PRIVACY POLICY

Privacy Policy

The company BEYOND ESTATES Single Member S.A., trading as COLDWELL BANKER GREECE, whose registered offices are in the Municipality of Marousi, Athens Northern Sector, entered in the General Commercial Register with GCR No. 185423803000, acting as agent in Greece of COLDWELL BANKER LLC (hereinafter "we" or "the Company") are responsible for processing your personal data while you are visiting our website and using our other services. We are committed to respecting and protecting the personal data of visitors to our website and users of our services and are obliged to inform you in a transparent manner about how we process your data in accordance with the provisions of the relevant national and Community law.

We reserve the right to amend and update this Privacy Policy whenever that is considered necessary. If there are changes to this document, we will post the new version on our website. For this reason, please read this Privacy Policy carefully and check our website from time to time.

1. Purpose of the Policy

The purpose of this Policy is to inform you about the type of personal data collected by the Company, the purpose and method of processing (collection, storage, use, transmission), the protection and security measures adopted, and the rights of data subjects in relation to such processing; in all events processing is done in accordance with the provisions of the relevant legislation, in the most reliable and transparent manner. Given that it collects and processes personal data, the Company has made a strong commitment to process it in accordance with the General Data Protection Regulation (Regulation (EU) No 2016/679 / the GDPR), the Greek data protection laws (Law 4624/2019) and any other relevant legislation and code of conduct on data protection (hereinafter collectively referred to as the “Personal Data Protection Laws”) as supplemented by decisions of the competent supervisory authorities.

The Company operates as a modern real estate company in Greece, offering its services on both the Greek and international market. The Company's registered offices are in Marousi, Attica and it is supervised by the Hellenic Data Protection Authority (HDPA).

Τhe personal data processed by our website may be:

  1. Data provided by the user
  2. Identification data. Personal data such as your name-surname, email address, telephone or fax number, electronic identification details or one or more features which identify you as a data subject.
  3. Free text fields. As far as free text fields are concerned, we advise you not to key in data from the special categories of data such as racial or nationalist origin, political opinions, religious or philosophical beliefs, information about your physical or mental health, biometric or genetic data, sexual orientation, etc.

In addition, you must ensure that the personal data you fill out in the various forms on our website is correct and accurate, and you are asked to inform the Company about any change or alteration in that data. Where the Company, acting as Controller, or any third party suffers harm due to erroneous, inaccurate or inadequate information in the various forms on our website, you are considered to be the sole party responsible.

1.Browsing data

The IT systems and software processes used to make the website functional automatically gather specific information about you surfing the internet, through a process based on Internet communication protocols. This information is not collected in order to be associated with users’ personal data; however, its nature and its processing by third-party providers may lead to identification. This category includes information about the IP addresses, the names of domains belonging to users' computers, addresses bearing a Uniform Resource Identifier (URI) mark, a note of the resources requested, the time of request, the method for submitting the request to the webserver, the sizes of files acquired as a response, a numerical code which states the result of the response from the webserver (successful, erroneous, etc.) and other parameters related to the operating system and the user's computer environment. This data is used exclusively for anonymous statistical analyses about use of the Site and to check that it is operating properly, and to identify erroneous data and is deleted after processing. The data may be used to confirm the existence or otherwise of any online crimes which harm the Site or third parties.

III. Data collection via cookies

In some cases, we also automatically collect technical information which does not directly identify you, such as the type of browser, the computer operating system, the domain name of the website from which the connection was made, the location and other information arising from use of cookies on our website (such as the Internet Protocol (IP) address, web content opened, etc.). For more information about the cookies used via the Company's website and the data collected via them, please read our detailed Cookies Policy.

The Personal Data about you that we process includes the data we collect directly from you in the context of our contractual relationship and in particular:

Name and surname

Contact details (address, phone number, email address)

Financial data (such as tax ID number, bank account number)

Particulars of properties (street, square meterage, full particulars of owner)

Any other information you have assigned to us.

As Controller, the Company processes your personal data as follows. By:

  • responding to your requests for information, products or services
  • providing you with information about the services we provide
  • drafting, signing and managing contracts
  • Cases where we are legally obliged to process personal data
  • When managing promotional measures (e.g. discount schemes)
  • When our services are requested
  • When sending communications with information about the services we provide

The legal bases for us collecting and processing the personal data you provide us with are:

  1. Legitimate interest, as required to provide the services offered
  2. A legal obligation to comply with the applicable laws and regulations
  3. Your consent, where needed. You can withdraw your consent by exercising your rights. More information about your rights is provided below.

We do not process personal data without your consent or without your being a customer or associate of ours, or without your having provided your data to the Company yourself.

By filling out the contact forms on the website www.coldwellbankergreece.gr you are deemed to have accepted and agreed to the processing of data.

To ensure proper, comprehensive provision of our services, we collect only personal data that is necessary, such as name, surname, contact details (phone number, email address). At this point it should be noted that we use your personal data exclusively for the purpose of providing you with our services. We would also point out that you are responsible for the accuracy of the data you provide us with.

Below are just some common examples of how our Company uses your personal data:

We collect, process and store your data in the context of the relevant legislation and our legitimate interest in concluding a contract with each customer or associate.

We collect, process and store your data because we are under a legal obligation, namely we have to meet legal obligations deriving from the relevant tax laws.

We collect, process and store your data because we are under a legal obligation, namely we have to meet legal obligations deriving from the relevant labour laws.

We collect, process and store your data because we have a vital interest in analysing our business performance.

We collect, process and store your data to manage any complaints you may have.

We collect, process and store your data to inform you about your participation in our promotional activities.

2. Personal data being processed / data collected and use thereof

3. Personal data of minors

The Company fully understands the importance of protecting children's personal data. The specific Site is not aimed at and has not been designed for minors. The Company does not intend to collect and retain personal data belonging to children who may have access to the Site. If the Company discovers a case of data on minors being collected, which was done without the required consent being obtained from the persons with parental responsibility, that data will be promptly deleted.

Τhe personal data of users is processed by the Company acting as Controller for the following reasons:

4.1. Site navigation and providing the services which the Controller makes available via the Site, including managing its security;

4.2. compliance with any applicable legal framework, regulation, or European law in force, or compliance with requests from the competent authorities;

4.3 improving the services provided and safeguarding the Controller's lawful rights and interests;

4.4. responding to user requests made using the online forms available for that purpose.

Special technical and organisational security measures have been taken to prevent data loss, unlawful or improper use and unauthorised access to the data.

How data is collected:

As clearly stated above, we only collect information about you that you knowingly provide.

More specifically, we collect personal data:

when you send a request to book a property viewing using the form on our website. In this case we collect information such as your name, surname, email, phone number.

when you collaborate and do business with us. In this case we collect the information needed for our commercial dealings such as your name, surname, Tax ID No., bank account number, etc.

when you participate in promotional measures. when an email is sent to the Company. In this case we collect your email address and phone number so we can update you and contact you.

In all events, before collecting your data we inform you about the processing purposes and all data we collect is governed by this Privacy and Personal Data Protection Policy.

If users wish to subscribe to the Company's Newsletter in order to receive news about the Company and its activities, they must, on their own responsibility, provide their contact details to the Company (name-surname, email) having first accepted this Privacy Policy and given their consent to receive newsletters.

4. Reasons for processing

5. Data processing

In the case where the Company collaborates with another authorised associate for the purposes of processing set out in sections 4.1 and 4.4

In order to achieve the processing purposes referred to in sections 4.1 and 4.4 above, the Company may collaborate with third-party authorised associates. Where the Company collaborates with another authorised associate, your data as a user (s) of the website and the services provided via it will be sent for the purposes outlined in sections 4.1 and 4.4 above only with your prior consent which is given by accepting the terms of this Policy. In that case both our Company and that associate become independent data controllers and to that end do not process your data jointly unless you have given special permission for them to do so. In all events, as data subjects, you are always able to exercise your rights deriving from the relevant legislation both in relation to the Company and its associate who, following permission granted by the Company, also processes that data.

In addition to the cases in section 5, Personal Data relating to you may be sent solely for the purposes of processing your instructions and under the terms hereof to our business partners and to the network of associates authorised to provide real estate agent services,  who are always at your disposal, provided that you have given your prior consent to processing through acceptance of the terms of this Policy.

Consequently, both our Company and its associate in each instance will become independent data controllers and therefore when performing their duties have the corresponding legal obligations due to their said role.

In all events, even if you consent to your personal data being processed, we would inform you that as data subjects you can, at any time, exercise your right to object to further processing of your data by our network of approved associates, either by any individual associate or all of them jointly.

6. Who else can access your Personal Data?

7. Legal framework on mandatory or optional processing

The legal basis for processing personal data for the purposes of Section 4.1 is the ability to make services available to users. The provision of personal data for this purpose is optional, but failure to provide such data makes it impossible to activate the services requested.

However, the legal basis for processing personal data for the purposes of Section 4.2 is based on the Company's legal obligations. The provision of personal data for these purposes is optional, but failure to provide such data makes it impossible to activate the services requested.

As far as Section 4.3 is concerned, the legal basis for processing is non-infringement of the Controller's legitimate interests, namely the security of the information systems, confidential information, and personal data, against unauthorised access and use.

The legal basis for processing personal data for the purposes of Section 4.4 is our overriding legal right to properly manage messages, requests, information or questions submitted by users.

The personal data collected may also be disclosed for the purposes of Section 4 of this Privacy Policy to:

7.1. persons who provide services to the Company and typically work as processors in accordance with the definition in the GDPR, including persons responsible for technical maintenance and hosting of the Site; and

7.2. persons, bodies or authorities to whom personal data is required to be sent in accordance with the laws or instructions of the authorities or following a court ruling.

8. Recipients of personal data

9. Transfer of personal data

At present the Company does not transfer personal data via the Site outside the European Economic Area.
 
If the Company commences such transfers in the future, it will ensure that such transfers will take place in accordance with the applicable laws, such as the adoption of standard contractual clauses approved by the European Commission, or by selecting persons who comply with international schemes on the free movement of data (e.g. the EU-US Privacy Shield) or with the regulations of the relevant country as recognised by the European Commission. In addition, we will update the current Policy to cover cross-border data transfer and the relevant safeguards for your privacy.

10. Storage of personal data

The Company retains the personal data of users for such time as is specified in the applicable legislative framework, unless an extension in that time is required due to legal claims or legal obligations.

Further information about the time personal data is retained for and the criteria used to determine it may be obtained by sending a written request to the Controller at the addresses set out in the Contacts section of this Privacy Policy.

Under the Regulation, users of the Site are entitled at any time to request from the Company access to their personal data, that the data be amended or deleted, or they may object to their data being processing, or in some cases they may request that processing be limited and that they receive the data in a structured, widely used and machine-readable format.

Such requests must be submitted in writing to the Controller at the addresses cited in the Contacts section hereof.

In all events, users of the Site are entitled to submit a complaint to the competent supervisory authority (the Hellenic Data Protection Authority) if they consider that their personal data is being processed in breach of the applicable legislation.

11. Users rights relating to their data

12.Your rights

The Company recognises and safeguards the following rights:

The right to transparent information about the exercise of your rights (Articles 12, 13 and 14 of the GDPR)

The right to request access to your data held by us and to receive a copy of your data (Article 15 of the GDPR).

The right to request correction of inaccurate or incomplete data we hold about you (Article 16 of the GDPR).

The right to delete (right to be forgotten) (Article 17 of the GDPR) your Member-User account and the information we have about you. It should be noted that if you exercise the right to delete an active subscriber it means we will be unable to continue to provide the services you have requested.

The right to object to us processing your data on the basis of our legitimate interest (Article 21 of the GDPR).

The right to request a restriction of processing (Article 18 of the GDPR) where that is feasible.

The right to data portability, namely to request that we provide you or another data controller with your personal data in a structured, easily readable format (e.g. on a USB).

The right to withdraw your previously given consent when processing is based on your consent (Article 7 of the GDPR), in other words to withdraw your consent at any time for processing based on consent. The lawfulness of the processing of your data up to the point in time you requested a withdrawal of consent is not affected by withdrawal of that consent.

The right to lodge a complaint with the competent supervisory authority, the Hellenic Data Protection Authority, whose contact details are as follows: www.dpa.gr | 1-3 Kifissias Ave., Athens GR-11523  | +30 210 6475600 | Fax: +30 210 6475628  | complaints@dpa.gr

If you exercise any of these rights, we will take all necessary measures to respond to the request within one month or up to an additional 2 months, if required due to the complexity of the request or the total number of requests received. We will notify you in writing about whether the request has been satisfied or, otherwise, regarding the reasons which prevent us from satisfying that request. Please note that the exercise of these rights is subject to certain conditions and restrictions laid down by law, e.g. we may not be able to respond to a request if we do not receive the identification data necessary to protect your data and confirm that you are making the request, or to delete information we may be obliged to keep in order to comply with an obligation or to pursue our legitimate interests.

You are entitled to exercise your rights by sending an email to info@coldwellbanker.gr. We ask that your requests be accompanied by suitable proof of identification of you, subject to the Company's express proviso that additional information be provided in order to identify and confirm your particulars.

The Company holds your data in compliance with the provisions of this Policy and the provisions of the relevant legislation. If you still wish to make a complaint about this matter, you can submit a complaint to the Hellenic Data Protection Authority (HDPA) or you can send an email entitled "Request to exercise for privacy rights" to our Company's email address: info@coldwellbanker.gr

USEFUL CONTACT DETAILS

You can send a message to our Company's general email about any issue relating to protection or possible personal data breaches: info@coldwellbanker.gr

Supervisory Authority

Hellenic Data Protection Authority (HDPA)

1-3 Kifissias Ave., GR- 11523, Athens

+302106475600

+302106475628

contact@dpa.gr

13. Contacts / Complaints

14. Changes

After it has informed users, the Company reserves the right to amend or simply change the content of this policy in whole or in part, based on potential changes in the applicable legislation. Consequently, the Company requests that users periodically re-visit this Privacy Policy in order to be learn about the most recent and upgraded version of it, so that they are always clearly informed about the data our Company collects and uses.