Information on the Processing of Personal Data

Introduction

We would like to assure you that for Mantis Informatics S.A., the protection of our customers' personal data is of paramount importance. That is why we are taking appropriate steps to protect the personal data we process and to ensure that the processing of personal data is always carried out in accordance with the obligations laid down by the legal framework, both by the company itself and by third parties who process personal data on behalf of the company.

Data Controller – Data Protection Officer (DPO)

Mantis Informatics S.A. having its registered office at Chalandri: 6, Vyronos st., 152 31 Athens, Greece, E-mail: info@mantis.email, Telephone: +30 210 6475600, Website: https://www.mantis.group/, informs that, in the context of its business activities, it processes personal data of its customers in accordance with the applicable national legislation and the European Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation, hereinafter referred to as the "Regulation") as it is currently in force.

For any matter concerning the processing of personal data, please contact the Data Protection Officer directly (DPO): Mr. Dimitris Foukas, E-mail: dpo@mantis.email, Phone number: +30 210 6728190.

Which are the categories of personal data we process ?

Your personal data we collect, and process are absolutely necessary and appropriate for the achievement of our business purposes. The personal data collected to achieve these purposes are divided into two categories:

(A) Personal data you provide us, such as:

  • Identification Data (name, surname, date and place of birth, signature, ID or passport information, ID number, VAT number, Tax Office, Social security number),
  • Contact details (postal address, landline or mobile phone number, email address, fax number),
  • Additional information, such as profession and position.
     
    Please note that the data relating to your identification as well as your contact details are absolutely necessary for any transaction or contractual relationship with the company and that the type and number of other data depend in each case on the contract which either has been or will be concluded, and /or on the offered product or service.
     
    We hereby inform you that it is your duty to inform the company on time of any changes to the data you have submitted at your own initiative, as well as to respond to any update request.

(Β) Personal data that the company collects for you from other sources, such as:

  • Data from the use of electronic and/or digital products and services of the company, e.g. cookies, IP addresses, or other identifying information, in accordance with the company's specific terms of use,
  • Companies' data published on the Greek Government Gazette ("FEK") and the General Commercial Registry
  • Data relating to you that are publicly accessible either electronically or otherwise.

The personal data processed by the company are stored in a hard copy and/or soft/magnetic copy.

How and why do we process your personal data ?

We need your data we collect for the following reasons:

  • To provide you our products and services, to perform our contract and in general to fulfill our obligations towards you
    We collect your personal data in order to provide you our products and services after the conclusion of the relevant contract. In order to conclude a contact with you and in general to fulfill our obligations towards you, we need your identification and contact details.
  • To communicate with you and manage our relationship with you
    We may need to contact you via email or phone for management purposes, such as to handle your complaints and provide you our customer services.
  • To improve our services and protect our business interests
    We may use your information to improve the services we provide to you and to meet your expectations.
  • To inform you about our products, services and offers
    Provided that you have consented to this (B2C) or this is justified by our legitimate interest (B2B) we will send you newsletters about our products, services and offers.
  • To comply with our legal obligations
    We process your personal data in order to comply with our legal obligations, and in particular with labor, insurance and tax legislation, judgements, governmental regulations or decisions. We also process your personal data in order to investigate complaints, identify and prevent fraud, evaluate the accuracy of pricing and assess situations relating to possible threats to the security of any person or violations of our policies or terms.
  • To safeguard our legitimate interests and protect individuals, materials and facilities

Which are the legitimate grounds for processing your personal data ?

We process the personal data you provide us only when we have a legitimate interest to do so.

Legal grounds for processing your personal data are:

  • (a) the need to process your data as part of our contractual obligation or at the pre-contractual stage upon your request to provide you our products and services,
  • (b) the safeguarding and the protection of our legitimate interests, which may include the security of individuals, materials and facilities, network security and the operation of the company's information systems and their protection against malware, IT support, the establishment, exercise and defense of our legal claims as well as the overall organization and development of our business activities and marketing carried out at b2b level,
  • (c) compliance with a legal obligation, which may in particular consist of obligations arising from the provisions of labor, tax and social security legislation,
  • (d) the consent you provide us with under the specific conditions set out by the legal framework, for instance in order to receive information on products, services, offers etc.

To whom do we transfer personal data ?

Mantis Informatic S.A. transfers your personal data to the following categories of recipients:

  • Affiliated subsidiaries of the Group
     
    The company may transfer data to Mantis Group subsidiaries operating in countries other than Greece for customer service purposes or in order to manage a contractual relationship with customers, suppliers and partners or in order to comply with legal obligations.
     
    The company ensures that the processors engaged fulfill the requirements and provide sufficient guarantees to implement appropriate technical and organizational measures in such a manner that processing will ensure the protection of your rights.
  • Company' s employees
     
    Your data may be transferred to company's employees who are in charge of assessing your claims, managing and performing your contract(s) with the company, meeting the obligations arising from the contract (s) and the obligations imposed by law.
     
    Your personal data are dealt with the highest degree of confidentiality, as those employees who process your personal data have a sufficient and significant level of awareness to protect them and are bound by a confidentiality clause or are subject to the appropriate regulatory obligation to observe the confidentiality clause.
  • State Authorities, law enforcement authorities in the exercise of their duties
     
    We may share your information with the competent state authorities, law enforcement authorities and third parties, as long as this is permitted by law, in order to identify or prevent criminal acts, unlawful activities and situations relating to potential security threats of any person or violation of our policies or terms.
  • External partners, legal consultants, accountants, auditors, insurers, etc.
     
    The company, in the course of managing court proceedings and for the purposes of establishing, exercising and defending its legal claims against third parties, may transfer your data to external lawyers in the event that their assistance is deemed necessary for the management of the case and the defense of the company's rights. In addition, our company cooperates with accountants, auditors, insurers and other third parties to whom it assigns the processing of personal data on its behalf.
     
    In the above cases, the company remains data controller and defines the specific elements of the processing. It also signs a contract with the third parties to whom it assigns the data processing, in order to ensure that the processing is always carried out in accordance with the current legal framework and that any natural person can freely and without hindrance exercise the rights conferred on him/her by the legal framework.
  • Third cooperating companies
     
    Furthermore, the company may also transfer your personal data to third cooperating companies for the purpose of sending newsletters about products, services and offers.
     
    The company ensures that the processors it engages fulfill the requirements and provide sufficient guarantees to implement appropriate technical and organizational measures in such a manner that processing will ensure the protection of your rights.

Transfer of your personal data to third countries

Your personal data may be transferred and stored in locations outside the European Union (EEA) or the European Economic Area (EEA), including countries which may not have the same level of protection of personal information. The grounds on which personal data are transferred may be the appropriate safeguards for the data subjects, such as an adequacy decision of the European Commission or standard data-protection clauses as approved by the European Commission and as in force. In the absence of the above, the transfer shall be based on a specific derogation in accordance with the requirements of the Regulation, such as the company's need to transfer personal data in order to perform a contract with the data subject or the latter's consent. In addition, transfer may be based on the establishment, exercise or defense of our legal claims. Transfer may also be required by a judgement or decision of an administrative authority or on an international agreement or it may be based, by way of derogation, on legitimate interests of the company. We ensure that in any case there is an adequate level of protection and that the transfer is lawful.

Storage Time

The data storage time is decided on the basis of the following specific criteria, as appropriate on each case:

When the processing is necessary for compliance with legal obligations under the applicable legal framework, your personal data will be stored for as long as required by the relevant provisions.

When the processing is based on a contractual relationship, your personal data are stored for as long as is necessary to perform the contract and for the establishment, exercise or defense of legal claims in accordance with the contract.

For marketing purposes, your personal data are stored until their withdrawal. You have the right to withdraw your consent at any time. The withdrawal of your consent shall not affect the lawfulness of the processing based on consent before its withdrawal.

What are your rights with respect to your personal data ?

Any natural person whose data are being processed by Mantis Informatics S.A. enjoys the following rights:

  • Right of Access:
    You have the right to be aware and verify the legitimacy of the processing. So, you have the right to access the data and get additional information about how your date are processed.
  • Right to Rectification:
    You have the right to study, correct, update or modify your personal data by contacting the Data Protection Officer (DPO) with the above-mentioned contact details.
  • Right to Erasure ("Right to be forgotten"):
    You have the right to request the erasure of your personal data when we process them based on your consent or in order to protect our legitimate interests. In all other cases (for example, when there is a contract, or an obligation to process personal data required by law or for public interest reasons), this right is subject to specific restrictions or may not apply, depending on the case.
  • Right to Restriction of Processing:
    You have the right to obtain from us restriction on the processing of your personal data where one of the following applies:
    (a) the accuracy of the personal data is contested and until such accuracy is verified;
    (b) you oppose the erasure of your personal data and request (instead of erasure) the restriction of their use;
    (c) personal data are not needed for the purposes of processing, but they are, however, required for the establishment, exercise or defense of legal claims; and
    (d) you object the processing pending the verification whether our legitimate grounds override those of yours.
  • Right to Object:
    You have the right to object at any time the processing of your personal data where, as described above, such processing is necessary for the purposes of legitimate interests we seek as controllers, as well as to the processing for direct marketing purposes, including profiling related to such direct marketing.
  • Right to Data Portability:
    You have the right to receive your personal data free of charge in a format that allows you to access, use, and edit them, using commonly used editing methods. You also have the right to ask us, if technically feasible, to transmit the data directly to another controller. This right concerns the data you have provided to us and their processing is carried out in a commonly used format based on your consent or in order to perform a contract.

Right to withdraw consent

Where processing is based on your consent, you have the right to withdraw it. The withdrawal of your consent shall not affect the lawfulness of the processing based on consent before its withdrawal.

To exercise any of these rights please contact the Data Protection Officer (DPO) of Mantis Informatics S.A. Mr. Dimitris Foukas, at the following contact details: Postal address: 6, Vyronos st., 152 31 Athens, Greece, E-mail: dpo@mantis.email, Phone number: +30 210 6728190.

In all the above cases, we will do our best to respond to your request within thirty (30) days of its submission. This deadline may be extended for up to sixty (60) additional days, if necessary, considering the complexity of the request and the number of requests. Therefore, we will notify you within thirty (30) days.

Right to lodge a complaint with the Hellenic Data Protection Authority

You have the right to file a complaint with the Hellenic Data Protection Authority: Telephone: +30 210 6475600, Fax: +30 210 6475628, E-mail: contact@dpa.gr.

Personal Data Security

Mantis Informatics S.A. implements appropriate technical and organizational measures aimed at the safe processing of personal data and the prevention of accidental loss or destruction and/or unauthorized access to, use, modification or disclosure thereof. In any case, the way in which the internet operates and the fact that it is free to anyone cannot guarantee that unauthorized third parties will never be able to violate the applicable technical and organizational measures by gaining access and possibly using personal data for unauthorized and/or unfair purposes.

Links to other websites

Our website may include links to other websites that are beyond our control, and other websites beyond our control may be linked to this website. While we try to ensure that our website is only linked to websites sharing the same privacy and security criteria, the company is not responsible for the privacy practices or the content of other websites. Therefore, we suggest that you carefully read the privacy policy on the relevant website.

Changes to this Privacy Notice

Information about privacy on our site reflects the current state of the data processing. In case of changes in the data processing, this information will be updated accordingly. There will be always the latest version of this data protection information on our site so that you are informed via our site about the data processing.

We recommend that you always be aware of how we process and protect your personal information. All changes in respect of this Privacy Notice will become known in time, before these changes take effect.

The above information is provided in compliance with the Regulation (EU) 2016/679 of the European Parliament and of the Council as well as with the relevant provisions of the national legislation on the protection of personal data applying the Regulation.