Data Protection Policy
This document describes our policy regarding the personal data we collect from visitors to our website (hereinafter “users”). The Data Controller is the company under the name Envisions Hub, based in Heraklion, Crete, VI.PE. Heraklion Crete, Odoú 1, Building 66, VAT 801565926, email: info@envisionshub.gr (“Data Controller”). In the daily activities of our company and our website, we process data concerning natural persons, including but not limited to:
- Clients
- Partners acting on our behalf
- Visitors of our website
- Other interested parties (employees, suppliers)
Our company complies with the General Data Protection Regulation (2016/679 E.U. GDPR) and all other European and national legislation regarding the protection of personal data, electronic communications, etc., and ensures at all times the protection of your Data:
Data is collected for specific, clear, and lawful purposes and is not further processed in a manner incompatible with those purposes.
We collect the personal data necessary for each processing purpose and process them lawfully, fairly, and transparently in relation to the data subjects.
We ensure that they are as accurate and up to date as possible and retain them only for the period necessary for the purposes for which they are processed.
In any case, the criterion we use to determine the retention period is based on and duly takes into account the need to comply with each relevant legal requirement as well as the principle of data minimization.
We process data electronically and manually and take all appropriate measures to protect personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical and organizational measures.
Collection, Purpose, Legal Basis of Processing, and Retention Period of Your Data
1. Data We Collect Automatically Through Our Website
When you visit our website https://envisionshub.gr/ , our server collects the so-called server log files, and specifically:
Date and time of access to the website.
The amount of data sent.
The browser program and the operating system you use to access the website.
Internet Protocol address (IP address), when you access our website. The IP address is personal data together with the date and time of your visit, as we can identify you only with this data.
The legal basis on which we collect the IP address and store it in special files (log files) is our legitimate interest in processing this data in order to ensure the security of networks, information, and services from accidental events or unlawful or malicious acts that compromise availability, authenticity, integrity, and confidentiality of stored or transmitted data (e.g., control of ddos attacks “denial of service”), as well as our legal obligation to provide a safe environment for the processing of your personal data (GDPR Article 6 paragraph 1 cases c and f). The data will not be transferred nor used in any other way. However, we reserve the right to check server log files if there are concrete indications of unlawful use.
2. Customer Data
When you visit our business, we collect personal data such as name, surname, email, postal address, gender, age, profession, address, and any other information you provide to us in connection with the provision of our services to you.
The purpose of processing your data is to provide you with the requested services and the legal basis for processing is the execution of the contract between us (Article 6 paragraph 1b of the GDPR), as well as compliance with legal obligations. The retention period of your data is the time required by the possible claim and longer if legal claims arise.
It is clarified that we do not provide public access directories of electronic addresses of subscribers/users. Therefore, any personal data (e.g., name, address, etc.) that appears anywhere on the pages and services of the website is intended exclusively to ensure the operation of the respective service and is not allowed to be used by any third party without complying with the provisions of the legislation on the protection of personal data, as currently in force. The Data Controller acts in accordance with current legislation and aims at the best application of good practices on the Internet. Your personal information is kept securely for as long as you are registered as users of some of our services and is deleted after the end of the contractual relationship in any way with the Data Controller.
3. Data we collect via email and the Contact Form
In the context of communication between us via email and the Contact Form, we collect your name, your email address, and any other information you provide us. These data are stored and used exclusively to respond to your request. The legal basis for processing your personal data is your consent (GDPR, Article 6 para. 1a). Your data will be deleted after the final processing of our communication. This will occur after the completion of the purpose and the scope of our communication, provided that there are no legal requirements for storing such data.
4. Sending newsletters
With your consent we will collect your email address in order to send you newsletters with our Company’s news and articles that you may find interesting. The legal basis for processing is your consent (GDPR, Article 6 para. 1a) and you have the right to revoke it at any time.
5. Supplier data
For the execution of our contract, we collect the data of our suppliers such as name, address, contact details, delivery details, financial data, which they provide themselves. The legal basis for processing your data is the execution of the contract and compliance with legal obligations (GDPR Article 6 para. 1b and c). We retain them for a period of up to twelve years from the last service provided, as required by tax law and any other relevant legislation.
Who has access to your data. Data transfers.
Your data is accessible by our employees as well as by any other person authorized to process the data during the course of their duties. In addition, we cooperate with third parties, whether legal, professional, independent consultants, etc. who provide us with commercial, professional, or technical services (e.g., website hosting, accounting services, transportation services) for the purposes mentioned above, and support our company in whole or in part, in relation to our activities. In such cases, these third parties act as Joint or Independent Data Controllers, Data Processors, or other authorized parties to process personal data for the same purposes mentioned above, under the same security measures and in accordance with applicable legal obligations.
Before a third party receives Personal Data, we must: (1) complete the privacy audit to evaluate the practices of confidentiality and the risks associated with those third parties (2) obtain guarantees by contract from those third parties that they will process Personal Data in accordance with our instructions and the applicable law, that they will immediately notify our company of any Personal Data Protection or Security incident, inability to comply with the standards set in this Policy and the applicable legislation, that they will cooperate to remedy any such incident, that they will help respond to the rights of individuals set out below, and that they will allow the Data Controller to audit their processing with regard to compliance with these requirements.
Finally, the data may also be transmitted to public authorities and institutions, as well as to legal representatives (lawyers and insurance companies), for legitimate purposes.
Apart from the above, data will not be disclosed to third parties, individuals or legal entities and will not be distributed.
Our company does not transfer Personal Data outside the EU, unless necessary (for example, to use Cloud services) and only if the conditions set out in Articles 44 et seq. of the GDPR are met, with your consent, or by applying standardized contractual clauses approved by the European Commission or to countries deemed safe by the European Commission.
Use of cookies
For the proper functioning of the website and better navigation, as well as for better service delivery, we use cookies. Cookies are text files with information, which the website server (web server of the Data Controller) stores on your computer when you visit this website. In this way, the website remembers your actions and preferences for a period of time, in order to exist for example: personalization of online advertising, analysis of visitor statistics, or other statistical analysis, and provision of the services you have requested. In this way, you do not need to enter these preferences each time you visit the website or browse its pages. Only the Data Controller and its specially authorized partners have access to any information concerning cookies.
You can control and/or delete cookies as you wish. Details can be found on the website: aboutcookies.org. In case you choose to disable cookies on the website https://envisionshub.gr/ the functionality of some pages may be lost or reduced.
See here which Cookies we use:
More information on the use and management of cookies on the website can be found on the websites:
Related to cookies and their management::
http://www.aboutcookies.org/default.aspx
http://www.whatarecookies.com/
Related to Google’s policy:
https://www.google.com/about/company/user-consent-policy.html
Security and integrity of Data
The Data Controller applies appropriate policies and procedures of technical and organizational security in order to protect personal data and information from loss, misuse, alteration, or destruction.
In addition, we try to ensure that access to your personal data is restricted to those who need to know it. Persons who have access to the data are required to respect the confidentiality of this data.
Please note that the transmission of information via the internet is not completely secure. Although we make every effort to protect your personal data, we cannot guarantee the security of data transmitted to our website. After receiving your information, we will apply strict procedures and security features in order to try to prevent unauthorized access.
We make every reasonable effort to keep the personal data we collect from you only for as long as we need that data for the purpose for which it was collected or until its deletion is requested (if that happens earlier), unless we continue to retain it as provided for in the applicable law.
Links to other websites
The website may contain links to other websites, which are governed by other privacy statements whose content may differ from this Privacy Statement. Please review the privacy policy of each website you visit before submitting any personal data to it. We try to provide links only to websites that share our high standards and respect for privacy, but we bear no responsibility for the content, security, or privacy practices applied by other websites.
Data of minors
When it is necessary to process data of minors (e.g., data of underage patients), meaning, under GDPR, those who have not completed their 15th year of age, processing is carried out only with the written and explicit consent of the persons who have the parental responsibility of the minor. In any case, we make every reasonable effort to ensure that consent is given or approved by the person who truly has parental responsibility for the child, through identification and any other available evidence.
Rights of Data Subjects
You may contact us by post or by email at the addresses mentioned in paragraph (1) above, to exercise your rights under Articles 15 et seq. of the GDPR. You may, for example, request an updated list of persons who have access to your data, request confirmation as to whether or not we are processing personal data relating to you, check their content, source, accuracy and location (also in relation to any third country), request a copy, request their correction and restrict their processing, or even their deletion, if applicable. Similarly, you may always provide comments and submit complaints to the Hellenic Data Protection Authority, 1-3 Kifisias Ave., GR 115 23, Athens, Call Center: +30-210 6475600 or at http://www.dpa.gr/
Changes to this Policy
The Data Controller reviews this Policy frequently and may amend or revise it periodically at its sole discretion. When changes occur, we will record the date of amendment or revision in the Policy. The updated Policy will apply to you and your data from that date onwards. We encourage you to review this Policy periodically in order to check whether there are any changes to the way we manage your personal data. This Statement was last updated in March 2025.
Contact us
If you have any questions, comments, or complaints about our handling or protection of your personal data, or if you wish to modify your personal data or exercise any of your rights as a data subject, please contact us at EMAIL: info@envisionshub.gr: info@envisionshub.gr
