Personal Data Protection Policy
and Cookies
Introduction
Protecting your personal data is an integral part of the trusting relationship we want to develop with you. In our company’s activities, we regularly process data concerning natural persons, such as data of customers, partners, business contacts, trainees, and visitors to our website, but also personal data of third parties, which you will entrust to us during our cooperation.
Responsible for the processing of your personal data is our company, RETHINK BUSINESS LAB M.I.K.E, with headquarters in Halandri, Attica, 362 Kifissias Avenue, P.O. Box 152 33 phone +30 215 5600411, email: info@rethinkbusinesslab.com
Our company applies the General Data Protection Regulation (2016/679 EU GDPR) and any other European and national legislation concerning the protection of personal data and electronic communications:
- Your data and the data of third parties that you entrust to us are collected for specific, explicit, and legitimate purposes and are not further processed in a way that is incompatible with those purposes.
- We collect the personal data necessary for each processing purpose and process it lawfully, fairly, and transparently in relation to the data subjects.
- We ensure that it is, as far as possible, accurate and up to date and we only keep it for the time necessary for the purposes for which it is processed, taking into account our need to comply with legal and tax requirements.
- We have taken the necessary technical and organisational measures to ensure the security and protection of your data whether it is in electronic form or kept in physical files (such as disk and email encryption, cloud backup, storage of physical files in a secure manner, strictly controlled access). Our aim is to minimise any possibility of unlawful access to, loss, alteration or destruction.
What data we collect, for what purpose, and how long we keep it
- Data we collect automatically through our website
Our websites www.rbl.gr and www.rethinkbusinesslab.com, are protected by an encrypted communication protocol SSL (Secure Sockets Layer) which establishes a secure connection of devices over the internet, thus protecting your communication and personal data.
When you visit our website our server collects the so-called server log files, (log files) and in particular:
- Date and time of entering the website.
- Date and time of your visit to the website.
- The browser and operating system you used to enter the website.
- Internet Protocol (IP) address when you accessed the website. The IP address is personal data along with the date and time of your visit, although we cannot track you with this data alone.
The purpose and legal basis for which we collect your IP address and keep it in special files (log files) is our legitimate interest in the security of the website, information and services from accidental events or illegal and malicious actions that may target the availability, authenticity, integrity and confidentiality of stored or transmitted data (e.g. e.g. ddos “denial of service” attack monitoring), as well as our legal obligation to provide as secure an environment as possible for the processing of your personal data. The data will not be transferred or used in any other way. However, we reserve the right to check server logs (server logs) if specific indications of illegal use are detected.
- Data of our Customers and Trainees
In order to provide our services to our Clients, whether they are natural or legal persons/organisations, we will need to process personal data (Clients, legal representatives, employees and other contacts) such as full name, email, postal address VAT number, contact details. We will collect similar data for those individuals who choose to participate in a training activity of our company.
The legal basis for the processing is the execution of the contract between us and the data retention period is fifteen years. (Article 6 par. 1b’ and 9 par. 2 GDPR.
In several cases you will entrust us with personal data of third parties which we will need to process on your behalf as processors, such as data of your employees, partners and suppliers, your own Customers or trainees, etc. We will retain this data for the duration of our relationship and will return it to you or delete it in accordance with your instructions.
- Data we collect via email and contact form
In the context of communication between us via email we will process your name, email address and any other information you provide in order to respond to any request you make. The legal basis for processing your personal data is your consent and it will be deleted after five years, provided there are no legal requirements for storing it.
- Supplier data
For the purpose of servicing the contract between us, we collect the data of our suppliers such as name, address, contact details, shipping details, VAT and financial data, which you provide to us yourself. The legal basis for the processing of your data is the performance of the contract and our compliance with legal obligations and we retain them for a period of fifteen years from the last provision of services, so that we can meet our obligations arising from tax and any other relevant legislation.
- Processing of data for access to a distance learning platform.
If you wish to access a tele-training platform offered by our company through its website, we will process your data such as name, email, VAT in order to provide you with our online training services, and the legal basis of the processing will be the performance of a contract. In any case, after the completion of the training program, you can request the deletion of your account and your data by sending a message to the aforementioned address of the Data Controller and your data will be deleted except where retention is necessary such as for tax and evidence purposes which we will keep for fifteen years.
For payments for online training programs that you pay by credit or debit card or transfer to a bank account, the system used by our company does not store card or account data in a database. Payment by card is processed by the secure payment platform of our partner credit institution.
Who has access to your data. Data transfers.
Your data can be accessed by our employees and any other person authorised to process your data in the course of their duties. In addition, we work with third parties, natural or legal persons, professionals, independent consultants, etc. who provide us with commercial, professional or technical services (e.g. website hosting, accounting services) for the purposes set out above, and support our company in whole or in part, in connection with our activities.
These third parties process your data as Processors on our behalf following our instructions, and are contractually bound to process your personal data for the same purposes listed above, with the same security measures. In addition, they provide us with assurances that they will apply the applicable legal framework and that they will notify and cooperate with us in the event of any security incident involving your data.
Finally, the data may be further transferred to public authorities and institutions, as well as to our legal counsel, for legitimate purposes.
Other than the above, the Data will not be disclosed to third parties, individuals or legal entities and will not be disseminated.
Our company does not transfer Personal Data outside the EU, and if necessary (for example, in order to use Cloud services) this will be done under the terms and conditions set out in Articles 44 et seq. of the GDPR, such as with your consent, the application of standard contractual clauses approved by the European Commission or to countries deemed safe by the European Commission.
Data of minors
Our company does not process data of minors.
Links to third party websites
The RETHINK BUSINESS LAB website may contain links to other websites of third parties or independent entities, such as partner companies / organizations, which are operated exclusively by them as well as social media websites of our company. Therefore, RETHINK BUSINESS LAB is not responsible for the content, actions or policies of these websites. We encourage you to carefully read the applicable data protection policies of the websites you visit.
Cookies and related technologies
Like most websites, we use cookies and similar technologies when you access and browse our Website , in order to make it as convenient and efficient as possible.
Cookies are small text files stored on the device (e.g. computer, tablet, mobile phone) with which the user accesses the website. Cookies are unique to each web browser (web browser, e.g. Google Chrome, Mozilla Firefox, Internet Explorer, Opera etc.) and contain anonymised information, which relates to the websites you visit and the devices you use.
Types of cookies we use:
a) Functionality cookies (essential)
These cookies are responsible for essential functions of our website and application. They are necessary for you to be able to browse our website and to access the various sections of it. The provision of the basic online services of the website is not possible without these cookies.
b) Statistical and performance analysis cookies
These cookies collect information about how you use our website, such as the website from which your visit originated, the pages you visit most often, the browser you used, etc. We use them for the purpose of analysing traffic and improving the performance of our website. They collect aggregate, anonymous statistical information that cannot lead to visitor identification.
Information about Google Analytics
We use Google Analytics to track traffic and improve our website performance. Google Analytics uses cookies to store certain information, such as the duration of the visit to the website, the browser used, the location from which the visit originated and the frequency of visits. In order to access this data, we allow Google Analytics to place cookies on the visitor’s device (e.g. computer, tablet, mobile phone). Google Analytics is owned by Google Inc. You can find more information about Google’s data processing policy here, and about the use of cookies in the context of the Analytics service here. Technical information about Google Analytics cookies is available here.
You have the option to block the collection of your data by Google Analytics altogether by installing the add-on in your browser: https://tools.google.com/dlpage/gaoptout
https://tools.google.com/dlpage/gaoptout
Managing cookies
You can decide individually or collectively to accept cookies (except for those that are absolutely necessary) during your visit to our website, and you can also change your relevant options at any time.
You can also configure your browser in such a way that you are informed about the cookie setting and can decide whether to accept or block them. Each browser differs depending on how it manages its cookie settings. This is described in each browser’s help menu, which explains how you can change your cookie settings. Follow the links below depending on the browser you are using:
Internet Explorer
Firefox
Chrome
Safari
Opera
Please note that you need to adjust the settings individually for each browser and each device you use.
Update on cookie changes
You can see details of the cookies we use in the relevant “window” displayed on our website. There you can find their classification by category, the name of the cookie, the provider, the storage period. We may update the cookie statement from time to time, seeing also the date when the last change was made to this statement. We advise you to check the cookie statement regularly to be informed of any changes.
Your Rights
You can contact us by post or email at RETHINK BUSINESS LAB M.I.K.E., 362 Kifissias L. Chalandri P.O. Box 15233 or by email at gdpr@rethinkbusinesslab.com to exercise your rights under Articles 15 et seq. of the GDPR, namely the rights:
- Updated
- Access to your data
- Correction
- Deletion (if applicable)
- Restriction of processing
- Objection or withdrawal of consent to processing.
You can, for example, request an up-to-date list of those who have access to your data, obtain confirmation of whether or not we are processing personal data relating to you, check its content, source, accuracy and location, request a copy, request its rectification and restrict its processing, and even delete it if applicable.
We will respond to Requests without delay and in any event within (1) one (1) month of receiving your request. However, if your Request is complex or there are a large number of your Requests, we will let you know within the month if we need to obtain an extension of another (2) two months, within which we will respond to you.
You can always report comments and submit complaints to the Hellenic Data Protection Authority, Leof. Kifissias 1-3, GR 115 23, Athens, Athens, Phone: + 30-210 6475600 or http://www.dpa.gr/
Amendments to this Policy
We may revise or update this Privacy Policy from time to time and, in any event, whenever it becomes necessary. Any changes to this Privacy Policy will become effective upon the issuance of the revised Privacy Policy. We will update this Policy whenever necessary. If there are significant changes to the Policy or the way we use your Personal Data, we will post on our websites (https://rbl.gr & https://rethinkbusinesslab.com) an update to this Policy before the changes take effect and will notify you by any appropriate means. We encourage you to periodically read this Policy to know how your Data is protected.
Last update: 01/08/2020