1.0 Scope of the Privacy Notice
The Company “NOBL Events” (hereinafter the “Company”) based in Athens, 28 Amarousiou Av. Neo Iraklio, 14 123 Greece, including any of its subsidiaries or branch offices, in its capacity as Controller, collects and processes your personal data only if strictly necessary, for clear and legitimate purposes, under Regulation (EU) 2016/679, Cypriot Law 125(I)/2018 and Law 112(I)/2004, as applicable during the operation of its website https://nobl-events.com (hereinafter referred to as the ‘Website’) on the processing of their personal data.
1.1 Useful Data Privacy Terms
For the purposes of this, the following terms are important to be defined:
- personal data: any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified in particular by reference to an identifier such as a name, an identification number, location data, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
- personal data of special categories or sensitive personal data: personal information that reveal racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership and genetic data, biometric data which allows to uniquely identify a natural person, health data and/or data regarding sexual orientation. We may collect such data only if you voluntarily provide us, or when we ask you to do so and you provide us your explicit consent.
- minors’ data: personal data of persons under the age of 18; We do not seek or obtain personal data directly from minors, instead we endeavor to collect such data from their legal guardian and when necessary, we obtain relevant consent, as it is analyzed hereinafter. However, as it is impossible to always determine the age of persons who access and use our websites, we encourage parents or guardians to contact us if they notice any case of unauthorized data provision by minors in order to exercise accordingly their rights such as deletion of their data.
- processing: any operation performed on personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
- controller: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data;
- processor: a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
- recipient: a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;
- third party: a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;
- consent of the data subject: any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he/she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him/her;
- personal data breach: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed;
- Regulatory Framework: The relevant national and EU data protection regulatory framework, namely the Regulation (EU) 2016/679 (hereinafter referred to as the ‘GDPR’); Law 125(I)/2018, Law 112(I)/2004, the jurisprudence of the Court of Justice of the European Union (hereinafter referred to as the CJEU) as well as the Decisions, Directives and Opinions of the European Data Protection Board (hereinafter referred to as the ‘EDPB’) and the Office of the Commissioner for Personal Data Protection (hereinafter referred to as the ‘Commissioner’).
2.0 Data Collected by the Company through the Website https://nobl-events.com
When browsing and using the site, the following are collected and processed:
|Direct communication of the users with our Company
|Article 6 (1)(f) – Provision of an easy and direct way of communication with the users
|One (1) Year
We do not perform automated decision-making processing, including profiling.
2.2 Data Collected Automatically
2.3 Collection and Further processing of Minors Personal Data
In principle, the Company does not collect or further process data of minors directly or indirectly (i.e. persons who have not reached the age of 18). However, since it is impossible to cross-check and verify the age of persons entering or using the Company’s site, it is recommended that parents and guardians of minors contact the Company immediately if they find any unauthorized disclosure of data on behalf of the minors for whom they are responsible, in order to exercise respectively the rights granted to them, such as the deletion of their data. In case Vicky Shawe Ltd realizes that it has collected personal data of a minor, the Company commits to delete them immediately and take every necessary measure for the protection of the minor’s data.
3.0 Transfer of Personal Data outside the EEA.
In principle, the Company does not transmit your personal data to third countries. In case of transfer of your personal data to a country outside the European Economic Area (EEA), the Company carries out this transfer under Chapter II of the Regulation in conjunction with:
- Adequacy Decision of the European Commission (Article 45 GDPR) or
- Appropriate safeguards in accordance with the GDPR for the transmission of such data (Article 46 GDPR).
- Finally, for occasional processing, the transfer is based on one of the exceptions provided for in Article 49 of the GDPR. (e.g. the explicit consent of the user and its information on the risks involved in the transfer, the transfer is necessary for the performance of a contract at the request of the subject, there are reasons in the public interest, necessary to support legal claims and vital interests of the data subject, etc.).
4.0 Retention Period
The personal data of the data subjects are collected and retained for a predetermined and limited period, depending on the purpose of processing, after which the data are deleted from our records.
Where the processing is imposed as an obligation by provisions of the applicable legal framework or a specific retention period is foreseen, your personal data will be stored for as long as the relevant provisions require.
The personal data of data subjects collected and processed for the performance of a contract shall be kept for as long as necessary for the performance of the contract and for the establishment, exercise, and/or support of legal claims based on the contract.
The personal data of the subjects that are processed for marketing purposes with the consent of the subjects (e.g. data from the subscription to the Newsletter) are kept until the revocation of the consent, without this revocation affecting the lawfulness of the processing until then.
In the event of a breach incident, the Company applies a specific Privacy Breach Incident Management Policy. If you become aware or suspect that a personal data breach may/has occurred, please inform the Company without delay either at the e-mail address email@example.com.
The Company ensures that it can respond directly to the requests of the subjects, for the exercise of their rights in accordance with the Regulatory Framework. More specifically, every data subject has the following rights:
|Restriction of Processing
In addition, he can request the portability/transmission of his personal data either to himself or to third parties and to withdraw at any time his consent he gave for the processing of his personal data, without such withdrawal affecting the legality of the processing until then.
Furthermore, the data subject is entitled to object to the processing of his personal data by the Company.
In case of exercise of any of the above rights, the Company will respond immediately [in any case within thirty (30) days of the submission of the request], informing you in writing of the progress of its satisfaction.
For any complaint you may make regarding this information note or privacy issues, if we do not meet your request, you may contact the Cypriot Office of the Commissioner for Personal Data Protection via the following link: https://www.dataprotection.gov.cy/.
7.0 Data Protection Issues
For the exercise of all the above rights, as well as for any matter relating to the processing of your personal data by the Company, you can contact us by e-mail firstname.lastname@example.org.
8.0 Disclaimer for Third Party Sites-Social Media Buttons
On this Site social media buttons are used – Social media widgets (e.g. Facebook, Instagram, Pinterest, YouTube, Twitter) using which, after the user logs on to the social network, creates a special digital footprint, for which both the Company and the social network itself act as joint controllers.
For the Company, the purpose of the processing is to improve the functionality of the website and the services provided as well as to analyze its traffic.Legal basis for the processing is the fulfilment of the Company’s legitimate interest in linking its services with new technologies (GDPR Article 6(1)(f)).
The Company does not control or is responsible for any subsequent processing carried out on them by the Joint Managers.
For more information about data processing policy and options for setting up these networks, you can visit the following web pages: