Personal Data Protection and Privacy Policy

ALVO Single Member p.c (herein called “Alvo” and or “Operator”), operator of Cello in Greece is sensitive to and respectful of privacy and protection of personal data. Building relationships of trust is a priority and is a fundamental business practice. This Policy provides information on the process of collecting, storing, using and generally processing personal data carried out by Alvo and its network. Therefore, you must read this policy very carefully before your use of the website and/or the application, since this policy is an integral part of the terms and conditions of use of the website and/or the application. Please note that the site and/or App do not collect identifiable personal information about you, except in cases where you provide this information on your own initiative and when providing access to information through the application.

Your surfing the website and/or registering and joining the application and/or joining the Cello service in any way constitutes your consent to the provision of information about you, to its storage in the Operator’s databases and to the use that the Operator and/or third parties may make of the information collected about you. The Operator and/or anyone on its behalf is obliged to maintain the confidentiality and secrecy of the information in its possession in accordance with the applicable law. The Operator will use the information according to this privacy policy or according to the provisions of the law.

 

1. Concepts

For the purposes of this Policy, the concepts mentioned are set out in the General Data Protection Regulation (EU) 2016/679 (hereinafter GDPR) (Article 4).

 

2. Data collection

The following data categories are collected for storing and processing:
a) contact details, landline (only for business accounts) and mobile phone, and/or work address, e-mail address,

  1. b) financial data necessary for the performance of contractual obligations, such, credit card numbers,
  2. c) vehicle details such as, license plate number, brand, model, vehicle status data, vehicle usage data,
  3. d) transaction details, such as store date, offers, date and order details, customer preferences, customer complaint records,
  4. e) vehicle license plate photographs
  5. f) GPS position data for connected car services,
  6. g) data relating to identity and transactional identifiers and collected electronically when using the website, such as IP address or other data provided by the devices used by the Customer as location identification data, as well as navigation data on the Internet (cookies), which alone or in combination with unique IDs, can be used to identify and create profiles.

When using the website and/or the application, certain services may and will require the use of a text message system (SMS) and/or sending emails and/or sending alerts or internal messages, for the purpose of streamlining the relationship with you, its management and improvement, operation, verification, identification, or any other action that will be required for the proper operation of the service requested through your device, for example, for the purpose of notification of the end of parking and/or payment arrangements in parking lots. By continuing to use the website and/or the application, you give your consent to the use of the messaging system to send you personal messages or notifications as necessary as mentioned.

The Operator will be entitled to push various messages (PUSH) to the mobile phone provided by the user during registration. The user also knows that upon registering for the website and/or the application and providing the details about him to the Operator, the Operator will be entitled to contact him, from time to time, with marketing offers and benefits through messages that will be sent by email and text messages (SMS) or by telephone. For this purpose, the user gives his/hers general consent, in advance, before joining the service on the website and/or in the application. It is clarified that the user may revoke his consent at any time and stop receiving the information through the removal methods that will be detailed in the notices in accordance with the provisions of the law.

Moreover, to provide the services offered by the Operator and/or to verify your identity, the Operator may receive from the various service providers personal information, including identifying details, about you, which will also be stored in the Operator’s databases. This information will be collected, stored and used in accordance with the purposes listed in the regulations of the terms of use, the terms of use in connection with the rescue service, and even in this policy.

As mentioned, the details that will be received about you from third parties and service providers, are provided with your express consent and you release the Operator from any liability or responsibility in connection with them (including their use).

 

3. Data collection method

Data collection can be done in one or more of the following ways:

– Directly during downloading the App,

– Directly during subscribing/registering to the website,

– Through call center.

-Through IVR

-Through Kiosk/Shop

 

4. How data is processed

The Data, which are collected and processed, concern the following purposes:

  1. a) responding to requests,
  2. b) performance of contractual obligations,
  3. c) fulfillment of legitimate interests,
  4. d) compliance with a legal obligation of the Operator
  5. e) identification and communication with customers at any stage of the transaction,
  6. f) giving information on new products and new services provided by the Operator, as well as for the investigation of the degree of customer satisfaction and further desires or preferences for the purpose of improving the services provided,
  7. g) the provision of digital services to vehicles,
  8. h) cases where it becomes necessary to recall services,
  9. i) processes in relation to subsidized services.

The Operator applies automated methods based on customers’ preferences and transaction habits to create their trading profile and to provide targeted individualized offers for services.

 

5. Legal Basis for Processing

The collection, use and general processing of Personal Data is done exclusively by consent or if the law allows it. Legal grounds for processing beyond the consent of the data Subject constitute the performance of a contract or compliance with a legal obligation and any other reasons provided for in Art. 6 of the GDPR, as well as national legislation.

 

6. Place of Processing

The processing of Personal Data takes place within the European Union. Exceptionally, if the data is transferred to a third country, then care will be taken to transfer it to a country for which the European Commission has decided that adequate data protection is ensured and that the processor has provided appropriate protection guarantees.

 

7. Disclosure of Personal Information

We will not disclose information collected about you other than for:

– a purpose made known to you,
– a purpose you would reasonably expect,
– a purpose required by or permitted under law, or
– a purpose otherwise authorized by you.

By law, you are not obligated to provide any information, and in providing it, as requested, you confirm that the transfer of the information to the Operator and/or to someone on its behalf and/or through it is at your sole responsibility, of your own free will and choice and with your consent, and you will not have any claim and/or Claim against the Operator and its representatives on the subject.

Also, to the extent that you provide or upload any personal information to the Operator through the website ,or application , and/or the Call Center, you hereby declare that the information you provide and/or update from time to time is true, reliable and accurate and that you provide the information of your own free will, in your name and for yourself only, or legally authorized to provide this information for another, and in any case you will be solely responsible for the provision of this information and the consequences of its use, including all damages caused due to the provision of incorrect information, to you or to any other party.

You hereby authorize the Operator to disclose, where necessary, your personal information to our related bodies corporate and to any agents or contractors who provide services to us in connection with the provision of services you have sought from us. These parties are prohibited from using your personal information except for the specific purpose for which we supply it to them. In particular the circumstances in which, and the types of third parties with whom, we may share your personal information includes:

  1. external payment systems operators which help us process the transactions you request;
  2. organizations that assist us with fraud prevention – for example, we may report your credit card number to a service that screens for lost and stolen card numbers;
  3. authorized councils and car parks who can have your vehicle(s) registration number plate on their reports;
  4. other organizations (including our related bodies corporate) and their agents for the marketing of specific products and services, unless you request us not to do so;
  5. where, in good faith, we believe that it is appropriate to investigate and protect users from fraud or other illegal activity;
  6. regulatory bodies, government agencies, law enforcement bodies and courts, when required or when we reasonably believe it to be necessary;
  7. your agents or legal representative (such as powers of attorney that you grant or a guardianship appointed for you);
  8. our agents, contractors and external advisers whom we engage from time to time, to carry out, or advise on, our functions and activities;
  9. if the Operator were to merge with or be acquired by, or its business were to be acquired by, another organization– that successor organization.

We reserve the right, at all times, to share your personal information with any third party if we reasonably believe such action is necessary in order to:

  1. Conform with the requirements of the law or to comply with legal processes served upon us;
  2. Protect or defend our legal rights or property, websites and systems or our users; or
  3. Investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person or violations of the terms and conditions of using the parking service.

For the avoidance of doubt, it will be emphasized that your consent to what is stated in this policy is learned from the use of the website and/or the application, and that the Operator does not and will not be responsible for any use made by third parties in relation to the information that will be provided to them by the Operator in accordance with your registration for the various services and/or or will be collected by them about you, as much as it is collected, including information that has been transferred and/or will be transferred to them and/or that has been provided to them directly by you.

 

8. Data Recipients

The data collected is processed by the Operator to fully comply with contractual obligations and provide excellent and comprehensive service. The Data is also transmitted to third parties, associates of the Operator, for the execution of specific tasks. Indicative and non-restrictive examples are advertising agencies and other third parties providing marketing services, market research, support and information (call centers), file storage and management companies, lawyers, law firms, notaries, executives, bailiffs, experts, expert witnesses, companies dealing with database management, IT application development and management, email service providers, web hosting services, including cloud services. Data may also be forwarded to police, customs, municipal, tax Authorities and/or public or private emergency service providers.

 

9. Use of cookies

Websites collect information through cookies. Cookies are small text files that are stored by a website in an Internet browser during browser navigation and then recognized the next time the website is visited. Cookies do not contain personal information, which could allow anyone to contact the visitor of the website such as e.g. by e-mail, etc. More information can be found here, Cookies Policy and at www.allaboutcookies.org.

You know and understand that it is possible that some of the services offered on the website and/or the application, or even all of them, will not be accessible if you block and/or delete the cookies. Therefore, it is suggested to do so only if you are convinced that you do not want the website, the content appearing on it and the services offered through it to be adapted to your preferences, and with the understanding that some and/or all of the services may not be available to you if you do so.

 

10. Data Protection Measures

The Operator implements appropriate technical and organizational measures to ensure the protection of Data from loss, misuse and unauthorized access, disclosure or destruction. Taking into account the best practices of modern technology and implementation cost, the Operator has realized a comprehensive information security program including physical security, encryption, regular security checks, penetration tests. It has also created authentication and access management standards, network access control and risk management and security incident standards, business continuity and recovery due to disaster, etc.

The Operator uses reasonable and acceptable protection and security measures in relation to online information delivery operations as required by law, and makes sure to update them regularly, among other things, to protect the site and the App and its contents from intrusions, loopholes or unauthorized eavesdropping. The said protective measures are intended to secure the flow of information between the user’s computer and the site’s servers, the communication through it and the information under the control of the Operator, against accidental or intentional exploitation, loss, destruction or against access by unauthorized and/or unauthorized persons and/or parties .

The Operator is regularly updated on technological developments in order to provide users with the best protection against intrusion and/or hacking, including unauthorized access to its databases. At the same time, the Operator clarifies that in cases that are beyond its control and/or arise from force majeure, it does not guarantee that the website and/or the Application  will operate as normal without any interruption and/or that the website and/or the information and data collected and/or provided as stated above will be absolutely immune against unauthorized access and/or intrusion into the Operator’s databases and that the user knows that the Operator will not be held responsible for any damage and/or loss, direct or indirect, of any kind, caused as a result, including due to violation of privacy.

It is clarified that the users are responsible for the use of details that identify them personally, and they are also responsible for taking security measures, including the use of security measures against viruses, not providing identification information to an unknown third party, including by email and/or social networks and/or public networks. The Operator clarifies that it does not contact by email with a request to receive personal details and/or a secret code, etc.

 

11. Data retention time

Data retention time varies depending on the purpose of the processing. Data are kept for as long as necessary for the processing purpose and data that are no longer necessary are deleted or anonymized. In case of concluding a contract, the Operator maintains the Data until the completion of the statutory limitation period of the claims, i.e. for a period of up to five (5) years.

As regards data that the Operator processes based on consent (e.g., for marketing purposes), the data subjects may revoke their consent at any time and the data will not be processed for the specific purpose after the revocation of the consent.

 

12. The rights of Customers / Subjects

The Customer has the right at any time of:

  1. a) access to their data, requesting and receiving information on the data concerning them,
  2. b) rectification of inaccurate or incomplete data concerning them on provision of the appropriate evidence,
  3. c) restriction of the processing of their data,
  4. d) portability of their data, i.e. to receive the data concerning them and which they have provided to the Operator and to transmit it to another controller,
  5. e) objection to the processing of their data,
  6. f) erasure of the data concerning them.

 

A response to any legal request will be given within thirty (30) days of receipt, unless, due to circumstances, a longer period of time is required, in which case there will be prior notice. There is no obligation to respond to a Customer’s request for restriction, objection to the processing or erasure of his data, provided that the processing of the data is necessary for the establishment, exercise or support of legal interest, legal rights or compliance with the Operator’s legal obligations or with those of the Network of collaborators. The data subject has the right to lodge a complaint with the Hellenic Data Protection Authority (www.dpa.gr) which is the supervisory authority, if the data subject considers that their rights are being infringed in any way by the processing of their data.

 

13. Exercise of Rights

The exercise of the above rights is done by completing the form for exercising each right located on the Operator’s website (www.cello-park.gr) and sending it to the email address (hi@cello-park.gr) or by mail to compliance@cello-park.gr (For attention of DPO).

 

14. Contact Information

Data Protection Officer (DPO)
Efstathia Liristi
e-mail: compliance@cello-park.gr

 

15. Changes to this Policy

This Personal Data Protection Policy may be revised whenever necessary for legal or factual reasons.

 

16. Date of entry into force

Date of entry into force: 1st May 2023