What is the purpose and purpose of this policy?
The public limited company under the name "KTEL Ioannina Anonymous Transport, Tourist AND Trade Company of Western Greece" respects the privacy of individuals and takes very seriously the need to protect their personal data.
This informative text provides anyone with an interest in obtaining our services or any visitor - user of our website, with concise, fully defined and transparent information on practices for the management and protection of personal data.
This Policy is intended to inform how personal data is collected, stored, used and transmitted, the security measures taken by the company to protect personal data, the reasons for and the time they are stored, but and the type of personal data collected. It refers to any transaction or series of transactions performed with or without the use of automated means, personal data or personal data sets.
The Company unilaterally reserves the right to update, modify, add, modify its Services and this Policy, from time to time, at any time it deems necessary, without prior notice, always within the applicable legal framework and subject to any changes in the applicable legislation. protection of personal data.
The Company encourages any interested party to review this Policy at regular intervals to keep abreast of any changes made.
The complete details of our company are:
"KTEL Ioannina Anonymous Transport, Tourist AND Trade Company of Western Greece"
Mailing address: Leof. Geor. Papandreou 45, Ioannina 45444, Greece
Email Address: firstname.lastname@example.org
Contact phone: +30 2651025014
What are the definitions of legal concepts used?
For the purposes of your information, the following meanings shall be understood as follows:
'Personal data': any information relating to an identified or identifiable natural person ('data subject') ; the identifiable natural person is one whose identity can be verified , directly or indirectly, in particular by reference to an identifier, such as name, ID number, location data, online ID or one or more factors that are specific to physical, physiological, genetic, psychological, economic, cultural or social the lity of the individual.
'Specific categories of personal data': personal data revealing racial or ethnic origin, political beliefs, religious or philosophical beliefs or participation in trade unions, as well as the processing of genetic, biometric data data for the purpose of unambiguously identifying a person, data relating to health or data relating to a person's sexual life or sexual orientation.
'Processing': any operation or series of operations performed with or without the use of automated media, personal data or personal data sets, such as the collection, registration, organization, structure, storing, adapting or altering, retrieving, retrieving information, using, transmitting, disseminating or otherwise disposing of, associating or combining, limiting, deleting or destroying.
"Anonymization": the processing of personal data so that the data can no longer be attributed to a particular data subject.
'Alias': the processing of personal data in such a way that the data can no longer be attributed to a particular data subject without the use of supplementary information, provided that such additional information is kept separate and technically and organizational measures to ensure that they cannot be assigned to an identified or identifiable natural person.
'Processor': a natural or legal person, public authority, agency or other entity that, alone or in conjunction with others, determines the purposes and manner of processing personal data; the purposes and manner of such processing shall be laid down by Union law or the law of a Member State; the controller or the specific criteria for his appointment may be laid down in Union law or the law of a Member State.
'Perform processing': the natural or legal person, public authority, service or other entity that processes personal data on behalf of the controller.
Consent of the data subject: any indication of a free, specific, explicit and fully informed will with which the data subject expresses his or her agreement, by declaration or by clear affirmative action, to constitute the personal data relating to it are processed.
'Violation of personal data': a breach of security that results in accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access to personal data transmitted, stored or otherwise processed .
"Existing Legislation": The provisions of any existing Greek, Union or other Legislation to which KTEL Ioannina SA is subject and stipulate issues of personal data protection, such as:
- Law 2472/1997 on the protection of individuals with the processing of personal data, as applicable
- Law 3471/2006 on the protection of personal data and privacy in the field of electronic communications and amending Law 2472/1997, as in force,
- Directive 2002/58 / EC of the European Parliament and of the Council of 12 July 2002 on the processing of personal data and the protection of privacy in the field of electronic communications (Directive on privacy in electronic communications) communications) as amended,
- Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC (General) Data Protection Regulation (GATT) and any applicable laws.
What are the principles governing the processing of personal data by the company?
The Company processes your personal data in a lawful and lawful manner for the purposes set forth in this Policy. Your personal data processed by the company is limited to what is strictly necessary to achieve these purposes, is accurate and timely, kept for a period determined by the purposes of processing, protected by adequate security measures and is not transmitted to countries that do not provide sufficient security. level of protection.
How is personal data collected?
The company is likely to collect personal data both in writing and through its online / digital platforms and applications.
For what purpose is personal data collected and what is the legal basis for their processing?
The Company processes personal data for the following purposes:
For ticket issuance: KTEL Ioannina SA processes passenger data in the context of ticket issuance, both locally and through the website of www.ktelioannina.gr and the relevant application of KTEL Ioannina AE (ioannina - etickets.). In this context, the company processes the name, telephone number and email address of the passengers. The purpose of this treatment is to:
- Ticket issuance (legal processing is contract execution)
- Payment and debit setting (the legal basis for this processing is the execution of the contract)
- Claiming debts to the company (the legal basis for processing is the legal interest of the company)
- Informing you in case of changes / delays on the routes (the legal basis for processing is the execution of the contract)
For Disabled Transportation: In the case of Disabled Transportation, the company processes the following personal data: name, surname, email, address, City, Area, State, Postal, Country, contact telephones, transfer date and time, embarkation and disembarkation station, itinerary, and may also collect health data which the passenger will submit (eg use of a wheelchair). The legal basis for this processing is the execution of the contract between our company and the disabled.
For parcel shipment: In order to ship parcels through our company buses we will process the following data: name, surname, contact telephone, sender and recipient address. The legal basis for such processing is the execution of the contract of carriage.
Recruitment: The company, in the case of a job application, processes the data necessary to determine the candidate's suitability for a specific job (name, surname, education, experience, etc.), as well as and data that is received by the data subject himself (eg by resume, attached qualifications, etc.). The legal basis for such processing is the legal interest of the company to hire a capable and appropriate person for the job.
For Employment of Employees: The company processes the data of employees necessary for their employment and their insurance at the relevant insurer (eg salary, insurance, marital status, leave, education, sickness, data ID, Bank IBAN, Passport details, photos, Military Certificate of Exercise, Occupation Permit, Prior Letters of Certificate, Marital Status Certificate, Criminal Record, CRM, Registry Details IKA, IKA Contribution Inventory, Landline and Mobile Phone Numbers, Residence Address, VAT ID Number, DOU, CV, Email Addresses, Copy of Driving Licenses, Degrees, Postgraduate Certificates, Certificates and medical records, recruitment documents, termination contract, etc.). The legal basis for processing is the performance of the employment contract and the compliance of the company with its legal obligations.
For the video surveillance of its premises: The company maintains, for security reasons, a camera system in its premises, in compliance with all the conditions, restrictions and deadlines set by domestic and European law. The legal basis of this treatment is the legitimate interest of the company.
To run ioannina - etickets: To subscribe to ... ioannina - etickets. we will process your following data: name, surname, email address, phone number. Your registration is optional. If you choose not to register, we will process the following data for ticket issuance: name, surname, email address, ticket type phone number (full, student, etc.), debit / credit card number. The legal basis for this processing is a) for the creation of an account: your consent, b) for the purchase of a ticket: the execution of our contract, c) for the claims owed to us: our legitimate interest in our company, d to inform you in the event of changes in routes and delays: the execution of our contract.
b> For the operation of internet technologies: The company only processes the data necessary for the issuance of tickets and generally for your visit to its website, such as internet protocol address (IP address) and browser type ( browser) used by the visitor, cookies, invisible pixels and web beacons to obtain information about browsing them (for further information see the Cookies Policy of the company).
The legal basis for processing is:
- for proprietary cookies for the operation of the site: the legitimate interest of the company
- for any other form of cookie or other technology we use: your consent
For the cooperation of the company with third parties: The information collected is the following: name, contact telephone, address, tax identification number, VAT, as well as any other information that may be required by legislation. The legal basis for processing is executing a contract and meeting our legal obligations.
To manage complaints: Each time a complaint is made either by phone or in writing, the data collected is: name, surname, email, address, City, Area, County, County, Postal, Country, contact phones, date and time of shipment, boarding and disembarkation station, itinerary. The legal basis of this treatment is the legitimate interest of the company.
To recover lost items: In the event of a lost item issue, the company processes data such as the name of the employee who delivered / received the item, name, address, telephone, ID. / Passport of the person who found the item, full name, ID / Passport address, telephone number and signature of the client to whom the item was found. The legal basis for such processing is the legitimate interest of the company and the passenger.
Does the company process juvenile data?
The company can only process data on minors regarding ticketing, pupils (transferring students to their schools), and staff payroll.
Is my data transmitted to third parties?
The personal data is collected and processed by our service-authorized employees for the sole purpose of providing the service, and is transmitted only to authorized third parties who are committed to maintaining confidentiality when they are required to access the provision of their services. their services.
Upon your order, your personal data may be transmitted to third parties / affiliates.
The Company expressly undertakes that it will not market your personal data by selling / renting it / transferring / disclosing or disclosing it to third parties or otherwise using it for other purposes that may endanger privacy, rights or your freedoms, unless required by law, judgment / order, administrative act or contractual obligation necessary for the proper functioning of the company's website and for the performance of its functions of her.
Personal data may be transmitted to affiliates / affiliates, affiliates, or to third parties who comply with the terms of this Policy and are committed to maintaining confidentiality for further processing in order to provide services, evaluate and improve the functionality of the Website, marketing, data management and technical support purposes only after the user has been informed in advance and his consent has been obtained.
These third parties are contractually bound by the company to use the personal data only for the above reasons, and will not pass on the personal information to third parties and will not disclose it to third parties unless required by law.
How long is my personal data kept?
Your personal data is kept for as long as is necessary by the nature of the service provided by the service company and, in addition, for as long as the relevant law requires.
The company does not retain your data for longer than is necessary to fulfill the purpose for which it is processed. To determine the appropriate retention time, the company takes into account the quantity, nature and sensitivity of the personal data, the purposes for which it is processed, and the ability to achieve those goals by other means.
The company also takes into account periods of time that may need to be retained in order to fulfill its legal obligations (eg with respect to tax audits) or to respond to complaints / questions and to protect their statutory rights in the event of a claim (20 years under 904 BC).
When we no longer need or no longer have a legitimate reason to keep them, your personal data is safely deleted or destroyed.
The company also considers if and how they can minimize the personal data that they use over time, as well as whether it can keep them anonymous so they can no longer associate with you or identify you. In this case, the company may use them without further notice.
What are my rights? What can I do if I have an issue with the processing of my personal data?
You can exercise all of the above rights by submitting a written application to KTEL Ioannina SA Leof. Geor. Papandreou 45, Ioannina 45444, Greece
- You have the right at any time to ask us what personal data we process, for what purposes we do it, whether we give it to third parties and to whom, and other relevant information.
- You also have the right to receive a free copy of your personal data upon request.
- Other rights that you have under relevant personal data protection laws include the right to request updating and / or correction of your data, pausing and / or limiting their processing, and deleting them from corporate systems if they are not there is another statutory obligation to maintain them.
- You also maintain the right to portability and / or objection to the processing of your personal data.
For any questions you have about your personal data or for clarification, you can contact the company's DataProtectionOfficer) either by phone at +302651083072 or by e-mail at email@example.com
In any case, you have the right to apply to the competent Data Protection Authority (ASCA, www.dpa.gr) and / or to file a lawsuit.
The company makes every effort to ensure that your requests are answered promptly and in any event within one month of their receipt. This period may be extended by two (2) more months if necessary, taking into account the complexity of the request and the number of requests. You will be informed of this extension as well as the reasons for the delay within one month of receiving the request from the company. If you make the request by electronic means, the answer will be provided, if possible, by electronic means, unless you request otherwise (eg written letter).
Is my data safe?
The company considers the privacy of its customers, employees, employees, or third parties to be extremely important, and makes every effort to protect them, both in terms of confidentiality / confidentiality and information. their integrity (not to be damaged, not to be accidentally damaged, etc.). In this context, the company implements an Information Security Management System, which follows the best practices of the international standard ISO 27001.
The Company shall take all appropriate organizational and technical measures designed to protect information from loss, misuse, unauthorized access, disclosure, distortion or destruction, and shall ensure the legitimate and lawful collection and processing of personal data and their safe keeping, in accordance with the relevant provisions of both Greek and Community and international law on the protection of the individual from the processing of personal data, as well as decisions of the Data Protection Authority, preserving the confidentiality and confidentiality of any information made available to it. In particular, this Policy takes full account of the provisions and articles of Regulation (EU) 2016/679 of the European Parliament on the protection of individuals with regard to the processing of personal data and on the free movement of data (“GeneralDataProtectionRegulation” - (GDPR)) and shall make every effort to comply therewith.
Access to the contact details of visitors / users of the company website is restricted to authorized persons who are committed to confidentiality (employees, service providers) and it is reasonable to assume that they need to know this information to provide products or services to its visitors / users website or for performing their work.
In addition, security is achieved as follows:
- Controlled Access
Access to server systems is controlled by a firewall, which allows users to use specific services while blocking access to systems and databases with confidential company information and information.
The SSL (SecureSocketsLayer) protocol is today the world-wide-web standard for certifying websites to web users and for encrypting data between web users and webservers. An encrypted SSL communication requires all information sent between a client and a server to be encrypted by the shipping software and decrypted by the receiving software, thereby protecting personal information when transmitted. In addition, all information sent with the SSL protocol is protected by a mechanism that automatically checks if the data has changed during the transfer.
In addition, personal security is the password you provide when you become a member of the company website. In order to present any of your personal information you must first provide your username and password. For this reason, you should keep this information well in order not to fall into the hands of third parties. We also advise you to create a password using symbols along with alphanumeric characters.
By using special software, the company's electronic system decrypts the information it receives before processing it. The company system sends information following the same encryption process. Everywhere you enter personal information (password, email, addresses, phones, credit card number, etc.) there is 128-bit SSL encryption. Encryption is a way of encrypting information so that it can be securely accessed by its intended recipient, who can decode it using the appropriate key. When you order and if you have logged in with your Login ID and Personal Security Code in your account, all communication between your computer and corporate systems is encrypted using a 128bits key.
Confidentiality is self-evident to us. The basic principles governing classical transactions also apply to electronic transactions with the company. All information transmitted by the User is confidential and the company has taken all necessary measures to remain secure and to be used only to the extent necessary to service the contract and provide the services.
The User, in order to ensure the security of his / her data, should not disclose himself / herself or his / her access data to third parties.
What about links / hyperlinks to other sites?
The Company's Website may contain hyperlinks to other Websites for whose content and services the Company bears no responsibility or guarantees their continued and safe accessibility. The Company shall in no way be deemed to accept or endorse the content or services of the hyperlinked websites in any way. Any responsibility arising out of the use of these websites is the sole responsibility of the respective owner of this website. In the case of hyperlinks to other web sites, the company is not responsible for the terms of management and protection of the personal data they follow.
The company website may contain promotional / informational material, purpose and character. The Company is not liable to the visitor / user as well as to any third party for any unlawful act or omission, inaccuracy or inability to comply with the laws and regulations of any country or the European Union in relation to the content of these updates. The company is not obliged to review or review the legality or otherwise of the information displayed on the above websites and as such cannot be held liable for any liability whatsoever. This responsibility rests with the advertisers, sponsors and / or creators of the promotional material displayed.
How To Contact Us