Effective date: May 01, 2023
The limited Partnership company under the name “Gaki Danai Kai Sia E.E.(L.P .) ” Is the controller of the personal data of the user of the website, https://santoriniphotoshoot.com, with the distinctive title “Santorini Photoshoot”.
The respect for your personal data and the protection of it is a priority for Gaki Danai Kai Sia E.E. and we are therefore committed to keeping your personal data safe. We understand and take seriously the fact that you are informed and interested in the way your personal data is being processed.
Who We Are
Gaki Danai Kai Sia E.E.(L.P .) is a Limited Partnership Company based in Greece. The head office is in Peiraeus, Pl. Ippodamias, No. 8, P.C. 18531. Gaki Danai Kai Sia E.E. is a registered company offering Photography Services.
Explanation of basic terms
Personal data: any information concerning and identifying a person, such as identification information (name, age, residence, occupation, marital status, contact details, etc.), physical characteristics (weight, height, etc.), education (studies, grades), work (pre-service, work behavior, etc.), financial situation (income, assets, economic behavior), interests, activities, habits. The person (natural person) to whom the data refers is called the data subject.
Sensitive Personal data: racial or national origin, political opinions, religious or philosophical beliefs, trade union membership, genetic or biometric data for the purpose of unambiguous identification of a person, data relating to the health of the subject, data relating to his or her love life or sexual orientation, criminal prosecutions and convictions, as well as the participation in associations of persons related to them.
Processing of personal data: any transaction carried out, with or without the use of computers, in personal data or in sets of personal data, such as collection and registration, organization, structure, storage, adaptation or alteration, retrieval and search for information, use, disclosure by transmission, dissemination or any other form of disposal, association or combination, restriction, deletion or destruction.
Controller: the natural or legal person, public authority, service or other body which, alone or jointly with others, determine the purposes and manner of the processing of personal data.
Processor: the natural or legal person, public authority, service or other body processing personal data on behalf of the controller.
Recipient: the natural or legal person, public authority, service or other body to which personal data is disclosed, whether third party or not.
Consent of the data subject: any indication of will, free, specific, explicit and fully informed, by which the data subjects declare that they agree, by a declaration or with a clear positive action, to process the personal data concerning them.
Breach of personal data: a breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access to personal data transmitted, stored or otherwise processed.
Categories of Data Subjects
What personal data we collect and why
When you browse the Site
When you visit the Site just to browse the materials located on it, you do so anonymously unless you choose to provide us with information about yourself. In that case, we only gather and store automatically certain information about your visit, which does not identify you personally.
Information gathered automatically is used for, among other things, site management, compiling reports of usage statistics, and, in the case of suspected unauthorized activity, for law enforcement and possible criminal prosecution.
The following are representative of the types of information automatically collected and stored about your visit:
(a) The Internet domain and Internet Protocol (IP) address from which you access the Site;
(b) The type of Internet browser and the operating system of the computer you use to access the Site;
(c) The date and time you visit the Site;
(d) The pages you visit on the Site;
(e) If you linked to the Site from another web site, the address of that web site; and/or
(f) If you linked to the Site from a search engine, the web site address of that search engine and the search term you used.
When you use our online services
Santorini Photoshoot intends to offer online services in order to make its services more convenient and easily accessible. If you want to use our online services, Santorini Photoshoot will collect information relevant to the services which you wish to avail and will use that information only to serve you. Santorini Photoshoot will not use the information for any other purpose without your permission.
When you submit your CV
The CV you submit will be used for the purposes of assessing your suitability to fill one of the vacancies of our Center or collaborate with our Center, of your identification and of our communication with you, in the context of the staffing of our business.
When you send us an e-mail or fill the online form using our Submit your case or contact us page
Except as otherwise indicated, if you choose to submit a question, feedback, comment or information about a case via e-mail or using our online form, providing us with your name and your contact details, we will use the information that you have provided only to respond to your request.
When you subscribe to our Newsletter
Your personal data will be used solely in order for us to send you our Newsletter. You can unsubscribe at any time, if you wish so, either by clicking the Unsubscribe button at the end of each newsletter or by sending an e-mail at firstname.lastname@example.org
How we collect your personal data
Lawful basis for processing personal data
Our Center processes your personal data only if there is a relevant lawful basis.
The processing of your personal data for the provision of our services to you is based on the conclusion and performance of a contract or – at your request – on preparatory actions for the conclusion and performance of a contract.
The processing of your personal data for marketing and promotional purposes or for your convenience and for the provision of privileges to you is based on your consent.
In some cases, the processing of your personal data is necessary for the purposes of our legitimate interests, provided that they do not have a serious impact on your fundamental rights and freedoms, or for the purposes of complying with the law.
How long and where we store your data
The personal data submitted to the above processing purposes will be kept by our Center for the period deemed absolutely necessary for the fulfillment of the above purposes and in accordance with the law.
Personal data, relating to the data subjects’ dealings and transactions with the Center, as well as the updating, consent and withdrawal of their consent to the processing of their data, will remain as information for as long as necessary and in accordance with the law to ensure the proof of the legality of the processing of the data by the Center and to safeguard the legal claims of the parties and the compliance of the Company with its legal obligations.
The data that we process on the basis of your consent shall be kept until your consent is revoked or until the expiration of the time for which it has been agreed that you are giving your consent or until it is no longer useful to us, depending on the purpose of the processing.
Your personal data is stored securely in electronic and physical folders, as appropriate, in the server and in the cloud back up of our website.
For any clarifications concerning where and for how long we keep your personal data please contact us at email@example.com
Right to information:
You have the right to receive clear information about how we use your personal data. For example, how we receive your personal data, where it will be stored, for how long, for which purpose and so on.
Right of access:
You have the right to access your personal data as long as you contact us. We will try to serve you as quickly as we can in relation to our workload. Right to correction: You have the right to request that we correct your personal data if it is incorrect or out of date.
Right to deletion / right to be forgotten:
You have the right to request the deletion of your personal data from our computers and records provided that this does not contravene our legal and regulatory obligations.
Right to withdraw consent:
You may withdraw your consent to the processing of your personal data even if the processing has been taking place with you consent so far. If this withdrawal deprives us of the ability to perform the contract that we have agreed on with you, you should contact us again in order to find a new way of working together that benefits both sides.
Right to object to processing on the basis of legitimate interests:
If you feel that you have a legitimate interest, you have the right to object to the processing of your data.
Right to data portability:
You have the right to transfer your data from our database to another.
Right to restrict processing:
You have the right to request that we restrict the processing of your data (e.g. we may store it but not use it or process it) in accordance with the GDPR.
Right to disable Cookies: You have the right to choose whether and which cookies you will accept, with the exception of the necessary cookies, i.e. what is strictly necessary for the operation of our website.
Finally, you have the right to lodge a complaint with the competent Greek independent authority, which is the Data Protection Authority (http://www.dpa.gr/).
When and how we transfer your personal data to others
Your personal data is processed internally in the Center by the personnel strictly necessary for this purpose, who grant it confidential treatment.
As part of our activities, we collaborate with third-party partners who provide services on our behalf. Thus, we may need to share your personal data with them. However, we share with them only your personal data which is necessary so that they can provide the services we ask them for and we ensure that they have the appropriate security and protection measures for your personal data, that they process it only in accordance with our instructions and in order to fulfill the contract between us and that they do not use it for other purposes.
Our Center requires its employees, as well as its third-party partners to take all necessary technical and organizational measures, including appropriate policies and procedures, to protect and prevent the disclosure of the personal data they process during and because of their work.
Furthermore, your personal data may be transmitted to the competent authorities (e.g. Judicial authorities, Greek police, audit bodies) and only to them, if this is required by a provision of law or a court order or a prosecutor’s order, as well as in order to protect the rights of the Center.
We do not offer or sell your personal data.
Transmission of personal data outside the EU
Your personal data that we collect and process is first and foremost transmitted and processed in the European Union. In case your personal data needs to be transmitted outside the EU we will make sure that there is an adequate level of protection of your personal data in accordance with the GDPR.
Security – Measures we take to protect your data
When you give us your personal data, we take steps to ensure that it is kept secure. In order to protect your personal data, we take physical, technical and organizational measures to protect it whether it is in physical or electronic form. We update and control the security technology we use on an ongoing basis. We restrict access to your personal data to those employees who need to know this data in order to provide benefits or services to you. In addition, we educate employees on the importance of confidentiality and maintaining the privacy and security of your personal data.
Among other things, we have implemented the following technical and organizational measures and procedures to protect your personal data from any loss, alteration or unlawful processing:
anonymization / pseudonymization where possible;
use of antivirus;
access to the company’s electronic media only using password;
detection and management of security breach incidents;
sending e-mail to you using security protocols that guarantee, as far as possible, the prevention of data leakage;
measures for the physical safety of printed material and IT devices, such as locking cabinets with documents, fire protection system, alarm system.
In addition, www.santoriniphotoshoot.com has an SSL certificate. The Secure Sockets Layer (SSL) protocol is currently the global standard on the internet for certifying websites to web users and for encrypting data between web users and web servers. An encrypted SSL communication requires all information sent between a client and a server to be encrypted by the sending software and decrypted by the acceptance software, thus protecting personal information during its transfer. Additionally, all information sent with SSL is protected by a mechanism that automatically verifies whether the data has been changed during transport.
How to contact us
Changes and Updates