ELORUS P. C. (hereinafter “ELORUS”) recognizes that privacy is important to you and is committed to protecting your personal data, in whatever capacity you communicate or cooperate with us, including, but not limited to, former or active customers, employees, suppliers or third parties.
Your personal data includes any information that may lead, either directly or in conjunction with other information to your identification as an individual or relate to an identifiable individual.
This category includes data such as your name, VAT number, social security number, your physical and email addresses, your fixed telephony and mobile numbers, bank / debit / prepaid cards, your email addresses, rating information, your internet search history (log files, cookies, etc.), and any other information that allows your unique identification in accordance with the provisions of the General Data Protection Regulation (GDPR 2016/679) and the relevant Greek legislation in force and the decisions of the Hellenic Data Protection Authority (HDPA).
Who we are
ELORUS offers cloud invoicing software and applications including time tracking, business expense management, business reporting etc. The contact details of the company are as follows:
Where we collect your personal data from
ELORUS will always require from you for the minimum required by the law personal data in order to provide our services, including, but not limited to, name, surname, e-mail address, invoicing postal address, credit card details, a billing method that may also include bank account details in case of remittance, and other details related to the services that have been provided.
We mainly receive your personal data in order to perform our contractual agreement with you either as a user of our services or/and as our supplier and / or as a visitor to our website. ELORUS retains your personal data only for as long as is required by the contractual terms of each service, along with the applicable fiscal, tax and other legislation in force, based on the purpose of the processing, and then the data is anonymised or destroyed.
In general, we do not collect or process personal data of children or provide services to people under 18 years of age.
Legal basis for processing your personal data
ELORUS process your personal data for one or more of the following legitimate reasons:
- To sign and perform a contract and carry out our contractual obligations
- To comply with a legal obligation and fulfil our tax, accounting and reporting obligations.
- To serve our and third party legitimate business interests. Legitimate interest is when we have a business or commercial reason to use your information. But even then, such use is consistent with the fundamental rights of individuals, for example:
- To provide you with effective customer service and support.
- To respond to your requests.
- To improve the security and usability of our website.
- To execute business transactions with you.
- To keep you updated on the evolution of our services.
- To file your complaints.
- You have given us your consent
- Subject to a valid consent you have freely provided the lawfulness of such processing is based on that consent.
How we share your data
In the course of the performance of our contractual and legal obligations your personal data may be provided to various service providers and suppliers. Those service providers and suppliers are bound by Data Processing Agreements, and they are obliged to safeguard confidentiality and data protection according to GDPR. Such service providers and suppliers may be:
- External legal consultants.
- Financial and business advisors.
- IT companies and communication providers.
- Certified public accountants - auditors and accountants
In any case, we take the appropriate technical and organizational measures to ensure that your personal data is transferred, stored and processed in accordance with the appropriate security standards and in accordance with the terms of this Policy and the applicable data protection regulations.
Transfers of Data outside the European Economic Area (“EEA”).
ELORUS doesn’t transfer personal data to third countries.
We will process and store your Personal Data for the duration of our relationship with you, and as long as necessary to fulfil our contractual and legal obligations.
We will delete your data:
- When it is no longer necessary for the purposes for which that information was collected and processed
- Upon your request or objection, provided there are no overriding legal grounds requiring us to maintain that information
- When it is not necessary in order to comply with our legal obligations.
- Upon the withdrawal of your consent in case that the collection and process of your personal data was based on your consent.
Automated decision and Profiling
In executing our business activities, we do not use any automated decision-making. We may process though some aspects of your data, in order to enter into a business relationship with you.
How we use your personal data for marketing activities
We may process your personal data to notify you about our services and offers that may be of interest to you or your business. The personal data that we process for this purpose consists of information you provide to us and data we collect when you use our services. We can only use your personal data to promote our products and services to you if we have your consent to do so or if we consider that it is in our legitimate interest to do so.
You have the right to object at any time to the processing of your personal data for marketing purposes.
Your data protection rights
You have the following rights in terms of your personal data:
- The right to request access to your Personal Data, you can ask to receive a copy of your data and to check if they are lawfully processed. In order to receive this copy, you can contact us through our website (contact us).
- The right to have your Personal Data corrected. This provides you with the right to correct any missing or incorrect data.
- The right to have your Personal Data erased (right to be forgotten). This provides you with the right to have your personal data erased in case there is no legitimate reason for us to continue processing them.
- The right to object to the processing of your personal data (right to object) when we rely on a legitimate interest, but there is something particular about you that makes you want to oppose processing for that reason. If you file an objection, we will no longer process your personal data for those purposes.
- You also have the right to object to the processing of your personal data if they are processed for direct marketing purposes. This also includes profiling to the extent that it is related to such direct marketing. If you object to the processing of your personal data for direct marketing purposes, the we will no longer process your personal data for such purposes.
- The right to restrict the processing of your personal data. You have the right to request from us to restrict the processing of your personal data ie to use them only in certain instances.
- The right to receive a copy of the personal data concerning you, in a structured, commonly used and machine-readable format in order to transmit the data to a third party. You also have the right to request from us to directly transmit your personal data to another party (data portability).
- The right to withdraw your consent you gave to us in order to process your personal data at any time. Please note that any withdrawal of consent shall not affect the lawfulness of processing based on consent before it was withdrawn by you.
- In order to exercise your rights, you can contact the company or fill in the form included in our website (contact us).
Right to submit a complaint with a supervisory authority
Before you submit a complaint, you should contact with us and exercise the above-mentioned rights stipulated in GDPR. If we don’t satisfy your request or you feel that your concerns have not been properly addressed by us, you have the right to submit a complaint at the Hellenic Data Protection Authority at www.dpa.gr
Personal data security
We at ELORUS have trained and responsible employees, and we recognize the importance of protecting privacy and all your personal information. To that end, we have appropriate security policies and we use the appropriate technical and organizational measures such as anonymization, pseudonymization, data encryption, firewalls, access levels, employee authorization levels, training, and periodic inspections.
Any partner who have access to the above information use them to serve the above purposes only. We share the information that you provide to us only through the ways described in this Policy.
This Policy was published by ELORUS on 01/10/2018 and is subject to periodic improvement and review.
Any changes to this Policy will apply to the information collected from the date of publication of the revised version and to the existing information we hold. The use of our website after the publication of changes, implies acceptance by you of these changes.