Privacy Policy

MOUNTAIN TOURISM S.A. 

At our company we respect your privacy and are committed to protecting your personal data. This privacy statement is intended to inform you about the personal data we collect and process in the provision of our services and our general communication with you.

The full details of our company are:

Full Name: Mountain Tourism S.A
Distinctive Title: 3-5 Pigadia
E-mail address: info@35pigadia.gr
Postal address: Ski Resort 3-5 Pigadia, Naousa, Imathia, Greece
Contact telephone: +30 23321 02025

 

Scope and purpose of the personal data protection policy

The object of this Policy is to define the basic principles and rules according to which our company collects, processes and stores personal data, as defined by the applicable national and EU legislation and in particular European Regulation (EU) 679/2016 (hereinafter “the Regulation”).

General principles for the processing of personal data

When our company processes personal data, it ensures that:

– It has collected and processes such data lawfully, in accordance with the provisions of existing legislation and the conditions set out therein.

– Process the personal data only for specified, explicit and legitimate purposes.

– to take appropriate technical and organisational measures to ensure that personal data are processed in a way that ensures appropriate security of personal data, including protection against unauthorised or unlawful processing and accidental loss, destruction or damage. In addition, periodically review the adequacy and effectiveness of these measures.

– To make the necessary efforts to ensure that the personal data it holds and processes are always accurate and up to date.

Not to retain the personal data it collects for a longer period than is necessary for the purposes for which they were collected and processed. However, it may retain them for a longer period if the processing of these data is necessary:

– to comply with a legal obligation that requires processing under a legal provision
– for the performance of a task carried out in the public interest
– to establish, exercise or defend legal claims.

Purposes of processing:

Our company collects and processes personal data for the following purposes:

In order to meet the obligations imposed on it by the legislation, but also by the provisions of its statutes for its purposes and actions, such as:

Maintenance and technical management services for ski resorts

  • Imports of ski machinery.

  • In order to meet its obligations imposed by the legislation, in particular the applicable insurance and tax legislation, with regard to its employees and its suppliers and customers.

  • In order to be able to recruit staff and/or contract with external partners.

  • In order to ensure its proper functioning within the framework of its statutory objectives and existing legislation.

  • In order to ensure the safety of its staff, premises and equipment.

  • In order to legally enter into contracts and meet the legal obligations they impose.

  • In order to participate as a candidate in public and public sector tendering procedures for the award of projects within the scope of its activities.

  • Lawful basis for processing personal data:

The lawful basis for processing your personal data on a case-by-case basis may be:

Our company processes your personal data transparently in accordance with the principles of lawfulness, proportionality, confidentiality and integrity, purpose limitation and accuracy, specific data retention period and data minimisation.

– Your consent,
– The necessity of processing your data in the context of the performance of our contractual obligation,
– The necessity of processing your data in the context of complying with our legal obligation,
– The necessity of processing your data in the context of safeguarding our legitimate interests.

Which data are processed:

With regard to the above purposes, our company may collect and process personal data, including but not limited to the following:

1. Employees: full name, patronymic, maiden name, year of birth, place of birth, gender, nationality, postal address, email address, contact telephone numbers, Identification Data (ID), Tax Identification Number (TIN), Tax Registration Number (TIN), Social Security Number (SMN) and other social security numbers, bank account number (IBAN), data concerning family status, previous employment, CV.

2. Customers/Suppliers/External Partners: Name, Tax Identification Number (TIN), contact telephone number, email address, bank account number (IBAN).

3. Prospective interested customers who fill out the application form for selected used machinery: Name of the responsible person, telephone number, email address.

Special categories of personal data

Our company may collect and process data belonging to special categories of personal data (“sensitive data”), such as data relating to health, in order to meet its insurance obligations. It is possible that such data may not always belong to those directly dealing with our company but also to third parties (e.g. family members of an employee, children, etc.)

Similarly, in exceptional cases, when required by applicable legislation (e.g. public procurement legislation in case our company participates as a candidate in tendering procedures in the public or wider public sector), our company may collect and process data relating to criminal convictions or offences, such as copies of criminal records, always respecting the principle of proportionality.

Depending on the circumstances, our company may process the aforementioned data both as a controller and as a processor on behalf of third parties.

Data retention period

Our company keeps your personal data for a limited period of time, depending on the purpose of the processing, after which the personal data will be deleted from our records, unless another retention period is required or permitted by applicable law. Where your consent is necessary for the collection and processing of your personal data, you may withdraw the consent given at any time without, however, affecting the lawfulness of the processing that preceded the withdrawal.

Rights of Data Subjects of Personal Data

Our company ensures that the data subjects can exercise the rights granted to them by law with regard to the collection and processing of personal data. These rights are the following:

  • The right of access to the data.
  • The right to rectification the data.
  • The right to erasure the data; the right to have access to the data; the right to rectify the data; the right to erasure of the data (‘right to be forgotten’).
  • The right to have the data erased, the right to have the data deleted, the right to have the data deleted, the right to have the data deleted.
  • The right to data portability.
  • The right to object to the processing of data.

Any request by the person/subject shall be submitted to our company at: info@35pigadia.gr.

In the event of the exercise of one of the above mentioned rights, we will take all possible measures to satisfy your request within a reasonable period of time, but no later than one (1) month from the submission of the request and its identification. This time limit may be extended by a further two months if necessary if the request is complex or there are a large number of requests. In this case, our company is obliged, within one month of the identification of the request, to inform you of the delay and the reasons for it. Within the aforementioned period of time, our company must inform you of any refusal to satisfy all or part of the submitted request, as well as the reasons for the refusal.

Our company may refuse to comply in whole or in part with a relevant request received from the data subject only where this possibility is provided for by the General Data Protection Regulation (EU 2016/679).

In case our company processes personal data as a processor, then it transmits the relevant requests to the controller, who is responsible for examining and satisfying them.

Right of recourse to the Personal Data Protection Authority

If you believe that any of your rights regarding the protection of Personal Data have been violated, you may submit a complaint to the competent supervisory authority, namely, the Data Protection Authority (DPA) and any interested party may be further informed by visiting the website http://www.dpa.gr.

Personal Data Breach

A “personal data breach” is defined as a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorised disclosure, disclosure or access of personal data collected, stored or processed in any way by our company.

A personal data breach can occur in many circumstances, some of which include:

  • Loss, destruction or theft of data or documents or equipment in which it is contained or stored.
  • Loss or destruction of or damage to personal data, including loss or destruction of data, or data or equipment, or loss of or damage to or loss of personal data, or theft or destruction of or loss of data or equipment, or theft of personal data, or theft of data or equipment or data on which it is stored or stored.
  • Disclosure of information to third parties not duly authorised/authorised.
  • Cyber-attack.
  • Sending correspondence or email to the wrong recipients. For an incident to qualify as a personal data breach, it does not matter whether it occurred as a consequence of fraudulent intent, negligence, act, omission, accident or unforeseeable event.

In the event that our company or any of its employees or associates, or any third party, becomes aware or suspects that a personal data breach may have occurred, it shall notify our company at: info@35pigadia.gr.

In case our company processes data as a processor, it notifies the controller without delay and does not make any disclosures. This Policy may be amended at any time by our company and will be posted on this website as updated.