top of page

Privacy Statement

PRIVACY STATEMENT

The company named “Tropos Technologies P.C." with the distinctive title "Tropos Technologies" located in Athens, at Zalokosta St. No. 8, Postal Code 10671, with Greek Tax Identification Number 802159485 (Tax Office D' Athinon) and G.E.MI number 171160201000 (hereinafter referred to as the "Company"), as the Data Controller, recognizes and gives great importance to compliance with national and European legislation related to the protection of the respective natural person (individual) from the processing of personal data concerning him/her.

The purpose of this statement is to inform you, as the Company's contractors or as users of our services, about the processing which your personal data undergoes in the context of the Company's operations or in the context of using the "apla" application and our overall business relationship, in accordance with current legislation and especially Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as the "Regulation").

Specifically, through this statement, you will find information regarding:

  • Our Company.

  • General principles during Personal Data Processing. 

  • Which of your data may be processed. 

  • The purposes of processing. 

  • To whom the data may be disclosed. 

  • What is provided in case of data transfer to third countries.

  • The period for which the data will be retained.

  • What happens when the data retention period expires.

  • Your rights as subjects of personal data. 

  • The Company's obligations during the processing of your data. 

  • Protection against attempts of electronic data interception.

  • Websites

  • Update – modification of this Personal Data Protection Statement

1. Our Company

Our Company is a private company registered in the General Commercial Registry (G.E.MI.) with number 171160201000, located in Athens, at Zalokosta St. No. 8, Postal Code 10671, and operates in the development and provision of digital solutions and tools to businesses in the food and accommodation sectors, both domestically and internationally. As part of its activities, our Company has developed an application named “apla”, which provides a digital supply chain solution and related management services for the foodservice industry and its suppliers (including hotels, restaurants, patisseries, bakeries, etc). The application is available on the Google App Store.

2. General Principles during Personal Data Processing

In the context of its operations, the Company ensures that the processing of your data is carried out in accordance with the following general principles and specifically:

 

  • The collection is carried out in a fair and lawful manner, where required with your consent, for a specified, explicit, and legitimate purpose.

  • Any processing (following collection) is carried out in a lawful manner, in compliance with the relevant declaration of the data subject and the purposes as notified. 

  • The individual data collected are relevant to the purpose of processing, adequate, and not more than what is required in the context of the specific purpose of processing.

  • The data are checked for accuracy and, where possible, regularly updated and kept up to date according to the existing procedures for this purpose.

  • The data are kept in a form that allows the identification of each data subject for the necessary period within the context of achieving the purpose of processing.

  • Our Company maintains appropriate security measures to protect the data of each subject and prevent risks such as loss, unauthorized access, destruction, illegal use, or disclosure.

  • Before processing, each data subject is duly informed by our authorized representatives, providing, where required, their consent voluntarily and actively. If you provide your consent, we inform you that you can withdraw it at any time, without affecting the legality of processing based on consent before its withdrawal. Your consent is not required in the following cases: a) for the execution of a contract you have entered into with the Company, b) in order to take steps at your request prior to entering into a contract, c) for compliance of the Company as the "Data Controller" with its legal obligations, d) for the protection of your vital interests, e) for the performance of a task carried out in the public interest or in the exercise of official authority (to the extent that it applies, f) when processing is necessary for the purposes of the legitimate interests pursued by the Company, unless your interest or fundamental rights and freedoms override those interests. 

 

3. Which of your data may be processed

 

Primarily, our Company contracts with legal entities rather than individuals in the context of providing our services (B2B). The Regulation does not cover the processing of personal data relating to legal entities, especially companies established as legal entities, including the name, type, and contact details of the legal entity. However, during the purchase or use of our services and our digital tools, or in any form of cooperation with our Company, you may need to register or we may need to process personal information and data (e.g., for creating a member profile), the processing of which is protected and secured by the Regulation. For this reason, we inform you that the Company proceeds with the collection, retention, and processing of personal data that you disclose or have disclosed to it as prospective or existing customers and/or users of the "apla" application and/or associates, partners or employees of the Company and/or as generally transacting in any capacity with the Company at all stages of our transactional relationship. The Company processes only the personal data necessary for the respective purpose of processing each time.

Specifically, the Company may process the following categories of personal data: 

 

  • Identification Data e.g., name, surname, date of birth, address, ID/passport number, social security number (AMKA, AMA), Tax identification number, photos,

  • Contact Data e.g., email/mailing address, telephone/fax numbers 

  • Payment Data e.g., bank accounts (account holder details and IBAN), 

  • Data necessary or useful for the conclusion and management of our transactional relationship, 

  • Other data, which are relevant and necessary for the predetermined purpose for which they are processed. 

 

The personal data processed by the Company are kept in digital and/or written form. Especially regarding the protection of minors: The Company recognizes the need to protect the data of minors, as defined by the current institutional framework. Data of minors are kept by the Company only if they have been provided by those exercising parental care and only for the purposes of fulfilling a related transactional relationship for the benefit of the minors. It is noted that the Company does not directly transact with minors, nor are the products and services provided by it intended for direct use by minors, but it only transacts with those exercising parental care of them.

 

Regarding the application "apla" the Company collects, stores, and processes the following user data: 1) First and Last Name, 2) email, 3) business name (optional) and 4) profile picture. Furthermore, all user actions within the application are recorded (e.g., login time, button clicks, etc.), and analyses are created for maintenance, upgrades, and support purposes of the application.

 

4. The purposes of processing.

 

The Company may process the above personal data for the following purposes and under the following circumstances: 

 

  • Within the context of executing the contract or prior to entering into it, specifically: 

  1. For the identification and verification of your details, 

  2. For communication either in the pre-contractual stage or regarding issues related to your transactional relationship with the Company, 

  3. For providing the requested product or service by the Company,  

  4. For gathering the necessary information to assess the possibility of offering a product or performing a service. 

  • Within the context of the Company's compliance with the obligations established by the current legislative and regulatory framework, especially regarding disclosure and transmission to the competent Supervisory, Independent, Police, Judicial, and generally Public Authorities, as well as to third legally licensed legal entities, where required according to the applicable law. 

  • Within the context of the Company's legitimate operation, the defense of its interests, and the generally smooth operation and protection of your transactions, especially regarding the collection and/or analysis of data related to, among others, risk assessment and management in the context of the Company's operation and staff security. 

  • Within the context of informing you by the Company about new products and/or services of the Company, provided you give your explicit consent for this purpose. In this case, we inform you that you have the right to withdraw your consent at any time, without affecting the legality of the processing based on consent before its withdrawal. 

 

5. To whom your data may be disclosed

 

Recipients of the data, which the Company is obliged or entitled to disclose based on legislative or regulatory provisions, judicial decisions, or within the scope of its legitimate transactional and contractual relationship with you, may include third parties to the Company, natural or legal entities acting on its behalf and account, including the following categories: i. Professionals for conducting the required preparatory actions for the extrajudicial and judicial pursuit of the collection by the Company of overdue and demanded debts, as applicable, ii. File maintenance and destruction companies, iii. Information system supply and support companies, iv. Market research and product promotion companies, v. Security and protection companies, vi. Consultancy service providers including legal and/or financial advisors and auditors of the Company, vii. Insurance companies and insurance brokers within the context of providing insurance products, viii. Insurance Bodies, Public Organizations, Chambers of Commerce, and Public Enterprises, ix. Credit Institutions, Payment Institutions, Electronic Money Institutions, x. Supervisory, Judicial, Independent, and other Authorities at national and European levels to fulfill a duty of the Company based on the law or regulatory provision or judicial decision, such as the Greek Competition Commission, Public Authorities in Greece and abroad, Courts, Prosecutors, Investigative Officers, Notaries, Judicial Bailiffs, Land Registries, Greek and foreign Lawyers, Certified Accountants, and Audit firms. It is noted that the Company will also provide you with more specific information regarding any transfer of your data to the above recipients if required by the applicable law. 

 

The Company may disclose your personal data to competent Supervisory, Independent, Police, Judicial, and generally Public Authorities, where mandated by the current legislative and regulatory framework, on a regular or ad hoc basis, if a relevant request is submitted or if it is obliged to submit a report with the said data without prior specific notification. It is noted that in the case where the Company assigns the processing of personal data to third parties acting on its behalf and account, they must fully comply with the Company's instructions. This compliance is ensured through specific provisions in the related outsourcing contractual documents and the adherence to corresponding procedures.

 

6. What is provided in case of data transfer to third countries

 

The Company processes your personal data mainly within the Greek Territory and in any case within the European Economic Area. However, in the context of carrying out its work and complying with the provisions of the current legislative framework, it may proceed with the transfer/acceptance of personal data to and from other Companies as well as linking certain files, as required. The above-described transfer or linking is conducted according to the requirements set by the European legislation for Companies based within the European Economic Area (EEA) or by the local legislative framework for other Companies outside the European Economic Area (EEA). The transfer of personal data to countries outside the European Economic Area (EEA) is only carried out if those countries provide an adequate level of personal data protection. If the third country outside the European Economic Area (EEA) does not provide an adequate level of personal data protection, personal data can only be transferred to that country if data protection is ensured by a data transfer agreement that secures an adequate level of protection or if the conditions expressly provided by European and national legislation are met (e.g., you, as the data subject to whom the data refer, have explicitly consented to the transfer). The Company ensures through appropriate procedures that the required processes are carried out by the competent local Authorities. 

 

7. The period for which the data will be retained.

 

The Company processes your personal data for the entire duration of the respective contract's validity and after its termination or expiration for as long as the current legislative framework specifies. Specifically, your personal data, which are processed by the Company, are mandatorily retained for the duration imposed by the purpose of processing for which they are processed and/or the respective current framework. Upon the end of this period, the data are retained according to the existing institutional framework for the period specified by the end of the business relationship or for as long as necessary to protect the Company's rights before a Court or another competent Authority. In any case, the Company does not store your personal data longer than legally permitted and necessary for the purposes of providing its services. The retention period varies and depends on the nature of the information and the purposes of processing. Regarding the 'apla' application, user data is retained for as long as they are members of the application. 

 

8. What happens when the data retention period expires.

 

Upon the expiry of your data retention period, the Company pays particular attention to how they are destroyed. Specifically, for this purpose, it has established and implements a relevant procedure, which is applied after it is determined that the retention of archival material is not required for compliance with legal and regulatory requirements or for the protection of the Company's interests and is based on the instructions of the Personal Data Protection Authority. The Company ensures that the above procedure for destroying files containing personal data also binds third parties providing services on behalf of and for the account of the Company and any other persons with whom it cooperates within the framework of outsourcing contracts or other types of agreements. Regarding the application "apla," the deletion of your data is possible and immediate by going to your profile and clicking the "Delete" button. However, you should be aware that this action is irreversible. If you change your mind after deleting your account, you will need to create a new account. If users delete their profiles for any reason, their data is immediately erased.

9. Your rights as subjects of personal data

After verifying your identity, as Data Subjects, you have the following rights: 

  • The right to be informed: The Company must inform you about the processing of your data, such as what data is processed, for what purpose, how long it is kept, in a transparent, understandable, and easily accessible form, using clear and simple language. 

  • The right of access: You have the right to obtain confirmation from the Company as to whether personal data concerning you are being processed, and, if that is the case, access to the data.

  • The right to rectification: You have the right to have the Company correct any inaccurate personal data concerning you and complete any incomplete data.

  • The right to erasure: You have the right to request the Company to delete personal data under certain conditions. 

  • The right to restrict processing: You have the right to obtain from the Company restriction of processing under certain conditions.

  • The right to object: You have the right to object at any time to the processing of personal data concerning you. The Company must then stop processing unless it demonstrates compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or for the establishment, exercise, or defense of legal claims. 

  • The right to data portability: You have the right to receive the personal data you have provided to the Company in a structured, commonly used, and machine-readable format, or to have those data transmitted to another controller. 

To further facilitate you in exercising your rights, the Company takes care to develop internal procedures to respond promptly and effectively to your requests. To exercise the above rights, please submit your request using the specially designed forms of the Company. Your request, using the specially designed form of the Company, should be sent to the following email address: pstavrou@tropos.ai.

If you believe that the protection of your personal data is in any way affected, you may, if you wish, also appeal to the Hellenic Data Protection Authority, using the following contact details: Website: www.dpa.gr / Postal address: 1-3 Kifissia Avenue, P.C. 115 23, Athens Phone: +30 210 6475600 Fax: +30 210 6475628 Email: contact@dpa.gr
 

10. The Company's obligations during the processing of your data. 

  • Ensuring Privacy and Security of Processing: The processing of personal data is confidential and conducted exclusively by persons under the Company's control. These individuals are selected based on strict criteria set by the Company, aimed at providing sufficient guarantees in terms of knowledge and personal commitments to confidentiality. Furthermore, suitable applications based on high-level security standards have been integrated into the network for the protection of personal data, while regular checks are conducted to strictly apply the criteria and procedures established by the Company for this purpose. The Company takes appropriate organizational and technical measures for data security and protection from incidents like accidental or unlawful destruction, loss, alteration, unauthorized dissemination or access, and any other form of unlawful processing. These measures aim to ensure a level of security appropriate to the risks of processing and the nature of the data being processed. 

  • Information System Security: To ensure the confidentiality of all information entered into its information systems, the Company has implemented appropriate measures for the security of these systems. These measures achieve the protection of data transmitted via the data and voice networks used by the Company. Additionally, user access to the Company's information systems is effectively controlled, and the protection of information managed by these systems is ensured. Finally, incidents of information system security breaches are identified and prevented as much as possible.

 

11. Protection against attempts of electronic data interception

The Company aims to protect you, its customer, from malicious actions by third parties, specifically from attempts of electronic data interception, by informing you via email or phone and providing clear instructions through its alternative networks, suggesting ways to protect yourself and drawing attention to commonly used methods and related risks. Specifically, it is clarified that the Company never requests the disclosure of personal data (identity details, bank account numbers, etc.) or their codes (user id, password) in any way (phone, email, or any other communication means) according to its internal procedures. Such data should only be provided during the user registration process on the "apla" application or when contacting the Company through the contact forms available at https://www.tropos.ai, https://www.getapla.com/.

12. Websites

When using the Company's websites or the "apla" application, it's important to know that the Company collects personal data from visitors/users only when they voluntarily provide it for the purpose of availing services available online. This can include submitting requests for information about products and/or services, or providing feedback. The personal data collected depends on the service requested and may include any of the previously mentioned data, tailored to the data subject's status. Optionally, some data fields may be filled in by the visitor/user depending on the requested service. The Company may process part or all of the data sent by visitors/users for the purpose of providing online services, as well as for statistical reasons and improving the provided services and information. The websites or "apla" application may include links to third-party websites, for which the Company is not responsible regarding their data protection and management terms. 
The Company may collect identification data of visitors/users using technologies like cookies or IP address tracking. Cookies are small text files stored on the visitor's/user's hard drive, facilitating access to certain services or pages of the website for statistical purposes, to determine useful or popular areas, and to evaluate and improve the website's performance. Additionally, the information system of the websites or the "apla" application automatically collects information about the sites visited by the user and about links to third-party sites chosen through the website. Visitors/users can adjust their internet browser settings to either alert them about the use of cookies for certain services or to refuse the use of cookies altogether. If visitors/users of the websites or "apla" application do not allow the use of cookies, this may affect the availability of some services or information provided by the Company. The Company may also use Google Analytics features for online product or service promotion, including remarketing features. Visitors/users can opt-out of receiving such messages and exclude themselves from future remarketing activities, adjusting their Google Display Network ads settings or activating the Google Analytics opt-out browser add-on.
For more detailed management of cookies and privacy settings, visitors/users can refer to their browser's instructions or help screen, such as the "Tools/Internet Options/Security and Privacy" settings in Internet Explorer, or similar settings in other browsers.

13. Update - Modification of this Privacy Statement

The Company may update, supplement, or modify this statement according to the current legislative framework. In such a case, the updated statement will be posted on the Company's websites (https://www.tropos.ai and https://www.getapla.com/.

Athens Greece
24 Mai 2024

 

bottom of page