This document describes our policy regarding the personal data we collect from visitors to our pages (hereinafter “users”). The data controller of your personal data is Ktima Pavlidis S.A. In our website’s daily activities, we process data concerning natural persons including:

• Customers
• Minors
• Visitors to our website
• Other interested parties (employees, suppliers)

Our company complies with the General Data Protection Regulation (2016/679 EU GDPR) and any other European and national legislation concerning personal data protection, electronic communications, etc., and is committed to always ensuring the protection of your data:

• Data is collected for specific, clear, and lawful purposes and is not further processed in ways incompatible with these purposes.
• We collect the necessary personal data for each processing purpose and process it lawfully, fairly, and transparently concerning the data subjects.
• We ensure the data is as accurate and up to date as possible and retain it only for the necessary period for the purposes for which it is processed.
• In any case, the criterion we use to determine the retention period is based on the need to comply with any relevant legal requirements and the principle of data minimization.
• We process data electronically and manually and take all appropriate measures to protect personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organizational measures.

Collection, Purpose, Legal Basis of Processing, and Retention Time of Your Data

1. Data We Collect Automatically Through Our Website 

The website http://www.ktima-pavlidis.gr/ uses the SSL (Secure Sockets Layer) protocol which encrypts data exchanged between two devices (most commonly computers), establishing a secure connection between them via the internet, thus protecting your personal data. When you visit our website, our server collects the so-called server log files, specifically:

• Date and time of entry to the website.
• The volume of data sent in bytes.
• The browser and operating system used to access the website.
• Internet Protocol (IP) address when you access the website. The IP address is personal data along with the date and time of your visit, although we cannot identify you solely with this data.

The legal basis for collecting your IP address and keeping it in special files (log files) is our legitimate interest in processing this data to ensure the security of information networks and services from accidental events or illegal or malicious actions that compromise the availability, authenticity, integrity, and confidentiality of stored or transmitted data (e.g., ddos “denial of service” attacks), as well as our legal obligation to provide a more secure environment for processing your personal data (GDPR Article 6 paragraph 1(f) and (c)). Data will not be transferred or used in any other way. However, we reserve the right to review the server log files if specific indications of unauthorized use are identified.

2. Customer Data

When you visit our company, we collect your personal data such as full name, patronymic, email, postal address, gender, age, occupation, address, and any other information related to providing legal services to you. The purpose of processing your data is to provide you with the requested legal services, and the legal basis for processing is the execution of our contract (Article 6 paragraph 1(b) and Article 9 paragraph 2(h) GDPR) as well as our compliance with legal obligations. The retention time for your data is as required by law and possibly longer if legal claims arise. Note that we do not have a publicly accessible directory of our subscribers/users’ email addresses. Therefore, any personal data (e.g., usernames, etc.) appearing anywhere on the pages and services of the Data Controller’s website are intended exclusively for ensuring the operation of the respective service and are not permitted to be used by any third party without complying with the legislation regarding the protection of personal data processing as applicable. The Data Controller acts according to the applicable legislation and aims to best apply correct internet practices. Your personal data is securely retained as long as you are registered for a service of the Data Controller and is deleted after the termination of your transactional relationship with the Data Controller.

3. Data We Collect Through Email and the Contact Form

During our communication via email and the contact form, we collect your name, email address, and any other information you provide. This data is stored and used exclusively to respond to your request. The legal basis for processing your personal data is your consent (GDPR Article 6 paragraph 1(a)). Your data will be deleted after the final processing of our communication. This will occur upon the completion of the purpose and scope of our communication, provided there are no legal requirements to retain such data.

4. Newsletter Subscription

With your consent, we will collect your email to send you newsletters with our news and articles that you may find interesting. The legal basis for processing is your consent (GDPR Article 6 paragraph 1(a)), and you have the right to withdraw it at any time.

5. Supplier Data

For the execution of our contract, we collect our suppliers’ data such as full name, address, contact details, shipping information, financial data provided by you. The legal basis for processing your data is the execution of the contract and our compliance with legal obligations (GDPR Article 6 paragraph 1(b) and (c)). We retain the data for up to twelve years from the last service provision or as required by tax and other relevant legislation.

Who Has Access to Your Data. Data Transfers

Your data is accessible to our employees and any other person authorized to process your data during their duties. Additionally, we collaborate with third parties, natural or legal persons, independent consultants, etc., providing us with commercial, professional, or technical services (e.g., website hosting, accounting services, transport services) for the above purposes and support our business wholly or partly in relation to our activities. These third parties will act as Joint or Independent Controllers, Processors, or persons authorized to process personal data for the same purposes mentioned above with the same security measures and in accordance with the applicable legal obligations. Before third parties receive personal data, we will: (1) complete a privacy review to assess their privacy practices and related risks; (2) obtain contractual guarantees from these third parties that they will process personal data according to our instructions and comply with this Policy and applicable law, immediately notify our business of any Data Protection or Security incidents, failure to comply with the standards set in this Policy and existing legislation, cooperate in rectifying any such incident, assist us in responding to individuals’ rights, and allow the Data Controller to audit their processing concerning compliance with these requirements.

Finally, data may be further transferred to public authorities and institutions as well as our legal advisors (lawyers and insurance companies) for legal purposes. Apart from the above, Data will not be disclosed to third parties, private individuals, or legal entities and will not be disseminated.

Our business does not transfer Personal Data outside the EU, and if it needs to (e.g., to use Cloud services), it will do so under the terms and conditions provided in Articles 44 and following of the GDPR, such as your consent, the application of standard contractual clauses approved by the European Commission, or in countries considered safe by the European Commission.

Use of Cookies 

To ensure the proper operation of the website and better navigation, as well as to provide better services, we use cookies. Cookies are text files with information that the web server (web server of the Data Controller) stores on your computer when you visit this website. This way, the website remembers your actions and preferences for a certain period, to avoid re-entering these preferences each time you visit the site or browse its pages, personalize online advertisements, analyze traffic, or other statistical analysis, and provide the services you have requested. Only the Data Controller and its specially authorized associates have access to any cookie-related information. You can control and/or delete cookies as you wish.

Details can be found on the website:

Details about Google policy:
If you choose to disable cookies on the website http://www.ktima-pavlidis.gr, the functionality of some pages may be lost or reduced.

Security and Data Integrity 

The Data Controller implements reasonable technical and organizational security policies and procedures to protect personal data and information from loss, misuse, alteration, or destruction. Additionally, we strive to ensure that access to your personal data is limited to those who need to know it. Those who have access to the data are obliged to maintain the confidentiality of this data. Please note that the transmission of information over the internet is not completely secure. Although we make every effort to protect your personal data, we cannot guarantee the security of data transmitted to our website. Upon receiving your data, we will apply strict security procedures and functions to try to prevent unauthorized access.

Links to Other Websites 

Our website may contain links to other websites governed by different privacy statements whose content may differ from this Privacy Statement. Please review the privacy policy of each website you visit before submitting any personal data. Although we strive to provide links only to websites that share our high standards and respect for privacy, we are not responsible for the content, security, or privacy practices of other websites.

Minor Data

When it is necessary to process minor data, meaning, according to the GDPR, those under 15 years old, processing is only done with the written and explicitly expressed consent of the persons who have parental responsibility for the minor. In any case, we make reasonable efforts to verify that the consent is given or approved by the person who has parental responsibility for the child, through identity verification and any other available information.

Data Subject Rights

You can contact us by mail or email at the addresses mentioned in paragraph (1) above to exercise your rights according to Articles 15 ff. of the GDPR. For example, you can request an updated list of people who have access to your data, receive confirmation of whether we process any personal data related to you, check their content, source, accuracy, and location (including in relation to any third country), request a copy, request their correction and restrict their processing, or even their deletion, if applicable. Similarly, you can always provide comments and file complaints with the Greek Data Protection Authority, 1-3 Kifisias Ave., GR 115 23, Athens, Tel: +30-210 6475600 or at http://www.dpa.gr/.

 Changes to this Policy

The Data Controller frequently reviews this Policy and may modify or revise it periodically at its discretion. When changes are made, we will record the modification or revision date in the Policy. The updated Policy will apply to you and your information from that date. We encourage you to periodically review this Policy to check for any changes in how we handle your personal data. This Statement was last updated in October 2020.

Contact Us

If you have any questions, comments, or complaints regarding our handling or protection of your personal data, or if you wish to modify your personal data or exercise any of your rights as a data subject, please contact us at [email protected].

Data Controller’s Statement on “Personal Data Protection”

The increasing economic and scientific collaborations and mutual provision for data processing services have resulted in the exchange of personal data, a trend reinforced by the growing use of modern telecommunication means. For these reasons, it is essential that data processing is carried out carefully. The Data Controller states that compliance with the principles governing data protection for such processing is a goal, as it is committed to respecting individuals’ rights and privacy. The Data Controller handles personal data with special care and always in accordance with Regulation EU 2016/679, the applicable National Law, and current legislation.
For the purposes of this Directive, the following definitions apply:

Data Subject: any natural person whose personal data are being processed by or on behalf of the Company.

Personal Data: any information relating to an identified or identifiable natural person concerning their physical, physiological, psychological, emotional, or economic condition, cultural or social identity.

Processing: any operation or set of operations performed on personal data, such as collection, recording, storage, modification, analysis, use, association, locking (blocking), deletion, or destruction.

1. Data Controller and DPO

The Data Controller is Ktima Pavlidis S.A.

2. Data We Process 

With your consent, we process the following usual and sensitive personal data that you provide when interacting with the website www.ktima-pavlidis.gr, using the services and functions it provides. These data include your name and surname, contact details, address, and the content of specific requests, updates, or reports, as well as additional data that the Data Controller may obtain from third parties, among other sources, in conducting its business activities (“Data”). To fulfill the requests, you submit through the contact form and provide updates on adverse events, you must consent to the processing of data marked with an asterisk (*).
Without these mandatory data or your consent, we cannot proceed further. Conversely, the information requested in fields not marked with an asterisk and your consent to receive informational material is optional, and not providing them has no consequence.
In any case, even without your prior consent, the Data Controller may process your data to comply with legal obligations arising from laws, regulations, and EU law, to exercise rights in legal proceedings, to pursue its legitimate interests, and in all cases provided for in Articles 6 and 9 of the GDPR.
Processing is carried out both electronically and in printed form and always involves the application of security measures required by current legislation.

3. Why and How We Process Your Data

The data are processed for the following purposes:
(i) to handle requests, you submit via the “Form,” to subsequently communicate with you, or to provide information through it. The legal basis for processing personal data for this purpose is your consent (Article 6(1)(a) and Article 9(2)(a) of the GDPR) and the performance of a contract to which you are a party as a data subject.
(ii) to manage reports of adverse events submitted through the Website or Forms. The legal basis for processing for these purposes is your consent (Article 6(1)(a) and Article 9(2)(a) of the GDPR), as well as the pursuit of any public interest (Article 9(2)(i) of the GDPR) and legal obligations.
Additionally, but only with your optional consent which constitutes the legal basis for processing according to Article 6(1)(a) of the GDPR:
(iii) to receive promotional material (direct marketing) from us.
By selecting the appropriate boxes, you agree to the processing of your data for these purposes.
Your data may be processed even without your consent, for reasons of compliance with laws, regulations, EU law (Article 6(1)(c) of the GDPR), to obtain statistical data on website usage and its proper functioning (Article 6(1)(f) of the Regulation).
Personal data are entered into the Data Controller’s information system in full compliance with data protection legislation, including security and confidentiality profiles, and are based on principles of good practice, legality, and transparency regarding processing.
Data are stored for as long as necessary to achieve the purposes for which they were collected. In any case, the criterion used to determine this period is based on the compliance with time limits set by law and the principles of data minimization, storage limitation, and rational file management. All your data will be processed in printed or automated form, ensuring an appropriate level of security and confidentiality.

4. Principles Applied During Processing

We are allowed to process your personal data to provide personalized services, based on law (Article 6(1)(b) of Regulation (EU) 2016/679) and the relevant National Implementing Law. Your personal data are not used for other purposes, except those described in the Statement unless we receive your prior permission or unless required or permitted by law. Personal data are processed in a manner compatible with the purpose for which they were collected. The principle of proportionality applies when processing personal data. Among other things, it creates an obligation not to collect personal data without reason. Personal data used should be accurate and up to date.
Personal data used that are no longer accurate and complete should be corrected or deleted.
Except where lawfully required to be retained for a longer period, personal data are not kept longer than necessary for the purposes for which they were collected or processed.
Processing of personal data is done in good faith. This means that data subjects can rely on processors to exercise due care in all matters of data processing.
Data subjects whose personal data have been processed will be informed accordingly, if requested. Specifically, they have the right to be informed about the purposes for which their data are processed, the type of data concerned, and the identity of the data recipients. Where necessary, data subjects also have the right to request the correction, non-transmission, or deletion of their data.
The above rights may only be restricted if the restriction is provided for by law. This applies to the conduct of scientific research. Personal data are specifically protected against unauthorized disclosure and any unlawful processing. The measures implemented ensure a level of security appropriate to the nature of the data to be protected and the risks that may arise from their processing.
The data controller is responsible for compliance and application of Regulation EU 2016/679 and the National Implementing Law.
Our employees involved in processing personal data are appropriately informed and trained. Procedures for processing personal data of third parties by agreement will be defined in writing, ensuring that the contracting third party processes personal data securely and complies with the principles set out in this Statement and the GDPR EU. If the third party is deemed unable to ensure a satisfactory level of data security, we will terminate the cooperation.

5. Persons with Access to Data

The Data are processed electronically and manually according to the procedures and practices related to the above-mentioned purposes and are accessible by the Data Controller’s staff authorized to process Personal Data and supervisors, particularly employees in the following categories: technical staff, Information and Network Security personnel, and administrative staff as well as other members of staff who need to process the data to perform their duties. Data may also be shared with countries outside the European Union (“Third Countries”): i) to institutions, authorities, public bodies for institutional purposes; ii) to professionals, independent consultants – whether working individually or collectively – and other third parties and providers who provide the Data Controller with commercial, professional, or technical services required for Website functions (e.g., IT and Cloud Computing services) for the purposes mentioned above and to support the Company in providing the services you requested; iii) to third parties in the event of mergers, acquisitions, business transfers, or the sale of Company assets, verification, due diligence, and other transactions; iv) to other third parties when required by law, including in connection with legal proceedings, in response to requests from competent legal authorities, and to protect and defend our rights and property.
These recipients only receive the necessary data to perform their specific duties, and they duly undertake to process them only for the purposes mentioned above and according to data protection laws. Data may also be shared with other legitimate recipients as specified by applicable laws. Except for the above, the data will not be shared with third parties, whether legal or natural persons, who do not perform commercial, professional, or technical functions for the Data Controller, and will not be disclosed.
Data recipients process the Data, as applicable, as Data Controllers, Processors, or persons authorized to process Personal Data for the same purposes mentioned above and according to applicable data protection laws.
As regards data transfer outside the EU, even to countries whose laws do not guarantee the same level of protection for personal data privacy as the laws within the EU, the Data Controller informs that the transfer will, in any case, be carried out according to the methods permitted by the GDPR, such as based on user consent, standard contractual clauses approved by the European Commission, selecting parties participating in international programs for the free movement of data (e.g., EU-USA Privacy Shield) or operating in countries considered safe by the European Commission.

6. Your Rights

If you wish, you can request at any time to exercise the rights recognized by the GDPR, including:
• to know whether we hold and/or process your personal data and to access them fully, including their source, accuracy, and purpose of processing;
• to request updates, corrections, integrations, and deletions of your data, if they are incomplete, erroneous, or have been collected in violation of the law, and to object to their processing for legitimate reasons;
• to request the restriction of data processing;
• to object to data processing for marketing purposes or profiling for direct marketing purposes;
• to withdraw your consent;
• to request the portability of your data processed electronically, provided based on your consent or a contract.
The Data Controller will not delay in responding to you within the time limits prescribed by applicable law and regulation, and in any case, within 30 days from the receipt of your request. To exercise your rights, you can contact the Data Controller, at the addresses provided above, or by email at [email protected].
If you believe that the processing of your personal data violates GDPR, you have the right to lodge a complaint with the competent data protection supervisory authority, the Greek Data Protection Authority, based in Athens, Greece (www.dpa.gr), as specified in Article 77 of the GDPR, or to take legal action.

7. Personal Data Security

The Data Controller implements specific technical and organizational security procedures to protect personal data and information from loss, misuse, alteration, or destruction. Our partners who support the operation of this website also comply with these provisions. The Data Controller makes every reasonable effort to keep the personal data collected only for the period necessary for the purpose for which it was collected or until deletion is requested (if this occurs earlier), unless it continues to be retained as required by applicable law.

8. Revisions of the Statement

We reserve the right to modify or periodically revise this Statement at our absolute discretion. If changes are made, the Data Controller will record the date of modification or revision in this Statement, and the updated Statement will apply to you from that date. We encourage you to periodically review this Statement to check for any changes in how we handle your personal data.
This constitutes a Statement of Compliance with the provisions of Regulation EU 2016/679 and the National Implementing Law.
Date 8/5/2024