the eventalist - Privacy Policy

PRIVACY POLICY

1.General

We are committed to protecting the users’ (hereinafter “You”) personal data by respecting
and complying with the applicable data protection and privacy laws. We encourage you to
carefully read this Privacy Notice. Both have been written in a clear and comprehensible
manner to facilitate their understanding. In both Notices we provide you with transparent
information on how we collect and process your personal data when you visit and use
info@theeventalist.gr.

2. Who are we? Who is the Data Controller?

The Website https://www.theeventalist.gr/ (hereinafter the “Website”) belongs to Anastasia S. Papageorgiou,
a private company legally seated in Greece, 11 Chrissanthemon Str., Dionyssos ,14576, Greece
(hereinafter the “Company” or “We”), which is the Data Controller within the meaning of the
General Data Protection Regulation (EU) 2016/679 (“GDPR”). The Company is responsible for
the processing of your personal data. You can contact us via telephone at (+30) 2108150489
(mob.: +30 6942551521) and via e-mail at info@theeventalist.gr .

3. What Personal Data do we collect?
We do not systematically collect and process personal data through our Website. We collect
personal information only when you voluntarily fill in the “Book the Eventalist” form (requested
data: type of event, place, full name, email address, phone number, event date, expected
number of guests, additional information).

4. What are the purposes and the legal bases for the processing of personal
data?
For each processing activity, there are always specified purposes and a specified legal
basis justifying the processing.

When you fill in the “Book the Eventalist” form, we process the requested data to manage
your request, contact you to manage potential transaction and provide you with our services.
The processing of this data is necessary in order to take steps at your request prior to entering
into a contract and facilitate the actual entering into this contract (Article 6 par. 1 (b) GDPR).
We may also use the contact details of our existing customers (e.g., users that have
purchased our services) for marketing purposes to inform them about our latest offers and
deals. The processing of personal data for marketing purposes may be regarded as carried out
for our legitimate interest to promote our products and services (Article 6 par. 1 (f) GDPR).
However, you are always entitled to object to this processing since we provide an opt-out option
(“unsubscribe”) within each marketing email you receive.

5. Who do we share your personal data with?
Your data shall not be disclosed to any third party, apart from the following:
(a) Authorized employees of the Company who have access to personal data only when this is
necessary (e.g., to handle your booking requests) and are bound by non-disclosure and
confidentiality agreements.
(b) Vendors and Suppliers (“Partners”) who are required to have access to personal data to
provide their services (e.g., IT services). All Partners are bound by specific agreements
ensuring protection of your data.
(c) National Authorities. We will disclose personal data when it is necessary to comply with
applicable laws or a legal process, to respond to requests from public and government
authorities, to meet national security or law enforcement requirements, to protect the rights,
privacy, safety or property of our own, you or others and finally, to pursue available remedies or
limit the damages that we may sustain.

6. How long do we keep your data?
We will retain your personal data for the period necessary to fulfill the purposes outlined in
this Privacy Notice. The criteria used to determine our retention periods include:
(a) The length of time we have an ongoing relationship with you and provide our services to you
(for example, for the time necessary to manage your booking request through our form).

(b) Whether there is a legal obligation to which we are subject.
(c) Whether retention is advisable considering our legal position (such as, for statutes of
limitations, litigation or regulatory investigations).

7. Data security – International Data Transfers
We process your data at all times in a confidential way, maintaining the mandatory duty to
secrecy under the provisions set out in the applicable laws. We have adopted measures of a
technical and organizational nature required to guarantee the security of your data and prevent
it from being altered, lost, processed, or accessed illegally, depending on the state of the
technology, the nature of the stored data, and the risks to which it is exposed.
Our servers are located within the territory of the European Economic Area (EEA).

8. Links to third-party websites
Our Website may contain links, hyperlinks or banners leading to websites operated by third-
party entities other than us (“Third-party websites”). It should be clarified that this Privacy Notice
does not concern or govern processing activities carried out by those third-parties and we shall
not be held responsible for any reason. We kindly recommend that you review the Privacy
Notice of each external website and get informed about how each third-party uses your personal
data.

9. What are the rights of data subjects?
We want to ensure that you can exercise your rights enshrined under the applicable laws.
To this end, for as long we retain your data you may exercise your rights free of charge by
sending us an email message at our email address info@theeventalist.gr at any time. However,
we may charge a reasonable fee in case of manifestly unfounded, disproportionate or repeated
requests.
In particular, you have the following rights:

* to request access to the personal data that we hold;

* to request rectification of inaccurate or incomplete data;

* to request erasure of your personal data to the extent that it is no longer necessary for
the purpose for which we need to keep processing it, as explained above, or when we
are no longer legally permitted to process it;

* to request that we limit the processing of your personal data, which entails that in certain
cases you can request us to temporally suspend the processing of data or that we keep
it longer than necessary;

* if you have given us your consent to process your data, you also have the right to
withdraw such consent at any time. In the event that you withdraw your consent, this will
not affect the legality of the processing carried out previously

* When we process your data based on your consent or for the purposes of a contract,
you can also request portability of your personal data.

* When the processing of your data is based on our legitimate interest, you are entitled to
object to the processing.
Finally, we inform you that you have the right to lodge a complaint if you believe that we
have violated your rights regarding the processing of personal data before the Greek Data
Protection Authority (DPA, https://www.dpa.gr/).

10. Changes to the Privacy Notice
We may amend the information contained in this Privacy Notice when we consider this
appropriate. Should we do so, we will notify you by various procedures through the Website, or
we may even send you a notice to your email address. We will also change the “Last Updated”
date at the beginning of this Privacy Notice. In any case, we suggest you to review this Privacy
Notice from time to time in case minor changes are made. Any changes we make to our Privacy
Notice are effective as of the “Last Updated” date and replace any prior Privacy Notices.

11. Contact us
If you do not understand any aspects of our Privacy Notice and you need any clarification,
please do not hesitate to contact us at info@theeventalist.gr.