Privacy Policy

1. Introduction and Purpose of the Policy

The purpose of this Data Protection Policy is to:

• To inform the users and partners of the application frini.club regarding the types of personal data collected, how they are processed, and the rights arising from data protection legislation.
• To ensure that all data processing is carried out with full transparency and in accordance with the highest security standards.
• To demonstrate the application's commitment to the protection of personal data, the reliability and security of transactions, while also incorporating local regulations and practices applicable in the Thessaloniki area.

2. Collection and Processing of Personal Data

2.1. Types of Data Collected

For Member Verification:

• Personal Information: First Name, Last Name, Email, Phone Number, ID Number, Tax Identification Number (TIN).
• Purpose: The collection of the above data is aimed at user identification, ensuring reliability, and providing secure access to the application.

For Business Verification:

• Business Information: Tax Identification Number (TIN), Tax Office (DOY), and possibly other relevant supporting documents.
• Purpose: The verification of the legal validity of the business and ensuring that only authorized providers have access to the services of the dashboard.

For Application Operation:

• Technical and Analytical Data: Information about the use of the application, cookies, browsing data, and transaction details.
• Purpose: The improvement of services, analysis of user experience, and optimization of the platform's functionality.

3. Legal Framework and Compliance with GDPR

3.1. Basis for Data Processing

The application frini.club processes personal data exclusively based on:

• User Consent: The active consent of the user during registration and use of the platform.
• Legal Obligation: Compliance with the provisions of Greek legislation (e.g., Law 4624/2019) and the GDPR for data protection.
• Public Interest Purpose: To ensure transparency in transactions and consumer protection.

3.2. Rights of Data Subjects

Users have the following rights under the GDPR and Greek legislation:

• Right of Access: Access to the personal data held about them.
• Right of Rectification: Correction of any inaccurate or incomplete data.
• Right to Erasure ("Right to be Forgotten"): Request for the deletion of personal data when they are no longer necessary for the purposes for which they were collected.
• Right to Restrict Processing: Imposition of restrictions on the processing of data.
• Right to Data Portability: Receipt of personal data in a structured, widely used, and machine-readable format.
• Right to Object: Objecting to the processing of data, particularly when it is based on legitimate interest.

Users can exercise the above rights by contacting the data protection officer of the application through the official communication channels.

4. Security Measures and Technical Procedures

4.1. Technical Measures

• Encryption: All data is transmitted and stored through encryption to protect it from unauthorized access.
• Encryption: Access to the data is restricted to authorized personnel, using multiple layers of authentication.
• Regular Security Audits: Regular security audits and system updates are conducted to prevent potential breaches.

4.2. Organizational Measures

• Staff Training: The staff of the application is regularly trained on data protection and information security topics.
• Access Policies: Clear access policies and control procedures are established to ensure compliance with security standards.
• Internal Procedures: Internal procedures are implemented for detecting, recording, and addressing data breach incidents.

5. Data Deletion and Management Procedure

5.1. Deletion Procedure

• Retention Period: Personal data is retained only for the period necessary to complete the verification process and conduct transactions.
• Automatic Deletion: Upon completion of the verification or fulfillment of the collection purpose, the data is automatically deleted from the system in accordance with internal storage policies.
• Deletion Request: Users can submit a request for the immediate deletion of their data, which will be processed in accordance with legal obligations and procedures.

5.2. Incident Handling

In the event of a data breach:

• Immediate Response: Immediate actions are taken to contain the incident and restore the data.
• Notification of Authorities: In the case of serious breaches, the relevant regulatory authorities are immediately notified in accordance with the provisions of the GDPR and Greek legislation.
• Communication with Users: Users will be promptly informed of any incident and the measures taken to protect their personal data.

6. Local Legislative Provisions and Implementation in Thessaloniki

6.1. Compliance with Greek Legislation

• Greek Standards: The application frini.club It complies with all provisions of Greek legislation for the protection of personal data, including the provisions of Law 4624/2019 and relevant regulations.
• GDPR Implementation: The application fully implements the GDPR guidelines, ensuring high standards of data protection and security.

6.2. Special Provisions for Thessaloniki

• Local Jurisdiction: In the Thessaloniki area, where significant business activities and technological innovations are concentrated, the application is committed to collaborating with local authorities and legal advisors to enforce and comply with the specific legal requirements.
• Implementation Practices: Due to the local market peculiarities in Thessaloniki, additional data control and management measures are implemented, designed to meet the specific needs of businesses and consumers in the area.
• Collaboration with Local Authorities: In cases of legal disputes or violations, collaboration with the local authorities and courts of Thessaloniki ensures a swift and effective resolution of issues in accordance with the local legal framework.

7. Transparency, Information, and Communication

7.1. User Information

• Continuous Updates: The application is committed to regularly informing users of any changes to the data protection policy, processing procedures, or security measures.
• Notifications: Users will receive official notifications via email and/or the application regarding any modifications or updates, ensuring complete transparency at all times.

7.2. Appointment of Data Protection Officer

• Data Protection Officer (DPO): The application has appointed a dedicated Data Protection Officer who is available for any inquiries, requests to exercise rights, or resolution of issues related to the processing of personal data.
• Communication Channels: Users can contact the Data Protection Officer through the official communication channels listed in the application for immediate support and resolution of any issues.

7.3. Corrective and Explanatory Procedures

• Evaluation and Review: The data protection policy is regularly reviewed to align with developments in the legal framework and technology. If weaknesses or deficiencies are identified, corrective measures are promptly taken.
• Training and Awareness: The application invests in continuous staff training and user awareness regarding their rights and best practices for managing their personal data.

8. Final Provisions and Commitment to Continuous Improvement

The application frini.club It is fully committed to protecting the personal data of its users, implementing all necessary measures to ensure that data processing is carried out with transparency, reliability, and security. At every stage of its operation, from collection and processing to deletion and updates, the standards set by the GDPR and Greek legislation are strictly adhered to.

Users acknowledge that, by accepting this policy, they agree to all the procedures and protection measures that have been implemented. The application will continue to monitor and adapt to changes in the legal and technological environment, thereby ensuring continuous protection and transparency in the processing of personal data.