ODDSSAFARI P.C. PRIVACY AND DATA PROTECTION POLICY STATEMENT

 ODDSSAFARI P.C., based in the municipality of Chalandri, 9 Kolokotroni Str., P.C. 15233, VAT No. 801567380 (G.E.C.R. No. 159266801000) (hereinafter the “Company” or “We”) respects its Clients’ privacy and their rights derived from Law No 4624/2019 and EU Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) (hereinafter “The Law” or “The Regulation”).

The Company wishes to bring to your attention its privacy and data protection policy, which is applied during the collection, use, storage and processing of your personal data in general, whenever you visit, register to or use the website of the Company or/and its apps, and also to inform you about the types of data we may process, as well as your rights under the Law and the Regulation.

1. PROCESSING OF PERSONAL DATA

“Personal data” means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data which are contained in an organized filing system, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

The Company collects, stores its clients’ personal data. Collection, storage and use of your personal data constitute processing of your data.

2. CLIENTS’ PERSONAL DATA WHICH MAY BE PROCESSED BY THE COMPANY

• Your personal data which we may process include:
• Email address, password through which you register in the Company’s Website or apps, email address and basic social media profile information, whenever you register or sign in the Company’s Website or apps through a Google or Facebook account.
• Contracts/agreements between you and the Company
• Submitted ratings or/and reviews.
• Data registered in relevant forms or/and in free fields of the Website or/and the Company’s applications.
• Information by your transactions with us.
• Any other information relating to you which you may give us.

Your personal data may be collected and processed either in documentary or electronic form.

Your personal data may be collected directly from you and with your consent either as part of our client acceptance procedures or during our engagement period as service providers to you. We may also collect and process personal data from publicly available sources (e.g. the press, the internet, social media, databases) which we lawfully obtain and are permitted to process. Additionally, personal data may be obtained through third parties.

3. PURPOSES FOR WHICH YOUR PERSONAL DATA MUST BE PROCESSED

Unless it is hereby predicted otherwise, the Company does not collect personal data, during your plain navigation through our website. However, the processing of your personal data is necessary for the performance of our obligations under the service agreement between the Client and the Company, especially those offered after you register in our website, as long as in order for our Company to comply with itslegal obligations. More specifically, the processing purposes may include, among others:

• Compliance with current legislation
• Facilitating communication between the Company and the Client.
• Giving you a new password to sign in your personal account on our Website.
• Control, improvement and adjustment of your preferences and choices, during the provision of our services to you.
• Addressing newsletter or/and commercial or other types of information for the provision of our services.
• Safeguarding a legitimate interest of the Company including retaining data as evidence in case legal proceedings arise or a court procedure begins.
• Provision of ad-hoc consent by the Client for the use of their personal data for a purpose other than the ones mentioned above.

Please note that you are not obligated to give your personal data to the Company or to allow their collection. However, in case you do not wish to provide your personal data to us, we will be unable to provide our services.

4. PERSONAL DATA PROTECTION

The Company has established the appropriate procedures and policies, as well as the appropriate technical and organizational measures, in accordance with the Regulation,in order for your personal data to be adequately protected, especially from loss, accidental destruction, alteration, misuse, unauthorized use or disclosure or access from unauthorized persons.

5. RETENTION PERIOD OF YOUR PERSONAL DATA

We will be in possession of your personal data for as long as the service agreement between you and the Company remains in force and for a maximum period of one (1) year, unless an additional period is required by applicable legislation or for the adjudication of any court or out-of-court dispute between the Company and the Client. Following the lapse of the aforementioned periods, your personal data will be destroyed.

6. DISCLOSURE OF PERSONAL DATA TO THIRD PARTIES

During the performance of its contractual and legal obligations, the Company may be obligated to disclose your personal data in whole or in part to third parties, including public authorities, governmental agencies, Banks, legal consultants, auditors and other trustworthy professional associates of the Company. Subject to any contrary provisions of applicable legislation, the Company undertakes to notify you in case your personal data or parts thereof are to be disclosed to third parties. All associates of the Company who receive or have access to your personal data will comply with the Regulation.

7. RESPONSIBLE OFFICERS OF THE COMPANY

The Company, in the context of harmonizing its procedures and policy with the Regulation, informs you that it has established the following roles regarding access, processing and protection of your personal data:

Access to and processing of your personal data: In performing our obligations under our contract of providing services, various departments of the Company,as well as trustworthy associates of the Company who comply with the Regulation and who are utilized for the provision of our services may have access to and process your personal data. Additionally, we will provide access to your personal data to third parties, who re obligated to respect confidentiality, when and if we are legally obligated to do so.In this case we will make reasonable efforts to notify you beforehand, unless we are legally restricted from doing so.

Examples of persons having access to and processing your personal data:

• Our employees including company administrators, compliance department and risk management department.
• Our legal consultants.
• Accountants and Auditors.
• IT service providers.
• Other professional advisors.
• Banks with which you or the company in which you have a beneficial interest, have a business relationship.
• Tax authorities.

Compliance with the Regulation:Foutsis and Partners Law Firm, DPO. Person in contact with DPA: DimitriosFoutsis.

8. YOUR RIGHTS

In relation to the processing of your personal data by the Company, you retain the following rights:

• Right of information and transparency: your right to know who processes your data, which are the data that are being processed and for which purpose, the period your data are going to be processed and maintained, or the criteria based on which this period is set, as well as information on the source that the data came from, should they be collected by third parties.
• Right of access to your personal data, when they are subject to processing.
• Right of correction of inaccurate data or the right of completion of incomplete data.
• Right to request for a copy of your personal data.
• Right to request the processing of your personal data only for limited purposes.
• Right to eliminate the processing of your personal data, whenever you doubt their accuracy or the processing is illegal, or they are no longer needed by the Company or while there is an open procedure of examining your doubts against the automatic processing.
• Right to request erasure of your personal data (“right to be forgotten”) where there is no legal justification for the Company continuing to process it, and if there are no imperative and legal processing reasons, except for the case of procession for scientific or statistical purposes, under the principle of data minimization and having taken all the appropriate technical and organizational measures.
• Right to object to the processing of your personal data and revoke consent, where your rights override the legitimate interest on which we rely to justify the processing.
• Right to report a breach of your personal data or non-compliance with the Regulation.
• Right to withdraw your consent given to the Company in relation to the Company’s Privacy and Data Protection Policy.
• Right to portability of your rights, in order for them to be transferred to another controller upon your request.

In case you wish to exercise any of the above rights, you may contact the Data Protection Officer at [email protected].

9. ACCEPTANCE OF THE PRIVACY AND DATA PROTECTION POLICY

In the context of applying the Regulation, as well as National Law No 4624/2019, the Company has taken all the necessary measures and has developed all the appropriate policies, in order to fully comply with the provisions of the Regulation and so as to offer the highest possible level of protection for everyone it deals with. In this context, we would like you to allow us to process your personal data, which you provide us with through this statement, in order for our Company to be able to fulfil its obligations, only for commercial purposes.

Please note that the Company will not be able to carry out the order you gave us and therefore offer you its services, in case you no longer want to give the Company your consent for processing your personal data or in case you revoke that consent. Furthermore, in this case, the Company will have the possibility to deny complying with any legal obligation.

Should you have been informed of the Company’s PRIVACY AND DATA PROTECTION POLICY STATEMENT, which is uploaded on our ODDSSAFARI P.C.’s webpage, www.oddssafari.gr and if you agree with the above mentioned purposes, please accept them through the relevant platforms of our webpage.