Personal data protection & privacy policy

The private company under the corporate name “AUM MONA Greece P.C.”, owner of the website www.mona-athens.com, informs you that the processing of your personal data, which are collected via the communication form, is performed pursuant to the data protection law in force (Regulation(EU) 2016/679 – hereinafter “GDPR”) and the present Personal Data Protection and Privacy Policy of the Website, and declares that it is our company’s aim to comply with the principles that govern the data protection regarding their processing, given that it is committed to respect your civil rights and your privacy.

1. Data Processing Controller
   “AUM MONA Greece P.C.” is the Data Processing Controller (hereinafter the “Controller”). You may communicate with the Controller at the following email address [email protected].
2. Definitions:
   Data Subject: any natural person whose personal data is processed by us or on our behalf.
   Personal Data: any information relating to an identified or identifiable natural person, which pertains to the physical, physiological, psychological, emotional or financial status, the cultural or social identity of said natural person.
   Processing: processing of personal data (“processing”), is any operation or set of operations which is performed on personal data such as, indicatively, the collection, record-keeping, storage, alteration, analysis, use, association, restriction, erasure or destruction.
   Transmission: the access to personal data, for example by allowing access, transmission or publication.
   Controller: the legal person which determines the purpose, the content and the procedure of the processing of personal data.
   Processor: the natural or legal person, which processes personal data according to the controller’s instructions.
3. The Data that we process
   With your consent, we process the following personal data that you provide when you interact with the Website and use the services and functions it offers. Said data, which you provide when you submit the communication form, specifically include the name and surname that you indicate, your communication details, as well as the wording that you fill out in the communication form and constitutes a request for information, an opinion, a rating or anything else you wish to communicate. In order to satisfy the requests that you submit via the communication form and/or offer you updates, in general or regarding undesirable actions, it is necessary to consent to the processing of the data, which is indicated with an asterisk (*). Without said mandatory data or your consent we are unable to proceed further. On the contrary, the information required in fields without an asterisk indication () as well as your consent to receive updates, are optional and therefore, if you don’t provide them, there is no consequence. In any event, even without your prior consent, the Controller may process your data, in order to comply with its legal obligations, under law, regulations and the EU legislation, to exercise its own lawful interests and, in any occasion, pursuant to articles 6 and 9 of the GDPR, as the case may be. The processing is performed by means of computers as well as hard copies and always entails the implementation of security measures pursuant to the legislation in force.
4. Why and how we process your data:
   The data is processed for the following purposes: (i) to handle the requests that you submit via the “Communication Form” and the ‘’Booking Form’’. The legal basis for the data processing for this purpose is your consent and the performance of the contract or obligation respectively (article 6 par. 1 (a) and article 9 par. 2(a) of the GDPR and article 9 par. 2(b) of the GDPR);(ii) to handle the reports for undesirable actions that are submitted via the Website or the Forms. The legal basis for the data processing for these purposes is your consent (article 6 par. 1 (a) and article 9 par. 2 (a) of the GDPR) as well as any public interest (article 9 par. 2 (i) of the GDPR) and legal obligation. Moreover, but only upon your optional consent, which is the legal basis for the data processing pursuant to article 6 par. 1 (a) of the GDPR;(iii) in order to receive advertising material (direct marketing) from us – newsletters. With regard to the email updates, you may remove yourself from the relevant list of recipients at any time, by following the instructions contained in every communication. Should you opt to be deleted from a service or communication, we will try to erase your data as soon as possible; nevertheless, certain time and/or information may be required, prior to processing your request. You provide your consent to the processing of your data for these purposes by choosing the appropriate fields in the communication form. In any event, your data may be subject to process, even without your consent, in order to comply with laws, regulations and the EU legislation (article 6 par. 1 (c) of the GDPR) and in order to receive statistical data pertaining to the Website’s use and its proper operation (article 6 par. 1 (f) of the GDPR). The personal data is entered in our information system in full compliance with the data protection legislation, and their processing is based on the principles of proper practice, legitimacy and transparency. Data are stored for as long as it is absolutely necessary, in order to attain the purposes, for which the personal data are processed. In any event, the criteria to determine said period is based on complying with the time limits provided by law and the principles of data minimization, storage limitation and rational processing of the records. All data shall be subject to processing in hard copies or via automated means; in any case the appropriate level of security and confidentiality will be ensured.
5. Principles applied during processing: 
   We may process your personal data, in order to provide personalized services, pursuant to article 6 par. 1 (b) of GDPR and the national legislation that implements it. Your personal data are not used for other purposes apart from those described herein, unless we receive your prior consent or if required or allowed by law. Personal data should be processed in a manner compatible to the purpose for which they are collected. The principle of proportionality is applied during the processing of personal data; amongst others, said principle creates the obligation to not purposelessly collect personal data. Personal data,which are used, should be precise and updated. Personal data, which are used and are no longer precise and comprehensive, should be revised or deleted. With the exception of cases where there is a legal obligation to retain them for a longer period of time, personal data should not be stored longer than required for the purposes for which they were collected or processed. The processing of personal data should be performed in good faith, i.e. the data subjects should be confident that the controllers will demonstrate the proper attention in all data processing cases. The data subjects shall be informed accordingly, if they request it. More specifically, they have the right to be informed on the purposes, for which their data is processed, the nature of the data concerned, as well as the identity of the data recipients. When deemed necessary, the data subjects also have the right to request the correction, non-transmission or erasure of their data. The aforementioned rights may be limited only if said limitation is provided by law. This applies, specifically, in the event of a scientific research. More specifically, personal data is protected against an unauthorized disclosure and any illegal processing. The measures, which are implemented, safeguard a security level equivalent to the nature of the data that need to be protected and the dangers that may arise during their processing. Our employees and associates, who are engaged in the personal data processing, are informed and trained accordingly. The procedure for the personal data processing by third parties following an agreement, shall be defined in writing, having ensured that said third parties shall process the personal data in a secure manner and shall comply with the principles of this Policy and the GDPR. If we conclude that the third parties are unable to secure a satisfactory level of protection of the personal data, we shall terminate our cooperation with them.
6. Persons with access to data:
   The data are processed via electronic means or manually, according to the procedures and practices related to the above mentioned purposes, and are accessible by the Controller’s personnel, which is authorized to process the Personal Data, and their supervisors and, more specifically, employees of the following categories: technical personnel, Information and Networks Security personnel and administrative personnel, as well as other members of the personnel that are required to process data while performing their duties. Any personal data that you submit to the website www.mona-athens.com, are kept exclusively for purposes pertaining to your transactions with us, the improvement of our services and the safe keeping of the operation of the relevant service and may not be used by any third party (with the exception of any competent authorities, if provided by law). The Data may also be communicated to non – EU countries (“Third Countries”): (i) to institutional bodies, authorities, public agencies, for institutional purposes; (ii) to professionals, independent advisors – whether acting individually or collectively – and other third parties and providers that offer to the Controller commercial, professional or technical services required for the Website’s operation (e.g. IT and Cloud Computing Services), for the purposes mentioned herein above and the support of the Company in providing its services. The aforesaid recipients receive only the necessary data for their relevant operations and duly perform their processing exclusively for the purposes mentioned above and according to the data protection legislation. The Data may also be communicated to other lawful recipients, determined from time to time by the legislation in force. With the exception of the foregoing, the Data shall not be communicated to third parties, natural persons or legal entities that perform duties of commercial, professional or technical nature for the Controller and shall not be disseminated. The persons that receive the data shall process them, depending on the occasion, as Controllers, Processors or persons authorized to process the data for the aforementioned purposes and pursuant to the legislation on the data protection in force. With regard to the transfer of data outside the EU, even to countries whose legislation does not guarantee the same level of protection of the personal data privacy as the one offered under the EU laws, the Controller informs that the transfer shall be performed in all instances according to the methods allowed under the GDPR, for example based on the user’s consent, the standardized contractual clauses, which have been approved by the European Commission, by selecting counter parties that participate in international programs for the free movement of data (e.g. EU – USA Privacy Shield) or which are implemented in countries that are considered safe by the European Commission.
7. Your rights:
   If you wish, you may at any time request to exercise your rights as provided by articles 15-22 of the GDPR, to be informed regarding your personal data that we retain, their recipients, the purpose of their retention and processing, as well as their amendment, rectification or erasure, by sending a relevant email to the email addresses mentioned above, from the email address that you have indicated, and filling out the application, which the beneficiary may provide to you, with an attached copy of your ID. Moreover, you have the right to review your personal data that we retain and, in general, to exercise any right under the legislation for the protection of personal data. The personal data that you communicate to the owner of the website via “www.mona-athens.com”, by submitting the communication form, are collected and are used and processed, pursuant to the provisions of the new General Data Protection Regulation in force, on the protection of personal data (GDPR (EU) 2016/679). More specifically, you have the following rights: The right to be informed regarding your personal data: Following a relevant request, we will provide you with information relating to your personal data, which were retained. The right to have your personal data rectified and completed: If you notify us accordingly, we shall rectify any inaccurate personal data concerning you. We shall complete any incomplete personal data, if you notify us accordingly, provided that said data are necessary for the processing purposes. The right to have your personal data erased: Following a relevant request, we shall erase your personal data, which we retain. Nevertheless, certain data shall be erased only after a defined retention period, for example because in certain occasions we have a legal obligation to retain the data or because the data are necessary in order to fulfill our contractual obligations towards you. The right to restrict the processing of your personal data: In certain occasions provided by law, we shall restrict the processing of your data, if you request it. Additional processing of restricted data is only performed to a very limited extent. The right to withdraw your consent: You may at any time withdraw your consent for the future processing of your personal data. The lawfulness of processing of your data remains unaffected, until you withdraw your consent. The right to object to the processing of your data: You may at any time object to the future processing of your personal data, if we process your data on the basis of any of the legal reasons of article 6(1) point (e) or (f) of the GDPR. If you object, we shall cease to process your data, provided that there are no legitimate grounds to further process them.
8. Security of Personal Data:
   “AUM MONA Greece P.C.” implements specific procedures of technical and organizational security, in order to protect personal data and information against loss, misuse, alteration or destruction. Our associates that offer us support pertaining to the operation of this website also comply with these provisions. “AUM MONA Greece P.C.” shall make any reasonable effort to retain the collected personal data only for as long as it is required for the purposes for which they were collected or until it is requested to erase them (if that occurs first), unless they are retained as provided by law.
9. Hyperlinks to other websites:
   The website www.mona-athens.com may contain hyperlinks to other websites, which are governed by other statements and policies for the protection and privacy of personal data, the content of which may differ from the present Policy. Please study the privacy policy of any website that you visit prior to submitting any personal data. Although we try to offer hyperlinks only to websites that share our high standards and respect to your privacy, we are not responsible for the content, the security or the privacy practices applied by other websites.
10. Third party services.
    In order to provide, improve, promote and protect our services, we may need to use third party services. These third parties may access, process or store information to perform tasks solely for the purpose we have authorized them. We require them to provide at least the same level of security for your data as we do, as described in our Privacy Policy. Personal data may be disclosed to third party service providers who assist in our business operations, always under conditions that fully ensure that your personal information is not being unlawfully used.
11. Policy Reviews:
    We reserve the right to amend or review this Policy, in our absolute discretion. In the event of any changes, the date of the amendment or review shall be recorded in the Policy and its updated version shall be effective vis-à-vis you henceforth. We encourage you to periodically read this Statement, in order to examine whether there are any changes regarding the way we process your personal data. The present Policy constitutes a Statement of Compliance with the provisions of Regulation (EU) 2016/679 and the national law that implements it. – March 2022