Privacy Policy &
Data Protection
DESQUARED S.A.

Desquared processes personal data as a Data Processor to provide services, enhance user experience and comply with legal obligations. It may collect personal data as a Data Controller only to the extent that a legal basis is explicitly provided, either through consent or as a prerequisite for the execution of a legal or contractual obligation, as outlined in Articles 6 and 7 of the GDPR. For example, when you create an account on our website, we collect your name, email address and password to create and manage your account. The types of personal data collected depend on the context of the data subject's interactions with Desquared and the services utilized. As a Data Controller, Desquared may collect, with explicit advance notice, information such as name, email address, phone number, IP address, and browsing behavior. As a Data Processor, Desquared is bound to process personal data in accordance with the guidelines provided by the Data Controller.

Desquared processes personal data it has collected as a Data Controller based on one or more legal bases provided by the GDPR, including: 

• Consent: When you explicitly provide permission for specific processing activities, such as subscribing to a newsletter or allowing cookies on our website.
• Contractual Necessity: When the processing is necessary to fulfill a contract between you and Desquared, such as processing your payment details to complete a purchase.
• Legal Obligation: When the processing is necessary for compliance with a legal obligation, such as tax reporting or responding to a valid request from a law enforcement agency.
• Legitimate Interests: When the processing is necessary for the purposes of our legitimate interests or those of a third party, provided those interests do not override your rights and freedoms. This may include processing to improve our services, protect against fraud, or analyze website usage.

Desquared obtains and manages your consent in compliance with the GDPR. When we request your consent, we will provide clear and specific information about the data processing activities for which your consent is sought. You have the right to withdraw your consent at any time, and we will make it easy for you to do so, such as by providing an "unsubscribe" link in our email communications or offering a simple opt-out mechanism on our website.

Desquared retains personal data only for as long as necessary to fulfill the purposes for which it was collected or as required by applicable laws and regulations. We implement appropriate technical and organizational measures to ensure the security of your personal data and to protect it against unauthorized access, disclosure, alteration, or destruction. Pursuant to Article 5 (1)(e) of the General Data Protection Regulation (GDPR), Desquared shall retain personal data only for the duration necessary to fulfill the purposes for which the data was collected or as mandated by applicable laws and regulations. Desquared is committed to ensuring compliance with the principles of storage limitation and data minimization. For example, we use secure servers, encryption, and access controls to protect your personal data. We also regularly review our data retention policies and practices to ensure that we are not retaining personal data for longer than necessary.

As a Data Subject, you have specific rights under the GDPR and national Law 4624/2019, which Desquared is committed to honoring.

These rights include:

• Right to Access: You have the right to request access to your personal data held by Desquared and to obtain information about how we process it.
• Right to Rectification: You have the right to request the correction of any inaccurate personal data held by Desquared, as well as the completion of any incomplete data.
• Right to Erasure (Right to be Forgotten): You have the right to request the deletion of your personal data held by Desquared, under certain conditions.
• Right to Restriction of Processing: You have the right to request that Desquared limit the processing of your personal data under certain circumstances
• Right to Data Portability: You have the right to receive your personal data held by Desquared in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.
• Right to Object: You have the right to object to Desquared's processing of your personal data under certain conditions.
• Right to Lodge a Complaint: You have the right to lodge a complaint with the relevant supervisory authority, and in particular with the Data Protection Authority (https://www.dpa.gr/el), if you consider that the processing of your personal data by Desquared is not compliant with the GDPR and national Law 4624/2019.

Think of these rights as a set of keys that grant you access to and control over your personal data stored in Desquared's systems. Exercising your data subject rights can be compared to adjusting the settings on your smartphone, customizing your privacy preferences to suit your needs.

Desquared may engage third-party service providers to perform certain data processing activities on our behalf, such as software solutions providers on management software regarding payment processing, agency on web hosting or cloud-based services, or marketing services. These third parties, acting as Data Processors, are contractually obligated to process personal data in accordance with Desquared's instructions and the GDPR's requirements, as stipulated in Article 28 of the GDPR. Desquared ensures that these service providers maintain suitable security measures and utilize personal data solely for the specific purposes authorized.

Desquared may transfer personal data to third countries or international organizations outside the European Economic Area (EEA) in accordance with the GDPR's requirements.

When such transfers occur, we ensure that an adequate level of protection is in place, using mechanisms such as standard contractual clauses, binding corporate rules, or other approved methods, including request of risk-assessments and following protocols on information security.

Desquared is committed to protecting the privacy of children. Our website, services, and products are not intended for individuals under the age of 15, and we do not knowingly collect, process, or store personal data from children. Similarly, Desquared ensures that its services are age-restricted and not accessible to younger children. If we become aware that a child has provided us with personal data without parental consent, we will take steps to remove such information and terminate the child's account, much like a librarian removing an inappropriate book from the children's section.

Desquared may process personal data, mainly for the benefit of the Data Controller that has appointed Desquared as Data Processor, for specific purposes, such as marketing, analytics, or customer support. Think of these purposes like separate compartments in a toolbox, each containing specific tools to accomplish a particular task. When processing data for these purposes, we ensure that we have a valid legal basis, such as consent or legitimate interest, and that the data is only used for the intended purpose. For example, if you are a client of ours, we may process the email address of your employees that are already engaged via your administration to send you the material referred to under article 11 L. 3471/2006, in line with Directive 2002/58. This is clarified in Recital 173 and Article 95 of the GDPR, according to which, the GDPR does not apply where there are already existing e-Privacy rules. To that extent, we may process your personal data to provide assistance and resolve any issues you may be experiencing with our services, similar to a mechanic diagnosing and repairing your car.

Desquared may share your personal data with third parties under certain circumstances, such as when required by law, to protect our rights or property, or to facilitate the provision of our services. Imagine a detective sharing crucial case information with another law enforcement agency to solve a crime. We ensure that any third-party recipients of your personal data are bound by contractual agreements or other legal obligations to protect your information and only use it for the specific purposes for which it was disclosed. For example, we may share your personal data with payment processors to facilitate transactions or with analytics providers to help us understand how our website and services are being used, like a sports coach sharing player statistics with a data analyst to develop a winning strategy.

Desquared is committed to protecting the security of your personal data. We and any subprocessors appointed implement appropriate technical and organizational measures to safeguard your information from unauthorized access, disclosure, alteration, or destruction. These measures can include safety features of a bank vault such as secure servers, access controls, and regular security assessments.

In the event of a personal data breach, Desquared shall promptly notify the competent supervisory authority and in particular the Data Protection Authority (https://www.dpa.gr/el) and affected data subjects, as mandated by Articles 33 and 34 of the GDPR and art. 63 L. 4624/2019. Desquared will implement appropriate measures to mitigate potential risks and minimize the impact of the breach on the individuals concerned.

Regarding the scope to exercise your rights as a Data Subject, you may submit a request to Desquared's Data Protection Officer (DPO). Desquared will respond to your request in a timely manner, usually within one (1) month and certainly within the deadline that it foreseen and will take appropriate action. Submitting a request to the DPO is akin to filing a complaint with a manager to address a concern about a product or service, although this time it is referring to your personal data handling.

DPIAs are systematic processes used by Desquared to evaluate the potential risks and impacts of new technologies, projects, or data processing activities on personal data privacy. Desquared may conduct a DPIA before launching a new marketing campaign to ensure that it complies with GDPR requirements and respects user privacy. Conducting a DPIA is like performing a safety inspection on a vehicle before a road trip, checking for potential hazards and taking precautions to ensure a smooth journey or comparable to a medical check-up, identifying potential health risks and implementing preventative measures.

The DPO is a designated individual within Desquared responsible for overseeing the company's data protection strategy and ensuring compliance with GDPR requirements and national Law 4624/2019. The DPO reviews data processing activities, provides guidance on data protection matters, and serves as a point of contact for Data Subjects and supervisory authorities. In line with Article 37 of the GDPR, Desquared has appointed a Data Protection Officer (DPO) to oversee the company's data protection strategy and ensure adherence to GDPR requirements and national Law 4624/2019. 

Desquared is committed to cooperating with supervisory authorities to ensure compliance with GDPR requirements and national Law 4624/2019 and resolve any potential issues or disputes. If a supervisory authority requests information about Desquared's data processing activities, the company will promptly provide the necessary details via the DPO. This cooperation can be compared to a business partnering with a regulatory agency to maintain industry standards and ensure the best possible outcomes for all parties.

Privacy by Design and Default is a principle that guides Desquared in building privacy into its products and services from the ground up, ensuring that user privacy is protected by default. This principle can be compared to designing a car with safety features, like airbags and seat belts, incorporated from the beginning to protect passengers by default. In accordance with Article 25 of the GDPR, Desquared adheres to the principles of Privacy by Design and Default, which require the incorporation of data protection measures into the design and operation of products and services from the outset. By implementing robust privacy safeguards, such as encryption and minimal data collection, Desquared ensures the protection of user privacy by default, analogous to integrating safety features like airbags and seat belts into a vehicle's design from the beginning.

Automated decision-making and profiling involve using algorithms and other automated tools to make decisions or analyze personal data without human intervention. In these cases, Desquared may, for example, be asked, as Data Processor, to use an algorithm to analyze user preferences and recommend relevant content based on their interests. Automated decision-making can be compared to a self-checkout system in a supermarket, where the machine scans items and calculates the total price without human assistance. Profiling is like creating a personalized playlist for a user based on their listening habits and preferences, using algorithms to predict their taste in music. Data subjects have the right not to be subject to a decision based solely on automated processing, including profiling, that produces legal effects or significantly affects them. Desquared allows human intervention in the decision-making process and provide the data subjects with an opportunity to express their views and contest the decision. 

Cookies are small data files, which the Desquared website can install and store on user’s computer or mobile device (tablet, smartphone, laptop). Thanks to cookies, the website remembers the visitor/user's actions during navigation.

The use of cookies as trackers is supported by various browsers, so-called browsers, such as Google Chrome, Internet Explorer, Mozilla Firefox, Safari, Opera. The visitor/user can disable them so that they are not accepted or even delete them afterwards.

Depending on their type, cookies perform functions such as measuring website traffic, recording the number of visitors, language, time of entry, geographical origin, device identifiers (e.g. operating system, screen resolution), keywords used by the user, login attempts, etc. Some cookies are personal data and some are not. Some cookies are technically necessary, while others serve commercial and advertising purposes.

There are different types of cookies, functional, technical, user identification, advertising, etc. Viewer cookies are set by the website visited by the user and are only readable by the user. If the website uses external third-party services, then their own cookies, so-called third-party cookies (e.g. Google Analytics) are also installed on the user's device. Persistent cookies are those that are stored on the computer and are not automatically deleted once the browser is closed. Session cookies are those that are deleted once the browser is closed. Each time someone visits Desquared website, is asked to accept or reject cookies. If the user consciously choose to accept them, Desquared website will remember preferences (such as username, language) for a certain period of time. In this way the user will not have to re-enter them when browsing the website during the same visit.

The installation and use of "cookies" is specifically regulated by law (Art. 5 of national Law 3471/2006 which incorporated the European Directive 2002/58/EC ePrivacy) and is expected to be replaced by a Regulation (ePrivacy Regulation), so there may be changes to this Policy. Each website is allowed to install such a "cookie" only if the user gives his/her explicit consent (under the terms of the GDPR 2016/679) with an affirmative action (opt-in) and under the instructions of the Data Protection Authority, after being clearly and comprehensively informed about this installation, its usefulness, the consequences of refusal for the user experience, the purpose of the processing, the exercise of the right of access and any recipients of the data. Such consent may be given through appropriate settings in the web browser or through another application.

Desquared ensures all cookies and technologies are used in a manner that respects user privacy and complies with the GDPR. The company is committed to providing clear and comprehensive information about the cookies it uses, obtaining user consent when required, and implementing appropriate safeguards as stipulated by the GDPR, EDPB guidelines and national legislation. 

The following list contains the cookies and technologies are utilized by Desquared to enhance user experience, provide personalized content, and analyze website traffic and is updated over time:

• Essential cookies: Always Active
  These items are required to enable basic website functionality.
• Analytics: By choice
  These items help the website operator understand how its website performs, how visitors interact with the site, and whether there may be technical issues. This storage type usually doesn’t collect information that identifies a visitor.

The mandatory acceptance of cookies is not a condition of access to Desquared’s website. The visitor/user can freely navigate by checking and accepting or not cookies, provided either by Desquared or by third parties, whose policy is determined solely by them, without any involvement and legal responsibility of Desquared.

The visitor/user can control and/or delete cookies according to his/her preferences, as he/she can delete all cookies already on his/her computer, as well as configure browsers in a way that does not allow cookies to be installed. However, in this case, the user may need to adjust certain preferences each time he/she visits a website, and some services (e.g. saved login details, website preferences) may not work. The above Policy will be regularly revised to adapt to the instructions of the Supervisory Authorities and the latest legislative and regulatory developments.

‍

In accordance with Desquared's Privacy Policy & Data Protection, the company's approach to external links is explicitly outlined, with an emphasis on the fact that Desquared bears no responsibility for the privacy practices employed by third-party websites. For instance, Desquared may facilitate links, either directly or via its applications, to a news article hosted on a third-party website; however, the privacy practices governing said website do not fall under Desquared's Privacy Policy & Data Protection. In a manner akin to visiting an adjacent store within a shopping complex, users are subject to the rules and policies imposed by the respective establishment upon following an external link.

Desquared reserves the right to revise its Privacy Policy & Data Protection periodically in order to reflect changes in its operational practices, the provision of services, or to address legal requirements. Such revisions may entail updating the Privacy Policy & Data Protection to incorporate details regarding a new service that necessitates the collection of additional personal data. In accordance with article 12 of the GDPR, article 57 L. 4624/2019 and EDPB guidelines, any changes to the Privacy Policy & Data Protection are comparable to software updates, wherein enhancements and novel features are introduced to optimize user experience and rectify existing issues.