Privacy and Personal Data Protection Policy

Privacy and Personal Data Protection Policy

The DEYA of Hersonissos "Municipal Water Supply and Sewerage Company of Hersonissos" in short "DEYAH", based in Hersonissos, Crete, Administrative Service - Malia Wastewater Treatment Plant, Loutres, P.C. 70007, Malia, Municipality of Hersonissos, Heraklion Crete and Technical Service - Hersonissos Wastewater Treatment Plant, P.C. 70014, Limenas Hersonissou, Municipality of Hersonissos, Heraklion Crete, hereinafter referred to for brevity as "the Organization",

is committed to protecting and respecting your privacy and complies with the General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016), as it has been incorporated into national legislation and has been amended to date.

This Policy implements the Organization's commitment to the protection of your personal data.

The processing and protection of the user's personal data is subject to the terms of this policy, as well as to the provisions of European Regulation 679/2016 (GDPR), and the other provisions of national, community and international law regarding the protection of the individual from the processing of personal data, as applicable.

Any possible future change or regulation will be the subject of this policy which will be modified accordingly. In any case, the Organization reserves the right to change the terms of personal data protection, in accordance with the relevant legal framework in force and the update of this.

You are requested to study this Policy. For your cooperation with the Organization, you confirm that you have read, understand and take full knowledge of the content thereof and accept its terms. It is suggested to study this policy periodically for possible changes.

According to the GDPR, "personal data" is any information concerning an identified or identifiable natural person ("data subject"); an identifiable natural person is one whose identity can be verified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier or one or more factors specific to the physical, physiological, genetic, psychological, economic, cultural or social identity of said natural person. Personal data concerns only natural persons and can identify a natural person, either directly and by themselves, or in combination with other information in the possession of the respective controller. The processing of personal data is governed by the General Data Protection Regulation 2016/679 and any other relevant domestic and European legislation.

 

Identity of the Organization

DEYAH (hereinafter Organization) is the data controller for the data of the natural persons who cooperate with it. This means that it decides on the processing of your personal data as well as the purposes of their processing. The Organization has assigned the hosting and support of its website to a collaborating partner company, which holds the position of processor, as to the service provided by it, with all that this implies for the obligations of the parties.

The Organization, in compliance with the requirements of the GDPR, processes your personal data in fair and transparent ways, ensuring the legality, objectivity and transparency of the processing. It collects data for specified, explicit and legitimate purposes and does not process them in a manner incompatible with these purposes. It collects data that are necessary and appropriate for the purposes of processing and not more data than it needs. It keeps the data updated and ensures their accuracy or their deletion and correction when they are inaccurate in relation to the purpose of the processing. It keeps the data for as long as the purpose of the processing requires and then ensures their safe destruction. It ensures the protection of personal data from loss, misuse and abuse, unauthorized access and leakage by ensuring that appropriate technical and organizational measures are implemented for their protection.

 

Use of the Organization's website

The website collects your personal data only if you provide them voluntarily and with your visit to it or by utilizing some of the possibilities it provides. The website may collect identification data of its users using corresponding technologies, such as cookies and/or the monitoring of Internet Protocol (IP) addresses. Cookies are small text files stored on the hard drive of each user and do not take knowledge of any document or file from their computer. They are used to facilitate the user's access regarding the use of specific services and/or pages thereof, for statistical reasons and in order to determine areas which are useful or popular. These details may also include the type of browser used by the user, the type of computer, its operating system, internet service providers and other information of this kind. In addition, the information system automatically collects information about the locations visited by its user and about the links to third-party websites that they may choose through its use. Its user can set their web browser in such a way that it either warns them about the use of cookies in specific services or does not allow the acceptance of the use of cookies under any circumstances. In the event that the user of specific services and pages does not wish the use of cookies for their identification, they cannot have further access to these services.

If links to other websites which are under the responsibility of third parties (natural or legal persons) are included in the website, it is in no way responsible for the terms of personal data protection which these websites follow.

In case of filling out the reading entry that exists in it (e-services), the personal identification data (full name, consumer code, water meter number, reading, telephone) are transferred by corporate e-mail of the Organization and are used exclusively to answer your request. For any other processing (e.g. updates, newsletter), your consent will be requested separately. In order to submit the relevant reading entry of your water meter, you provide your consent, in accordance with what is mentioned in the relevant section.

 

WHAT INFORMATION WE COLLECT FROM YOU

 

When you visit the website www.deyah.gr the "Organization", we may collect data from you. Some of this data may be of a personal nature. This data may include search history, IP address, screen resolution, the browser you used, the operating system and settings, access times and your reference URL. If you use a portable device, we may also collect data identifying the device, your settings and your location.

 

The "Organization" reserves the right to collect non-personal identification elements of users [type of browser, type of computer, operating system, internet providers, etc.] and/or to monitor Internet Protocol addresses (IP Address) using corresponding technologies (cookies). Cookies are small text files stored on the hard drive of each user without it being possible to access documents or files from the user's computer. They are used to facilitate the user's access during the use of specific services and/or pages of the Website, as well as for statistical reasons. For more information about the cookies used by the Website, users are requested to visit the Cookies Policy page.

In case of use of the online electronic bill platform, your e-mail address, the standing order assignment code as stated on your bill and your mobile phone which is used only for sending new bill notifications via SMS are required.

 

 

 

If you are interested in us contacting you for further information, we will obligatorily collect your name and email address. If you are a customer of DEYAH and face a problem and want to report it, we will obligatorily collect the Full Name, the Contact Telephone and the email address.

If you are a customer of DEYA Chersonissos and are experiencing a problem that you would like to report, we are required to collect your full name, contact phone number, and email address.

 

 

Processing of Personal Data

For the above purposes, the processing of your personal data is done only on the basis of your explicit, free and fully aware consent and after you have been informed about the terms of the present, through your visit to it.

The terms of the present for the purposes of processing included in it and the receiving of consent where this is required also apply to minors provided they have completed 18 years of age and our website is not addressed to natural persons under 18 years of age.

For the exercise of your rights as defined below, you have the possibility of submitting a relevant request. The Organization commits to answer and provide the relevant information without delay within a month from the proven receipt of the request. Said deadline can be extended by two more months, if required, taking into account the complexity of the request and the number of requests. In this case, the applicant will be informed within one month from the proven receipt of the request. In case of inability to answer within the provided time frames, the applicant will be informed about the reasons for this within one month from the proven receipt of the request. Requests are checked as to their size and repeatability per applicant for possible abuse so that the Organization is provided with the rights of art. 12 par. 3 of the GDPR. The process of submitting requests is done only in writing by sending a relevant request through the page https://www.deyahers.gr / consumer department/. Your request must include clear wording, your full name and exact contact details (mail, telephone, address).

Your personal data are treated with full confidentiality and security and are not shared further, except for cases where their sharing may be imposed by relevant legislation, for reasons of protection of vital interests of persons or force majeure. The Organization uses your data exclusively for the purposes described in the present and for its own use and does not sell nor transmit in any other way or make public personal elements of its visitors/users to third parties.

Your personal data are kept for no longer than the reasonable period of time required for the purpose of the individual processings done for them and there are certain criteria that determine this. In cases where the processing of your personal data is done based on a legal obligation, according to the above, the time of keeping them is determined based on the requirements of legislation, the period of time during which audits can be carried out by the competent authorities, the provided statutes of limitation, but also your own legitimate interests. In cases where processing is done based on public interest, the time of keeping data is determined by the need served by the purpose of processing and for a reasonable period of time so as to ensure efficiency, traceability and documentation of procedures, but also the legitimate interests of the subjects.

When processing is based on the consent provided by you, your personal data are kept for each purpose until the withdrawal of consent and in accordance with what is mentioned in detail above. From the moment you withdraw your consent, the relevant personal data are also deleted.

The exact times of keeping for each individual processing procedure are recorded in the record of processing activities kept by the Organization according to the requirements of the GDPR. In case you wish more detailed information you can submit a relevant request according to the procedure provided in the present.

 

Rights of Subjects

As subjects of the data we process, you have the following rights, subject to inclusion in some of the exceptions set by the Regulation and the whole of relevant legislation:

1.You have the right to request a copy of the personal data we keep regarding you. In particular, you have the right to receive confirmation as to whether or not the personal data concerning you are being processed and, if this is happening, you have the right to be informed of the following information:

  • the purposes of the processing,
  • the relevant categories of personal data,
  • the recipients or categories of recipients to whom the personal data were disclosed or are going to be disclosed, in particular recipients in third countries or international organizations,
  • if possible, the period of time for which the personal data will be stored or, when this is impossible, the criteria that determine said period,
  • the existence of the right to submit a request for correction or deletion of personal data or restriction of processing of personal data or the right to object to said processing,
  • το δικαίωμα υποβολής καταγγελίας σε εποπτική αρχή,
  • the right to submit a complaint to a supervisory authority, any available information regarding the origin of personal data, in case they do not originate from you but were acquired through a third party,
  • the existence of an automated decision-making process, including profiling and information regarding the logic followed, as well as the importance and the predicted consequences of said processing.

2.You have the right to request the correction of your personal data if it is found that they are inaccurate or to complete the data kept if they are incomplete.

3.You have the right to request the deletion of your personal data when one of the following reasons applies:

  • the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed
  • you have withdrawn the consent on which the processing is based and there is no other legal basis for the processing,
  • you have stated your objection to the processing and there are no compelling and legitimate reasons for the processing,
  • the personal data were processed illegally,
  • the personal data must be deleted so that a legal obligation based on union law or domestic law to which we are subject is observed,
  • the personal data have been collected in relation to the offer of information society services.

4.You have the right to withdraw your consent for the processing, at any time in cases where we process your personal data based on it.

5.In case your data are processed based on consent or in the context of some contract you have the right to request that we deliver your personal data to you or transmit them directly to another data controller.

6.You have the right to request restriction of the further processing of your personal data in the following cases:

  • if you contest the accuracy of personal data, for a period of time that will allow us to verify the accuracy of personal data,
  • if processing is illegal and instead of deleting the personal data you wish the restriction of their use,
  • if the purpose of processing has been completed but you wish the restriction for reasons concerning legal claims,
  • if you have objections to the processing and have exercised the right to object to it for as long as verification is required as to whether the legitimate reasons for processing override the reasons put forward by you.

7.You have the right to declare your objection to the processing of personal data, at any time and for reasons related to your particular situation, including profiling, based on relevant provisions. From the moment your objection is declared, the processing of personal data ceases unless there are compelling and legitimate reasons for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or support of legal claims.

The data subject has the right not to be subject to a decision taken exclusively on the basis of automated processing, including profiling, which produces legal effects concerning them or significantly affects them in a similar way.

Within the context of the purpose of processing, your personal data are not transferred to countries outside the EU, while in case this happens the present will be modified and made known to you again with the individual protection measures and relevant safeguards.

Your personal data are not subject to automated decision-making processes. If this happens, the present will be modified and made known to you again with the relevant logic and the importance and consequences of processing for the individual.

The Organization has the possibility to modify the present whenever some differentiation arises in the content thereof that needs notification. If the Organization wishes to use your personal data for a new purpose not covered by this policy, then the present will be made known to you again for the new use before the start of processing and defining the relevant purposes and conditions of processing. Where and whenever necessary, your prior consent for the new processing will be requested.

The Organization declares that it has taken all necessary organizational and technical measures for the protection of your personal data and observes a comprehensive security plan according to the requirements of the Regulation.

The collection and processing of personal data within the context of the present is carried out by fair means and in a way that ensures respect for private life, personality and human dignity.

The observation of the present is done within the context of good faith and transactional morals and with the free will of the parties, with the aim of good and efficient cooperation with the protection of everyone.

In case of inability to exercise the rights provided to you by the Regulation, but also generally, in case of questions, clarifications and complaints, you have the right to address the Personal Data Protection Authority, for support and assistance. Contact details of the Personal Data Protection Authority:

Kifisias 1-3, P.C. 115 23, Athens
Tel: +302106475600
Fax: +30-210 6475628
Email: contact@dpa.gr

The Organization has no responsibility beyond cases where it is reasonably proven and there is no reason of force majeure or justified delay.

Further, for any matter concerning your protection against the processing of personal data you have the right to submit a request according to the above, as well as the right to address for any reason the Data Protection Officer of the Organization, through sending an email to the electronic address deyah@deyahers.gr. Your request must be clearly formulated and include contact details and full name.

Sincerely,

DEYA of Hersonissos

 

OFFICES

  • Administrative Service – Malia

Wastewater Treatment Plant, Loutres, P.C. 70007, Malia, Municipality of Hersonissos, Heraklion Crete

  • Technical Service – Hersonissos

Wastewater Treatment Plant, P.C. 70014, Limenas Hersonissou, Municipality of Hersonissos, Heraklion Crete

Contact
E-mail support@deyahers.gr
Τηλ.: +30 28970 23325 – +30 6979720559
Fax: +30 28970 23002

To call the internal extensions call 28970 32407 and when the recorded message is heard dial the three-digit number.
*The use of fax as a way of communication is not encouraged.