Data Protection Policy

1. About D Marinas Hellas (data controller)

The company D-Marinas Hellas SA which has its registered seat at Zea Marina, Freatida Piraeus with Commercial Registry Number 121868301000 (hereinafter “the Company” or “we”) is dedicated to protecting the confidentiality and privacy of information entrusted to it and complies with personal data protection legislation in force. The Company is the data controller of the personal data of the users of this website. Our commitment to privacy is a natural extension of our commitment to confidentiality towards our customers, employees and all parties that transact with the Company. 
This policy applies to all personal data being processed by the Company’s staff, external contractors, service providers and other third parties acting for the account of the Company. 
We invite you to carefully read this Personal Data Protection Policy, which sets out in which context we are processing your personal data and explains your relevant rights.

2. Principles of processing of your personal data 

In line with the General Data Protection Regulation of the EU (GDPR) and the applicable Greek laws, the Company has introduced a data protection framework for the processing of personal data in order to comply with the following principles:
Personal data are processed fairly, lawfully and transparently 
Personal data are processed only where strictly necessary for lawful, regulatory or other legitimate purposes
Processing of personal data involves only the data required for these purposes 
Processing includes only accurate and updated personal data
Personal data are processed only for the period required for the processing purposes 
Personal data are processed in a manner that ensures appropriate security against unauthorized processing, loss of confidentiality, integrity or availability by implementing appropriate technical or organizational measures

3. What personal data we collect about you?

This information and personal data may either be directly provided by you or the legal entity for which you work for or provided by a third party (supplier, service provider, business partner etc).
We may collect various types of personal data about you, depending on whether you are a business partner or an employee of the Company when you contact us for an inquiry or remark through completion of our contact form or otherwise and generally when you visit and use our website or our premises. Personal data may indicatively include:
your identification data (e.g. name, surname, email and/or postal address, fixed and/or mobile phone number, job description, data included in your CV such as marital status, education, professional experience, data of previous employers);
financial information (e.g. bank account details, IBAN); and
your electronic identification data where required for the provision of services by our Company (e.g. login, access right, IP address, online identifiers/cookies, logs, access and connection times).

4. Purposes and legal basis of processing

Your personal data are processed only for specific and legitimate purposes which undergo a lawful and proper basis for processing. More specifically, we process your personal data for the following purposes and on the following legal basis:
Handling and management of our business relationship and performing our obligations 
Legal basis: initially your consent and upon conclusion of a contract, the performance of such contract
Handling a request for inquiry or remark submitted through the contact form of our website, support of the IT systems and improvement of our website  
Legal basis: legitimate interest of our Company 
Handling of a request for a career opportunity with the Company
Legal basis: initially you consent and, upon hiring, performance of employment contract
Disclosure to tax or other public or regulatory authorities, port authorities, law enforcement agencies
Legal basis: compliance of our Company with legal or regulatory obligations
Marketing of services and products of our Company 
Legal basis: your consent 

5. Who has access to your personal data and to whom are they transferred?

Your personal data are processed internally by these employees of the Company who need to process them in order to carry out their duties and provide services to you. We do not share personal data with third parties, except when it is necessary to fulfil our obligations, to respond to your requests, to serve our legitimate interests, and/or as required by law. 
We may also share your personal data with persons or companies that we work with for the operation/technical support of our webpage, other service providers such as marketing companies, advertisers, media agencies for the purposes of marketing and research.
We may also have to provide your personal data to tax or other public authorities or to law enforcement agencies in order to comply with our statutory obligations or an order. 
When we work with business partners, service providers or agencies which process your personal data on our behalf, we ensure that they are bound by contractual obligations to maintain the confidentiality and security of your personal data at least equivalent to those with which we are obliged to comply. 
When we transfer personal data outside the EEA we ensure that adequate safeguards are taken as required by the GDPR.

6. Protection of your personal data

We ensure that your personal data processed is secure against unauthorized processing, loss of confidentiality, integrity or availability by implementing appropriate technical and organizational measures such as malware protection, firewalls and cryptography technologies, access limitations, strictly defined employee tasks, trainings, internal and external audits, business continuity and recovery procedures. We also have in place data breach management procedures. We impose same obligations to third parties that process your personal data for the account of the Company. 

7. Retention of and access to personal data 

We will keep and process your personal data only for as long as it is necessary for the fulfilment of the purpose for which they are processed or for the fulfillment of its legal obligations. The retention period may vary significantly depending on the category of the data. To determine the appropriate retention period of your personal data, we take into consideration also the  nature and sensitivity of personal data, the time periods for which  we are required by law or by contract to do so, the statute of limitations in order to be able to deal with potential claims, any outstanding or threatened court proceedings. The retention periods are provided in the Data Retention Policy of the Company.

8. Your privacy rights 

You have the following rights with respect to your personal data

Right of information
You have the right to be informed about the processing of your personal data.
Right of access
You have the right to request access to your personal data being processed by the Company in a brief, comprehensible, transparent and easy manner.
Right of correction
You have the right to request from the Company to rectify any inaccurate or outdated personal data without undue delay or to complete any incomplete personal data of yours.
Right to be forgotten
You have the right to request from the Company to erase your personal data provided that the processing is not necessary for the purposes of processing. If for example the processing is necessary for the fulfillment of lawful obligations of the Company or for the defense of lawful rights of the Company, your request may be rejected.
Right to restrict the processing
You have the right to request from the Company to restrict the processing under certain conditions and only for specific purposes.
Right to object
You have the right to object on ground related to your particular situation at any time, in which case the Company is obliged to not further process your personal data unless there are compelling and lawful prevailing grounds.    
Right to portability
You have the right to receive your personal data in a structured, commonly used and machine-readable format and, in some cases, we shall transmit your data, upon your request, to another controller, provided this is technically feasible, unless the rights of others are adversely affected.
Right to revoke your consent
You have the right to revoke your consent at any time without prejudice to the legality of the processing based on your consent until that time. In any case the Company informs you that the revocation of your consent may entail that a contract cannot be performed and that, in such case, the Company has the right to terminate the contract with you.

For the exercise of your abovementioned rights and for any explanation or clarification in connection with eh above you may contact us by email at dpo@d-marin.com or send us a letter to the abovementioned registered address of the Company.
You also have the right to lodge a complaint with the competent supervisory authority, which is the Hellenic Data Protection Authority (www.dpa.gr).