PRIVACY POLICY
Introduction The application DINOSAURIA PARK belongs to the company “EKMETALLEFSIS PSIHAGOGIKON THEMATIKON PARKON KAI MUSION ANONIMI ETERIA” with registered offices in the Municipality of Heraklion (Crete) Greece, Gouves Exhibition Center, P.C. 71500, VAT number EL 800380657, under General Electronic Commercial Registry Νο 119266327000 (member of Heraklion Chamber), Tel: 0030 2810332089, e-mail: gdpr.dinosauriapark@gmail.com. The Company has taken the appropriate measures which ensure that processing of your personal data complies with the General Data Protection Regulation (EU) 2016/679 (GDPR) and the applicable Greek Laws (Law 4624/2019). Especially, the Company adopts internal policies and implement measures which meet the principles of data protection by design and data protection by default. We collect your personal data either directly from you, or through affiliated companies. We collect your data through the Application and / or in other ways (social media, e-mails etc.). By using the Application, you agree to be bound by this Privacy Policy. In case you disagree with the Privacy Policy, you must refrain from any action, interaction, access and use of the Application. This Privacy Policy applies to Users of the App. Therefore, the words "you", "your" and generally the use of the second plural form refers to Users. Throughout the Privacy Policy, the terms “we”, “us” and “our”, refer to the Company. Scope and aim While you are using the Application, we may ask you to disclose to us some personal data in order to provide you with the Services. The present Privacy Policy (hereafter Privacy Policy) describes the type of your personal data which are subject to the processing, the way and the context in which your personal data are collected, the purposes and means of the processing of your personal data, the lawfulness of processing, the entities to which your personal data may be disclosed, the purpose limitations, the storage period and measures we take to ensure lawful and fair processing and the principles relating to processing of personal data. It also includes information about your rights and data protection. The Privacy Policy applies only to processing of personal data for the purposes which are listed below. We also collect personal data through our pages on social media. In this case data processing may be subject also to another privacy policy (e.g. Facebook / Google privacy policy). Brief description of the Application The App allows the User to receive educational information regarding the Park’s exhibits. Specifically, each User can find information in the App environment about the dinosaurs of the Company’s theme park, either automatically by detecting the User’s distance from the Bluetooth Proximity Beacons when approaching an exhibit, or manually from the App’s database. The App’s content is suitable for Users of any age. Definitions For the purposes of this Privacy Policy: ‘personal data’ or ‘data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person; ‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction; ‘data controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the Controller or the specific criteria for its nomination may be provided for by Union or Member State law; ‘processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the Controller; ‘consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her; ‘recipient’ means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing; ‘third party’ means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data; ‘supervisory authority’ means an independent public authority which is established by a Member State pursuant to Article 51 G.D.P.R. ‘restriction of processing’ means the marking of stored personal data with the aim of limiting their processing in the future; ‘profiling’ means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements; ‘Company’ is the Company “EKMETALLEFSIS PSIHAGOGIKON THEMATIKON PARKON KAI MUSION ANONIMI ETERIA”. ‘User’ is the person who uses the Application. ‘Application or App’ is the application DINOSAURIA PARK. ‘Services’ are the services provided by the Company to the Users through the App. ‘Park’ is the theme park of the Company (the Dinosauria Park) in Heraklion, Crete. Principles relating to the Processing of your Personal Data We process your personal data lawfully, fairly and in a transparent manner (‘lawfulness, fairness and transparency’). We collect your personal data for specified, explicit and legitimate purposes. Your data are not further processed in a manner that is incompatible with those purposes (‘purpose limitation’). Furthermore, your personal data that we process are adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’). Your personal data are also accurate and, where necessary, kept up to date. We take every reasonable step to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’). Your personal data are kept in a form which permits identification of you for no longer than is necessary for the purposes for which the personal data are processed (‘storage limitation’). Your personal data are processed in a manner that ensures appropriate security of them, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’). Data Controller For any processing of your personal data for the following purposes, the Company EKMETALLEFSIS PSIHAGOGIKON THEMATIKON PARKON KAI MUSION ANONIMI ETERIA is the Data Controller (e-mail: gdpr.dinosauriapark@gmail.com). The Data Controller determines the purposes and means of the processing of your personal data. Personal Data we process - lawfulness of Processing - purposes - retention period The App, optionally, collects your location data, specifically your distance from the Bluetooth Proximity Beacons, should you be within their transmission range. If you allow App access to your location data (device location), we will process this Data, on the basis of your consent, in order to detect the proximity of your mobile device to the Bluetooth Proximity Beacons operating in the Park. The App will display the information of the beacon closest to your device during your tour around the Park. The beacons’ transmission range is around 60-70 meters, therefore when you are using the App outside the Park, the Company does not locate your device. We will retain your location data for as long as you remain within the transmission range of the Beacons and only if you haven’t withdrawn your consent. We process your personal data when you contact us (via e-mail, telephone, social media etc.). We may process your name, e-mail address, phone number and other information that you disclose to us, on the basis of your consent, in order to contact you. We will store your personal data for one year from the last time you have contacted us. We also, collect your Personal Data (profile name, comments, reviews, contact details, messages) that you share with us when visiting our pages / profiles on social media platforms (Facebook / Google Maps etc.). This information is processed when you contact us, make a request or interact in another way with us, through our social media pages, so as to respond or communicate with you in any way. Your personal data will be retained for as long as you remain a fan / follower / member / subscriber of our pages / profiles. By using the above-mentioned services (social media) you acknowledge that your interaction (like, comment, message) with our pages / profiles / channels etc. gives us the right to process your personal data on the basis of your consent. Processing of Special Categories of Personal Data We do not collect or process special categories of Data. You shall refrain from sending to the Company special categories of Data, otherwise the Company will erase these Data. The Company shall not be liable for any damage incurred to you or a third party due to an illegal act or omission performed by you, regarding special categories of Data. Consent We will provide you all the information you need to express your prior agreement (consent) to the processing of your personal data if processing is based on your consent. At the first launch of the Application, you may be asked to decide, through relevant options on your device, whether you wish to allow the Application to access your location data (ACCESS_FINE_LOCATION) or your Bluetooth function. If you choose to allow the App to access your location data, this choice is a clear affirmative action, which is considered as a freely given, specific, informed and unambiguous indication of your agreement (consent) to the processing of your location data for the above-mentioned purpose. You may withdraw your consent at any time, without affecting the lawfulness of processing based on your consent before your withdrawal. You may withdraw your consent for the processing of your data either by performing the necessary adjustments on your terminal device or by contacting the Company. It is optional for you to provide us with your location data and to give us access to your device’s Bluetooth, If you refuse to disclose your Personal Data to the Company or if you prevent the App from accessing your device’s functionalities, you will have to use the Application manually. Child’s consent: If you are a child, we may process your Data, on the basis of your consent, only if you have reached 15 years of age. If you declare that you are under 15 years old, the App will only work manually. The Company shall not be liable for inaccurate declaration of age by a child and the liability for any act or omission of children lies with their parents. Recipients & Processors We may need to disclose your Personal Data to authorized recipients (i) for the maintenance / repair of our equipment (PCs, servers, hardware) that support the operation of the Application and (ii) for the development of the Application. Where processing is to be carried out on behalf of the Company, we use only processors providing sufficient guarantees to implement appropriate technical and organizational measures in such a manner that processing will meet the requirements of the GDPR and ensure the protection of your rights. Transfer of Personal Data to a third country A transfer of personal data to a third country may take place where the Commission has decided that the third country ensures an adequate level of protection. In the absence of a decision, we may transfer personal data to a third country only if the processor has provided appropriate safeguards, and on condition that enforceable data subject rights and effective legal remedies for data subjects are available. Otherwise, we will transfer your data to a third country only under GDPR conditions (data subject’ s consent, contract, vital interests etc.). Your rights The Company protects your personal data and respects your rights and freedoms. As Data Subject you have the right to be informed on the processing of your personal data, the right of access to your personal data and to information relevant to processing, the right of rectification of your personal data , the right to erasure of your personal data, the right to restriction of processing, the right to data portability, the right to object to the processing of your personal data, the right not to be subject to a decision based solely on automated processing, including profiling and the right to withdraw your consent at any time. To be informed about or exercise the above rights, you need to apply by writing to the Company named “EKMETALLEFSIS PSIHAGOGIKON THEMATIKON PARKON KAI MUSION ANONIMI ETERIA”, with registered offices in the Municipality of Heraklion (Crete) Greece, Gouves Exhibition Center, P.C. 71500, or via e-mail: gdpr.dinosauriapark@gmail.com. We are ready to handle your request with respect to your rights and privacy. Otherwise, you could lodge a complaint to a supervisory authority (www.dpa.gr – tel: 0030 210 6475600, contact@dpa.gr), if the Data Controller does not take action on your request. We take all efforts to facilitate the exercise of Data Subjects’ rights. We will not refuse to act on any request of yours for exercising your rights, which are described above, unless we are not in a position to identify the Data Subject. We will respond in writing to such requests from you, without undue delay and in any event within one month of receipt of your request. In this case we will provide you with information on action taken on behalf of your request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests. We will inform you of any such extension within one month of receipt of the request, together with the reasons for the delay. We will communicate any rectification or erasure of personal data or restriction of processing to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. Otherwise, if we do not intend to act on your request, we will inform you without delay and at the latest within one month of receipt of the request, of the reasons for not taking action. Where requests from a data subject are manifestly unfounded or excessive, in particular because of their repetitive character, the Company may either: (a) charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the action requested, or (b) refuse to act on the request. Storage & security of Personal Data Personal data collected through the App, are stored in the Company’s computer systems and in the Application’s server in European Union. The Company shall not be liable for any damage caused by risks appearing in websites of entities advertised in the Application or other affiliate companies etc., even if users are referred to said websites by links, banners, frames etc. placed on the App. Liability for the content, information, visitors’ safety and protection of their personal data, as well as the quality of services provided is born solely by owners, managers and administrators of said websites, which Users visit at their own risk. Dispute resolution In case of controversy or claim of any nature regarding the process of your personal data and the context of this Privacy Policy, applicable law is the law of the Greek state, the GDPR and the instructions, decisions, guidelines and opinions of the Hellenic Data Protection Authority. Any dispute between the Company and the Users or third parties, from the use of the Application, will be resolved through friendly negotiations between them. Otherwise, for all actions or legal procedures, the Courts of Heraklion (Crete) will be in charge. Updates to the Privacy Policy The Company reserves the right to amend this Privacy policy. You should periodically check whether changes have been made. Last update: 27.07.2021.

ΔΙΕΥΘΥΝΣΗ

Παλιά Αμερικάνικη Βάση, Γούρνες Ηράκλειο ΤΚ 71500

ΕΠΙΚΟΙΝΩΝΙΑ

SOCIAL MEDIA

Copyright © 2022 Dinosauria Park |