Privacy Policy

Introduction – Data Controller

This website is owned by Cloudblue, Mykonos, hereinafter referred to as “Company” or just “we” or “us”.

Phone: +30 2890 22014

Email: info@cloudblue.gr

We take the protection of your personal data very seriously. For this reason, we’ve created this policy to provide you with adequate information regarding the processing of your data by our Company.

To provide you with our services while also complying with our legal obligations, we process information concerning the Website visitors, which may lead, directly or indirectly, to their identification. According to the respective legal framework, some of this information is “personal data”. At the same time, you, the visitors or members, are characterized as “data subjects”, and we, the Company, are the “controllers” of your data.

The purpose of this policy is to explain:

• Which personal data we process;
• What the goals are and the legal basis is for our processing;
• Who the recipients are of your data;
• How long we store your data;
• What are your rights regarding your data, and how can you exercise them.

Our basic principles for processing your data

We are committed to ensuring that your personal data will be processed in a fair and transparent manner, according to the legal framework, particularly the General Data Protection Regulation (GDPR). In plain terms, this means that:

• We process your data only for specified, explicit and legitimate purposes (purpose limitation)
• We process only data that is adequate, relevant and limited to what is necessary to the purposes set (data minimization)
• We make every effort to ensure that your data is accurate (accuracy)
• We keep your data in a form that permits your identification for no longer than is necessary for the purposes set (storage limitation).
• We make every effort to ensure the security of your data (integrity and confidentiality).

To ensure the protection of your data, the Company takes all appropriate technical and organizational measures, trains its staff and uses technologies that provide the security of your data (for example, SSL certificate, encryption, certified hosting providers). We monitor the security measures regularly, and if deemed necessary, we update them with the best new practices.

What data we can process and under which conditions

We process your data through the website only when you actively provide it to us, e.g., by filling out a contact form.

This does not apply to your data automatically collected while visiting the website or/and through cookies or similar technologies (check our cookies policy).

Α. Information we obtain automatically.

When you visit our website, your IP address, alongside other information, such as the date and time of your visit, the browser type and the operating system you use, is recorded by our server.

Although we cannot identify you by this information, it is considered personal data under the GDPR. The processing of this data is based on our legitimate interest, given that it is technically necessary for running the website as well as for protecting the networks, the information and the services against unforeseeable circumstances or illegal and malicious actions that compromise the availability, authenticity and confidentiality of stored or transmitted data (e.g. control of denial of service attacks), without entailing severe risks for your rights and liberties.

Β. Information you provide to us.

We process the personal data provided by you in the following cases:

1. Contact the Company via contact form/email

When you contact us via contact form/email, we process your:

• Full name

• Email address

• Phone number

• Title

Important note: Your message should include only the necessary information related to your request and not you or a third person’s personal data.

Purpose and legal basis

We process this data to be able to contact you in response to your message. Sending an email or submitting a form does not make you our client. However, it might show intention to enter into a contract.

We process your data based on your consent (Article 6 (1) (a) GDPR), which you have the right to withdraw at any time, and you can also request the deletion of your data. If you withdraw your consent, the lawfulness of the processing already carried out will not be affected. Your withdrawal prevents us from communicating with you in the future.

Important Note: The obligation to submit accurate data falls upon the person who provides the data. Find out your right to rectify your inaccurate data by reading the policy section regarding your rights.

2. Newsletter

To send you our newsletter, we process your:

• Email address

Purpose and legal basis

We process this data to be able to send you our news and updates.

We process your data based on your consent (Article 6 (1) (a) GDPR), which you have the right to withdraw at any time, and you can also request the deletion of your data. If you withdraw your consent, the lawfulness of the processing already carried out will not be affected. Your withdrawal prevents us from communicating with you in the future.

Who has access to your data.

Typically, access is permitted to authorized members of the Company staff, who process your data strictly confidentially, and only to the extent and in the context of the purposes, you have already been informed about.

Furthermore, we share some of your data with other companies to provide our services to you. These companies (called processors under the GDPR) process your data only for the purposes mentioned above and only on behalf and for the Company, except for any legal obligations. During the transfer of your data, the Company takes all appropriate technical and organizational measures to ensure the best possible level of security.

Respect for the rules regarding the security of the processing of your data is one of the most important criteria when choosing our partners. In addition, our partners are contractually bound to provide the necessary safeguards and take all appropriate technical and organizational measures to be lawful and to ensure the protection of your data and rights.

These companies provide us with various services, such as web hosting, marketing, and others. If you want to find out more information about the recipients of your data, feel free to contact us at info@cloudblue.gr.

Where and for how long we store your data.

Your data is stored on our servers and hosted in a data center located in the EU. The data is stored strictly for a time considered necessary for each processing purpose.

For example, we store your data for 6 months after your last message if you contact us.

What rights you have as data subjects, and how you exercise them.

Under the current legal framework, you have a set of rights regarding the processing of your rights by the Company. In particular, you have the right:

1. To submit a request to the Company to be informed whether we process data and, if so, what types of data (right of access).
2. To request the rectification of the data (right to rectification).
3. To request, under conditions, the deletion of the data (right to erase).
4. To request, under conditions, the restriction of the data processing (right to the restriction of processing).
5. To object, under conditions, to the processing of your data by us (right to object), mainly regarding the processing relating to marketing purposes (e.g. newsletter).
6. To request the data you have provided to us in a structured, commonly used, and machine-readable format (right to data portability), as long as it is technically feasible.
7. In case of a data breach, which is likely to result in a high risk to your rights and freedoms and as long as it does not fall under any of the exceptions provided in the General Data Protection Regulation, the Company must communicate the breach to you without undue delay.

Compliance with the legal framework regarding the processing of personal data and, in this context, the exercise of your rights is our top priority. Therefore, we have the right to request additional information, which is considered necessary for your identification confirmation before exercising your rights.

In principle, the Company has an obligation to respond to your request promptly and within one month. If deemed necessary, taking into account the complexity of the request and the number of the requests, that period may be extended by two additional months. We will inform you as soon as possible, and within one month after submitting your request, concerning the progress made and the reason for any possible delay in dealing with it.

In case your requests are manifestly unfounded or excessive, in particular, because of their repetitive character, the Company may either charge a reasonable fee considering the administrative costs of providing the information or communication or taking action requested, or refuse to act on the request.

In case you consider that we do not comply with the personal data protection laws, you have the right to complain to the Hellenic Data Protection Authority (www.dpa.gr).

For any questions or issues concerning your rights, we should always feel free to contact us at info@cloudblue.gr

Hyperlinks

Within our website, you can find hyperlinks that allow you to access third-party websites. These links have the sole purpose of facilitating your surfing of the Web, and they do not show, in any way, our endorsement or approval of their content.

Accessing these websites through hyperlinks on our website is your sole responsibility, and we encourage you to read each website’s privacy policy carefully.

Minors

The Company directs its services exclusively to individuals over 18 years of age. When a request to the Company is submitted, the user/visitor is presumed to be over 18 years of age. If they are under 18, they are presumed to have obtained the necessary consent from the person having parental responsibility. It is also presumed that said person’s information will be provided if requested by the Company.

Since it is not technically feasible to effectively control the age of the visitors/users of the Site, we are committed to deleting all relevant information if the submission of personal data relating to minors is reported. This deletion is without prejudice to the need to keep the data in the event of the provision of grounds for, exercise or support of our legal claims or the fulfilment of a legal obligation.

Changes in policy and updates

This policy may be changed at any time and without prior notice. Guided by the principle of transparency, we are committed to notifying you of any major changes in our policy. In any case, however, you should periodically review our policy since the use of our services implies acceptance of its terms by you.