MAKAN are responsible for ensuring that personal data maintained and processed by the Company is kept secure and not disclosed or transferred to any third party unless the third party is authorized by the Company to receive and process such information within the context of (a) the lawful activities of MAKAN, provided they have signed a corresponding confidentiality agreement, or (b) a legal obligation arising from a law or court order.
Measures for Data Security
MAKAN implements appropriate technical and organizational measures to safeguard the personal data it holds and processes. While no method of transmission over the Internet or electronic storage is entirely secure, the Company takes all necessary digital security measures (e.g., antivirus software, firewalls, etc.).
Data Protection by Design and Default
Protection by Design: MAKAN ensures that during the selection of processing methods and throughout the processing itself, appropriate technical and organizational measures are implemented to enforce data protection principles and incorporate necessary safeguards. This ensures compliance with GDPR requirements and protects the rights of data subjects.
Protection by Default: The Company ensures that, by default, only personal data necessary for the specific processing purpose is processed.
Staff Training and Awareness
MAKAN ensures that personnel involved in the collection and processing of personal data are adequately informed and trained.
Data Breach Response
In the event of a personal data breach, the Company promptly notifies the Data Protection Authority unless the breach is unlikely to pose a risk to the rights and freedoms of individuals. The Company provides all required information and documentation related to the incident.
If the breach is likely to pose a high risk to the rights and freedoms of individuals, MAKAN promptly informs the affected data subjects unless such notification requires disproportionate effort or if the Company has already implemented appropriate technical and organizational measures to protect the affected data, rendering it unintelligible to unauthorized users. Alternatively, if the Company takes measures to ensure that the risk is no longer likely to materialize, notification to data subjects may not be required.
XII. Your Rights
MAKAN ensures the ability to respond promptly to users’ requests for exercising their rights under applicable legislation. These rights include:
Right of Access:
- Request information regarding the processing of personal data by MAKAN.
- Access personal data held by the Company.
- Request a copy of the data and check the legality of its processing.
Right to Rectification:
- Request correction of inaccurate or incomplete personal data.
Right to Erasure (“Right to be Forgotten”):
- Request the deletion of personal data if there is no lawful basis or legitimate interest for its retention.
Right to Restriction of Processing:
- Request limited processing of personal data under specific conditions.
Right to Data Portability:
- Request the transfer of personal data to themselves or a third party.
Right to Withdraw Consent or Object:
- Withdraw consent for processing at any time, without affecting the legality of prior processing.
- Object to processing conducted by MAKAN.
Exercise of Rights
To exercise these rights, you may contact MAKAN at info@mak-an.gr, specifying your request (e.g., rectification, deletion, restriction, objection, access, portability, or withdrawal of consent).
When a request is submitted, MAKAN provides information about the processing actions within one month of receipt and identification of the data subject. This period may be extended by up to two additional months in cases of complex or numerous requests. In such instances, the Company will inform the user within one month of the delay and its reasons.
MAKAN may refuse to fulfill a request, wholly or partially, only if this is permitted by GDPR or national legislation. For requests deemed manifestly unfounded or excessive (e.g., repetitive requests), the Company may charge a reasonable fee to cover administrative costs or refuse to act on the request.
XIII. Disclaimer for Third-Party Websites
If the Company’s website contains links redirecting users to third-party websites, MAKAN informs users that it does not control or assume responsibility for risks or damages (actual or consequential) arising from the use of such websites or their content. Similarly, the Company does not bear responsibility for how third parties process personal data.
Nonetheless, MAKAN takes necessary measures to ensure its website provides a secure environment for users, offering accurate, reliable, and up-to-date information.
XIV. Right to Lodge a Complaint with the Data Protection Authority
If you have any complaints about this Policy or personal data protection issues, and MAKAN has not satisfactorily resolved your request, you may file a complaint with the Hellenic Data Protection Authority (HDPA):
- Website: Submit Complaint Online
- Address: 1-3 Kifissias Avenue, Athens, 115 23
- Telephone: +30 2106475600
- Detailed instructions for filing complaints are available on the HDPA website.
XV. Updates to the Privacy Policy
This Privacy Policy may be modified or revised in the future to ensure regulatory compliance and to optimize or upgrade the services provided through the website. We recommend reviewing the updated version of this Policy periodically for your information.
Last Revision: December 2024