Privacy Policy

---

Thank you for visiting our website and for taking some of your time to be informed about the policy we follow regarding the protection of privacy and the respect of the right of every person to the protection of its person-al data. Our company attaches great importance to the security and the lawful processing of data of every visitor to its website and every user of its services. For these reasons, in compliance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation - GDPR) as well as the provisions of Law 4624/2019, our company has drawn up this privacy policy, which we kindly ask you to read carefully before using our website. The aim of this privacy policy is to inform you transparently and to provide you with the information required by the applicable legislation with regard to the processing of your personal data, when you contact us, use any of our services or supply us with goods or services and your respective rights. For any question regarding this privacy policy or the processing of your personal data and the exercise of your rights, you can contact us in the ways mentioned directly below in section I.

1. OUR COMPANY – CONTROLLER AND CONTACT DATA

   1. Our company is named «SCIENTIA MARIS PRIVATE COMPANY» and has the title «SCIENTIA MARIS I.K.E.» (hereinafter the Company). Our company is seated in Chalandri, Attika, Agias Paraskevis str., GR-15234, Greece (Greek Commercial Registry Nr. 148937001000, VAT-Nr. 801093537).
   2. The Company is the controller regarding any processing of personal data carried out in the context of your interaction with our Company, including visiting our website. Our contact details, in addition to our aforemen-tioned address, are: phone: (+30) 210 6848217, e-mail: [email protected].
   3. Our Company is not a controller who is obliged to designate a data protection officer, because the pro-cessing operations our Company carries out do not require regular and systematic monitoring of data sub-jects on a large scale, nor does our Company process special categories of data on a large scale.

2. WHEN AND HOW WE PROCESS YOUR PERSONAL DATA

   1. You provide us directly with your personal data that we process: (a) when you contact us, create a user ac-count or use one of our services, (b) when you subscribe to our e-Newsletter, (c) when you share your per-sonal data with us in order for us to fulfill our financial obligations towards you (supplier data).
   2. When you visit our website (www.scientiamaris.com) and browse it, due to the nature and the way the inter-net works, some information is automatically collected by our server and recorded in special files (log files). Also, during your navigation on our Company's website, the server stores on your terminal device (computer, mobile phone, etc.) small text files with information (cookies), which it retrieves with each visit, in order to offer related services. A typical example is your preferences as a user of our website, as indicated by the choices you make on it [e.g. the pages you visited, percentage of visits to each page (bounce rate), search-es, etc.]. Detailed information on the type of data collected in this way can be found in the Cookies Policy.
   3. Our Company is active in the social networks Facebook, Twitter, Youtube and LinkedIn, through which it collects and processes your data, if you interact with us through these networks, but is not responsible for the way or means, with which each of the above networks processes your data. Each of these networks has its own privacy policy.
   4. We do not collect your personal data from other sources.

3. PERSONAL DATA WE PROCESS

   1. When you contact us, create a user account or use one of our services, we collect the following personal data: your name and surname, the name of the company or entity for which you may act, your email address (E- mail), your telephone number, your country or region of residence, the sector in which you are active, the number of employees in your company, as well as the purpose for which you are contacting us, in the con-text of which other personal data may be disclosed from you. In case you choose to use one of our services, in addition to the above, we also collect: your invoicing and payment information, such as your V.A.T. Num-ber and Tax Authority, details of payments (credit card, bank transfer, payment or debt amount), details of your transactions (history, etc.).
   2. Our Company may offer e-Newsletter with news, updates, offers or content about our products and services. When you subscribe to our e-Newsletter, we collect and use your e-mail address to send our Company’s e-Newsletter and our news and updates. By subscribing to our e-Newsletter you receive a first confirmation message and then you receive our news. Your subscription to our Company's e-Newsletter is not mandatory and you can unsubscribe from it at any time.
   3. When you visit our website and browse it, the information that is automatically collected by our server and recorded in special files (log files) is your IP address, the date and time of your connection, the referrer URL, the device type and the operating system and web browser you used when visiting the website.
   4. If you interact with us through the social networks mentioned above, our Company collects and processes the following personal data about you (if it is already available in your profile): the username you use, your country, your current job and the sector in which you are active.
   5. In the case that you are a supplier of our Company, we process your professional details (name and sur-name, address, V.A.T. Number and Tax Authority), your contact details (telephone number, e-mail address), your payment data (account number, bank and other transaction details) and the information of the transac-tions between us.

4. PURPOSE AND LEGAL BASIS OF DATA PROCESSING

   1. The purpose of processing your personal data, when you contact us, create a user account or use any of our services, is on the one hand your identification, the achievement of the purpose of communication between us, the supply of the products and of our services to you as well as the promotion/marketing of our products or services (see especially Nr. 2), on the other hand the invoicing of our Company's services/products. Legal basis for this data processing is the execution of the contract between us in accordance with article 6 para. 1 (b) of Regulation (EU) 2016/679 (hereinafter GDPR) and the fulfillment of our Company's obligations arising from tax legislation in accordance with article 6 para. 1 (c) GDPR.
   2. The purpose of processing your personal data, when you subscribe to our e-Newsletter or when our Com-pany uses your e-mail address (E-mail), obtained in the context of the sale of products or services or other transaction, for the promotion/marketing of similar products or services to you or for similar purposes, is to contact you in order to inform you about any new products and services, offers or news of our Company. In this way we keep your interest in our Company active, offer you useful content and promote our Company's products and services. Legal basis of processing in this case is, in the case of your subscription to our e-Newsletter, your consent in accordance with article 6 para. 1 (a) GDPR, and in the case of electronic com-munication for the promotion/marketing of products or services, the legitimate interest of our company for the direct commercial promotion of its products and services according to article 6 para. 1 (f) GDPR and article 11 para. 3 Law 3471/2006. You may unsubscribe from the e-Newsletter and object to the use of your e-mail address for the promotion/marketing of our Company's products or services at any time.
   3. We collect your IP address, together with the date and time of your connection to our website, and keep this information in special files (log files) primarily due to our legitimate interest to process this data, in order to ensure the security of our networks, information and services from accidental events or illegal or malicious actions, which jeopardize the availability, authenticity, integrity and confidentiality of the personal data we process (such as in the event of an "attack denial of service" - Dos/Ddos attacks), but also the establishment, exercise and support of our legal claims. In addition, based on the respective legal framework, we may be asked by police, judicial, supervisory or other competent authorities to supply information, which we should be able to provide, always under strict terms and conditions. Legal basis of processing in these cases is Arti-cle 6 para. 1 (c) and (f) GDPR.
   4. The purpose of processing the data we collect through the social networks, in which our Company is active, whether they are anonymized or not, is to provide news and updates regarding our Company's activity or our communication with you in response to any message you may send us. Legal basis for this processing is your consent [article 6 para. 1 (a) GDPR], which you provide by liking or following our pages and which you can revoke in exactly the same manner, that is by unlike or unfollow. Your consent results in acceptance of our present policy for the protection of personal data.
   5. Regarding the suppliers of our Company, the purpose of processing of personal data is their payment, our communication with them, the issuance of the necessary documents or other tax obligations and the comple-tion and submission of the necessary declarations of our Company. In this case, the legal basis for pro-cessing is Article 6 para. 1 (c) GDPR, which allows us to process personal data, when this is necessary for the fulfillment of our legal obligations according to law, but also Article 6 para. 1 (b) GDPR, because the pro-cessing is in this case necessary for the execution of the contract between us.
   6. Please note that, only under the strict conditions of GDPR and Law 4624/2019, we are allowed to process this data also for other purposes, if such new processing of your personal data is compatible with the pur-poses for which it was originally collected. In any case, we are allowed to process personal data for a pur-pose other than that for which it was collected, as long as the processing is necessary: (a) to prevent threats to national security or public safety at the request of a public body; (b) for the prosecution of criminal offenc-es; or (c) for the establishment, exercise or support of legal claims, unless your interest as a data subject not to process your data prevails.

5. PROCESSING FOR AUTOMATED DECISION-MAKING - PROFILING

   We do not process personal data for this purpose.

6. PROCESSING OF PERSONAL DATA OF MINORS

   Our Company does not offer services and products directly to minors, nor do we collect personal data of minors.

7. PERSONAL DATA WE PROCESS

   1. When you contact us, create a user account or use one of our services, we collect the following personal data: your name and surname, the name of the company or entity for which you may act, your email address (E- mail), your telephone number, your country or region of residence, the sector in which you are active, the number of employees in your company, as well as the purpose for which you are contacting us, in the con-text of which other personal data may be disclosed from you. In case you choose to use one of our services, in addition to the above, we also collect: your invoicing and payment information, such as your V.A.T. Num-ber and Tax Authority, details of payments (credit card, bank transfer, payment or debt amount), details of your transactions (history, etc.).
   2. Our Company may offer e-Newsletter with news, updates, offers or content about our products and services. When you subscribe to our e-Newsletter, we collect and use your e-mail address to send our Company’s e-Newsletter and our news and updates. By subscribing to our e-Newsletter you receive a first confirmation message and then you receive our news. Your subscription to our Company's e-Newsletter is not mandatory and you can unsubscribe from it at any time.
   3. When you visit our website and browse it, the information that is automatically collected by our server and recorded in special files (log files) is your IP address, the date and time of your connection, the referrer URL, the device type and the operating system and web browser you used when visiting the website.
   4. If you interact with us through the social networks mentioned above, our Company collects and processes the following personal data about you (if it is already available in your profile): the username you use, your country, your current job and the sector in which you are active.
   5. In the case that you are a supplier of our Company, we process your professional details (name and sur-name, address, V.A.T. Number and Tax Authority), your contact details (telephone number, e-mail address), your payment data (account number, bank and other transaction details) and the information of the transac-tions between us.

8. DURATION OF STORAGE OF PERSONAL DATA

   1. We keep a record of your personal data for as long as is necessary based on the relationship between us and for the fulfillment of the purpose for which our services and products are provided to you, and after such fulfillment for a period of five (5) years, unless a longer retention period is required for the fulfillment of our contractual obligations or for the exercise of our claims.
   2. Personal data provided on the basis of your consent are kept for as long as your consent has not been re-voked.
   3. In the event that you are a supplier of our Company and within the framework of the contract concluded be-tween us, your business data will be kept as long as you maintain this capacity. After the termination of this relationship for any reason, your business data will be retained for a period of five (5) years, unless a longer retention period is required for the fulfillment of our contractual obligations or for the exercise of our claims.
   4. If by the end of the above time periods there are ongoing legal proceedings in which our Company is in-volved and which directly or indirectly concern your personal data that we process, the time for retaining them will be extended until the issuance of an irrevocable court decision.
   5. If the applicable legislation, including the tax legislation, provides for an obligation to keep specific infor-mation and data for a longer period of time, these data will be kept for the respective period of time.
   6. Other criteria that determine the period of time, during which our Company stores personal data, are: the provisions of the law for the limitation period for claims of any nature, the exercise of your rights provided for by the relevant legislation, for which we inform you in detail below, and the principle of limiting the period of personal data storage.
   7. After the expiration of the respective storage period for the personal data concerning you, such data will be deleted/destroyed, in accordance with the applicable destruction policy of our Company.

9. SECURITY AND PROTECTION MEASURES

   1. Evaluating the respective risk relating to the personal data we process (risk-based approach), our Company takes the appropriate technical and organizational protection measures already from the design and by def-inition, which are subject to periodic review.
   2. In particular, our Company: maintains a written privacy policy, takes care of the training of its staff in mat-ters of data protection, as well as in special, security-related, functions of the information system it uses (use of unpredictable passwords and credentials, identifying and reporting incidents of security breaches, proper use of e-mails and removable storage media, etc.), has provided for a clear separation and assignment of tasks/responsibilities to its staff, all members of which are committed in writing for the observance of confi-dentiality, ensures the complete and permanent deletion of the data it must destroy, places in lockers the folders containing personal data, has procedures for the identification, reporting, notification and immediate response to incidents of violation of data security in the context of the processing system it uses, our Com-pany also examines the use of special data protection techniques (encryption, pseudonymization, anony-mization) and finally, our Company has developed a specific policy for receiving and managing backups and for managing user accounts, which include procedures for adding, changing properties and deleting an account, whereby a different access account is assigned to each user.
   3. In order to protect against malicious software all our Company's computers, both the personal computers of our staff and the servers, and in addition to their correct use, which is mentioned above, our Company uses antivirus programs, as well as firewall programs that have the latest updates at any given time, while security updates are also installed at regular intervals on the operating system of computers connected to the Internet.
   4. In order to verify that the user of its website is indeed human and for the security of its information, our Company uses the Cloudflare Turnstile tool, for which the policies that apply can be found here.
   5. The management of social media, in which our Company is active, is part of our internal policy for the pro-tection of personal data. In this context, we implement a series of technical and organizational measures that are constantly updated and adapted to new best practices, such as the limitation of people who have access to media management, in order to ensure secure data processing.
   6. Our Company will never send you a message (via e-mail, sms or hyperlink) requesting the transmission of your security data, such as password, financial data or other sensitive information.

10. DATA TRANSMISSION - RECIPIENTS

    1. Our Company does not disclose the personal data it processes to recipients, third parties or not.
    2. An exception may be made regarding our attorneys, bailiffs and notaries in the context of exercising our Company's legal rights and defending its legitimate interests, as well as financial institutions, to the extent that the transmission is required for the execution of a transaction.
    3. Your personal data are not shared by our Company with recipients, third parties or not, for the purposes of promoting/marketing products or services.
    4. Our Company must cooperate with public authorities, including judicial, prosecutorial, police and any oth-er auditing authorities, and transmit personal data, if requested, in the event that this is required by law or court decisions or following relevant lawful requests by authorities in the exercise of their duties.

11. DATA TRANSMISSION OUTSIDE THE E.U.

    We do not transmit personal data in countries outside the European Union.

12. YOUR RIGHTS AND WAYS TO ENFORCE THEM

    1. The rights you can exercise towards our Company, as a data controller, are: (a) the right of access, (b) the right of rectification, (c) the right of erasure, (d) the right to restriction of processing, (e) the right to object to processing, (f) the right of data portability.
    2. In particular: (a) Right of access: You have the right to be informed whether we are processing your data and, if so, to be informed about the purposes of processing, the relevant categories of data, the recipients or categories of recipients, the period of time for which data is kept or, when this is impossible, the criteria that determine that period, the exercise of your rights in relation to them, the origin of your data (when not collected by you as a data subject) and the existence of automated decision-making based on them , including profiling. You also have the right to request copies of your data. (b) Right of rectification: You have the right to request the correction and/or completion of your data, so that they are always accurate. (c) Right of erasure: You have the right to request (subject to conditions) the erasure of your data, inter alia also if your data are no longer necessary in relation to the purposes for which they were collected, or if you revoke your consent, on which the processing is based (see in detail Nr. 3 below). (d) Right to restriction of processing: You have the right to request (subject to conditions) the restriction of processing of your data. This right is an alternative to the right of erasure and the right to object. (e) Right to object and withdraw your consent: You have at any time the right to state that you object to the processing of your data and to withdraw your consent to this processing. (f) Right of portability: You have the right to request that your personal data you have provided to us be re-ceived by you or transferred to another entity or another controller in a structured, commonly used and ma-chine-readable format, if this is deemed technically feasible, in accordance to the provisions of the GDPR.
    3. Specifically for the right of erasure, also known as the "right to be forgotten", you must know the following: exercising this right means that you no longer wish to have your data processed, the deletion of which you request, if there is no legal reason for the data controller to keep them. You can withdraw your consent, on which the processing is based, in which case the data must be deleted, if there is no other legal basis for the processing. Also, if the data are no longer necessary in relation to the purposes for which they were collect-ed or are otherwise or unlawfully processed or you object to the processing and there are no compelling and legitimate reasons for the processing, you can request their erasure. The right of erasure is not an absolute right, as the further retention of personal data may be lawful, when they are necessary for reasons such as the exercise of the right of freedom of expression and information or the compliance with a legal obligation, the fulfillment of a task performed in the public interest or in the exercise of public authority assigned to the controller, reasons of public interest, the purposes of archiving in the public interest, the purposes of scien-tific or historical research or statistical purposes or the establishing, exercising or supporting legal claims. Further limitations of the right of erasure are provided for in article 34 of Law 4624/2019, for example in the event that the data controller has reasons to believe that the erasure would be detrimental to the legal inter-ests of the subject of the personal data or would conflict with statutory or contractual data retention periods.
    4. In addition, under the GDPR, you have the right to non-automated individual decision-making, including non-profiling. By exercising this right, you object when a decision concerning you is based solely on auto-mated processing, including profiling, and this decision produces legal effects or significantly affects you. You also have the right to be promptly notified by the controller of any breach of personal data concerning you that may put your rights and freedoms at high risk.
    5. You can exercise your rights towards our Company free of charge in principle, either in writing or orally (you will find our Company's contact details above in section I.). In the case of the right of access, you may be asked to pay a reasonable fee if the number of copies that our Company is asked to grant you is large. Our Company may refuse to proceed with a manifestly unfounded or excessive request or with repeated requests; we also have the right to request additional information necessary for the verification of your identi-ty as a data subject, when we have reasonable doubts about it.
    6. Our Company is obliged to respond to the request you submit, exercising the above rights, without undue delay and at the latest within one (1) month from the submission of the request. If deemed necessary, taking into account the complexity of the request and the number of requests pending for consideration, this dead-line may be extended by two (2) more months. In this case, you will be informed of the need to extend the deadline, the reason for the extension and the progress of your request within the maximum initial deadline.
    7. In the event that you contact our Company and the issue that concerns you is not resolved, you have the right to file a complaint regarding the processing of your data by our Company to the competent supervisory authority, i.e. the Personal Data Protection Authority, electronically through its web portal by completing the corresponding electronic form (more information can be found on the Authority's website www.dpa.gr). Ex-ceptionally, your complaint can be submitted: (a) electronically by email to the following address: [email protected], (b) by post to the Authority's offices (1-3 Kifisias Ave., GR-11523, Athens) or (c) by submit-ting the complaint in person at the Authority's offices (1st floor), during the hours it is open to the public. In the event that you do not contact our Company (as a data controller) first, the Authority may not consider your complaint.

13. AMENDMENDS OF THE PRIVACY POLICY AND NOTICE

    1. The effective protection of personal data requires the systematic monitoring of our Company's policies and procedures. At the same time, our wish to provide better services entails that we constantly seek to im-prove our practices and adopt new ones, always respecting the legislation for the protection of personal da-ta. For this reason, this policy may be modified at any time, without prior notice and information to you.
    2. Any revision of this policy will be implemented upon its posting on our Company's website.
    3. Respecting the principle of transparency, we will inform you of any significant change in our privacy policy that affects you, but we urge you to check our privacy policy periodically, because the use of our services implies your acceptance of it.
    4. The date of application / revision of this policy is indicated immediately below.