Privacy Policy
With this Privacy Policy, we inform you as our customer or user of the Services about the processing of Your personal data in connection with the use of the Website and/or the Services, by Speedporter P.C. (hereinafter referred as “Speedporter”) as well as on your respective rights in this regards. Any capitalized terms shall have the meaning given to them in the Terms of Use.
Data Controller
1.1 Speedporter P.C., located at 20 Charitos str, 106 75, Athens, Greece - Email: info@speedporter.com is the controller of your personal data that is processed in relation to the provision of Speedporter's services as detailed in this privacy policy.
What data are we processing?
2.1 Your personal data that we process is as follows:
(a) Personal details, contact details, list of your items to be transported and all detailsin connection with the provision by us of the Services.
(b) Electronic or other communications between you and Speedporter in relation to our contractual relationship, including date and time of the inquiry and the description of the request. Telephone communications may only be recorded, if you agree to such recording upon notification at the beginning of the telephone conversation.
Processing purposes and legal basis
3.1 The legal basis and purposes of processing Your personal data are as follows:
Processes necessary to perform the contractual relationship between you and Speedporter on the legal basis of Art. 6 para. 1 lit. b of the GDPR:
Processing purposes: Providing the Services, i.e. notifying the Hotel and the Courier in order for your items to be delivered to you, providing technical support and generally handling the contractual relationship, verification of customer authentication, pricing and transaction processing, communication in relation to our contractual relationship.
Place of data storage
The personal data we collect from you is stored on Speedporter servers or on cloud computing servers that are located within the European Economic Area (“EEA”). These servers will only be used for storing your personal data, while Speedporter will remain the controller. Speedporter will only select cloud computing providers, who will guarantee the compliance with relevant EU legislation for protection of data.
Third-party recipients
5.1 Within Speedporter, only those personnel have access to your personal data that is in charge for the respective task in relation to our Services and that have committed themselves to confidentiality.
5.2 Third-party recipients of personal data may be:
(a) Hotels and Courier service providers.
(b) Cloud Computing service providers.
We exclusively work with companies that offer an appropriate data protection level in line with the stipulations of the GDPR. We also have appropriate agreements in place to ensure that all third-party recipients will take all necessary measures to protect your personal data in accordance with applicable requirements. As far as our service providers, e.g. cloud services, are located outside the EEA, we transmit the data to such service providers based on the so-called “standard contractual clauses” which were
submitted by the EU-Commission. Upon request, we will provide you with a free copy of such standard contract clauses.
Record keeping time
6.1 We process your personal data for the above purposes for the duration of our business relationship. In addition, we are subject to certain legal storage and documentation obligations. Therefore, we retain your personal data for a maximum of ten years starting at the end of the calendar year in which we collected the data.
Obligation to provide personal data
7.1 In principle, we process your personal data only as long as it is necessary for the fulfillment of our legal obligations and the associated purposes. In addition, Speedporter is subject to certain legal storage and documentation requirements. These are based, for example, on the accounting rules applicable to Speedporter and tax law and provide for retention periods of up to 10 years. Therefore, we store your personal data for a maximum of ten years from the end of the calendar year in which we collected the data.
Is there an obligation for You to provide Data?
7.2 Yes. As part of our contractual relationship, you must provide us with such personal information that is necessary to perform our Services. Otherwise, such provision of services will not be possible by us.
Automated Decision-Making
7.3 In principle, we do not use automated decision-making for the establishment, execution and termination of contractual relationships. In case we use automated decision-making, we will inform you separately.
Your Rights
8.1 With regard to processing Your personal data, You have the following rights free of charge:
(a) Right to withdraw consent pursuant to Art. 7 GDPR – If You have given us Your consent to process Your personal data, You can withdraw such consent at any time with future effect without affecting the legality of the processing carried out based on the consent until withdrawal. This also applies to the withdrawal of declarations of consent that were given to us before the GDPR came into force, i.e. before 25 May 2018.
(b) Right of access pursuant to Art. 15 GDPR- You have the right to receive information on whether or not Your personal data is being processed by us and about the details of any such processing (who, for what purpose, recipients, retention period, etc.) as well as the right to access Your personal data concerned.
(c) Right to rectification pursuant to Art. 16 GDPR- You have the right to request the rectification of inaccurate or incomplete personal data we hold about You.
(d) Right to erasure pursuant to Art. 17 GDPR- You have the right to request the deletion of any of Your personal data under certain conditions (e.g. data that is no longer necessary)
(e) Right to Restriction of Processing pursuant to Art. 18 GDPR– You have the right to request the restriction on the processing of Your personal data.
(f) Right to data portability pursuant to Art. 20 GDPR – You have the right to receive personal data that You have provided to us with Your consent in a structured, commonly used and machine-readable format and – if technically feasible – to demand that we transfer those data to a third party.
(g) Right to object pursuant to Art. 21 GDPR – Under the requirements of Art. 21 GDPR You have the right to object to the processing of Your personal data at any time on grounds relating to Your particular situation (e.g. a possible risk to life or health). The aforementioned general right to object applies to all processing purposes described in this privacy policy, which are based on the legal basis of legitimate interest. In the event You make legitimate use of such right, we will no longer process Your personal data, unless we demonstrate compelling legitimate grounds for the processing, which override Your interests, rights and freedoms or for the establishment, exercise or defense of legal claims. As far as we process Your personal data for direct marketing purposes, You may object to this at any time without giving reasons.
(h) Right to lodge a complaint pursuant to Art. 77 GDPR – You have the right to lodge a complaint with a competent supervisory authority if You believe that we process your personal data by breaching applicable data protection law. You may in particular reach out to the supervisory authority that is responsible at Your place of residence or to the supervisory authority responsible for us. You can use the following link to locate the relevant authorities:
http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm
Communication
To exercise Your statutory rights and any communication regarding the processing of Your personal data, You may contact Speedporter in the following ways:
Address: 20 Charitos str, 106 75, Athens, Greece
Email: info@speedporter.com