At NutsBox, we aim to protect and ensure the privacy of the information provided to us, always respecting the trust of our customers and users of our website. We always comply with applicable national and European legislation on the protection of personal data and have implemented a series of actions and procedures to ensure full compliance with the new General Data Protection Regulation (GDPR) of the European Union.

Please review this Privacy and Personal Data Protection Policy. This Policy sets out the basis on which our website processes any personal data we collect from you or that you provide to us. We retain certain basic information when you visit our website and recognize the importance of keeping this information secure and informing you about how we intend to use it. Please review this Policy to learn more about how we collect, store, use, share, and protect the personal data and information we receive. Also, learn about your rights regarding this collection and processing, how you can exercise them, and how you can contact us with any questions.

1. Principles governing data processing

2. Legitimacy of processing

3. Minors

4. Collection and use of Personal Data

5. Transfer of Personal Data to Third Parties

6. Rights and how to exercise them

7. Links to other websites

8. Provision of professional services

9. Changes to the personal data protection policy

10. Contact

Principles governing data processing

a) Legality and transparency

All personal data we collect is processed lawfully and fairly, in accordance with applicable law and in a transparent manner with regard to the information we collect about you.

b) Purpose limitation and data minimization

NutsBox collects your personal data for specific, explicit, and legitimate purposes, and this data is not further processed in a manner incompatible with those purposes. Furthermore, only appropriate and necessary data is collected to the extent necessary for the purpose for which it is processed. This means that the information and data you share with us will not be further processed unlawfully, unless there are reasons of public interest.

c) Accuracy

Your personal data is accurate and, when necessary, updated. NutsBox takes all reasonable measures to immediately delete or correct personal data that is inaccurate, using the ready-made processing form and direct communication via email, as detailed below.

d) Limitation of the storage period

NutsBox retains your personal data only for as long as necessary for the purposes of processing or complying with each individual’s request, or until the data subject requests its deletion (and in any case for no longer than 1 year, unless we continue to retain it as provided for in applicable law).

e) Data Integrity, Confidentiality, and Security

NutsBox implements appropriate security policies and procedures to ensure that your personal data is processed in a manner that guarantees appropriate security, including protection against unauthorized or unlawful processing and accidental loss, destruction, or damage, using appropriate technical and organizational measures. destruction, or damage, using appropriate technical and organizational measures. Despite the efforts made by NutsBox, security cannot be guaranteed against all threats.

In the event of loss or breach of personal data, we have a dedicated incident response team and a process in place to respond to such incidents in order to restore the breach as quickly as possible, limit the potential consequences, and comply with our legal obligations. We make every effort to ensure that access to your personal data is limited to those who need to know it. Individuals who have access to the data are required to maintain the confidentiality of this data. In the event of a breach of your personal data, we will notify you immediately by any appropriate means.

Lawfulness of processing

In order for the processing of your personal data and information to be lawful, certain conditions must be met. NutsBox, always in accordance with Greek and EU legislation, collects only the personal data that is necessary and essential, complying with the above legal requirements, which are as follows:

a) Your consent: In order to process the data provided to us, you must first give us your consent by accepting the terms of use and this privacy policy of our website, as well as the use of cookies. We may occasionally ask you for specific permission to process some of your personal data, and your personal data will only be processed in this way if you agree to it. You can withdraw your consent at any time by completing the “Personal Data Management Request” form, where you can request the withdrawal of your consent to the processing of certain personal data, as well as the export, correction, or deletion of your personal data held by us, or by contacting NutsBox at info@nutsbox.gr. In general, you are not required to submit personal data to NutsBox online, but we may ask you to provide certain personal data in order to receive additional information about our services and events. NutsBox may also ask for your permission for certain uses of your personal data, and you can either consent to or refuse these uses. If you accept the consent clause for specific services or communications, such as an electronic newsletter, you will be able to unsubscribe from the relevant mailing list at any time by following the instructions contained in each communication. If you decide to unsubscribe from a service or communication, we will try to delete your data as soon as possible, although we may need some time and/or information before we can process your request.

b) Performance of a contract: this occurs when the processing of your personal data is necessary for the performance of our obligations arising from a contract to which you are a party or at your request prior to entering into a contract.

c) Legal obligation: this is when we are required to process your personal data in order to comply with a legal obligation, such as keeping records for tax purposes or providing information to a public body or law enforcement authority.

d) Legitimate interest: we may process data about you when we have a legitimate interest in carrying out a lawful activity in order to ensure the continuity of that activity, provided that this does not override your interests.

e) Public interest: sometimes processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority

Minors

NutsBox understands the importance of protecting children’s personal data, especially in an online environment. If the child providing consent for the processing of their personal data is over 16 years of age, then the processing is lawful. If the child is under 16 years of age, such processing is lawful only if and to the extent that such consent is given or authorized by the person who has parental responsibility for the child.

Collection and use of Personal Data

4.1 What data we collect We receive your personal data when you choose to provide it (for example, if you contact us via email or register as a subscriber for certain services). In some cases, you may have already provided your Personal Data to NutsBox in the past. By registering and/or submitting your personal data to NutsBox, you also consent to the use of this data in accordance with this Statement. Your personal data is not used for other purposes unless we obtain your permission, or unless required or permitted by law or professional standards. For example, if you register on the NutsBox website and provide information about your preferences, we will use this information to personalize your user experience. When you register or log in using a third-party single sign-on service, we may identify you as the same user regardless of the use of different devices and personalize your user experience on any other NutsBox websites you visit. If you send us your resume (CV) to apply online for a job at NutsBox, we will use the information you provide to see if you are a good fit for any of NutsBox’s current job openings. In some cases where you have registered for certain reasons. If you send us your resume (CV) to apply online for a job at NutsBox, we will use the information you provide to see if you are a good fit for any of NutsBox’s current job openings. In some cases where you have registered for certain services, we may temporarily store your email address until we receive confirmation of the information you provided via email (i.e., by sending an email to the email address you provided as part of your registration to confirm your registration request).

4.2 Automatic collection of Personal Data In some cases, NutsBox and its service providers use cookies and other technologies to automatically collect certain categories of data when you visit our website and through any emails we may exchange with you. Collecting this data allows us to personalize your online experience, improve the performance, usability, and effectiveness of NutsBox’s online presence, and evaluate the effectiveness of our marketing activities.

4.2.1 IP addresses An IP address is a number assigned to your computer each time you access the internet. It allows computers and servers to identify and communicate with each other. The IP addresses from which visitors appear to originate may be logged for information technology security and system diagnostics purposes. This data may also be used in aggregate form to analyze website trends and performance.

4.2.2 Cookies Cookies may be placed on your computer or internet-enabled device each time you visit us online. This allows the website to remember your computer or device and serve more purposes. A warning banner will appear on our website requesting your consent to the collection of cookies. If you do not give your consent, your computer or internet-enabled device will not be monitored for activities related to the promotion of services. A secondary type of cookies may be required to ensure the necessary functionality. These cookies will not be blocked by using this banner. Your choice will be stored in a cookie and will be valid for a period of 365 days. If you wish to revoke your choice, you can do so by deleting your browser cookies. Although most browsers automatically accept cookies, you can choose whether or not to accept cookies through your browser settings (often found in the Tools or Preferences menu of your browser). You can also delete cookies from your device at any time. However, you should be aware that if you do not accept cookies, you may not be able to fully experience the If you do not give your consent, your computer or internet-enabled device will not be monitored for activities related to the promotion of services. A secondary type of cookies may be required to ensure the necessary functionality. These cookies will not be blocked by using this banner. Your choice will be stored in a cookie and will be valid for a period of 365 days. If you wish to revoke your choice, you can do so by deleting your browser cookies. Although most browsers automatically accept cookies, you can choose whether or not to accept cookies through your browser settings (an option often found in your browser’s Tools or Preferences menu). You can also delete cookies from your device at any time.

However, you should be aware that if you do not accept cookies, you may not be able to fully experience some of the features of our website and that some parts of our website may not function properly. Additional information regarding cookie management can be found in the “Help” folder of your browser or on websites such as www.allaboutcookies.org. Other third-party tools and widgets may be used on our website to provide additional functionality. The use of these tools or widgets may install a cookie on your device to make their service easier to use and to ensure that your activity is displayed correctly on our websites. Cookies themselves do not tell us your email address or identify you personally in any other way. In our analytics reports, we may receive identifying information including IP addresses, but only to determine the number of unique visitors to our websites and the geographic origin of visitors, not to identify individual visitors. By browsing our website and entering your login details to access areas reserved for registered users.  

4.2.2.1 Types of cookies The main types of cookies that websites may use are described below

• Session cookies

These are temporary cookies that remain in your device’s browser cookie file only during your visit and are deleted when you close your browser.

• Persistent cookies

These remain in your device’s browser cookie file even after you close your browser, sometimes for a year or more (the exact length of time depends on the lifetime of each cookie). Persistent cookies are used when the website operator may need to know who you are for more than one visit (e.g., to remember your username or your preferences for website configuration).

• First-party cookies

These are cookies that are installed on your browser and/or hard drive by the website you are visiting. This includes assigning you a unique identifier to track your browsing on the website. Website operators often use first-party cookies to manage visits and for identification purposes.

• Third-party cookies

These are cookies used by third parties, such as social networks, to track your visits to the various websites on which they advertise. The website administrator has no control over these third-party cookies.

4.2.2.2 Cookies from video service providers (Google, Vimeo, DailyMotion, etc.) These providers may place cookies on your device if you watch videos on our website that they provide as an external service. If you disable these cookies, you may not be able to view embedded videos from our website.

4.2.3 Google Analytics NutsBox uses Google Analytics. More information about how NutsBox uses Google Analytics. In order to provide website visitors with more choices about how their data is collected by Google Analytics, Google has developed the Google Analytics Opt-out Browser Add-on. The add-on communicates with Google Analytics JavaScript (ga.js) to indicate that information about the website visit should not be sent to Google Analytics. The Google Analytics Opt-out Browser Add-on does not prevent information from being sent to the website itself or to other web analytics services.

4.3 Social media applications and widgets In addition, our website may host blogs, forums, crowd-sourcing and other applications or services (collectively referred to as “social media features”). The purpose of social media features is to facilitate the sharing of information and content. Any personal information you provide to any NutsBox social media feature may be disclosed to other users of that social media feature (unless otherwise stated at the time of collection), over whom we may have limited or no control. The publication of third-party personal data (images, etc.) via the NutsBox website is illegal unless the prior consent of the data subjects has been obtained.

Transfer of Personal Data to Third Parties

We do not share personal data with third parties that are not affiliated with us, unless required for our legitimate professional and business needs in order to respond to your requests and/or as required or permitted by law or professional standards. This includes the following third parties:

External service providers: Where necessary, we will engage other companies and individuals to perform certain tasks that contribute to our services on our behalf under data processing agreements. For example, we may provide personal data to partners to host our databases and applications, to provide data processing services, or to send you information you have requested, or to call centers for the purpose of providing support or interviewing during market research projects. All NutsBox partners are fully compliant with the General Data Protection Regulation (GDPR compliant) and are contractually bound to comply with it. NutsBox only transfers personal data to them when they meet our strict data processing and security standards. We only disclose personal data that allows them to provide their services.

Business transfer: In the event of a reorganization, restructuring, merger, sale, or other transfer of assets, we will transfer data, including personal data, on a reasonable scale, provided that the recipient agrees to respect your personal data in a manner consistent with applicable data protection laws. We will continue to ensure the confidentiality of any personal data and will notify you when your personal data becomes subject to a different privacy policy.

Courts, judicial or regulatory authorities: NutsBox may disclose personal data in order to respond to requests from courts, judicial, governmental, or law enforcement authorities, or where required and prudent to comply with applicable law, court orders, or orders of courts or judicial authorities.

Public Authorities: NutsBox may disclose personal data in cases of audits by public authorities and agencies, such as audits relating to personal data protection, security, and tax audits.

NutsBox will not disclose the personal data you provide to any third parties for their own direct use for promotional purposes (marketing).

Rights and how to exercise them

If you have submitted personal data to NutsBox, you have the following rights:

Access: You have the right to access and extract your personal data. Before we provide you with personal data, we may ask you for proof of your identity and sufficient information about your dealings with us to enable us to locate your personal data.

Correction: if the data we hold about you is inaccurate, you can correct it by editing your profile, submitting a “Personal Data Management Request,” or alternatively, you can ask us to correct any inaccuracies in it.

Objection and restriction of processing: you have the right to object to the processing of your personal data by us if we no longer have the right to use it for any legitimate reason, or to request that its processing be restricted in certain cases, such as for reasons of data accuracy and legitimacy.

Right to portability: Upon your request, we will transfer your data to another controller, where technically feasible, provided that the processing is based on your consent or is necessary for the performance of a contract.

Deletion: You have the right to request the deletion of your data in certain circumstances, such as if it is no longer necessary for processing or has been stored in our files for a long period of time.

You can exercise the above rights by completing the “Personal Data Management Request” form, which you can use at any time to request the export, correction, or deletion of your personal data held by us. You can also submit a request or exercise your above rights by by contacting us at info@nutsbox.gr and we will make all reasonable and practical efforts to comply with your request, provided that it is consistent with applicable law and professional standards.

Links to other websites

The NutsBox website may contain links to other websites for your convenience and information. These websites operate independently, and since they do not cooperate with NutsBox, they are not under our control and we are not responsible for any illegal processing of your personal data. They may have their own privacy policies, which we encourage you to review if you visit any links to other websites before disclosing any personal data.

Provision of professional services

NutsBox receives personal data when providing professional services – usually when providing services to individuals, employers, companies with individual customers, and the public sector. Our relationships with customers are governed by letters of engagement and general terms and conditions of business, including the use of personal data we receive. NutsBox provides various types of services, and its role may not always be clear to data subjects. However, NutsBox complies with its obligations under applicable Greek and European legislation on the protection of personal data, as applicable, and the applicable regulatory guidelines relating to the management of personal data.

Changes to the personal data protection policy

NutsBox may periodically modify this Policy to comply with national and EU legislation and to reflect our latest privacy practices. When we make changes, we will record the date of modification or revision at the bottom of this page and, where necessary, we will notify you of the changes.

Contact

If you have any questions, comments, or complaints regarding our management or protection of your personal data, or if you wish to modify your personal data or exercise any of your rights as a data subject, please contact us at info@nutsbox. gr.

This policy was revised and is effective as of March 8, 2024.