DATA PROTECTION POLICY
Get informed about data elaboration and personal information retention and disposal period.
We are aware of how important your personal data are to you and we respect that. For this reason, we use your personal data with care, having adapted our Policy to the relevant provisions of the applicable national legislation for personal data protection (law 2472/1997, law 4624/2019, law 3471/2006, as they apply etc), European Union Directives and Regulations (in particular Personal Data Protection Regulation (EU) 2016/679 – GDPR, hereinafter “GDPR”), the Recommendations, Statements, Opinions and Guidelines of the European bodies (Supervisory Authorities, EDPB, Art. 29 WP, etc.), as well as relevant decisions, instructions and regulations of Hellenic Data Protection Authority (hereinafter “HDPA”) and is subjected to legal formalities and restrictions imposed (hereinafter “Legal Framework”).
The Services are directed exclusively to persons over 18 years of age and we do not knowingly collect information from persons under the above age limit. If you are under 18 years of age, you may not download or use the Services or submit any information or data to us.
We hereby also wish to inform you about the types of personal data we collect, the legal rounds, the reasons, and purposes for which personal data are collected and what we do with personal data. We also wish to infor m you about your rights in connection with such processing of your data.
In order to be transparent regarding the way of collection, use and storage of personal data, we encourage you, and anyone interested, to dedicate few minutes and read this Policy, so as to be aware of the following information in order to learn about our practices relevant to the processing of personal data; having done so, if you have any remarks, questions or queries please contact us by e-mail or by submitting a request via the contact form available in our website www.plora.gr.
PERSONAL DATA, BASIC DEFINITIONS AND PROCESSING PRINCIPLES
Personal Data is any information that relates to you, or may be attributed to you or any physical person/ individual (“data subject”), that is, the person whose identity can be established, directly or indirectly, in particular by reference to an identifier such as for example, your name, surname, father’s name, address, postal code, city, country, country/region, telephone number, mobile phone number, as well as your email address, etc. Additionally, personal data also includes some technical data relating to you, such as your IP address or the devices from which you download and make use of our App, the Services, etc.
Processing of personal data means any operation or set of operations which is performed, whether or not by automated means, on personal data or on sets of personal data, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. The processing of personal data by the Company is governed by the following Principles:
- Legitimacy, objectivity and transparency: Personal data shall be processed lawfully and fairly in a transparent manner in relation to the data subject.
- Purpose limitation: Personal data shall be collected for specified, explicit and legitimate purposes and shall not be further processed in a way incompatible with those purposes.
- Data minimisation: Personal data shall be adequate, relevant and limited to what is necessary for the purposes for which they are processed.
- Accuracy: Personal data shall be accurate and, where necessary, kept up to date; all reasonable steps shall be taken to ensure that personal data which are inaccurate in relation to the purposes for which they are processed are erased or rectified promptly.
- Limitation of the storage period: Personal data shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods, provided that the personal data will be processed only for archiving purposes in the public interest, for scientific or historical research purposes or for statistical purposes in accordance with Article 89(1) of the GDPR and provided that appropriate technical and organizational measures are in place to safeguard the rights and freedoms of the data subject.
Integrity and confidentiality: Personal data shall be processed in a manner that ensures appropriate security of such data, including protection against unauthorised or unlawful processing and accidental loss, destruction or damage, using appropriate technical or organisational measures.
Your personal data collected by the Services is controlled by the “Boat App Private Company” a company incorporated and registered under the laws of Greece, having its registered office at Diilistirion Avenue, Aspropyrgos,19300, Attica, Greece, T.I.N. 801775917, General Business Registry no. 163112507000, e-mail [email protected]
COLLECTED AND PROCESSED PERSONAL DATA, PURPOSES AND LEGAL GROUNDS
The Company collects those types of Personal Data that are necessary for the use of the Service. Collection and processing of your Personal Data and details related to you takes place for purposes directly related to the use of the App and the Website and/or for purposes for which you have granted your explicit consent. Unless required or authorized by law, the Company will not process sensitive personal information about you for purposes other than those for which the information was originally obtained or subsequently authorized by you.
Personal Data that is processed when you sign-up and create an account, purposes and legal grounds
- Personal Data we collect about you is the necessary sign-up information that is needed in order to provide you access into your account to the Services offered either through the App and/or the Website, including your name, surname, email address, birthday date and account password. The legal ground for processing your name, your surname, your email address, your birthday date and password for this purpose is the transactional relationship between us based on the use of the Application and the provision of our Services
- If you provide your consent in order to receive newsletter from us, then processing of your email address or other account identifiers will take place for the purpose of sending you the relevant newsletter. The legal ground for this processing is your consent. You may withdraw your consent at any time by changing your preferences in your account or within the privacy settings of our App or through the unsubscribe link at the bottom of our newsletter emails.
- The Company also processes your email address to associate it with your account when you interact with our customer support representatives. The legal ground for this processing is our legitimate interest in providing you the customer support you asked for.
We also collect the content that you optionally provide us, create, upload, post or receive from others when using our Services. Specifically:
- You may, provide us additional information/personal data to your profile/ account such as data regarding your gender, your friends, boating license and boat description and details, activities, personal preferences and special needs that help you enjoy Service and App’s features and personalize your experience. If you choose to provide it, information you add to your profile/account is displayed to other users search results or when viewing your profile. The legal ground for this processing is your consent for the specific purpose.
- You may also upload or post messages, photographs or comments as well as interact and exchange data with other Users. It is noted here that in case you submit personal data of a third party, it is necessary to have previously informed and/or secured the relevant consent of them, in those cases where this is required. The legal ground for this processing is your consent in the context of facilitating engagement within the community and connections with other users as well as to identify the author of the aforementioned. You may revoke your consent at any time by deleting the review, post, message, photograph or comment or by deleting your account whichever the case may be.
- After your relevant consent is obtained you may provide us information about your location when you use our Services, which helps us offer features like directions or nearby spots of your interest for purposes regarding the operation of the App. You may also provide, by your choice, your location to other Users. The types of location data we collect depend on your device and account settings. You can at any time turn your device’s location on or off at your sole and absolute discretion. The legal ground for this processing is your consent, which you may withdraw at any time by disabling the location sharing feature in your app settings.
We collect and process personal data when you communicate us for support and customer service:
In the case you send an e-mail to our support team, we collect personal data that you provide, such as your name, mailing address, phone number. We also may process information relating to the support issue, such as notes or screenshots that you provide us. To improve customer service, subject to applicable laws, we may review conversations with customer support representatives and analyze any feedback provided to us through voluntary customer surveys. if appropriate, to help troubleshoot and resolve your issue. The legal ground for processing this information for these purposes is Company’s legitimate interest in providing quality support to the Users of the Services.
We collect personal data that is processed when you activate the Services or subscription:
- If you purchase subscription through the Services, then we collect your name, surname, e-mail, birthday date or other account identifiers for the purpose of processing your order and making the purchase of your subscription and to send you relevant documents and/or updates regarding your orders or in order to communicate with you about your subscription, including expiration notices or other important information about the Services. The legal basis for processing this data is the performance of the contract between us and our business relationship.
We collect and process personal data when you use our Services:
When you use the Services we collect personal data such as your IP address, GPS location, saved items (e.g., tracks, routes, or markers), usage information, or other information from your devices in connection with the use of the Services, such as the navigation program you use, time zone and location, operating system and its version, the size of the screen, the name of the device and its manufacturer, the IMEI code of the device etc, in order to help us provide you features like automatic product updates and provide you with the requested services. The legal ground for processing this information for this purpose is your consent for these purposes.
We collect information from your social networks which you choose to connect to our Services:
You may choose to connect your account to your social network account(s). If you choose to do so, you may share with us and/or other users information from your social network accounts, such as your Facebook profile photo or other personal information shared by you. For more information see Social Media section, below.
The User understands that provides us such types of your Personal Data to the Company optionally for purposes regarding the operation of the App and according to what the case may be after his/her consent. The User shall has sole and absolute responsibility for the accuracy, quality, and legality of Personal Data you provide.
SENSITIVE PERSONAL DATA
The Company does not process your sensitive personal data (special categories of data), i.e. data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, as well as the processing of genetic data, biometric data for the purpose of unambiguous identification of a person, data concerning health or data concerning the sexual life of a natural person or sexual orientation, since the above is not necessary. for the fulfilment of the above purposes, applying the principal of minimization, necessity and proportionality.
TRANSFER OF PERSONAL DATA, RECEPIENTS AND THIRD PARTIES
The Company does not and will not sell, rent out or trade your Personal Data. Access to your Personal Data shall only be provided to our duly authorized employees and/or third natural or legal persons – partners of the Company (“Processors”) acting on our behalf, by offering us IT or other services for the registration and storage of your data and/or for the operation of the Services. Indicatively we may transfer or disclose Your data:
- Amazon Web Services for the operation of our system for the purposes of our services. Your account details are securely stored in their data centers. This is also where we store the geographical areas where you browse or use our charts, and any routes you choose to save.
- Seametrix in order to provide distance calculator, voyage estimation and sea routing.
- Windy in order to provide live wind map and weather forecast.
- Praxinfo for the development of our Services.
- Aeroview for maping services and data processing.
- QuickBlox in order to provide real-time chat, video chat, and push notifications.
- To external business advisers (such as lawyers and auditors)
- Stripe for payment procedures and information as mentioned above.
Our partners maintain servers in various international locations. Your information may therefore be processed outside the country where you live. Although data protection laws vary among countries, your data will be processed by our partners in accordance with their respective privacy policies and legal framework especially art. 44 et seq. GDPR. Privacy laws governing data transfer between countries are constantly evolving, so you may find that we update this section from time to time.
MONITORING AND ANALYTICS
We use third parties, to analyze and monitor performance of our Services and detect possible errors. To provide these services, these third parties receive basic request information (e.g., IP address). The legal ground for processing this information is your consent for this purpose. Thus, the data include, as the case may be, the date and time the application accesses our servers, software version, the location of the device, language setting, what information and files have been downloaded, user behavior (e.g., features used, frequency of use), device state information, device model and brand, hardware and operating system information, and information relating to how the app functions. Company uses this data to improve the quality and functionality of our Services. The legal ground for processing this analytical information is your consent for this purpose
MINORS PERSONAL DATA
For the purposes of this Policy, minors are considered as the people who haven’t complete their eighteenth (18) year. Our Company does not process, through its Services, minors’ personal data. It is pointed out, when personal data processing is based on consent according to art.6 par. 1 f (a) GDPR, in relation to service provision by information society directly to a child, the consent provided by the minor and consequently the processing is legal, if the minor is at least fifteen (15) years old. In case that the minor is under fifteen (15) years old, process is legal only if the consent is provided or approved by the person who has the parental care of the minor (q.v. art. 8 GDPR in combination with art. 21 law 4624/2019).
If you are a parent or guardian and occurred to you that your minor child has provided his personal data to our Company, please contact us immediately. For our part, if we realize that personal data that we process belongs to a minor, without his parent or guardian consent, the Company takes necessary measures to immediately delete this data and to avoid such future incidents.
Our Company has presence in social media Facebook, Instagram, LinkedIn, TikTok, Twitter. Ιn combination with our Policy, the Company provides to its Services’ Users the necessary information about personal data processing, through social media. Thus, through social media, our Company often gives you the opportunity to submit comments, send messages, be informed about our news etc. In all above-mentioned cases, regarding personal data processing, Controllers are both our Company and the respective responsible person of social media platform (Facebook, Instagram, etc.) according to art. 26 GDPR. So, it is not always possible for us to have full knowledge of the type of data that the operators of each platform process, but we make our best efforts, take care of the configuration of our social media pages and act according to the possibilities available to us from the operators, in order to ensure the processing of your personal data, in accordance with the applicable legal framework. When you interact with us through social media, the purpose of processing your personal data is, in particular, the provision of service and support (where the possibility exists, e.g., contact us through sending message or comment). If you contact us through the above-mentioned ways, legal basis of processing is the legal interest of our Company, in the context of your service and requests, issues or concerns resolution.
If you wish to receive more information about personal data processing from social media platforms operators and to be further informed, you may refer, in any case:
RETENTION OF PERSONAL DATA
The data retention period depends mainly on the specific purpose (process limitation) of processing. After the lapse of the data retention period, personal data are erased in a secure and non-recoverable way.
We will not retain your personal data longer than necessary to fulfil the purposes for which it was collected, unless the law requires us to hold your personal data for a longer period.
If it is deemed necessary in order to comply with our legal obligations or to settle disputes, in particular in case of claims, we may retain your data as required by law, even if there is no longer a need to provide Services to you.
Plora sets as a maximum retention period of personal data, the twenty (20) years with the possibility of extension, in case of a claim or pending litigation or indication of control by public (tax, etc.) authorities.
DATA PROTECTION RIGHTS AND EXERCISING
As data subjects, you retain all your rights, as provided by the legal framework on data protection, namely:
- The right of access (art.15 GDPR) to your personal data processed by Plora, as a Controller, i.e., the ability always to know, to access and to receive a copy of the data concerning you.
- The right to correct inaccurate or false data and to complete incomplete data (art. 16 GDPR), i.e., the right to correct and update your data and information, retained by Plora.
- The right to erasure, i.e. delete personal data / “the right to be forgotten” (art. 17 GDPR). This right is under conditions, obligations and Plora’s legal claims, in order to retain data, according to the provisions of applicable law. The request to delete some or all your personal data may be satisfied under specific circumstances and without prejudice to legal reasons for retaining and continuing of Plora’s processing and providing that Plora’s interests are not being affected.
- The right to data portability, i.e., you have the right to request your personal data, in a structured, commonly used, and machine-readable format, as well as to be transferred, under legal terms and conditions, to another controller, since this does not adversely affect the rights and freedom of others, according to the provisions of law (art. 20 GDPR).
- The right to restriction of processing, where the accuracy of the data is contested, or the processing is unlawful, or the purpose of the processing ceases to exist and provided that there is no legal ground for the processing and the data cannot be erased (Art.18 GDPR).
- The right to withdraw the already given consent, as the case of the purpose may be, at any time by contacting us using any method (art. 7 par. 3 GDPR). It is noted that, in this case, the legality of personal data processing is not affected by the withdrawal of the consent, until the time of withdrawal.
- Right to object to the processing of your data on grounds relating to your particular situation in case your data are processed for the purposes of the Company’s legitimate interests (Article 21) and in particular to object to automated decision-making (Article 22 GDPR),
Any request regarding your personal data and your rights exercise, according to the provisions of the applicable legal framework for personal data protection, should be addressed in writing in the following e-mail address: [email protected] . Moreover, you may also send a letter to our postal address or submit a request by yourself, in our Company address.
Our Company strives to make every effort, in order to take the required actions, within a period of thirty (30) days from the receipt of each request, unless the work, regarding its fulfillment, is characterized by particularities or/and complications, under which the Company has the right to extend the time for completion of operations, for an additional sixty (60) days. Certainly, in this case, the subject will be informed for the above-mentioned extension, within thirty (30) days.
In case our answer does not satisfy you, you have the right to file a complaint to the competent national supervisory authority, the Hellenic Data Protection Authority (Kifisias Av. 1-3, 11523, Athens, phone number: 210 6475600, www.dpa.gr).
AUTOMATED DECISION-MAKING, PROFILING
The Company does not make any decisions based on algorithms or other automated processing that significantly affect you and does not use personal data for profiling purposes
TECHNICAL AND ORGANIZATIONAL MEASURES, SECURITY AND DATA BREACHES
We are committed to safeguarding and protecting your Personal Data and will implement and regularly review appropriate technical and organizational measures to ensure and safeguard such level of technological and physical security appropriate to protect any Personal Data provided to us according to the applicable law (art. 32 GDPR).
We show, as far as possible, diligence in order to consistently and continuously implementing and updating administrative, technical, and physical security measures to help protect your information against unauthorized access, loss, destruction, or alteration and ensure the integrity, confidentiality and availability of personal data.
In order to validly and timely deal with a possible personal data breach we adopt, update and apply appropriate internal procedures, in accordance with best practices and international standards.
For the proper delivery of our Services and their improvement, cookies are used, in order to make or facilitate communication transfer between us, through the electronic communication network. For further information about cookies, you may refer to our Company’s Cookies Policy, which is posted in our website.
Release date: 11/15/2022
Last amendment: 11/15/2022