1. General Information
AETHON Engineering Consultants Single-Member P.C., incorporated in Greece, with seat in Athens (Emmanouil Benaki 25 str.) owns, legally operates and manages the web platform hosted on the website https://transitool.com/ (hereinafter referred to as: TT). If you are a TT customer or subscriber (Company, Admin or User - see definitions below, art. 2), or just visiting our website, this policy applies to you.
- Admin: A natural person which is the authorized representative of the Company.
- Company (referred also as: you, your): A legal person that subscribes in TT to use its Services.
- Company Account: TT account relating to Company data.
- Data Subjects: Collectively all persons of whom their personal data are processed by TT.
- Services: All services described in the article 5 of the Terms and Conditions.
- Users: A natural person designated by the Admin to use the Services.
- User Account: TT account relating to User's data.
3. Our Responsibilities
Moreover, the Company is fully aware and compliant with the General Data Protection Regulation (EU) 2016/679 (GDPR) and with the national regulatory framework for the protection of personal data, as well as any act (guideline, decision, directive, opinion, etc.) issued by the relevant Data Protection Authorities and any other relevant EU entities. The Company shall not perform its obligations in relation to the personal data in such a way as to cause TT to breach any of its obligations under applicable privacy legislation.
4. When and how we collect data
From the first moment you interact with TT, personal data are collected. This is how TT processes your data:
- During your subscription in TT, personal data are necessary in order to provide the agreed Services to the Company.
- While providing the Route Matching Service (with Static Data). TT may process passenger's or other person's information collected by the Company, under the precondition the passengers' data have been obtained lawfully according to the General Data Protection Regulation (EU) 2016/679 (GDPR) and applicable local legislation.
- During payment.
- During customer support and provision of feedback.
- During browsing in TT's website, through cookies (the information is depersonalized and is displayed as numbers, meaning it cannot be tracked back to individuals, please see also TT's Cookies Statement).
5. Types of data we collect
TT collects the following data:
- Contact details (names, addresses, email addresses, etc.).
- Financial information (credit/debit card details, etc.).
- Data that identifies you (your IP address, login information, browser plug-in types, etc.).
- Any personal data you disclose voluntarily via TT's feedback form or through customer support.
TT does not process sensitive data (like racial or ethnic origin, political opinions, religious/philosophical beliefs, trade union membership, genetic data, biometric data, health data, data about your sexual life or orientation, and offenses or alleged offenses) or minors' personal data. Moreover, TT only processes the personal data required to provide the Services. TT does not process or use personal data for purposes other than those required for the provision of the Services but to the extent that it becomes necessary.
6. How and why we use your data
TT processes personal data to keep TT running, provide the Services and improve those through your feedback. Thus, the legal basis for the above-mentioned processing is the execution of the contract between the Company and TT.
7. Your data's security
TT has physical, electronic, and managerial procedures to safeguard and secure the information it collects, to guarantee the highest security standard possible for the personal data it processes. The Company shall bear in mind that no data transmission is guaranteed to be 100% secure and the responsibility of safekeeping username and password lies within the Company.
TT implements the appropriate technical and organizational measures to ensure appropriate level of protection and security of the personal data. TT ensures that the persons (employees or consultants) authorized to process personal data for the provision of the Services:
- provide adequate safeguards in terms of technical knowledge, personal integrity and confidentiality,
- are under the direct supervision of TT,
- are bound with confidentiality obligations,
- take all appropriate measures to protect personal data,
- are aware and apply the current legislative and regulatory framework for the protection of personal data,
- recognize that they may be liable to civil and criminal liability in the event of a data breach.
8. TT's responsibility as a “data processor”
TT will cooperate, assist, and provide the Company with all necessary information to comply with its obligations under the applicable legislative framework and to comply with the instructions or decisions of the competent Data Protection Authority.
9. Retention periods
In case of not renewal or any other kind of subscription termination Company's data are retained in TT for one month. Within that duration data export is available to the Company, for the latter to retrieve all data processed in TT. Personal data regarding the contractual relationship between the Company and TT are retained for as long as it is required according to applicable law.
10. Third parties and International Transfers
TT carefully examines third parties that may be used to sub-process personal data. Personal data processed through TT may also be processed by cloud service providers and payment institution as follows:
- TT uses Google Cloud Services to provide its Services. Any data transfers relating to this sub-processing is subject to Google's terms as provided here: https://cloud.google.com/privacy/gdpr
To the extent personal data subject to EU data protection laws is transferred outside the EU, TT follows one of the solutions mentioned below:
- signs EU Commission approved standard model clauses with the percipient of the personal data;
- transfer is done to a country deemed to have adequate data protection regulations by EU Commission; or
- recipient has in place EU approved Binding Corporate Rules that apply to the processing in question.
11. Your rights
Data Subjects can:
- obtain information from TT regarding the processing of personal data and obtain a copy thereof,
- correct the personal data provided,
- restrict the processing (a) when there is a dispute for the accuracy of the processed personal data (until TT verifies it), (b) when Data Subjects oppose to the processing of personal data but they do not wish to delete it, (c) when Data Subject’s personal data are not are necessary for the purposes of the processing, but are necessary for the foundation, exercise, support of legal claims, and (d) when Data Subjects object to the processing and until it is verified that there are legitimate reasons that concern us and prevail over their legitimate interests due to which they are opposed to processing.
- request the transfer of personal data to another Controller,
- delete personal data (if deletion is impossible to meet regulatory obligations, Data Subjects are informed accordingly).
All those rights can be exercised via email to: email@example.com.
Data Subjects have the right to lodge a complaint before the Hellenic Personal Data Protection Authority or the relevant authority of their residence for issues concerning the processing of your personal data. TT will reply to your requests for free and without delay, and in any case within (1) one month after we receive the request. However, if the request is complex or Data Subjects submit a large number of requests, TT will notify them within one month in case we need to take another two (2) months extension, within which we will respond back to them.
12. Further Inquiries
For any requests or more info, please contact firstname.lastname@example.org.