SECURITY AND DATA PROTECTION POLICY
VIVA Online Services S.A., hereinafter “VIVA”, considers as its top priority the safety and protection of your personal data, irrespectively from the capacity with which you communicate or cooperate with us, for example as potential or current customers, employees, suppliers, professionals, individuals, consumers or cooperating third parties.
Your personal data includes any information that may lead, directly or combined with other information, to your identification or tracing as a natural person. Personal data include, indicatively, details such as name and surname, tax identification number, social security number, natural/electronic addresses, phone/mobile phone numbers, credit/debit/prepaid card numbers, e-mails, transactions’ data, telephone and electronic communications data, payments data, identification details of equipment or terminal appliances, as POS, PC, smartphone, tablet, browser history (log files, cookies etc.), as well as any other piece of information that may allow your identification, in accordance with the provisions of the General Data Protection Regulation (GDPR 2016/679), the applicable Greek laws and the decisions of the Hellenic Data Protection Authority (HDPA).
This Security and Personal Data Protection Policy aims to inform you on the terms of collection, processing and transfer of your personal data that we may collect as Data Controllers or Data Processors.
VIVA and its trained personnel apply the ten Processing Principles of the GDPR 2016/679 (lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity, confidentiality and accountability) in order to protect your eight Rights regarding the use of your Personal Data (information, access, rectification, erasure, restriction of processing, data portability, right to object and non-automated individual decision-making based on profiling, as specified in the Greek legislation). The above apply without any distinction and to all processing activities performed and to all services provided by the companies of the VIVA WALLET group.
2. Forms of personal data collection
VIVA will always ask for your minimum, as stipulated by law, personal data, so that you are enabled to buy travel tickets, events tickets, to buy other products and services we offer or to participate in competitions and promotional activities. Such personal data may include, indicatively, name/user code, password, number, validity and expiration date of debit/credit/prepaid card, telephone number, e-mail, postal address for issuance or postage of invoice or receipt or details of your order.
VIVA keeps your personal data only for as long as imposed by the contractual terms of each service, in combination with the applicable financial, banking, tax, telecommunication and other laws, based each time on the respective processing purpose, while afterwards it anonymizes or destroys them.
3. Cases of personal data collection
VIVA collects your personal data in the following cases:
• When you fill out an application-form in our website to buy a product and/or a service and to check your age to identify whether you may lawfully contract with us or the consent/signature of your parents/guardians is required.
• Upon your willful subscription to hard-copied or electronic lists so that you receive informative material or other marketing material in the form of prospectuses, electronically or by SMS or so that you renew your preferences or upon your participation in competitions, questionnaires and surveys.
• Upon your communication with our offices or the personnel of our customer care department by the recording of the content of your calls and each communication with our call center, with your comments and preferences for purchases, the products you have searched for or your comments.
• Upon your visit and browsing in our websites, where we collect with the appropriate means of data collection (e.g. cookies) information from your terminal device, such as IP address, operation system that you use, the type and version of your browser etc.
• Upon the submission to us of documents, judicial documents, orders, reports, confiscation documents, judicial orders etc. by third parties such as supervisory, prosecution, judicial, tax authorities, banking organizations, card issuance organizations, payment institutions, credit card institutions, companies that provide information on your creditworthiness for your protection against fraud or money laundering or combat against financial and electronic crime.
4. Cookies policy
Pursuant to the, subject to be replaced by a Regulation, Directive 2009/136/EC (E-privacy) of the EU, our website accepts the use of “cookies”. These are online tools for collection and analysis of information which come from social media platforms or cooperating platforms of third parties, used for counting website traffic, for improving the operation, the content and the overall design of our website and its adaptation to our customers’ needs.
By using our website, you agree (opt-in) with the processing of your personal data that are collected by the social media networks, or the search engines, such as Google Analytics, Facebook social plug-ins, Google+ etc., without any involvement, influence or control by VIVA, which are transferred either inside or outside the European Economic Area (28 EU member-states plus Iceland, Lichtenstein and Norway) and for which such third parties are exclusively responsible.
If you do not wish third parties, such as Google, Facebook, Twitter etc. to receive information from your web browser when you visit VIVA’s website, you may be excluded by making the appropriate choice, as provided in the relevant User Policy in the website of each third party.
5. Processing principles
VIVA will use your information for the following lawful processing purposes, namely:
• For the completion of your requests, purchases and orders.
• To answer on your applications and questions, indicatively for the provision of information on reservations, purchases, tickets, as well as information and answers to your suggestions regarding product and services improvements.
• To announce you the results of surveys, lots and competitions to which you may have participated.
• For ensuring quality and for training of our personnel purposes, in which case the telephone communications with our customers is usually recorded.
• For website traffic analysis and the improvement of your experience and to provide you with information related to products, services, special offers and promotional activities.
• For internal operations and analysis, such as internal management, prevention of fraud, use by information technology management, invoicing, accounting, billing and auditing systems.
In any case you are entitled to change at any time your preferences by contacting us or by using the deregistration link which is placed within every e-mail you receive by us.
6. Transfer to third parties
When you use our website and you provide us with personal information, we operate as intermediaries and we dot not transfer nor share your information, nor even among the group companies or third parties, but only to the extent it is necessary for the completion of your order and to fulfil requests associated with our services or to propose ways of improving your overall experience within the framework of the services we provide.
Such third parties may include event’s producers, travel operators, airline or shipping companies, telecommunications companies, seat reservation systems and other global distribution systems.
We choose reliable providers and we try to set contractual restrictions to third parties who receive your personal data to ensure that they use them in accordance with this policy and the applicable in Europe (GDPR 2016/679) and globally laws regarding data protection. Except that, we advise you to carefully read the personal data protection practices of any third-party providers/suppliers, whose products you buy via our websites. In addition, such third parties may contact you, if necessary, to receive additional information about a potential service, payment or reservation of yours.
In order to process your data, we may need to transfer them in other countries, including countries that are basically inside and only exceptionally outside the European Economic Area (EEA) based on adequacy decisions by the EU, binding corporate rules, standardized contracts and approved codes of conduct.
In any case, we take the appropriate technical and organizational measures to ensure that your personal information is transferred, stored and processed in accordance with the appropriate security standards and with the provisions of this policy and the applicable data protection laws.
Finally, we may transfer or reveal your personal data to official, national or foreign, state and supervisory bodies (e.g. police, Bank of Greece, international tax authorities etc.) when we are asked to comply with the law and to prevent any unlawful actions (e.g. fraud, money laundering etc.) to our or our customers’ detriment.
7. Personal data security
In VIVA, we have trained, and responsible personnel and we recognize the importance of protecting your privacy and all your personal information. For this purpose, we have in place proper security policies and we use the appropriate technical and operational tools, as anonymization, pseudonymization, data encryption, use of firewalls, setting of access rights, authorizations, training of personnel, periodic audits, compliance with international ISO security and business continuity standards, PCI for protection of data and payment cards etc.
Any partner of us who has access to the above information uses them to exclusively serve the above purposes. We share the information you provide to us exclusively in the manners described in this Policy and in accordance with your explicit and special consent per type of processing, which you may at any time and freely withdraw by communicating with us.
8. Targeted advertising
We may use personal data of yours together with other information we have collected with the assistance of our commercial department’s personnel, to show advertisements related to your obvious preferences in our website or in third parties’ website.
However, we never automatically associate data of customers of different companies of the VIVA WALLET group regarding your consumer profile and your preferences with other personal information (such as your e-mail address) in order to show advertisements or to send you personalized offers based on profiling.
In addition, we do not share your personal details with third parties so that they are enabled to send you relevant advertisements.
If you wish us to stop sending you updates or offers, you may use the hyperlink for deregistration which is placed within the relevant e-mail you received from us.
9. Hyperlinks to websites of third parties
VIVA’s websites may contain hyperlinks that lead to other websites of third, independent parties, as indicatively, events producers, travel operators, payments providers etc. which operate and are maintained exclusively by them, and which we do not control, as previously stated.
We carry no liability for the content, the actions or the policies of such websites. Please read carefully the corresponding personal data protection policies in the websites you visit, as they may have important differences from ours.
10. Non-requested commercial communication
We do not allow in any way the collection of e-mails or of general information of our customers and subscribers, via our website or our services. We do not allow, and we do not authorize any attempt of use of our services in any way that could harm, deactivate, burden any part of our services or to hinder anyone who wishes to use our services.
If we detect a non-authorized or improper use of any of our services, we may, without warning and upon our absolute discretion, take all appropriate measures to block messages by a specific web domain, an e-mail server or an IP address. We are entitled to immediately erase any account that uses our services and which we deem, at our absolute discretion, it transmits or is connected with the transmission of any messages that violate this policy.
11. Communication for questions or comments
If you have questions or comments on this personal data protection policy or if you consider that we have not abided by the principles set herein, please contact us by e-mail at firstname.lastname@example.org
or by post at: 18-20, Amaroussiou – Chalandriou street, P.C. 15125, Maroussi, Legal and Compliance Department
12. Validity of Personal Data Protection Policy
This Policy was published by VIVA on 25/5/2018 and is subject to periodic improvement and review.
Any amendments to this Policy will apply on the collected information from the date on which the amended version will be published and on the existing information we keep. By using of the website after the publication of the amendments, you automatically accept such amendments.