Privacy Policy of Procify
1. Introduction
- 1.1. The websites "procify.digital" and "grapevine.digital" created and operated by the anonymous company "GRAPEVINE DIGITAL S.A.", located in Athens, Attica, 8 Makedonon Street, Postal Code 11521, provide users with services in the form of software as a service (SaaS).
- 1.2. The protection of your personal data is a priority of utmost importance for our Company. Therefore, we adhere to this Privacy Policy to help you understand why we collect your personal data and how we use it, and to demonstrate our compliance with relevant data protection legislation.
- 1.3. The present Policy sets out the terms and conditions adopted by our Company, with regard to the protection of your personal data as Users of the Website and recipients of our services.
2. Definitions
- 2.1.For the purposes of this Policy, the following definitions shall apply:
- "Authority": The Hellenic Data Protection Authority which according to Article 9 of Law 4624/2019 constitutes the supervisory authority under GDPR, Law 4624/2019 and relevant legislation on to the protection of individuals with regard to the processing of personal data in Greece is exercised by the Authority established by Law 2472/1997 (Α΄ 50). The Authority is an independent public authority under Article 9A of the Greek Constitution and is located in Athens.
- "GDPR": Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
- "Company" or "We": The Company under the name “Grapevine Digital” with Tax Registration Number 801363529 with registered offices at Athens (Makedonon 8).
- "Website": the business website of the Company, accessible through the domain name procify.digital and grapevine.digital.
- "Law 4624/2019": the Law 4624/2019 entitled "Personal Data Protection Authority, measures implementing Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and transposing into national legislation Directive (EU) 2016/680 of the European Parliament and of the Council of 27 April 2016 and other provisions".
- "Policy": the present Privacy Policy, which sets out the terms and conditions, observed by our Company, for the protection of your personal data as Users of the Website.
- "Cookies Policy": the policy, which sets out the terms and conditions, observed by our Company, for the processing of your personal data as Users of the Website when we use cookies. The Cookies Policy can be accessed at the following link: https://procify.digital/cookies-policy.html
- "DPO": the Company's Data Protection Officer, who is available for communication with data subjects on any issue related to the processing of their personal data and the exercise of their rights under the GDPR by sending an email to dpo@grapevine.digital.
- "Services": the business process automation services of our Company, provided in the form of software as a service through the Website.
- "Users" or "You": the users of the Website.
- 2.2. In all other respects, the definitions of article 4 of the GDPR and article 4 of Law 4624/2019 apply.
3. Subject Matter
- 3.1. When you receive the services we offer or you communicate with us or our partners, it is necessary for us to process your personal data.
- 3.2. With regard to the processing of your personal data we comply with the applicable legislation and, we take your opinions and wishes into account so that we understand your expectations and ensure that these are reflected in our business decisions. In this context, we respect the confidentiality and privacy of your personal data and are committed to protecting it.
- 3.3. Our Privacy Policy provides you with detailed information about when and why we collect your personal data, how we use and process it, how long we keep it and finally, under what conditions we may share it with others.
- 3.4. This Policy applies only to the Website. Users should note that our Website may contain links to other websites, however, our Company is not responsible for the data protection practices and conditions or the content of such websites.
4. Website Browsing and Use of Cookies
- 4.1.Our Company may process your personal data to facilitate technical operations and to enhance your experience while browsing our Website. We achieve this by using cookies, which allow us to collect your personal data. For detailed information regarding the use of cookies please refer to our Cookies Policyhttps://procify.digital/cookies-policy.html
- 4.2.The personal data we process in the above context are the following:
- Internet Protocol address
- Type of browser and version you are using
- Operating system you are using
- Website from which you may be redirected to our Website
- The date and time you accessed our Website
- Your Internet service provider
- Navigation data within our Website
- Shopping behaviour data
- 4.3.The purposes for processing your data are as follows:
- Providing you with our Website, both in terms of use and content
- Collecting information on your browsing and shopping patterns in order to enhance your experience when browsing our Website
- Promotion of advertising messages or targeted promotions (targeted advertising)
- Serving technical purposes that are necessary for the effective operation of our Website, particularly in relation to online transactions and navigation on it
- 4.4.The legal basis for the processing of your personal data for the purposes of providing our Website and its effective operation is Article 6 § 1 (f) of the GDPR, which allows us to process your personal data for the promotion of our Company and our products/services to internet users through our Website.
- 4.5.The legal basis for processing your personal data in order to improve your browsing experience and send you commercial messages is Article 6 § 1 (a) of the GDPR, which allows us to process your personal data upon your consent.
- 4.6.For the purposes of providing our Website and its efficient operation, we generally retain your personal data until the end of your visit/session on our Website.
- 4.7.For the purposes of improving your browsing experience and promoting marketing messages, we generally retain your personal data for a period of eighteen (18) months from the date of your visit/session on our Website, unless a different period is expressly provided for in this or our other policies, such as our cookies policy.
5. Create an Account on our Website
- 5.1.When you register by creating an account on our Website, you provide the following data:
- Full name
- Email address
- Mobile phone number
- Position in the company
- 5.2.The purpose for processing your data is to provide you with our services.
- 5.3.he legal basis for processing your personal data is Article 6 § 1 (b) of the GDPR (performance of contract), which allows us to process your personal data to the extent necessary to provide you with our Website and our services in accordance with the terms of use and general terms of business concluded between us.
- 5.4.We generally retain your personal data for as long as we provide you with services and for two (2) years upon termination of such services.
6. Provision of our Services
- 6.1.Our Company provides process automation services as a data processor, handling the data you submit on our website on your behalf. Regarding the processing of such personal data, as the data controller, you bare exclusive responsibility for complying with the relevant legal obligations. You also have the obligation to avoid any actions or omissions that could endanger our business interests or lead to claims by third parties, as well as potential sanctions by administrative or judicial authorities against us.
- 6.2.Throughout the provision of Services, you may provide us with employee, partner, customer or third-party data.
- 6.3.The purposes for processing your data are as follows:
- Performance of our contractual obligations
- Fulfillment of our contractual obligations.
- 6.4.The legal basis for processing your personal data is Article 6 § 1 (b) of the GDPR (performance of contract), which allows us to process your personal data to the extent necessary for the provision of our products and services.
- 6.5.We retain such personal data upon termination of the contract concluded between us.
- 6.6.The processing of the abovementioned personal data constitutes a prerequisite for the conclusion of a product/service contract with us. If we do not have the necessary data, then we will not be able to successfully complete any transaction with you.
7. Payment and Billing of our Services
- 7.1.For the payment and billing of the Services when you purchase a subscription, you provide us with the following data:
- Full name
- Email address
- Mailing address
- Contact telephone number
- Tax data
- Transaction details (transaction date, amount and transaction result)
- Service data
- 7.2.The purposes of processing your data are as follows:
- Performance of your contractual obligations
- Tax/invoice use and proof of the provision our products/services.
- 7.3.The legal basis for processing your personal data is Article 6 § 1 (b) of the GDPR (performance of contract), which allows us to process your personal data to the extent necessary for the management of the payment for our services.
- 7.4.With regard to tax data, the legal basis for processing your personal data is Article 6 § 1 (c) of the GDPR (compliance with a legal obligation), which allows us to process your personal data to the extent necessary to comply with our legal obligations arising from tax legislation, as applicable.
- 7.5.We retain your data for the following periods upon termination of our contract:
- Ten (10) years in respect of tax data
- In respect of other transactional data for as long as you are a customer of our Company and, upon termination of our relationship, for a period of up to five (5) years after your last transaction
- 7.6.The provision of the above personal data constitutes a prerequisite for the conclusion of a product/service contract with us. If we do not have the required data, then we will not be able to successfully complete any transaction.
8. Customer Service
- 8.1.Our Company offers various means of communication for filing requests or addressing issues related to the Services at all stages of your transaction with us. In particular, our Company offers the possibility of communication via telephone and filling of a contact form.
- 8.2.The personal data collected during your communication with the Company are the following:
- Full name
- Work Position
- Phone number
- Email address
- Content of a Personal message / customer request data
- 8.3.The purpose for processing your data is to communicate with you in the context of the proper performance of our services, to provide you with proper service and to resolve any requests or other issues arising in the context of our relationship.
- 8.4.The legal basis for processing your personal data is Article 6 § 1 (f) of the GDPR, i.e. our legitimate interest in providing appropriate support to our customers by responding and communicating with them directly regarding their requests.
- 8.5.We will retain your personal data for as long as you are a customer of our Company. Upon termination of our relationship, we may retain your personal data for up to two (2) years from the date of our last communication.
9. Commercial Communications
- 9.1.By subscribing to our Company's list of recipients of commercial communications (marketing promotions), you consent to participate in advertising campaigns via email, SMS and telephone, regarding new products, services or offers, in Company’s competitions, in customer satisfaction surveys and in promotional activities in social media.
- 9.2.The personal data we process are the following:
- Full name
- Email address
- Contact details
- Customer code
- Contractual relationship data
- Customer request data
- Service history
- Social media usage data
- 9.3.The purposes of the processing are the following:
- information on product availability, receipt of new products or current offers
- communication by e-mail or text message regarding our products and services, competitions, offers, promotions or special events
- information regarding promotions on our products and services or services offered by our partners that we believe may be of your interest
- information regarding promotional activities, such as sending targeted messages via social media or third-party platforms
- 9.4.The legal basis for processing your personal data is Article 6 § 1 (a) of the GDPR, which allows us to process your personal data upon your consent and until withdrawal of such consent.
- 9.5.We retain your personal data until the withdrawal of your consent, otherwise up to ten (10) years from the date of collection.
- 9.6.You may request to stop receiving promotional messages in the same way or by the same means that you have chosen to receive them. For example, in case you receive a promotional email, there is an unsubscribe option at the end of the email, while if you have received an SMS, you can withdraw your original consent by sending a free message. At any time, you can request to reactivate the receipt of promotional emails as well as to (re-)unsubscribe from their sending.
- 9.7.Upon providing your consent for the above purpose, you will receive specific information regarding the processing of your personal data, which shall apply in addition to this Policy.
10. Data Retention Periods
- 10.1.We retain your personal data for the abovementioned periods, during which the purposes for which they are processed remain valid.
- 10.2.Our Company may retain your personal data even after the purposes of collection and processing have been fulfilled in the following limited circumstances:
- In case we are legally obliged under a relevant statutory provision
- For use before tax authorities and any other competent public authority within the statutory limitation period
- If necessary for the operation and organisation of our Company, provided that your data is anonymised
- To defend our rights and legitimate interests before any competent Court and any other public authority within the statutory limitation period provided by the Civil Code
- 10.3.Upon expiry of the retention period, your personal data will be destroyed from our physical and electronic records in compliance with the respective policy of our Company and provided that their retention is no longer required for the fulfilment of the purposes as described above.
11. Data Recipients
- 11.1.Subject to the following terms, our Company does not make your personal data available or interconnect its records for financial or other interest with any third private companies, natural or legal persons, public authorities or services or other organizations.
- 11.2.In order to serve the processing purposes set out in this policy, our Company may provide access to or transfer the following types of your personal data to the following processors which process personal data on Company’s behalf and request:
- Your personal data to our affiliated service providers, such as providers that advertise our products and services and the products of our partners, suppliers and third parties
- Your personal data to companies that provide us with technical support and maintenance of the software programs and applications that we use in the course of providing our Services
- Your Personal Data to financial institutions for the transfer of remittances, the use of payment instruments and, generally, the making and receiving of payments for our Services
- Preference data and contact details to third party marketing and advertising companies for commercial communications, marketing and advertising of our Services where you have granted your consent or for the delivery of commercial communications as described above
- Your tax data to the competent tax authorities in order to comply with our legal obligations under tax law
- In the event that we are required by a court or other administrative authority and in any other case where we are under a legal obligation to do so, our Company may disclose your personal data to the extent required by law
12. Transfers to Third Countries outside EEA
- 12.1.The Company does not transfer your personal data to third parties outside the European Economic Area unless the conditions of Articles 44-49 GDPR are met and an appropriate check has taken place prior to their transfer. The same applies where our suppliers or service providers use equipment or resources located outside the EEA and process your personal data on our behalf
- 12.2.In case where personal data is transferred to third countries, it will continue to be subject to appropriate safeguards and the same level of protection as it would be within the EEA
- 12.3.To protect your personal data during transfers to third countries, we employ safeguards and guarantees, such as the European Commission's standard contractual clauses embedded in our contracts with data recipients, a copy of which may be provided to you upon your request
13. Security and Confidentiality of Personal Data
- 13.1.In order to ensure the proper use and integrity of your personal data and to prevent unauthorized or accidental access, processing, deletion, alteration or other use of your personal data, our Company implements appropriate internal policies and takes all appropriate organizational, technical, physical, electronic and procedural security measures, as well as technological standards, in accordance with applicable laws and regulations.
- 13.2.An indicative list of the technical measures we implement to ensure the security and confidentiality of the personal data we process is as follows:
- Data Encryption: We use industry-standard encryption protocols to protect data during transmission, including HTTPS, SSL/TLS, and AES encryption
- Access Control: Access to personal data is restricted to authorized personnel only, and we employ role-based access controls to limit data access based on job responsibilities
- Regular Security Audits: We conduct regular security audits and vulnerability assessments to identify and address potential security weaknesses
- Data Backups: Regular data backups are performed to ensure data integrity and availability in case of data loss or system failures
- Data Minimization: We collect and store only the minimum amount of personal data necessary for our business purposes, and we regularly review and remove outdated or unnecessary data
- Secure Software Development: We follow secure coding practices and conduct security reviews during the development of our applications and systems
- Data Logging and Monitoring: We maintain logs and monitor our systems for suspicious activities and potential security threats
- 13.3.The processing of your personal data by our Company is carried out in a manner that ensures its confidentiality and its physical and logical security, taking into account the latest developments, implementation costs and the nature, scope, context and purposes of the processing, as well as the risks of varying likelihood of occurrence and severity to your rights and freedoms
- 13.4.The processing of your personal data is carried out exclusively by the Company’s designated personnel or associates, who are bound by strict confidentiality obligations
14. Your Rights
Rights | Description |
---|---|
Right of Access | You have the right to request access and receive a copy of your personal data held and processed by the Company. |
Right of Rectification | You have the right to request the rectification of incomplete or inaccurate data held by the Company, upon presentation of the necessary evidence showing the need for rectification or completion. |
Right to Erasure | You have the right to request the erasure of your personal data, provided that there is no reason for the continuation of their processing. Please note, however, that the fulfillment of such right may in some cases not be possible for specific reasons provided for by law, which shall be communicated to you at the time of submitting or processing your request. |
Right to Restriction of Processing | You have the right to request the restriction of the processing of your personal data, such as in cases where you wish to have the accuracy of your personal data redetermined or where you object to the use of your personal data, but the Company may have a legitimate interest in retaining them. |
Right of Portability | You have the right to request the transfer of your personal data to another controller. Please note that this right only applies to automated information used with your consent or for the performance of a contract with you. |
Right to Object Processing | You have the right to object to certain types of processing (e.g. direct marketing). |
Right to Object to Automated individual decision-making, including profiling | You have the right to object to automated individual decision-making, including profiling, that has significant impact on you or produces legal effects. |
Right to Lodge a Complaint to the Authority | You have the right to lodge a complaint before the Hellenic Personal Data Protection Authority (1-3 Kifissia Avenue, P.C. 115 23, Athens, tel. 210 6475600, contact e-mail: contact@dpa.gr), if you consider that your rights have been violated by acts and/or omissions of the Company. |
- 14.1.If you wish to exercise the above rights, please contact us:
- By sending an e-mail to: dpo@grapevine.digital
- By letter to: Makedonon Street no. 8, Athens, P.C. 11521, Greece
- 14.2.Your request shall be answered within a period of thirty (30) days from the date of its receival. The above deadline may be extended by up to two (2) months in cases where a request is complex or where several requests are submitted at the same time.
- 14.3.Please note that although your request shall be submitted free of charge, a reasonable fee may be charged in case a request is presumed manifestly unfounded, excessive or repetitive.
- 14.4.Our Company has the right to refuse to grant a request (such as the right to erasure or restriction of processing) if the conditions set out in the GDPR are not met or are not sufficiently proven. In this case, as with any request, we will respond to you in writing in accordance with the timescales set out above.
15. Your Obligations
- 15.1.By using the Website and by providing your personal data with consent, you acknowledge that you are obligated to furnish true, accurate and complete information as requested by our Company. Furthermore, you must inform our Company of any changes to this information in order to ensure it remains up to date and accurate.
- 15.2.As the controller of the personal data that you post on our Website and process through the Services, you are solely responsible for complying with the relevant legal obligations, and you shall hold us harmless in relation to any incident of breach.
- 15.3.By using the Website, you represent and warrant that you are over the age of sixteen (16) years. If you are under the age of sixteen (16), you must refrain from any use of the Website and from any disclosure of your personal data without the consent of the person exercising parental authority over you. If you fail to comply with the above obligations, you must immediately notify our Company.
- 15.4.In any case, by using the Website you acknowledge that our Company is not liable for any breach of the aforementioned obligations by you, to the extent that we are unable, even if we make reasonable efforts, to verify your age or obtain the consent of the person exercising parental responsibility.
16. Contact
- 16.1.If you have any question or complaint with regard to this Policy and the way we handle your personal data, please contact us:
- By email at: dpo@grapevine.digital
- By letter to: Makedonon Street no. 8, Athens, P.C. 11521,Greece
17. Policy Review
- 17.1.We reserve the right to revise this Policy by posting an updated version on our Website.
- 17.2.The revision of the Policy will take effect upon publication on our Website.