PERSONAL DATA PROTECTION POLICY


The present policy (including General, Special and Additional Terms of Use and other documents referring to these terms and conditions) is to determine the basic rules and principles according to which New Metropolitan Attica SA will process any personal data provided by the user and applies to all the user’s personal data, irrespective of the manner or means through which the Organization acquired them.

In this policy, the term “personal data” refers to any information already or likely to be in the Organization’s possession relating to a living person and which can either alone or in combination with other information lead, directly or indirectly, to the identification of said person. In particular, common identifiers include a name, date of birth, age, address, electronic address, user ID and password accessing electronic services as well as technical information of the settings of your communication devices.


1. What kind of data do we collect?

The Organization fully respects the user/visitor’s right to confidentiality in their interaction with the website and strives to guarantee transparency in its transactions with the visitor/user regarding data collected and how such data will be used. Furthermore, it collects and uses only isolated data, wherever it is lawful to do so. Information concerning personal data collected by Greek identities is available at www.dpa.gr, the website of the Personal Data Protection Authority.

The Organization will handle the user/visitor’s personal data according to the legislation pertaining to data protection, namely the General Data Protection Regulation (EU) 2016/679 (GDPR) and Law 4624/2019. 

The Organization collects and uses only specific data of the visitor/user when it is within its lawful rights or required to do so. Where the visitor/user has given their consent for the collection and use of their personal data, they have the right to withdraw their consent by means of notification to the Organization.

The Organization may collect several types of personal data such as:

-For business purposes, we will collect personal and professional contact details (such as name, billing address, telephone number, professional title, e-mail and social media address, professional activity).

- We may require images and video for marketing purposes and may ask for special offers relevant to your business for business development and marketing purposes.

- Bank details/bank account numbers, credit/debit card numbers (for AFE processing of third party services), e-wallet or other payment service.

If the visitor/user submits personal data relating to other persons to the Organization or our service providers, they declare that they have the jurisdiction to do so and allow the Organization to use their personal data according to the existing personal data protection policy.

Images and visual content

This specifically relates to the provision of images/video and content which may promote the visitor’s business or their area but may also contain pictures of persons. The visitor/user is liable, should it be required, to provide the Organization with proof of the required consent from persons depicted. The Organization occasionally photographs participants in its events. The Organization will try to check that the visitor/user agrees to be depicted in an image whenever this is possible. However, photographs are commonly of large groups of persons, in which cases it is not easy to communicate in advance of the photograph being taken. Incorporated in the Terms of Use is the participant’s acceptance of their inclusion in photographs for lawful business purposes, such as generating publicity for the event and/or promoting similar upcoming events.


2. How we collect personal data

The Organization and our third party providers automatically collect and process this data in several ways:

  • Upon your registration you will be asked if you agree or not to be sent electronic communication/direct marketing. If you provide your email address and consent for email commerce, certain information on when/if the email was opened and which links were clicked will be accessed. This information is used to assess the extent of the response to and the success of email campaigns.
  • Clicking on a link in any of these emails may cause you to be personally identified on our website and may alert our personnel to part of your browsing history pertaining to our website, so we can cooperate more effectively with you and improve the webpage. If you do not agree with this tracking, you may sign out of our correspondence or use private browsing mode to avoid tracking.
  • If you fill in a web form on any of the Organization websites, your data will be stored in our CRM system and information on some of your past browsing habits on our website may be available to us. We may use this information to cooperate more effectively with you and improve our website. If you do not wish us to possess your personal data, do not register or fill in any web form on this website.
  • If you contact us directly in search of news or content relating to mass media.
  • Photographs send by you to the website most commonly depict persons. In these cases, you must have fully documented copyright, marketing rights and permission of all connected parties to use and share the images.
  • Most devices browsers automatically collect certain data such as software type and version, screen analysis, manufacturer and model, language, type and version of web browser and name. We use this data to ensure that the services of the Organization function correctly, to analyze the performance of our products and to improve as well as maintain services.
  •  IP addresses are automatically transferred as part of any communication via the web and their collection is common practice. A lot of websites, applications and other services automatically collect IP addresses. We use IP addresses for reasons such as communicating with your device, calculating the usage level of the Organization’s services, server diagnostics, security and management of the services of the Organization.
  • We may collect the physical location of a connected device by using satellite, mobile telephony towers and WIFI signals among other means. We may use the physical location of your device to provide you with Organization services and content based on location. You may choose to allow or reject use and/or shared use of your device location. In the event of a rejection, we and/or our marketing partners may not, in some cases, be able to provide the applicable services and content of the Organization.
  • Applications developed in connection with the website for mobile devices will operate and receive data in the manner defined above and are also subject to this policy. Applications developed by us but in other platforms such as social media channels may provide us with comments regarding the user’s online activity.
  • We may take photographs in certain corporate events, either for advertising, networking or training purposes. These photographs are meant for professional use, depicting the participation as part of ongoing promotion of our services and events. While you may appear in these photographs, we strive to use them with the utmost managerial discretion and ensure that their use is of an entirely professional nature. You have the option to “exempt” yourself from events if you do not wish to be photographed.


3. How you can manage your personal data

The Organization strives to keep all the personal data provided by the visitor/user accurate and updated. Therefore the visitor/user should inform the Organization of any changes to this data as soon as possible. The visitor/user may unsubscribe from newsletters and other updates by selecting the Unsubscribe button at the end of every communication.


4. How we protect your personal data

The Organization has taken appropriate security measures to prevent any unauthorized access to or use, modification, loss or disclosure of your personal data.

Although the most diligent efforts are made to protect the personal data of the visitor/user, they should be cognizant of the fact that the use of the Internet is not totally secure and, therefore, the Organization cannot guarantee the security or integrity of the personal data transferred via the Internet. If the visitor/user has certain concerns regarding their data, they may contact the Organization. The Organization has set in place procedures for the handling of any violations of the security of data and alert the visitor/user and any moderator to the suspicion of violation whenever legally required to do so. The data the Organization collects from the visitor/user may be transferred and subject to processing and/or stored in a location outside the European Economic Area (ΕΕΑ). If your personal data is sent outside the EEA, the Organization will take all reasonable measures for its protection.


5. Data retention period

For the purposes of fulfilling the Organization’s legal and regulatory duties, any data provided to the Organization will be retained and stored for the time period deemed necessary, taking into consideration the reason for the initial collection and our duties based on the personal data protection legislation. In general, the visitor/user’s personal data will be retained by the Organization for two (2) years and six (6) months from the date of the last communication or transaction.


6. Rights of Personal Data Subjects

You have certain rights based on the personal data protection legislation. These include:


Right of Information
The visitor/user has the right to receive clear, transparent and intelligible information on the manner in which the Organization processes their personal data and as regards their rights.  This particular section of the document constitutes a ‘notification’, precisely designed to clarify this obligation.


Right of access
The visitor/user has the right to acquire access to their personal data (provided that the Organization is processing it) as well as to other specific information (corresponding to the ‘notification’ herein). Therefore, the visitor/user may be informed and check whether the Organization is processing their personal data according to the Personal Data Protection Legislation.


The visitor/user has the right to require the correction of their personal data if it is inaccurate or incomplete.


Right of erasure
The visitor/user has the right, also known as the “right to be forgotten”, to request the erasure or removal of their personal data when there is no abiding reason for its processing. The right of erasure is not absolute. The Organization may have the right or obligation to retain information in cases where it has a particular legal obligation or other valid legal justification to do so.


Right of restriction on processing 
The visitor/user has the right, in certain cases, to “block” or restrict the further use of their data. When processing is restricted, the Organization can still store the visitor/user’s data but is not allowed to further process it. It keeps lists of persons who have requested the blockage of any further processing of their personal data so as to ensure that the restriction will apply henceforth.


Right of data portability 
The visitor/user has the right to obtain a copy of certain personal data which the Organization keeps for them and then to reuse or share it for their own purposes.


Right of objection 
The visitor/user has the right to object to certain types of processing, with which the Organization can only proceed on receiving their consent.


7. Updates to the present Privacy Policy

The Organization may change this Personal Data Protection Policy. The unit “Last Update” at the bottom of this page refers to the last review of this confidentiality policy. Any changes to this policy will apply when the reviewed Confidentiality Policy is published on the business website of the Organization. The continued use of the Organization services after these changes means that the visitor/user consents to the reviewed confidentiality policy. If any change may substantially and negatively affect the confidentiality of the visitor/user’s personal data, the Organization will take reasonable steps to notify them in advance and provide a reasonable time limit within which they can object to these changes. The Organization urges the visitor/user to periodically check this confidentiality policy so as to be informed on the manner of collection, use and public sharing of personal data.


8. Personal Data Protection Manager

For issues on compliance with GDPR, please contact the Organization’s Personal Data Protection Manager (email: dpo@developattica.gr) and at the following address


New Metropolitan Attica SA
For the attention of: Personal Data Protection Manager
19 Syggrou Av. Athens 117 42
Last Update: 16/04/2021