The following data protection information will inform you about the nature and scope of the collection and processing of your personal data. The Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR) serves in particular as the legal foundation for data protection.
1. Overview and Responsible Legal person
THE SMILING HIPPO, located in Attiki, Chalandri, Agiou Georgiou 54 Street, Tax Reg. No 800366626, email [email protected], hereinafter referred to as "The Smiling Hippo" shall be deemed as the responsible legal person for collecting, storing and processing of your personal data, that could be collected, retained and being processed through this website
The Smiling Hippo as a processor is responsible for processing your personal data that relates to our activities. The purpose of this Privacy Notice is to let you know what kind of personal data we use when you are a Visitor or a possible customer or an employee of a customer-company or a representative of a customer-company, for the reasons we use and share this data, for the length of time that we keep it and for the ways you can exercise your rights pertaining to your data. The protection of your personal data is important for The Smiling Hippo. Definitions (In accordance with Article 4 of the Regulation (EU) 2016/679 ):
- 'personal data' means any information relating to an identified or identifiable natural person ('data subject'),
- 'processing' means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction,
- 'controller' means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data,
- 'processor' means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller,
- 'consent' of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her,
2. Purpose of data processing / legal basis
The personal data are data referring to individuals. By interacting with you and fielding your customer query we may collect and process the information you provide to us, such as personal details (Name, Surname, Age), Email address etc. The Smiling Hippo as the controller ensures that only those personal data of yours are processed which are necessary for each specific purpose following your prior notification and consent.
We collect your data because this is necessary to perform our contract with you or to act upon your request prior to the conclusion of a contract or during the performance of the contract and for purposes that serve the legitimate interests of THE SMILING HIPPO as a data controller.
In relation to the information that we collect about you, you are entitled under certain conditions to withdraw your consent to our processing of or retaining your information, which you can do free of charge at any time with immediate effect. In that case you could inform us for that request of yours either by sending us an email or by post to the address that is mentioned at paragraph 13 of this Policy.
3.Your rights as "Data objects"
3.1 Besides the right to revoke the consent you have given us, you have the following further rights if the respective legal requirements are met:
- The Right of access by the data subject
- The Right to request rectification of incorrect data or completion of incomplete data
- The Right to erasure ("right to be forgotten") (you may request deletion of your personal data)
- The Right to restriction of processing of your data
- The Right to data portability
- The Right to object to the processing of your personal data
3.2. The right to obtain access to your personal data (i.e. the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, where that is the case, access to the personal data). This information can include in particular:
- The purposes for which the personal data are processed;
- The categories of personal data that are processed;
- The recipients or the categories of recipients to whom the personal data concerned have been disclosed or are still being disclosed;
- The duration of storage of the personal data concerning you or, if specific details of this are not possible, criteria for the specification of the retention period;
- The existence of a right of rectification or deletion of personal data concerning you or of a restriction on processing by the data controller or of a right to object to such processing;
- The existence of a right of appeal to a supervisory authority;
- All available information about the origin of the data, if the personal data was not collected from the person concerned;
- The existence of an automated decision-making process, including profiling. In these cases, at the least, receiving meaningful information about the logic involved as well as the scope and desired impact of such processing for the person concerned.
If personal data is transferred to a third country or to an international organization, you have the right to be informed about the appropriate safeguards in relation to that transfer.
3.3. Right to rectification
You have the right to seek the immediate rectification by us of inaccuracies in your personal data. Taking into account the purposes of the processing, you have the right to request the completion of incomplete personal data and add newly available supplementary information.
3.4. Right to deletion
You have the right to request from us that personal data concerning yourself is immediately deleted, if one of the following grounds applies:
- The personal data are no longer necessary for the purposes for which they have been collected or have been processed in any other way,
- You revoke your consent, which supported the processing originally, and there is no other legal basis for processing,
- You object to the processing where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes,
- Your personal data has been unlawfully processed,
- The deletion of the personal data is necessary for the fulfilment of a legal obligation,
- The personal data has been collected in relation to services offered by information society services as referred to in Article 8 paragraph 1 GDPR
Where we have made the personal data public and are obliged to erase it, we will take appropriate measures taking into account the available technology and the costs of implementation, in order to inform the third parties who are processing your data that you also request from them that they erase all links to the personal data and copies or replications of those personal data.
3.5. Right to restriction of processing
You have the right to obtain from us a restriction of the processing, if one of the following requirements exist:
- The accuracy of the personal data is contested by you.
- The processing is unlawful and you oppose the erasure of your personal data and request the restriction of their use instead.
- The controller no longer requires the personal data for the purposes of the processing, but the person concerned requires them in order to establish, exercise or defend legal claims or
- You have raised an objection to the processing, pending the verification whether the legitimate grounds of the controller override those of you as the "data subject".
3.6. Right to data portability
You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format, and have the right to transmit those data to another controller without delay, where:
- The processing is based on consent or on a contract and
- The processing is carried out by automated means.
When exercising your right to data portability, you have the right to ensure that the personal data is transferred directly by us to another data controller, insofar as this is technically feasible
3.7. Right to object (Article 21 of Regulation (EU) 2016/679)
In certain circumstances, you may object to data processing for reasons arising from your particular situation.
The above general right of objection applies to all processing purposes described in the data protection regulation, which are processed on the basis of legitimate interests.
Unlike the special right to object towards data processing for advertising purposes, we are only obliged by the Regulation (EU) 2016/679 to implement such a general objection, if you give us reasons of paramount importance for this, e.g. a possible risk to life or health.
Furthermore, there is the possibility to contact Hellenic Data Protection Authority (1-3 Kifisias Avenue, 11523 Athens, Greece, Tel: +30 2106475600, Email: [email protected]) or our Company.
4. How long we will keep your personal data
The Smiling Hippo will store documents as long as required for fulfilling the legitimate purpose on which those data were given to us taking under consideration the time limit specifications of the European and National legislation.
CVs collected by the THE SMILING HIPPO are stored for one year and are then destroyed in line with one of the available legal destruction means.
5. Who has access to your personal data
THE SMILING HIPPO does not share your information with others. It might be lawful to do so in the following situations. Third parties that we may share your information with include: (a) any of our sub-contractors, agents, or service providers (including employees, sub-contractors, directors and officers). We might also share your information when we have asked you for your permission to share it, and you have agreed.
6. How we keep your information secure
We use a range of measures to keep your information safe and secure which may include encryption, firewalls, back-ups and other forms of security. We constantly improve those measures in order to ensure the protection of your personal data.
7. More details about your information
If you would like further information on this Privacy Notice or your rights concerning the processing of your personal data, please contact us at: [email protected]
9. Right to complain to the Data Authority
You also have the right to lodge a complaint to the Hellenic Data Protection Authority (1-3 Kifisias Avenue, 11523 Athens, Greece, Tel: +30 2106475600, Email: [email protected]).
10. Links to other websites (hyperlinks)
11. Changes to this privacy notice
12. Children's privacy
The Smiling Hippo does not address underage persons. In the case that a child is accessing this website then we assume that the prior consent of its parents or guardians has been acquired.
13. Party Responsible for Article 4, paragraph 7 of Regulation (EU) 2016/679 (GDPR)
The party responsible for data processing in relation to Article 4, paragraph 7 of the Regulation is:
THE SMILING HIPPO S.A.
Agiou Georgiou 54 Street, Chalandri, Attiki
POSTAL CODE 15234
E-Mail: [email protected]