Please consult the Glossary found at the end hereof to better comprehend key terms.
1. Collection of your Personal Data by the Camp
The Company must collect personal information in order to carry out day-to-day business operations and services effectively and, more specifically, the services provided by the Company and services related to the object of the Company, as well as for health — medical reasons, and to facilitate communication, strictly and solely in the context of the Company’s object. In certain cases, information is also collected for the Company’s conformity to legislative requirements and/or the regulations it applies.
When you contact us, visit our website, work with us, ask questions or request our cooperation, we may request personal data (including but not limited to: name, address, e-mail address, telephone number, etc.), depending on the relationship between us.
Furthermore, you may voluntarily disclose additional personal data (e.g. when sending a CV) or additional information to us (such as tax or commercial information in the context of your notification or — inquiry of cooperation).
We collect information, whether directly or indirectly, in the following ways:
- Information you send or provide to us during communication with us or when visiting our website using electronic or other means.
- Information we receive from your use of our services or our associates’ services.
- We use various technologies to collect and store information, which may include the use of technologies such as cookies (see §6)
2. Purposes — Legal basis for the Processing of Personal Data
In the context of its operation, the Company is the controller of the personal data of natural persons in order to carry out the purposes of its proper operation and comprehensive provision of services, as set forth in its company statute, and in the context of promotional actions, conclusion of other cooperation agreements and evaluation of CVs. Furthermore, the company processes data belonging to special categories of personal data for reasons of protecting the health and safety of children-campers themselves, as well as public health.
More specifically, the Company processes the following data:
- For Campers — Parents/Guardians
Personal data received from the parent or guardian for the needs of registration and participation of the underage children in their custody in the camp programme. These data are collected in the context of performing the child accommodation contract concluded between us (legal basis: performance of a contract, Article 6(1b) of the GDPR). Furthermore, in order to safeguard the health of your child and other campers, the company is required by law (legal basis: fulfilment of a legal obligation, art. 6 par. 1c of the GDPR) tocollect health data concerning the child from its parents (such as allergies, conditions that require special attention or care, etc.), for the provision of medical diagnosis and care by health professionals (the physicians and nurses of the camp, Article 9(2h) of the GDPR).
- For Associates — Employees
All the information required under the applicable legislation concerning labour, insurance, taxation and children’s camps, as well as under the employment contract concluded between the Company and each associate — employee (legal basis: performance of the employment contract, Article 6(1b) of the GDPR, legal obligation for social insurance and social security, Article 9(2b) of the GDPR, as well as compliance with taxation and other obligations of camps, Article 6(1c) of the GDPR).
- For Job applicants (submitting job applications to our Company)
All information, following an application, in the context of evaluating candidates’ qualifications in order to enter into an employment contract with the Company (legal basis: data subject’s application for an employment contract, Article 6(1b) of the GDPR).
3. Storage of and Access to personal data
In the context of its conformity to the Personal Data Protection Regulation and the relevant Greek legislation, our Company is committed to protecting and ensuring the safety of personal data obtained through the lawful cooperation or communication between the Company and the following categories of natural persons (such as parents, guardians, children, customer, suppliers, staff and other third parties). The Company implements the appropriate technical and organisational measures to protect the foregoing natural persons from unauthorised access, alteration, violation or destruction of the data in its possession. More specifically, the Company controls the collection of data, storage and processing practices, as well as physical security measures.
Data are stored on secure media, in safe databases or at safe locations at controlled Company premises and their transport, where deemed necessary, shall take place using every precaution.
- Access to these data is granted solely to individuals who have signed confidentiality agreements. These data are not disclosed to anyone, are kept absolutely confidential and will be stored at the enterprise’s absolutely protected and controlled premises. The foregoing individuals shall not have access to the personal data after leaving the enterprise. Where external associates could potentially have access to personal data (for maintenance or support reasons), they are bound towards the Company through data protection and confidentiality clauses, in accordance with the requirements of the GDPR.
- Transmission to competent authorities for lawful purposes: These data may be disclosed to competent State services where this is reasonably necessary and for the purpose of conformity with laws, regulations, legal procedures or governmental requests. (insurance bodies, State Authorities, the Greek Manpower Employment Organisation [OAED], etc.).
4.1. Storage period
Personal data belonging to special categories (sensitive data) shall be stored for one year from the date of their notification.
- For Campers — Parents/Guardians
Ordinary personal data shall be stored until the camper’s participation period ends, plus the period required for legal and tax reasons. Data are kept in our company records for a maximum of 10 years from the date of payment of each child’s stay.
- For Associates — Employees
The Company shall store personal data for the effective term of the employment contract, plus the period required for labour and tax reasons. Data are kept in our company records for a maximum of 10 years from the end of our partnership.
- For Job applicants
The Company shall store personal data of job applicants for 2 months after their rejection.
4.2 Photographic material
In the context of promotional actions, the Company intends to take and retain commemorative photographs and videos of the participation of children and employees/associates in athletic, recreational and other activities at the camp, solely with the specific and expressed consent of the parents or guardians exercising parental responsibility. These photographs and videos shall be stored on secure media within controlled Company premises.
The Company may use these photographs and videos on its social media, such as Facebook, Instagram, Twitter, Vimeo, YouTube, as well as on its website, www.kalivas.net, after having obtained the specific and express consent of the parents or guardians exercising parental responsibility. Furthermore, these photographs and videos may be published in information or commemorative documents for promotional purposes.
The Company will destroy any photographs and videos it does not intend to use.
5. Your rights
Our customers, suppliers, employees, associates and website visitors have the following rights in the context of the Personal Data Protection Regulation (which must not contravene the relevant legislation). Your rights as natural persons are the following:
- The right to information and access
- The right to rectify incomplete or incorrect information
- The right to erasure (where there are no legitimate grounds for processing)
- The right to restrict processing (instead of erasure)
- The right to portability (for data provided in electronic form)
- The right to object to processing (where this takes place on the basis of the company’s legitimate interest)
- Obligation of notification concerning the rectification or erasure of personal data or the restriction of processing. Should any change occur to your personal data or those of the underage child in your custody, you must notify the Company without delay.
In order to exercise the foregoing rights, ask any question or lodge any complaint concerning personal data, you can contact the Data Protection Officer by sending an e-mail message with the subject “GDPR-REQUEST” to the e-mail address firstname.lastname@example.org. We are obligated to respond to you within one month of receipt of the request.
Should your request not be answered or should you consider that your data are being processed in breach of the law, you always have the right to contact the Hellenic Data Protection Authority at www.dpa.gr.
The exercise of natural persons’ rights can always take place in the context of the legislation in force (such as taxation or labour legislation).
6. Cookies Policy
Cookies are small text files sent to visitors’ computers and stored on their hard drives. For further information, please consult our Cookies policy, available here:
7. Third-party Websites and Social Media
Our Company maintains pages on Social Media such as Facebook, Instagram, YouTube, Twitter and Vimeo. If you use these pages, your information and data are collected by the Social Media and not by us, therefore you must change your settings depending on Social Media you visit. The Company cannot control the Privacy Policies of other websites, and we undertake no responsibility or obligation for the actions of other parties.
8. Your consent and its withdrawal
In the context of:
- its conformity with the General Data Protection Regulation (EU) 679/2016 and the relevant national legislation
- respect for the protection of privacy and the security of personal data
and adhering to the relationship of trust it has cultivated through long-standing cooperation with parents/campers, its employees and its associates, the Company needs your consent in order to continue informing you in print and electronically about its services and news concerning the Company’s object.
In order to grant or withdraw your consent to receiving information or if you wish to lodge a complaint, you can contact us at any time at email@example.com.
You must be aware that: Consent is only one of the 6 legal bases for the processing personal data provided for in legislation. Therefore, if there is a different legal basis, e.g. a contract between us for the accommodation of your child, no consent will be requested with regard to the data necessary for performing this contract, as the performance of the contract would not be possible without those data. This shall also apply where a legal provision requires us to use your personal data, e.g. your tax information, due to being obligated to issue a tax document for the transactions between us.
Therefore, you must take the following into account:
Our Company will collect and process only the personal data that it is lawfully permitted to collect and process, e.g.:
- Where there is a relevant legislative requirement (e.g. use of your TIN to issue a tax receipt).
- Processing necessary for the performance of a contract to which the data subject is a party (e.g. use of your full name and contact details for the communication between us in the context of our cooperation).
- Processing necessary for the performance of a legitimate interest of the company (e.g. use of a video surveillance system to protect persons and goods from criminal offences).
- Processing necessary to protect the vital interests of the natural person (only in exceptional cases of a medical emergency).
You may be requested to grant your consent if none of the above legal bases applies.
Where consent is the legal basis for the processing of certain personal data, e.g. recording and using photographs or videos at the camp, then this consent will be requested using a special physical or electronic form and, should you grant your consent, you will have the right to withdraw it freely, resulting in processing ceasing thenceforth. In order to exercise your right to withdraw the consent you granted, you can contact us at firstname.lastname@example.org.
The applicable law is Greek law, as it stands in accordance with the General Data Protection Regulation (2016/679/EU), and, generally, the applicable national and EU legislative and regulatory framework for the protection of personal data.
We update this Policy whenever this proves necessary. If significant changes occur to the Policy or the way in which we use your personal data, we will upload the update to this Policy to our website.
The Company’s registered offices are located at 1, Ierea P. Karatasiou Street, Harilaou, GR-54250, Tel.: 2310 220502, and the Company is responsible for the collection, processing and storage of your data.
Last revised on: 10 January 2020
*GLOSSARY (to better comprehend this Policy):
‘Personal data’ means any information relating to a natural person who can be identified, directly or indirectly, e.g. a name, identity card or passport number, residential address, e-mail address, an online identifier (e.g. cookies, IP address) or characteristics specific to the physiological, genetic, mental, economic, cultural or social identity of that natural person, including the image of a natural person (photographic material, videos).
- The person (natural person) to whom the data refer is called the data subject.
Each company handling personal data concerning living natural persons within the EU is obligated to conform to General Regulation (EU) 2016/679 on the Protection of Personal Data, also known as the GDPR.
‘Processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of personal data, whether in electronic form (electronic file) or hard copy (physical file).
- ‘Controller’ means any natural or legal person of the public or private sector that keeps and processes personal data.
- ‘Processor’ means any natural or legal person of the public or private sector that processes data on behalf of a controller.