Privacy Policy

The personal data policy of VERNICOS YACHTS S.A. (hereinafter “the Company”) is addressed to the user/visitor when:
-browsing on the Company’s website,
-contacting the Company on issues concerning the Company or the Website
-receiving updates on behalf of the Company for promotional activities,
The Present Policy should be read combined with the Terms & Conditions of the Company website, as such texts form an integral part of the present Policy. Any use of the website presupposes the visitor’s reading of the present Policy and your consent to the way we process personal data, as well as the reading and acceptance of the above texts.
By navigating the website, the visitor automatically and unconditionally accepts the terms of the present Policy, along with its amendments. The company reserves the right to modify the terms without informing the user/visitor, for this reason it is suggested to the user/visitor to check the above at regular intervals, for any changes; in case of disagreement or reservation concerning the modifications in whole or in part, the company requests to refrain from any use of the website otherwise it shall be considered that you use the website unreservedly.

1. Data Controller& Contact Details

1.1.The of Personal Data”Controller” is considered to be anyone who determines the purpose and means of processing personal data, such as a natural or legal person, public authority or agency or any other organization. Where the purposes and means of processing are determined by statutory or regulatory provisions of national or Community law, the controller or the specific criteria on the basis of which they shall be selected are determined by national or Community law respectively. The Personal Data Controller of this website is VERNICOS YACHTS SA.
1.2. Contact details: For any matter relating to the present Privacy Policy and the processing of your personal data, you may contact the Company by sending an email to info@vernicos.gr.

2. What is personal data?

“Personal Data” is any information relating to the person of each Data Subject, such as: their name and occupation, marital status, age, place of residence, racial origin, political opinions, religion, philosophical beliefs, trade union activities, health, sex life and any criminal prosecutions and convictions thereof, in accordance with the provisions of the General Data Protection Regulation (GDPR 2016/679/EU – GDPR), the applicable Greek legislation and the resolutions of the Hellenic Data Protection
Authority, as well as the directives and resolutions of the competent European institutions. In particular, personal data are information collected either from the Visitor during their registration in specific fields of the Website or automatically during
navigation.
Indicatively:
1. registration of personal data by the Visitor for communication with the Company
2. providing data in the context of participation to promotional activities (subscription to the Newsletter)3. acceptance of the use of tools such as cookies or other technical means to customize your browsing experience on the website. For more information on the management of your personal data via cookies, please remit to the corresponding section.

3. Data collection

Indicatively, the Company collects the following Visitor personal data, if declared:

Declaration directly by the Visitor:
-Identity & contact details: first name, surname, country, e-mail, telephone number and the content of each request, as entered by the Visitor.
-Data for subscription to the newsletter
Consent by entering the Visitor’s details in the field of subscription to the newsletter, in order for the Company to send newsletters and updates to the Visitor

Collection of data by third parties:
When you use third-party providers to connect to our Website and use our services (e.g. Facebook, Viber, Google), data may be collected, previous information and consent of yours. The company suggests in the above case the user/visitor to refer to the
corresponding section of the third party providers concerning the terms of use and privacy policies.
We also collect AUTOMATICALLY certain Technical Data and data via cookies, such as: Internet Protocol (IP) address, operating system, statistical/pseudonym data, time zone and location, browser type and version and any other technologies required to access the Site), the devices through which you visit the Website, data about the page from which you logged in or the page you went to when you left, your preferences (duration and frequency with which you notice certain products, the type of Newsletters you open or not). For more details, please remit to our Cookie Policy.

Purposes of processing

a. Identity & contact data: the data entered in the contact form with the Company in order to contact the Visitor for the processing of their request.
b. Management of service requests made by visitors of the Website: The user/visitor, depending on their request, voluntarily provides the information they deem necessary for their service. The processing of the data provided by the user/visitor is based on the following legal bases:
a) compliance with the Company’s legal obligation to adopt tools/means to serve the Website users
b) where necessary, the consent of the user/visitor, to assure effective communication with the Company for the service of users/visitors, upon request. The user/visitor may withdraw their consent at any time by sending an e-mail to the contact details above. The company may process the above data on the basis of its legitimate interest or compliance with its legal obligation when we receive documents, requests, orders, writs, warrants, etc. from legal authorities or bodies, such as supervisory, prosecutorial,
judicial, tax authorities, to investigate crimes and protect you against fraud or fight against all forms of crime and infringement of legal rights. In addition, the company collects data, through cookies for several purposes such as technical, website quality and performance control and functionality improvement, advertising. For more information in relation to how the data collected through cookies is processed, please remit to the corresponding section on the Cookie Policy.

Retention period of personal data

5.1 The Company retains personal data for as long as the visitor interacts with the company and this is necessary to fulfill the processing purposes described above. The visitor has the right to request the deletion of all personal data held in the database of
the above website, unless the retention of some of them is required by law or in support of a legitimate right of the Company. In any case, the data are deleted immediately after the fulfillment of the purposes for which they are kept.
5.2Indicative retention times of personal data:
Customer and visitor service: The information provided by the visitor when submitting a request is recorded in the website’s database and is kept for as long as required, according to the nature of the request submitted and in any case for at least 6 months
from the submission of the last data.
5.3. Commercial Communication: The retention of data for promotional purposes ceases with the withdrawal of consent or the visitor’s objection to the sending of commercial communication by the Company or up to 1 year from the last time they interacted through the website in any way and means (e.g. new request, Newsletter).

User/Visitor Rights

6.1. The Website Visitor may exercise the rights mentioned below by sending an e-mail to the following e-mail: info@vernicos.gr
Α. Right of access: the user may request to receive information about the processing of their data, such as: what data the Company has, why it uses them, to whom it transfers them, whether it transfers them to third countries, how it protects them, where the
Company collected them from in case it did not collect them from you, for how long it keeps them, what rights you have, how you can lodge a complaint, etc.
Β. Right of Correction: the user has the right to request the Company to correct or update incorrect or inaccurate data. In this context, our Company reserves the right to verify the accuracy of the data before proceeding with their correction and is obliged
to inform the recipient to whom the personal data were disclosed, unless this proves to be impracticable or involves a disproportionate effort.
C. Right of deletion: the Visitor of the website has the right to delete their data in the following cases: i) revocation of their consent to the processing of their data, II) in case they detect unlawful processing or submission and processing in a way other than such provided, ii) their maintenance is no longer necessary for the purposes for which they were collected.
The Company reserves the right to refuse to exercise the above right if the processing of the data is necessary (a) for the purpose for which it was collected, (b) to comply with a legal obligation, (c) to establish, exercise or defend legal claims. Upon termination of the contracts with the company, the user may also request the deletion of the Account and their data. The deletion shall take place when the above conditions are met.
D. Right to restriction of processing: The Visitor may request the company to keep their data exclusively and not to process them when:
-their accuracy is questioned
– processing is unlawful but does not wish to have them deleted
-data processing is no longer necessary for the purposes for which they were collected, but the Company still needs them for the establishment, exercise or defense of legal claims
-objects to their processing and expects the verification of the objection result, i.e whether the legitimate reasons of our Company prevail over those of the user
Ε. Right of Portability: The user has the right to request structured or direct transfer to another data controller. The conditions for exercising such right are (a) that the data have been provided by consent or in the context of the contract performance and (b)
that the data are kept by automated means and not in forms (c) that they have been provided by you and that they are not data inferred by our Company on the basis of data that the user has provided thereto.
F. Right of Objection: The user has the right to object to the processing of personal data, on the legal basis of: (a) legitimate interest, (b) the performance of a duty, (c) the case of profiling. If the user exercises such right, the Company reserves the right to continue the data processing in the event of compelling legitimate grounds which override the rights and freedoms of the user or which relate to the establishment, exercise, or support of legal claims for the continuation of such processing.
G. Withdrawal of consent: The user has the right freely and at any time to withdraw consent where such is provided as a basis for processing. Withdrawal of consent is valid for the future and any processing carried out by the Company up to the point of
withdrawal is lawful.
H. Right to human intervention: In cases that the company informs that it uses certain technical means for automated data processing without human intervention, the user may request human intervention in decision-making through automated processing.
J. The user may, for any issue that may arise, contact the company at the contact numbers or by sending an e-mail. The user may contact the competent supervisory authorities to lodge complaints or denounces regarding the processing of their data.
In Greece, the supervisory authority for data protection is the Data Protection Authority (DPA), www.dpa.gr/.

Third party recipients of user data

7.1. In order to fulfill the requests of the website Visitor and its proper operation, the Company cooperates with third party providers who gain access only to as much data as is absolutely necessary for the performance of the tasks assigned thereto.
Indicatively, the following purposes are mentioned below:
α. Processing of requests
b. Advertising and marketing (e.g. for newsletter sending).
7.2Third parties cooperating with the Company are committed to the confidentiality of the user’s personal data transmitted thereto by us, as well as to the taking of all technical and organizational measures for secure processing and not to use the
information in any other way than to fulfill the specific purposes mentioned above.
7.3. The data kept may be communicated to the competent judicial, police and other administrative authorities upon their legitimate request and in accordance with the applicable legal provisions. In addition, in the event of a legal order, office order or official preliminary investigation, the Company has the right to make the corresponding data available to the authority in question without any further request.
7.4. We reserve the right to disclose your personal data to a third party to whom we choose to transfer all or part of our business. In addition, in the event of a merger or acquisition, or other change in our business, the new owners, shareholders, directors
etc. have the right to use your personal data in the same way as set out in the present Policy.
7.5. At the transmission of personal data, the highest possible level of security is ensured at all times. The Company generally keeps your personal data within the European Economic Area (EEA). In the event that data is to be transferred to third countries outside the European Economic Area for which there is no adequacy decision of the European Commission or to International Organizations, all appropriate safeguards provided for in the applicable legislation and in the resolutions and directives of the competent European institutions for the protection of personal data regarding transfers to third countries will be taken.

8. Data security

8.1. The Company takes all necessary technical and organizational security measures to protect and ensure the confidentiality of your personal data (e.g. FIREWALLS, ANTIVIRUS, ACCESS RIGHTS CONTROL, PCI SECURITY STANDARDS, SERVICE ORGANIZATION CONTROL (SOC), special software to counter malicious actions and reCAPTCHA, to certify that access to certain fields of the Website is not performed by bots).
8.2. To carry out the processing of user data, the Company selects persons with appropriate professional qualifications that provide sufficient guarantees in terms of technical knowledge and personal integrity to ensure confidentiality. The Company,
through its respective contractual commitments and its partners, takes all those security measures that are necessary to protect and ensure privacy, confidentiality and integrity of personal data. In any case, their security in the platform environment is subject to events beyond the Company’s sphere of influence, as well as to errors due to technical or other network weaknesses beyond the Company’s control or reasons of force majeure or fortuitous events.
8.3. You must not disclose the access details to your Account and safeguard against unauthorized access to it by third parties.

9. Changes to the Privacy Policy

The company reserves the right to amend the Privacy Policy to comply with the current Greek and European legislation or in case of revision of our procedures or practices. Users will be informed of the amendments to the Data Protection Policy by it s
publication on the Website. Please note that any information or clarification provided in accordance with the above does not constitute a replacement, substitution or any amendment to this Policy.