1. Intro

The bolis.gr website (hereinafter referred to as “website“) is the online platform of the company Bolis (hereinafter referred to as “company,” “we,” “us“). You can contact the company via email at info@bolis.gr or by phone at +30 2310 765 931.

The company, as the Data Controller, complies with the General Data Protection Regulation (EU) 2016/679, which came into effect on May 25, 2018 (GDPR), and the national data protection legislation, specifically laws 2472/1997, 4624/2019, and 3471/2006, as applicable (hereinafter referred to as “legislation“). It respects security and is committed to protecting the personal data of visitors to its website (hereinafter “visitors,” “you,” “yours“).

The company, acting transparently in its data processing and ensuring the protection of personal data processed through the website, hereby provides you with the following information regarding the processing of your personal data, as well as the rights granted to you as the data subject of this processing.

This privacy policy regarding the processing of personal data through the website (hereinafter “Policy“) is addressed to all individuals who either visit our website or fill out the contact form available on the website.

The company reserves the right to modify, update, and revise this policy in order to comply with the requirements of the applicable legislative framework. Any changes to this policy will be communicated in advance by publishing the revised version on the company’s website. Upon entering the website, visitors are requested to check this page to stay informed of the latest revised version. The version of the policy displayed on this page is considered valid.

In the daily operation of the business, the processing of personal data is sometimes required by a corresponding legal obligation or deemed necessary for reasons of legitimate interest and for improving business practices and the quality of services offered by the company.

The concept of personal data processing, according to the GDPR, includes the collection, registration, organization, structuring, storage, modification, retrieval, information search, use, transmission, restriction, or deletion of personal data that has come or will come to the company’s knowledge, either within the framework of your business relationships with it or within the framework of information received from a third natural or legal person or public sector entity in the exercise of their or the company’s legal right.

The company understands that during the course of its activities, it may receive personal data from individuals, which is often provided directly by the data subjects themselves. Consequently, and in compliance with the applicable legal framework, it has taken all necessary actions by implementing appropriate technical and organizational measures for the lawful retention, processing, and secure storage of personal data. The company is committed to ensuring and protecting in every way the processing of your personal data from accidental or unlawful destruction, loss, leakage, alteration, transmission, or any form of unauthorized processing.

To ensure transparency in the collection, use, and storage of personal data, the company encourages visitors and all interested parties to read this document in order to obtain the following information:

  1. What personal data we collect and how we process it.

The company informs you that it may collect information about you only if you provide it to us, as well as personal data that is necessary for the initiation, maintenance, and execution of our transactional relationships, as required. Specifically:

To facilitate the service of interested parties and your communication with us, we have designed a special standardized contact form on our website. This form can be used by any individual to submit questions, requests, or bring potential issues to our attention, and, of course, to get in touch with us.

To achieve optimal service and to manage and process the requests and inquiries you send us, we collect your name, email address, and any information you provide in the relevant “subject” and “message” fields (free text).

Additionally, we receive personal data that is automatically collected from our website, such as the Internet Protocol (IP) address, when and whenever you browse the site, as well as information about how you use our website. However, we do not identify any other personal information or personal data about you (for further information, see also our Cookie Policy).

All of the above information and your personal data are used exclusively for the aforementioned purpose, namely the management, service, and response to the inquiries you submit to us, and are not disclosed to third parties unless required or permitted by the applicable legal framework (national and/or regulatory).

It should be noted that the company does not process your sensitive personal data (special category data), such as data related to your racial or ethnic origin, political opinions, religious or philosophical beliefs, or membership in a trade union, as well as genetic or biometric data for the purpose of identifying you as the subject of processing, health data, or data concerning your sexual life or sexual orientation. This is because such data is not necessary to achieve the aforementioned purposes. The company adheres to the principles of data minimization, necessity, and proportionality, as outlined by the GDPR.

  1. Lawfulness of Processing

The company lawfully processes your personal data, which are deemed necessary for the aforementioned purpose, namely your communication with us and the management of your inquiries. The personal data you provide to us are processed by the company in pursuit of its legitimate interests, including our interest in providing personalized and secure services to visitors and optimizing these services within the broader framework of customer service.

  1. Data Retention Period

The company retains your personal data for as long as necessary in each case, until the purpose of their collection and processing is fulfilled, which is the resolution of the inquiry or request you have submitted to us, subject to the applicable legal framework (national and/or regulatory). Afterward, we are committed to securely deleting this data. For further information regarding the retention period of your personal data, you may contact us.

  1. Who are the recipients of your personal data?

The company, with respect for the security and protection of visitors’ personal data, generally does not disclose your data to third parties. Exclusive access to your personal data is granted only to authorized employees of the company, in the context of fulfilling legal obligations, and under conditions of confidentiality and secrecy.

As an exception, the company may disclose your personal data to third natural or legal persons, to whom the company outsources certain tasks on its behalf (“data processors”). These parties act on behalf of the company and under its explicit instructions and directions in the context of personal data processing (e.g., electronic service and network support providers, software providers, advertising companies, other suppliers, service providers for advertising, etc.). In such cases, the security of your personal data processing is ensured through contractual clauses and the provision of sufficient guarantees regarding the implementation of appropriate technical and organizational measures, as required by the provisions of the GDPR.

Additionally, recipients of your data, as applicable, may include competent state authorities or bodies, judicial authorities, etc., to the extent required for compliance with a request from a competent authority, to prevent unlawful use of the website or violations of the terms of use, or to protect against third-party claims.

Finally, we inform you that we do not transfer your personal data to third countries (outside the EU) or international organizations that do not provide adequate security guarantees for the protection of personal data as per Article 45 of the GDPR, unless the transfer is required by the applicable legal framework (national and/or regulatory) or you have been informed and have provided prior and explicit consent for such a transfer, where required.

  1. What rights do you have regarding the protection of your personal data?

The company informs you of the rights you hold as a data subject regarding the processing of your personal data.

Specifically (Articles 12 to 22 of the GDPR), you have the following rights:

  • Right of access to data: You have the right to obtain information regarding the processing of your data (such as the categories of data, the purposes of processing, the categories of recipients, etc.) (Article 15 of the GDPR),
  • Right to rectification: You have the right to request the correction of any inaccurate information about you and/or the completion of information concerning you, when there is a need for correction and/or supplementation (Article 16 of the GDPR),
  • Right to erasure (“right to be forgotten”): In certain cases, you have the right to request the deletion of all or part of your personal data from our records, subject to provisions regarding their retention (Article 17 of the GDPR),
  • Right to restriction of processing: You have the right to request the restriction of the processing of your personal data in specific cases as defined by law (Article 18 of the GDPR),
  • Right to object to processing: You have the right to object to the processing of your personal data that is carried out in the pursuit of our legitimate interests, as mentioned above,
  • Right to data portability: You have the right to request the transfer of your personal data that you have provided to us to another data controller (Article 20 of the GDPR).

The exercise of the aforementioned rights is subject to the reservations and limitations of the applicable legal framework for the protection of personal data (national and/or regulatory).

To exercise your rights, you can contact the company by sending an email to info@bolis.gr or a postal letter to the company’s address.

In the event of submitting a request to exercise your rights, the company, after reviewing and evaluating it, will make every effort to respond within a reasonable period of one (1) month. This period may be extended by an additional two (2) months if necessary and justified by circumstances (e.g., the complexity of the request). In any case, any delay will be explained in writing. Additionally, we may request proof of your identity, such as a valid identification document (e.g., identity card), in order to locate your personal data and verify the data subject, to prevent the provision of your information and data to unauthorized third parties.

If you believe that your rights are being violated in any way, you have the right to file a complaint with the competent Supervisory Authority (Hellenic Data Protection Authority, 1-3 Kifisias Ave., 115 23, Athens, +30 210 6475600, contact@dpa.gr).

  1. Social media/ accounts

The company uses social media platforms (Facebook, Instagram) to inform the public about its services, share news and announcements, and interact with the public. During this interaction (e.g., likes, follows, comments), personal data processing is carried out by us, involving personal data provided by the user (such as name, surname, profile picture, as applicable). In such cases, both the company and the operator of the respective social media platform act as joint data controllers. The platform operators may also process this data for their own purposes, as outlined in their respective privacy policies.

  1. Other Information

The company does not collect, process, or access sensitive personal data (special categories of data) through its website in any way. Visitors are required to refrain from providing such data, whether their own or of third parties. The company bears no responsibility towards visitors or third parties for the provision of such data, which may result from their actions and/or omissions, in violation of this obligation.

Taking into account the latest developments, the cost of implementation, as well as the nature, scope, context, and purposes of processing (Article 32 of the GDPR), the company implements, as necessary, all required technical and organizational measures to protect your personal data from potential loss, destruction, and any unauthorized access or alteration by third parties.

The company, handling information about minors (persons under 18 years of age) with particular sensitivity, informs that the website is not intended for minors and makes every effort to avoid collecting or retaining personal data of minors who may access the website. However, if it is determined that personal data has been collected from a minor without the relevant consent from their parents or guardians where required, such data will be immediately deleted.