First, we provide you with an easy-to-understand summary of the main points of our policy. Then you can find more detailed information about it:
Who we are:
Autoplan was created and is owned by a general partnership called “LIONIS GEORGIO AND CO.”, hereinafter referred to as the “Company” or “we”. The Company has its registered office at 74100 Avatzou and Halkiadakis Street, in Atsipopoulo, Municipality and Prefecture of Rethymnon, P.C. 74100 and its telephone number is 2831055155 and 6973507000 (contact hours: 08:00 – 18:00). Based on the legal framework for data protection, the focus of which is the General Data Protection Regulation (GDPR or GDPR), the Company is the controller of the data you provide to Autoplan.
How we collect your data and why we collect it:
We process various data about you, such as your full name, email address, depending on your relationship with our website and, as a rule, if you contact us via the website or email.
There are some other cases in which we process your data, on a small scale and for a specific purpose, such as through cookies. The legal basis for processing on our behalf is mainly the performance of a contract, but in some cases we rely on our legitimate interest (e.g. safeguarding the security of our information systems) or the existence of a legal obligation (e.g. disclosure of data to competent authorities).
What are your rights?
Under the GDPR, you have the right to:
- be informed about the processing of your personal data
- have access to your personal data concerning you
- request the correction of incorrect, inaccurate or incomplete personal data
- request the erasure of personal data when it is no longer necessary or if the processing is unlawful
- object to the processing of your personal data for marketing purposes or for reasons relating to your particular situation
- submit a request for restriction of the processing of your personal data in specific cases
- receive your personal data in a machine-readable format and send it to another controller (“data portability”)
- make a request so that decisions based on automated processing, which concern or significantly affect you and are based on your personal data, are made by natural persons and not only by computers. You also have the right in this case to express your views and to challenge the decision.
If you believe we are in breach of data protection legislation, you have the right to lodge a complaint with the Data Protection Authority.
How long we store your data:
We store your data for as long as necessary based on our relationship (e.g. if you are a member, what kind of profile you have, etc.), your wishes (e.g. if you request deletion), and the existence of any legal obligation (e.g. tax data). To set the storage period, we always keep in mind the principle of limiting the storage period, and in any case ensure that they are kept secure.
With whom we share your data:
With absolutely no one for direct marketing purposes. We use third party services (processors) for very specific and absolutely necessary services, such as hosting.com or web analytics. We have selected for these services large organizations that provide security guarantees and have contracted with them to provide secure services. In some cases we may be obliged to share data with judicial or police authorities, under strict terms and conditions.
Who we are (Data Controller):
Autoplan is a website addressed to anyone wishing to rent a passenger vehicle from the fleet of the company, which is created, maintained and owned by the general partnership “GEORGIOS LIONIS AND SIA S.A.” (hereafter referred to as “We” or “Company”). We consider the management of your personal data a very serious matter and therefore we make every effort to fully comply with all the rules for their processing, as they result from Greek and European law (you can find the relevant legal framework at the end of the text). We collect certain information about visitors and registered users of Autoplan, which may lead to their direct or indirect identification. Under the applicable legal framework, this information constitutes personal data, you, as visitors or registered users, are the “data subjects” and we, as the Company, are the “data controller” of your data. The purpose of our policy is to explain the following in as simple, understandable and concise a manner as possible:
– What data we process, for what purpose and on what legal basis; How long we store your data for,
– Who are the recipients of your data,
– What are your rights and how you can exercise them?
– What legitimate interests we pursue,
– What applies to your consent when it is necessary,
– What applies to personal data collected through cookies.
Before we begin, however, we would like to introduce you to the basic principles for processing your data:
Autoplan is committed to processing your data in a fair and transparent manner, always in accordance with the applicable legal framework, as reflected mainly in the General Data Protection Regulation (GDPR) and Law 3471/2006. What this means in practice:
– We collect and process your data only for specified, explicit and legitimate purposes,
– We only collect and process data that is necessary for the purposes we set out,
– We make every effort to ensure that your data is accurate, giving you the opportunity to correct/erase it where appropriate,
– We keep your data for the period of time necessary for the purposes we set,
– We make every effort to safeguard the security of your data against unauthorised or unlawful processing and accidental loss, destruction or damage. As part of the protection of the data we process, we implement a range of appropriate technical and organisational measures, adopt internal security policies, provide appropriate training for its staff, who are committed to confidentiality and privacy, and use a range of technologies to ensure the security of your data (e.g. SSL certificate, encryption, certified hosting providers). As required by information security and data protection principles, technical and organisational security measures are regularly monitored and, if necessary, updated and adapted to new best practices.
What data we process about you and for what purpose:
As a general rule, we collect and process data of Autoplan visitors/users only when they provide it directly and voluntarily, so simply visiting the website does not necessarily mean that we process your data. However, this rule may not apply absolutely in two cases: data collected with the help of cookies and certain data collected automatically during your visit.
Data that we collect automatically:
Autoplan contact form:
Data we process:
We provide Autoplan visitors with the opportunity to contact us via a contact form. The data necessary for contacting us are: Name and email
Purpose of processing – Legal basis:
We process the data on the basis of your consent, which you provide by affirmative action before sending your message, in order to provide you with a response. You have the right to withdraw your consent at any time, without prejudice to the lawfulness of the processing based on consent prior to its withdrawal. Sending a single email or submitting a contact form does not make you a member of Autoplan, therefore it is not in itself a sufficient reason for us to include you in our database nor do we retain your data for marketing purposes. Attention. Therefore you should not include sensitive information about you or third parties in your messages.
Information about the management of newsletters:
Autoplan periodically sends out newsletters to its users who have subscribed to the list of update recipients. In each newsletter you receive you have the possibility to unsubscribe, with a link at the end of the email. The legal basis for the processing of your email address is your consent, which you can freely revoke using the relevant link at the end of the email. Autoplan reserves the right to remove any recipient from the newsletter lists without justification. The Autoplan administrators make every effort to ensure the proper functioning of the newsletters, but it is always possible that technical or organisational problems may occur. Autoplan uses the Mailchimp service to send the newsletters. Through this service and with the use of appropriate technologies, we collect statistics on the opening of newsletters and the clicks on them, with the aim of improving our related services. For any issue that arises and for any relevant information regarding the operation of the newsletters, please contact us at [email protected]
Where and for how long do we store your data?
Your data is stored on the Company’s system, which is hosted on a server that uses resources from Hostinger’s data center infrastructure in the Netherlands. The server is managed by appropriate methods, exclusively by strictly limited staff of the Company itself, without the intervention of third parties. As a general principle, we keep your data exclusively for the period of time necessary for the respective processing purpose. There are clearly certain retention periods for each category of data. If you send a message via the contact form to Autoplan, the message and your data will be deleted within 3 months from the date of sending the last message we receive from you. The rules for determining the retention period are derived from data protection rules, best practice in the industry and to safeguard the proper functioning of the Company. However, in addition to the parameters set by the Company itself, there are also conditions set by the competent authorities that must be taken into account. Please note that even if you submit a request for the deletion of your data, it is possible that we may retain some of it, solely due to legal obligations or for the establishment, exercise and support of legal claims.
What are your rights regarding your data and how you can exercise them:
Under the General Data Protection Regulation you have a number of rights in relation to the processing of your data by the Company.
In particular, in relation to Autoplan, you have the:
– Right of access, i.e. to make a request to be informed whether we process data and, if so, what this data is, and some other information, such as e.g. the purpose of processing, recipients, etc,
– Right of rectification, i.e. to request the correction and/or completion of your data,
– Right to erasure, i.e. to request, under certain conditions, the deletion of your data,
– Right to restriction of processing, i.e. to ensure, under certain conditions, that we restrict the processing of your data on our behalf,
– Right to object, i.e. to object at any time to the processing of your data based on our legitimate interest (marketing, information),
– Right to data portability, i.e. to request the data you have provided to us in a structured, commonly used and machine-readable format, if this is deemed technically feasible under the provisions of the GDPR.
Finally, in the event of a data breach, which may put your rights and freedoms at high risk and which does not fall within one of the exceptions provided for in the GDPR, we are obliged to inform you without undue delay.
Compliance with the legal framework for data processing and, in this context, the exercise of your rights, is a priority for the Company. For this reason, we have the right to request additional information necessary to confirm your identity before exercising your rights. In principle, we are obliged to respond to your request promptly and at the latest within one month. If necessary, taking into account the complexity of your request and the number of requests pending for processing, this deadline may be extended by a further two months. In any event, we will inform you as soon as possible and in any event within one month of the submission of your request, of its progress and of the reason for any delay in complying with it. If your requests are manifestly unfounded or excessive, in particular because of their repetitive nature, the Company may either impose a reasonable fee, taking into account the administrative costs of providing the information or of communicating or carrying out the requested action, or refuse to comply with your request. If you believe that we are not complying with data protection legislation, you have the right to lodge a complaint with the competent supervisory authority (in Greece, the Data Protection Authority). For any question or issue you may have regarding our protection of your data, please do not hesitate to contact us at [email protected].
Autoplan has official accounts on the following social media, indicatively Facebook, Instagram, Google Business. With the help of each of the above platforms we collect and process certain data about you (such as your username and photo). The purpose of the processing for all the data we collect about you, whether or not it is anonymised, is to provide updates on our content or to communicate with you by responding to the messages you send us. The legal basis for processing is your consent. You provide your consent by liking or following our pages and posting a review/rating/review and you can withdraw it just as easily, in exactly the same way (unlike, unfollow, delete review). This consent implies your acceptance of our data protection policy, which is listed in a prominent and easily accessible place on each page. If you do not agree with our policy, you must withdraw your consent in an appropriate way (unlike, unfollow, delete review/rating/rating). Based on the above (and the EU Court of Justice ruling), the Company is considered to be the joint controller of your data together with the social media platform. In order to ensure fuller protection of the rights of persons visiting our social media pages, we strictly comply with our obligations regarding the protection of personal data. In particular, the management of social media is part of our internal policy on the protection of personal data. In this context, we implement a series of appropriate technical and organisational measures, such as restricting the persons who have access to the media management, in order to ensure the secure processing of data. As required by information security and data protection principles, technical and organisational security measures are regularly monitored and, if necessary, updated and adapted to new best practices. Important note: We are not responsible for the way or means by which each of the above platforms processes your data. Find out about the policy of these media from the respective Facebook, Instagram, Google Business links.
Comments on social media:
Hyperlinks to third party websites:
Online payment instruments:
Our website uses as payment instruments the services of third parties, namely Paypal (www.paypal.com/webapps/mpp/ua/privacy-full) and i-bank e-Simplify (www.nbg.gr/Style%20Library/ReusableContent/Privacy_statement_en.pdf).
Our content and services are directed solely to persons over the age of 18 and we do not knowingly collect any information about persons under that age. If you are under the age of 18, you may not submit your information to us in any way. Since it is not technically feasible to effectively verify your age in all cases, we are committed, in the event that the submission of personal information relating to minors is reported and verified, to immediately delete all such information. This deletion is without prejudice to the need to retain the information in the event of our establishing, exercising or supporting legal claims, or the provision of consent by a guardian.
Changes in policy and information:
If you have any questions about our Policy or how we process your data in general, you can contact us by email at [email protected] or by telephone at 2831055155 and 6973507000 (contact hours: 08:00 – 18:00).
Legal framework for the protection of personal data Greece: Law 4624/2019, Law 3471/2006, Law 2472/1997, as amended and in force.