Privacy Policy

PRIVACY POLICY MIBS GROUP WEBSITE

Privacy Policy

PERSONAL DATA PROTECTION POLICY - PRIVACY POLICY
This document is property of the Company with the name "MS MANAGEMENT S.A. PROVIDING MANAGEMENT ADVICE AND SERVICES" and the distinctive title "MS MANAGEMENT S.A.", and its partial or total re-publication is prohibited, without the Company's permission.

1.WHO WE ARE

The website www.mibsgroup.com (the "Website") belongs to the limited company with the name "MS Management S.A. and the distinctive title "MS MANAGEMENT S.A. PROVIDING MANAGEMENT ADVICE AND SERVICES ", based in Athens, Xenophontos Street, number 14, ZIP Code: 10557 with VAT number: 800317620, G.E.MI. number: 114543201000 and phone: +30 (210) 324-17 -40 (contact hours from 09:00 to 17:00 from Monday to Friday), hereinafter "COMPANY".

The purpose of the Company is:
The management and exploitation of real estate properties and in general large projects (project management) as well as the coordination and administration of these and the provision of managerial and technical operational advice and services, the provision of real estate management services for a fee or on the basis of a contract, rental services and management of privately owned or leased real estate, intended and/or not for residence, services for the sale of residential buildings and land for the construction of residential buildings based on a fee or contract, the provision of real estate brokerage services for a fee or on a contract basis, services for the sale of free (undeveloped) plots of land intended for the construction of residential buildings, for a fee or on the basis of a contract, non-residential real estate management services, for a fee or on a contract basis, real estate valuation services for a fee or on a contract basis, apartment building management services, apartment rental collection services, apartment building utility billing services, the purchase and selling of privately owned real estate, the purchase and selling of timeshare properties, the purchase and selling of residential buildings and plots of land for residential buildings, the provision of services for the sale of timeshare properties for a fee or on the basis of a contract, the construction of real estate, residential or non-residential, either on company or third-party properties, as well as contracts for the construction of buildings, all kinds of technical and construction works concerning the construction of buildings of any use, the work of alterations, additions, or improvements to them and in general any work required for the construction and maintenance of buildings, the services of issuing bills for shared users, the cleaning services of common areas of homes and business premises.

Based on the legal framework for data protection, whose focus is the General Data Protection Regulation (GDPR), the Company is the Controller of the personal data, which you provide to "MS MANAGEMENT S.A.", and which the Company processes in the context of the provision of its services and maintains, with confidentiality and respect for your private life, taking the necessary technical and organizational measures for their further protection.

For issues related to the protection of your data you can contact us directly at legal@mibsgroup.com or +30 (210) 324-17-40.

2. INTRODUCTION.

This Personal Data Protection Policy and Privacy Policy (hereinafter "Policy") concerns the Company "MS MANAGEMENT S.A." (hereinafter "Company") and the personal data it holds, as a Data Controller, for individuals.

The Company, in its characteristic as Processor, is committed to protecting the confidentiality and privacy of Personal Data and complies with the relevant provisions of the "General Regulation on the Protection of Personal Data" (hereinafter "GDPR").

3. DEFINITIONS.

• Personal data: is any information that refers to and describes a person, such as: identification data (name, age, residence, profession, marital status, work, financial status, etc.). The person (individual) to whom the data refers is called the Data Subject.
• Breach of personal data: the breach of security, resulting in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access to personal data transmitted, stored or otherwise processed.
• Controller: the individual or legal person, which determines the purpose and way of processing Personal Data, which, in this case, is the "Company".
• Processor: the individual or legal person, Public Authority, agency, or other entity, which processes personal data on behalf of the Processor.
• Processing of personal data: any act or series of acts, related to personal data, such as the collection, registration, organization, structure, storage, adaptation or alteration, retrieval, search for information, use, disclosure by transmission, dissemination or any other form of disposition, association or combination, limitation, deletion, or destruction.
• Third party: any individual or legal person, except for the Data Subject, the Controller, the Processor and the persons who, under the direct supervision of the Controller or the Processor, are authorized to process the personal data.

4. PRINCIPLES OF DATA PROCESSING.

Our Company is committed to complying with the following Personal Data Processing Principles (Article 5 GDPR):

• Legality, objectivity, and transparency.
• Limitation of purpose - Personal data is collected for specified, explicit and lawful purposes and is not further processed in a manner incompatible with those purposes.
• Data minimization - Personal data is sufficient, relevant, and limited to what is necessary in relation to the purposes for which it is processed.
• Data accuracy / quality - Personal data is accurate and, where necessary, updated.
• Limitation in the storage period - Personal data is kept no longer than is necessary or required by law.
• Integrity and confidentiality – Guarantee security, in particular protection against unauthorized or illegal processing, and against accidental destruction or damage, using appropriate technical or organizational measures.
• Principle of Accountability.

5. COLLECTION OF PERSONAL DATA BY THE COMPANY "MS MANAGEMENT S.A."

The Company collects information about its customers, among others in the following cases:

• When customers contact us directly or when they visit the Company's premises, for information about the services offered by our Company and, by extension, about the service they choose.
• If personal data is transmitted to "MS MANAGEMENT S.A." by Companies, partners or other third parties.
• A visitor can visit the Website without revealing their identity and without providing personal information. We only receive personal data about you if you choose to provide it — for example, to contact us ("CONTACT US" section of the Website). By doing this, you are sharing with the Company your name and email address and any other personal information you may voluntarily disclose to us through your message.
• We may also collect information with the help of Google Analytics. However, this information is not personalized, and we cannot identify you using the information collected this way.

The Company also collects data from time to time, from third parties who may lawfully transmit to it information about its customers or whose records we may lawfully have access to, such as external partners, Credit Reporting and Fraud Prevention Agencies, lawyers, public services (administrative, tax, judicial, regulatory authorities, Insurance funds) or other NPDD or NPID.

Personal data is processed by the Company for the purposes, as detailed below.

The following categories of data about the Company's customers may be collected and further processed, as described in this Policy:

• Contact and Identification Information (e.g. Name, Address, City, Postal Code, Country, Telephone Number, Email, Social Security Number, Social Security Number or Passport, Date of Birth, etc.).
• Payment Information (eg IBAN/Account Number, desired payment method, etc.).
• Customer History (case by case data, relating to previous provision of services by a third party to the customer to whom the Company provides its services).

6. SECURITY OF PERSONAL DATA.

The company "MS MANAGEMENT S.A." ensures that personal data is processed, following policies and procedures in accordance with the processing purposes. For example, the following security measures are used to protect personal data against misuse or any other form of unauthorized processing:

• Access to personal data is limited only to a certain number of authorized people, for the specific purposes.
• The staff of the competent departments responsible for providing the services to you, are bound by confidentiality clauses, having classified and limited access, only to what is necessary to complete the provision of the service.
• The Company is responsible for the protection of the personal data it collects through this Website, as well as for informing all personnel related to this Privacy Policy.

We use, store, and process the information to:

1. Respond to your questions and requests.
2. Contact you about our products and services.
3. Perform specific profiling of you and your activity on the Website to personalize, measure and improve our marketing strategies and send you more relevant marketing communications.

In such cases, we will process your personal information given our legitimate interest in undertaking marketing activities to offer you products or services that may be of any interest to you. You can always request to opt out of receiving marketing communications from us by following the instructions provided in each marketing communication.

• The Company undertakes the responsibility not to process, publish or transfer the personal data of its users in any other way or for any other purpose.
• Sensitive data is stored on PC with authorized access.
• The Company selects reliable partners, who are bound in written, in accordance with article 28 par. 4 of the GDPR, with the same obligations regarding the protection of personal data.
• We reserve the right to control them (article 28 par. 3 item 1 GDPR).
• The IT systems used to process the data are technically isolated from other systems to prevent unauthorized access, for example through illegal access (hacking).
• In addition, access to aforementioned IT systems is monitored on a permanent basis in order to detect and prevent illegal use at an early stage.

7. COOKIES.

Like most websites, we use cookies and similar technologies when you access and browse www.mibsgroup.com.

Weighing our obligation to protect your data and the needs of www.mibsgroup.com we use these technologies sparingly, and with the aim of making your browsing comfortable and efficient and to receive certain anonymized information, in relation to your visits.

Cookies are small text files, which are stored on the hard drive of the computer or other electronic device, from which the user gains access to the website. Cookies are unique to each web browser (web browser, e.g. Google Chrome, Mozilla, Firefox, etc.) and contain anonymous information relating to the websites you visit and the devices you use.

By continuing to use www.mibsgroup.com, without changing the default settings, you agree to the use of cookies.

There are four main types of cookies, and here we show you how and why we use them.

(1) Cookies that ensure the use of the page – these cookies allow you to navigate our page and use our functionalities such as "Add to cart"!

(2) Cookies that measure browsing statistics – these cookies allow us to measure and analyze how our users use our site, so that we can improve both its functionality and your shopping experience.

(3) User preference cookies – when you browse or purchase from www.mibsgroup.com, these cookies will remember your preferences (such as which products you were viewing) so that we can make the experience of your navigation as best as possible and above all, more personal to you.

(4) Targeting or advertising cookies – these cookies are used to show you ads that are as close as possible to your preferences – but not only. Through them, we ensure that we will not show you ads all the time, but we will be able to limit the number of times you see them, so that we do not tire you and have more effective campaigns.

8. DATA RECEIVERS.

The personal data collected by the company www.mibsgroup.com may be transmitted to third parties, provided that the legality of the transmission is justified.

Further, if the legality of the transfer is justified, personal data may be shared with the following categories of recipients:

• Employees of the Company or its partners, who may process the personal data of the clients of "MS MANAGEMENT S.A.", under its instructions.
• Cooperating companies within the scope of their responsibilities.
• External partners, who are bound in written, in accordance with article 28 par. 4 GDPR, with the same obligations regarding the protection of personal data.
• Any Supervisory Authority, as required by the applicable supervisory framework.
• Any public or judicial Authority, if this is required by Law or by a Court Decision.

The Company uses several service providers, who cooperate in providing the services mentioned.

Although the transmission of data over the internet or a website cannot be guaranteed to be protected from cyberattacks, both the Company and our partners work to maintain physical, electronic, and procedural security measures to protect our customers' data.

9. PURPOSE OF PROCESSING AND LEGAL BASIS OF DATA PROCESSING.

The processing of personal data is based on one of the legal bases, as referred to in article 6 par. 1 GDPR. The legal basis on which the processing of each use of your data is based, is stated in each processing purpose.

Provision of Services - personal data, which are deemed necessary for the provision of product marketing services (Article 9 par. 2 a GDPR).

Compliance with our Legitimate Interests – e.g. to improve our services, prevent and detect fraud against us (Article 6 par. 1 f GDPR).

Compliance with our Legal Obligations - to comply with our legal obligations to police, regulatory, tax, accounting, statutory auditors, judicial authorities, and services (Article 6 para. 1 c GDPR).

The provision of personal data as above is a legal obligation, which depends on the specific request.

Processing of Special Categories of Data - According to Article 9 para. 1 and 2 GDPR, the processing of special categories of data is allowed only in the specific cases defined by law, among which is the provision of consent (Article 9 para. 2 a GDPR).

The Company stores the personal data for as long as it is required for the respective processing purpose and any other permitted related purpose. The data is kept throughout the provision of the service and, after its termination, for as long as it is provided by the applicable legislation.

Especially for the data processed by the Company based on the consent of its customers (e.g. for marketing purposes), these are kept starting from the receipt of the relevant consent and until it is revoked.

The Company limits access to its customers' data to the people who need to use them for the specific purpose.

10. RIGHTS OF DATA SUBJECTS AND HOW TO EXERCISE THEIR RIGHTS.

As Data Subjects you have the right to request access to your personal data, correction / deletion of your personal data, restriction of processing, right to object to processing and/or exercise your right to data portability.

If data processing is based on your consent, as a Data Subject, you can withdraw your consent at any time, with effect for the future.

More specifically, as Subjects you have the right to:

• The data is no longer necessary for the purposes for which it was collected.
• If there is no other legal basis for processing, other than consent.
• If as Subjects you exercise the right to object (see below, under "f'").
• If the data was processed contrary to the applicable statutory provisions.
• If the data must be deleted to comply with a legal obligation.

The Company reserves the right to refuse to satisfy the above right, if the processing of the data is necessary to comply with a legal obligation of "MS MANAGEMENT S.A.", for reasons of public interest or the establishment, exercise or support of legal claims (article 17 par. 3 GDPR ).

The Company will examine your request as its Customer / Data Subject and will respond to you within one month of receiving the request, either for the satisfaction of your request or for the objective reasons, which may prevent its satisfaction, or, considering the complexity of the request and the number of requests, within an additional period of two months. (Article 12 par. 3 GDPR).

The exercise of your above rights as Subjects is carried out at no cost to them, by sending a relevant application / letter / email to the Data Controller.

If you are not satisfied with the use of your data by us or with our response to the exercise of your above rights, you have the right to file a complaint to the Personal Data Protection Authority: Phone: +30 210 6475600, email: contact@dpa.gr and postal address: 1-3 Kifisias Avenue, PO Box: 115 23, Athens.

11. SUBJECT IDENTITY VERIFICATION.

The Data Protection Officer must check the identity of each Subject who makes an access request, to ensure that the information is given only to the person entitled to it. If the applicant's ID has not already been provided, the person receiving the application will ask for two forms of identification, one of which must be a photo ID and the other proof of address.

If the applicant is not the person to whom the data refer, a written confirmation with an original signature is required that they are authorized to act on behalf of the Data Subject.

12. COUNTRY OF DATA PROCESSING.

The personal data of the customers of "MS MANAGEMENT S.A." are processed within the European Economic Area (EEA).

If an investigation is required for the provision of services outside the EEA, then this is carried out with the express consent of the subjects (Article 49 par. 4 a GDPR).

13. POLICY UPDATE.

This Policy is revised when there is a significant change. This revision will be available on the website and at the Company's secretariat.

For any dispute arising from this Policy, the Courts of Athens are competent.

14. BUSINESS TRANSPORTATION

If we undertake or participate in any merger, acquisition, reorganization, sale of assets, bankruptcy or insolvency event, we may sell, transfer or share some or all of our assets, including your information in connection with such transaction or consideration of such a transaction (eg due diligence). In this case, we will notify you before your personal information is transferred and is subject to a different privacy policy.

15. LINKS TO OTHER WEBSITES

Our website may, from time to time, contain links to and from the websites of other networks, including partners and suppliers. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we accept no responsibility or liability for those policies. Please review these policies before submitting personal data to these sites.

16. CHANGES

Our Privacy Policy may change from time to time. Any change to the Site's Privacy Policy will be posted on this site and, if necessary, the Company will notify users of any changes.

CONTACT US

If you have any questions about this policy or our practices in handling information, or if you wish to exercise any of your rights under applicable data protection laws, please contact us at legal@mibsgroup.com or +30 (210) 324-17 -40 .

If you are not satisfied with the use of your data by us or with our response to the exercise of your above rights, you have the right to file a complaint to the Personal Data Protection Authority: Phone: +30 210 6475600, email: contact@dpa.gr and postal address: 1-3 Kifisias Avenue, PO Box: 115 23, Athens.