Privacy Policy & Personal Data Protection

The company named BE MY GUEST SERIFOS ” (hereinafter referred to as the “Company”), headquartered in Serifos, Postal Code 84005, VAT Number 801969773, Tax Office A' Piraeus, as the owner of this website (hereinafter referred to as the “Website”), hereby informs visitors/users/members/customers about the types and extent of information it may collect and process as the Data Controller of Personal Data when purchasing tickets and browsing this Website. The Company ensures that any processing of personal data is always conducted in the best interest of users/customers, adhering to the principles of legality, transparency, accuracy, availability, and integrity in all its aspects, fully compliant with the European General Data Protection Regulation (GDPR), Law 4624/2019, and relevant decisions of competent authorities. The Company applies appropriate technical and organizational measures (TOMs) to protect your personal data and ensure user/customer privacy.

By reading the following, you will be fully informed about how we process your personal data (collection, management, use, storage, transfer to third parties, protection), the duration of data retention, and the rights you can exercise at any time regarding your personal data.

If you do not agree with this Policy, please do not use the Website. We reserve the right to modify this Policy whenever necessary and encourage you to check it regularly to stay informed about any changes in its content and how your personal data may be used.

Personal Data – Information – Rights

What is Personal Data? Personal data is any information that relates to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, particularly by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

What is Personal Data Processing? Processing of personal data is any operation or set of operations performed on personal data or sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

What Data We Collect: We collect your email address when you purchase a ticket, provided the purchase is made electronically via the “Triparound” payment platform or when you sign up for our newsletter.

Note: From the information requested by the Triparound payment platform, we only collect and process your email address and no other personal information.

We do not seek or collect personal data from individuals under eighteen (18) years old. If we discover that we have collected personal data from individuals under eighteen (18) years old, we will delete it as soon as possible.

Purpose of Processing Your Data: The purposes of processing your data are:

  • The purchase of the ticket and your attendance at the event.

  • Informing you about our Company’s news, events, and offers.

Legal Basis for Processing Your Data by Our Company: The processing of your data is carried out according to our agreement when you subscribe to our newsletter.

If we have obtained your data during the ticket sale/purchase process, the provisions of paragraph 3 of article 11 of Law 3471/2006 apply, according to which “Contact details acquired legally in the context of the sale of products or services or another transaction can be used for the direct promotion of similar products or services of the supplier or for serving similar purposes, even when the recipient has not given prior consent, provided that they are clearly and distinctly given the opportunity to object, in an easy and free manner, to the collection and use of their contact details at the time of their collection, and in every message, in case the user did not initially object to this use.”

Recipients of Your Data: The recipients of your data are:

  • Our Company

  • Partner Companies for the IT, accounting, and financial support of our company.

Our Company does not transmit or disclose your personal data to any third party.

If you have any questions about your personal data processed by our company, you can freely contact us at the following email: [email protected]

Our Company and Your Personal Data: Our Company:

  • Maintains confidentiality regarding the personal data you provide.

  • Does not transmit data to third parties, beyond those mentioned in article 6 of this document, without your written consent.

  • Takes organizational and technical security measures for data processing, protecting both logical and physical security, such as secure software, physical protection, pseudonymization, and encryption.

  • Ensures that our systems are designed and maintained to fulfill our obligations under the GDPR.

  • Will promptly inform you of any incident involving a breach of your personal data.

  • Complies with the legal framework for data protection, especially the GDPR, as the data controller.

Transfer of Your Data Abroad: Your personal data is NOT transferred abroad.

Data Retention Period – Deletion: Our Company retains your data in an electronic file for ten (10) years or until you request us to stop informing you about our events.

After ten years or upon your request, your personal data (i.e., email) is completely deleted without the possibility of recovery.

Data Security: The processing of your data is allowed only to our authorized employees who are contractually bound to maintain confidentiality regarding your personal data processing and solely for the aforementioned purposes.

We have taken necessary and appropriate organizational and technical measures to protect your data from any accidental or unlawful processing, both physically and logically (e.g., physical security procedures, access control, protection of computing systems and network equipment).

These measures are reviewed and amended when deemed necessary.

Your Rights:

  • Right to Information: Our Company takes all necessary actions during both the collection phase and any subsequent processing phases of your personal data to enable you to exercise your legal rights as described in this notice.

  • Right to Access Your Personal Data: You have the right to be informed by us about whether and how we process your data. If we process your data, you can request information about the purpose of the processing, the types of data we hold, to whom we disclose it, how long we store it, if automated decision-making occurs, and other rights such as rectification, erasure, restriction of processing, and filing a complaint with the Data Protection Authority.

  • Right to Rectify Inaccurate Personal Data: If you find any errors in your data, you can submit a request for correction (e.g., email correction) to welcome@serifosroots.gr

  • Right to Erasure: You can ask us to delete your data if it is no longer necessary for the above-mentioned processing purposes or if you wish to withdraw your consent, provided you had previously given it.

  • Right to Data Portability: You can request to receive your data in a readable format or ask us to transfer it to another data controller.

  • Right to Restrict Processing: You can request us to restrict the processing of your data while your objections to processing are being examined.

  • Right to Object to Processing: You can object to the processing of your data, and we will immediately stop processing it unless there are other legal reasons that prevail.

How to Exercise Your Rights: For any requests and the exercise of your rights concerning your personal data, you can contact us via email at: welcome@serifosroots.gr

Response Time to Your Requests: We respond to your requests free of charge without delay and in any case within one (1) month from the time we receive your request. If, however, your request is complex or there are many requests, we will inform you within the month if we need an extension of up to two (2) more months to respond.

If your requests are manifestly unfounded or excessive, particularly due to their repetitive nature, the Company may impose a reasonable fee, taking into account the administrative costs of providing the information or carrying out the requested action, or refuse to act on the request, explaining the reasons for refusal.

For updates on the status of your requests, you can contact: welcome@serifosroots.gr

Automated Decision-Making – Profiling: We do not make decisions nor do we create profiles based on the automated processing of your data.

Complaint to the Data Protection Authority: You have the right to file a complaint with the Data Protection Authority located in Athens, 1-3 Kifisias Avenue, Postal Code 115 23, Tel. 210 6475600, Fax 210 6475628, [email protected], if you believe that the processing of your personal data violates the applicable national and regulatory framework for data protection. More information on submitting a complaint can be found at: http://www.dpa.gr/portal/page?_pageid=33,211532&_dad=portal&_schema=PORTAL

Notification of Policy Changes: We update this Policy whenever necessary. If there are significant changes to the Policy or the way we use your Personal Data, we will post it on the URL https://serifosroots.gr/privacy on our website before the changes take effect and notify you by any appropriate means. We encourage you to read this Policy periodically to know how your data is protected.