To take the necessary measures to comply with the requirements of the Existing Legislation and to be able to prove at any time that it complies with the above (Accountability Principle)
D. Personal Data We Collect and Process, Purpose of Processing and Lawful Basis.
Ι. Personal data collected through the contact form.
Through the contact form, the user has the opportunity to contact the Company. In case the user wishes to use this service, he/she must fill in the relevant fields (a) his/her name (mandatory field), (b) his/her e-mail address (mandatory field), (c) the subject of the communication (mandatory field), (d) any other data in free text that he/she wishes to share with the Company.
Purpose of Processing and Lawful Basis.
The purpose of the collection and processing of such personal data is the provision of NEXT COM’s services to the user, the direct contact with the Company, the optimal response of NEXT COM to the user and its service. The legitimate basis for processing the personal data of the users is the legitimate interest of the Company to provide high quality services to the users of the Website (Article 6(1)(f) of the General Data Protection Regulation).
II. Personal Data collected while browsing the Company’s Website.
While browsing the NEXT COM Website, data is collected regarding the user’s demographic information such as country of residence and other types of information related to his/her preferences in products and services. In addition, data related to information related to customer surveys and/or various offers are collected.
Purpose of Processing and Lawful Basis.
The purpose of the collection and processing of this personal data is to ensure directness and personalization in the provision of NEXT COM services and, in particular, the provision of specialized consulting services tailored to the specific needs and requirements of each user. The legitimate basis for processing the personal data of users is the legitimate interest of the Company to provide high quality services to the users of the Website (G.D.P.R. Article 6(1)(f)).
Purpose of Processing and Lawful Basis.
An additional legal basis for processing is your consent, pursuant to Article 6(1)(a) G.D.P.R., which is required for the storage on your terminal device of the cookies used by our website. Finally, the information generated by the cookies may also be transferred to our partners (technical support consultants, lawyers) or to competent authorities, if necessary. Please note that all our partners are committed to confidentiality and to taking appropriate technical and organisational measures to ensure the protection of your personal data.
For detailed information on the types of cookies we use, please visit our Cookies Policy.
IV. Social media buttons
On our Website, there are social media widgets from social networks (e.g. Facebook, Instagram and LinkedIn) with the use of which, after the user logs in to the social network, a special digital fingerprint of the user is created, for which both the Company and the social network itself act as joint controllers.
For more information on the data processing policy and the configuration options of these networks, please visit the following websites:
The purpose of collecting and processing such data is to improve the services provided by us and in general the user’s experience when visiting the Website. The legitimate basis for processing the personal data of users is the legitimate interest of the Company to provide high quality services to the users of the Website (G.D.P.R. article 6(1)(f)).
V. Personal Data of Minor Users
NEXT COM does not address minors and does not wish to collect and process personal data of minors (i.e. persons under the age of 18). However, since it is impossible to cross-check and verify the age of the users of our Website, we ask the parents/guardians of minors, in the event that they discover any unauthorized data disclosure on behalf of minors, to immediately notify the Company to take the necessary protective measures (e.g. immediate deletion of their data). If the Company becomes aware that it has collected personal data of a minor, it undertakes to delete them immediately and to take all necessary measures to protect such data.
VI. Data Protection Impact Assessment (DPIA)
Where a type of processing is likely to present a high risk to the rights and freedoms of natural persons, NEXT COM shall carry out, prior to the processing, an assessment of the impact of the envisaged processing operations on the protection of personal data (“impact assessment”). An impact assessment is a process designed to describe the processing, assess its necessity and proportionality and assist in risk management by evaluating and defining measures to address the risks. It is not required for every form of processing, but only in cases where a form of processing is considered high risk. The impact assessment takes into account the nature, scope, overall context and purposes of the processing in order to assess whether a risk is likely to occur, as well as its seriousness for the rights and freedoms of data subjects.
VII. How do we ensure that Processors respect your Personal Data?
NEXT COM, in the context of its activities, may transfer data to third parties and/or allow access to them (legal or natural persons) who act as processors and/or sub-processors, to support its operation and serve its purposes, such as, for example, transferring data to service providers, website developers, cloud service providers, support companies for application development, etc.
Our partner companies that act as processors and/or sub-processors on our behalf have agreed and contractually bound themselves to the Company:
i. maintain confidentiality and ensure data confidentiality,
ii. process the data only for a specific purpose and for no other purpose
iii. not to transmit data to third parties,
iv. take appropriate organisational and technical security measures to ensure data protection,
v. comply with the legal framework for the protection of personal data and in particular the Regulation and Law 4624/2019.
VIII. Transmission to third parties
Users’ personal data may be transmitted to public authorities, independent authorities, etc. in the exercise of their duties, either on their own initiative or at the request of a third party with a legitimate interest, following all legal procedures and in compliance with the appropriate safeguards to ensure the protection of personal data. NEXT COM, reserves the right to disclose and/or transfer personal data to a third party to whom it may transfer or merge parts of its business or assets. In the event of a change in our business, the new owners have the right to use your personal data in the same way as set out in this Policy.
IX. Transfer of Personal Data outside the EU
In the event that personal data of users collected through our Website is transferred to a country outside the European Union (EU) or the European Economic Area (EEA), NEXT COM will first check whether :
a) The European Commission has issued a relevant adequacy decision for the third country to which the transfer will take place.
(b) The appropriate safeguards in accordance with the Regulation have been complied with for the transfer of such data.
Otherwise, the transfer to a third country is prohibited and the Company will not transfer users’ personal data to that country, unless one of the specific exceptions provided for in the Regulation applies (e.g. the express consent of the user and his/her information on the risks involved in the transfer, the transfer is necessary for the performance of a contract at the request of the subject, there are reasons of public interest, it is necessary to support legal claims and vital interests of the user, etc. If in the context of its legitimate activities there is a need to transfer personal data outside the EU, the Company shall select the appropriate legal transfer mechanisms in full compliance with the Regulation and the Existing Legislation and inform the data subjects accordingly.
X. Data Retention Period
Users’ personal data are collected and retained for a predetermined and limited period of time, depending on the purpose of processing, after which the data are deleted from NEXT COM’s archives. When processing is imposed as an obligation by provisions of the applicable legal framework or a specific retention period is provided, your personal data will be stored for as long as the relevant provisions require. The personal data of users that are processed with consent will be kept until consent is withdrawn, without this withdrawal affecting the lawfulness of the processing up to that point.
XI. Security of Personal Data
All officers and employees of NEXT COM are responsible for ensuring that personal data held and processed by the Company are kept securely and are not disclosed or transmitted to any third party, unless the third party is authorised by the Company to receive and process such information in the context of (a) the legitimate activities of NEXT COM and if it has entered into a corresponding confidentiality agreement or (b) there is a legal or statutory obligation to do so.
NEXT COM takes all appropriate technical and organisational measures to ensure the security of the personal data it holds and processes. Although no method of transmission via the Internet or method of electronic storage is completely secure, the Company takes all necessary digital data security measures (antivirus, firewall) etc.
NEXT COM implements, both at the time of determining the means of processing and at the time of processing, appropriate technical and organisational measures designed to apply data protection principles and incorporate the necessary safeguards in the processing in such a way that the requirements of the GDPR are met and the rights of data subjects are protected (data protection by design).
NEXT COM shall implement appropriate technical and organisational measures to ensure that, by default, only personal data that are necessary for the purpose of processing are processed (data protection by design).
NEXT COM shall ensure that the personnel involved in the collection and processing of personal data are adequately informed and trained.
In the event of a personal data breach, the Company shall inform the Personal Data Protection Authority without delay, unless the breach is unlikely to cause a risk to the rights and freedoms of natural persons, providing all required information and documentation. If the breach is likely to pose a high risk to the rights and freedoms of natural persons, NEXT COM shall promptly notify the data subjects of the breach in question, unless such notification requires a disproportionate effort, or in the meantime the Company has implemented appropriate technical and organisational protection measures on the data affected by the breach that render it incomprehensible to unauthorised users, or in the meantime the Company has taken measures to ensure that no unauthorised users are able to access the data.
XII. Your Rights
NEXT COM ensures that it is able to respond immediately to the requests of users, in order to exercise their rights in accordance with the existing legislation.
In particular, each user has the following rights:
a) The User shall have the following rights: To request information on the processing of his/her personal data by NEXT COM.To request access to his/her personal data held by NEXT COM. More specifically, he/she may request to receive a copy of his/her personal data held and to check the lawfulness of the processing.
b) Right to rectification of inaccurate data. Request the correction of personal data in case they are inaccurate or incomplete.
c) Right to erasure: To request the erasure of his/her personal data if their retention is not based on any legitimate basis or legitimate interest.
d) Right to restriction of processing: Request restriction of the processing of his/her personal data, under certain conditions.
e) Right to Data Portability: to request the portability/transmission of his/her personal data either to himself/herself or to third parties.
f) Right of Withdrawal/Objection: to withdraw at any time the consent given for the processing of his/her personal data, without this withdrawal affecting the lawfulness of the processing until then, to object to the processing of his/her personal data by NEXT COM.
To exercise your rights, you can contact us by email at firstname.lastname@example.org by requesting: a) correction or deletion of the personal data you have entered or otherwise provided or collected through our Website, b) restriction of the processing of the personal data you have entered or otherwise provided or collected through our Website, c) objection to the processing of the personal data you have entered or otherwise provided or collected through our Website on our Website, d) request for the processing of the personal data you have entered or otherwise provided or collected through our Website, e) correction or deletion of the personal data you have entered or otherwise provided or collected through our Website on our Website. In case of exercise of any of the above rights, NEXT COM shall provide the data subject with information on the processing operations upon request submitted within one (1) month from the receipt of the request and the identification of the data subject. This time limit may be extended by two (2) more months, if necessary, if the request is complex or there is a large number of requests. In this case, NEXT COM is obliged, within one (1) month of receipt of the request, to inform the user of the delay and the reasons for it.
NEXT COM may refuse to comply in whole or in part with a relevant request received from the data subject only where this possibility is provided for by the Regulation or national legislation.
If a request from the data subject is manifestly unfounded or excessive, in particular because of its repetitive nature, NEXT COM may make compliance with it subject to the payment of a reasonable charge to cover the administrative costs involved in complying with it or refuse to comply with the request.
XIII. Disclaimer for Third Party Websites
In case of our Website contains links that redirect users to third-party websites, we inform you that NEXT COM does not control or bear responsibility for any risk or damage (positive/oppositive) suffered by the user from the use of the content of the Website and these websites, nor for the way in which the personal data of users are processed. NEXT COM takes all necessary measures to ensure that this Website is a safe environment for users, providing them with valid, reliable and up-to-date information.
XIV. Right of recourse to the Personal Data Protection Authority
For any complaint regarding this Policy or personal data protection issues, if we do not satisfy your request, and you believe that your personal data protection is in any way affected, you may submit a complaint through a dedicated portal (https://www.dpa.gr/el/syndesi/prosvasi ) to the Personal Data Protection Authority (PPA) (Athens, 1-3 Kifissia Avenue, P.O. Box 115 23, tel: +30 2106475600). Detailed instructions for lodging a complaint are available on the Authority’s website (https://www.dpa.gr/el/polites/katagelia_stin_arxi).
Last Revision: July 202