LAST REVISED ON 25th of May 2018
The Scope of this Policy
- visitors to the websites and mobile applications of sofiastyleapartments.com;
- natural persons contacting us through the contact or other forms available on the websites and/or mobile applications;
- external service providers
This policy includes a description of your data protection rights, including a right to object to some of the processing activities we carry out.
For the purpose of this policy, the term “Data Protection Legislation” shall mean the Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data (the “GDPR“), as well as any legislation and/or regulation implementing or created pursuant to the GDPR and the e-Privacy legislation, or which amends, replaces, re-enacts or consolidates any of them, and all other national applicable laws relating to the processing of Personal Data and privacy that may exist under applicable law.
The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
A natural or legal person, public authority, agency or other bodies which processes Personal Data on behalf of the controller.
A natural or legal person, public authority, agency or another body, to which the Personal Data is disclosed, whether a Third Party or not.
A natural or legal person, public authority, agency or body other than the data subject, controller, Processor and persons who, under the direct authority of the controller or processor, are authorized to process Personal Data.
An independent public authority which is established by a Member State pursuant to Article 51” of the GDPR.
Any information relating to an identified or identifiable natural person (“Data Subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Standard Contractual Clauses
Sets of standard contractual clauses for transfers as adopted by the European Commission for the international transfer of Personal Data.
Personal Data Breach
A breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data transmitted, stored or otherwise processed.
What personal data we collect and why we collect it?
- Name and Email Address
Source of data:
– Directly from you through our Contact Forms.
– Directly from you through email service provider.
– Your consent / opt-in obtained during filling our contact form;
– The service contract we have with you.
Recipients of data:
– IT service providers;
– Other affiliates of email@example.com;
– Marketing communications service providers;
- Embedded content from other websites
Source of data:
– Third-party websites/applications
– Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website;
Recipients of data:
– Third-party websites
Is your personal data used for direct marketing communications?
If you have explicitly consented, we may, from time to time, contact you with information about our Services.
If you no longer want to receive such communications, please let us know by sending an email to us at firstname.lastname@example.org.
What are your rights?
Once you have provided your Personal Data, the Data Protection Legislation grants you several rights, which you can in principle exercise free of charge, subject to statutory exceptions. These rights may be limited, for example, if fulfilling your request would reveal Personal Data about another person, or if you ask us to delete information which we are required by law to keep or have compelling legitimate interests in keeping. To exercise any of your rights, you can file a request here email@example.com.
Should you have unresolved concerns, you have the right to lodge a complaint with a Supervisory Authority where you live or where you believe a breach may have occurred. We encourage you to come to us in the first instance but, to the extent that this right applies to you, you are entitled to complain directly to the relevant Supervisory Authority.
Right to withdraw consent
Wherever we rely on your consent, you will be able to withdraw that consent at any time you choose and at your own initiative by logging into your account on our website (if you have one) or by contacting us here firstname.lastname@example.org. The withdrawal of your consent will not affect the lawfulness of the collection and processing of your data based on your consent up until the moment where you withdraw your consent.
Right to access and rectify your data
Right to erasure
Right to the restriction of processing
Under certain circumstances described in the Data Protection Legislation, you may ask us to restrict the processing of your Personal Data. This is, for example, the case when you contest the accuracy of your Personal Data. In such event, we will restrict the processing until we can verify the accuracy of your data.
Right to object to the processing
Under certain circumstances described in the Data Protection Legislation, you may object to the processing of your Personal Data, including where your Personal Data is processed for direct marketing purposes.
Right to data portability
Where you have provided your data directly to us and where the processing is carried out by automated means and based on your consent or the performance of a contract between you and us, you have the right to receive the Personal Data processed about you in a structured, commonly used and machine-readable format, and to transmit this data to another service provider.
Appropriate technical and organizational measures are implemented in order to ensure an appropriate level of security of your Personal Data, including but not limited to encryption techniques, physical and IT system access controls, obligations of confidentiality, etc.
In the event personal information is compromised as a result of a Personal Data Breach and where such breach is likely to result in a high risk to the rights and freedoms, we will make the necessary notifications, as required under the Data Protection Legislation.
What rules apply to children?
We do not knowingly collect or solicit Personal Data from anyone under the age of 18.
In the event we learn that we have collected Personal Data from a child under the age of 18 without verification of parental consent, steps will be taken promptly to remove that information. If you believe that we have or may have information from or about a child under 18 years of age, please contact us at email@example.com.
How is your Personal Data shared with Third Parties?
We only share or disclose information as described herein, including with Third Parties.
Your Personal Data will also be shared with government authorities and/or law enforcement officials if required for the purposes above, if mandated by law or if required for the legal protection of the Controller(s) legitimate interests in compliance with applicable laws (example for data concerning our subcontractors or employees).
Is your Personal Data transferred outside the EEA?
For the purposes described in this policy, your personal data will be kept within the EEA and transferred outside the EEA only to a country or countries which have been recognized by the European Commission to provide an adequate level of data protection.
How long will we keep your Personal Data?
To determine the appropriate retention period for the information we collect from you, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorized use or disclosure of the data, the purposes for which we process the Personal Data, and whether we can achieve those purposes through other means, and the applicable legal requirements.
What happens if we make changes to this Policy?
How to contact us?