211 415 6540

693 773 0000

info@darivaslaw.gr

Stadiou 61, Omonia, Athens 105 51

  • ΕΛ
  • ΕΝ
  • ΕΛ
  • ΕΝ
 

Personal Data – Electronic Commerce

General Data Protection Regulation (GDPR) was published in the official journal of the European Union on May 4, 2016 and radically changes European legislation regarding the protection of personal data. The need for organizations to comply with the GDPR is imperative, as the protection of individuals against the processing of personal data is a fundamental right. Article 8(1) of the Charter of Fundamental Rights of the European Union and Article 16(1) of the Treaty on the Functioning of the European Union (TFEU) state that every person has the right to the protection of personal data concerning him.

 

As “Personal Data”, it is defined not only the data regarding police identity card, telephone number or residential address but any data used to inform a third party about the characteristics, data or preferences of a person.

FAQs

What does the term "personal data" mean?

"Personal data" term refers to any information relating to a certain person. Personal data is divided into simple and sensitive. "Simple personal data" is any information related to the identification details of a person, such as name, age, residence, profession, marital status, etc. and/or physical characteristics, education, work, financial situation, interests, activities, habits. "Sensitive personal data" is any information related to racial or ethnic origin, political, religious or beliefs, trade union membership, health, social welfare and love life, related to criminal prosecutions or convictions, as well as the participation in associations of persons related to the above. Sensitive data is protected by the Law with stricter regulations than simple personal data.

When is the collection and processing of "Personal Data" permitted?

The processing of them is only permitted when the data subject has given his consent. Exceptionally, processing is permitted even without the consent of the person, when the processing: (1) is necessary to achieve a contract in which the specific person participates, (2) is required by law, (3) is necessary for the preservation of the subject's life, if he is unable for some reason to give his consent and (4) is necessary to carry out a project of public interest.

When is the collection and processing of "Sensitive Personal Data" permitted?

The collection and processing of sensitive data is prohibited, while exceptionally permitted, after permission from the Personal Data Protection Authority and only under the following conditions: (1) when the subject has given his written consent or (2) when the processing is necessary to protect the life of the subject or the statutory interest of a third party, if the subject is unable to give his consent, or (3) when the processing concerns data that the subject himself makes public, or (4) when the processing concerns matters health and is carried out by a person professionally engaged in the provision of health services, provided that the processing is necessary for medical prevention, diagnosis, treatment or the management of health services or (5) when the processing is carried out by a Public Authority and is necessary for the Public Interest or (6) when the processing is carried out for research and scientific purposes only and provided that anonymity is maintained.

Is it possible to withdraw consent of personal data’s use in the context of e-commerce?

E-commerce especially over the internet is growing rapidly due to the advantages it offers. On the other hand, it involves particularities that require the adoption of special legislative measures to enhance transparency and protect traders.
If you have ever given your consent to a business or entity to use your personal data, you can, at any time, contact the data controller (the person or entity that manages your personal data) and revoke your consent. Once you revoke consent, the business/entity can no longer use your personal data.
Where an entity processes your personal data in the context of its own legitimate interests or in the public interest or on behalf of an official authority, you may have the right to object to its processing. In some special cases, the public interest may prevail and the business or body may be allowed to continue using your personal data. In any case, the first time the company or organization contacts you, it must inform you of your right to object to the use of your personal data.

Lawyers and Associates of "Konstantinos Darivas and Associates" Law Office monitor European and Greek legislation and keep up to date with jurisprudence in the field of personal data protection law, providing legal advisory services and compliance with applicable laws and regulations. We thus have specialized knowledge about the provisions of the Regulation and can inform you about the new legal framework regarding the protection of Personal Data within the EU or outside but, in any case, where the law of an EU member state applies.

Please contact our office for any issue regarding the compliance of natural and legal persons who violate the rules regarding the collection and processing of personal data. We are able to provide you with a full range of legal advice on organizing a - tailored to your needs - action plan for enforcement by the relevant regulatory authorities.

Indicative List of Services:

  • Compliance with the regulatory framework of the General Regulation on the Protection of Personal Data EU 2016/679 and the applicable national legislation
  • Breach of the obligations of the controller and the processor (articles 8, 11, 25 to 39 and 42 and 43 of Regulation 679/2016)
  • Breach of the obligations of the business certification body (articles 42 and 43 of Regulation 679/2016)
  • Breach of the obligations of the monitoring body (Article 41 of Regulation 679/2016)
  • Breach of the basic principles for processing (articles 5, 6, 7 and 9 of Regulation 679/2016)
  • Breach of the rights of data subjects (articles 12 to 22 of Regulation 679/2016)
  • Breach of the provisions on the transmission of personal data to a recipient in a third country or an international organization (articles 44 to 49 of Regulation 679/2016)
  • Compilation/configuration of activities file according to article 30 (GDPR)
  • Drafting company policies (Privacy Policy, Cookie Policy and website terms of use, Video Surveillance Policy etc. Configuration and updating)
  • Elaboration of impact assessments in cases of dangerous processing involving a high probability of leakage or other type of attack of personal data
  • Legal support/Assistance in managing and dealing with complaints or audits of the Personal Data Protection Authority. Judicial challenge of the Authority's fines imposition acts
  • Legal support/ Consulting regarding the legislative framework for electronic commerce in Greece & Consumer Rights (Law 2251/1994)
  • Electronic contracts
  • Use - consumer protection
  • Mandatory information in an online store

CALL US

+30 211 750 2400

+30 693 773 0000

OR SEND US A MESSAGE

CONTACT FORM

The information you give us is used solely to inform you in accordance with the privacy policy