You have the right to object to certain uses of your personal data including the use of your personal data for direct marketing. See what your rights are and how you can exercise them here.
Who is collecting data?
What personal data is being collected?
Personal data means any information relating to you which allows us to identify you, such as your name, contact details, payment details and medical history. We collect personal data from you when through the medical from you send us (either directly or indirectly through our trusted third party partners). strb. collects personal data such as patient’s name, home address, e-mail address, telephone number, passport or other recognized personal ID card numbers and details, credit/debit card or other payment details, nationality, date of birth, gender, medical conditions, medical history etc.
We may collect personal data from a variety of sources. This includes:
- Personal data you give us directly,
- Personal data we collect automatically, and
- Personal data we collect from other sources.
Ways in which we collect your personal data?
We may collect personal data from a variety of sources. This includes:
- Personal data you give us directly. We collect data about how you use our services and products, such as the types of content you view or engage with, or the frequency and duration of your activities. We also collect personal data you provide us when you sign up for a marketing newsletter, complete a survey or register for an account to buy our services. In so doing, we may ask for personal data, such as your name, gender, date of birth, address, email address, telephone number or credit card details. strb. may collect “special categories of personal data” about you with your explicit consent. For more information on the special categories of data we collect and how we use it, please refer to the relevant section below.
- Personal data we collect from other sources. We collect personal data from other sources including our trusted partnerships with third-parties and where we operate strb. accounts on third-party platforms: Additionally, we receive information about you and other visitors’ interactions with our advertising to measure whether our advertising is relevant and successful. We also collect information about you and your activities from a third-party when we jointly offer services or products, or from third-party data enrichment providers who may deliver insights to strb. about the personal data we hold.
When and why we collect “special categories of personal data”
Certain categories of personal data, such as race, ethnicity, religion, health, sexuality or biometric data are classified as “special categories of data” and benefit from additional protection under the European data protection legislation. strb. processes personal data relating to health and genetic and biometric data of patients only if one of the legal bases referred to in Article 9 (2) of the GDPR is in place.
How do we protect children’s privacy?
- We understand the importance of taking extra precautions to protect the privacy and safety of children using strb. premises and services.
- Most of strb. websites are designed and intended for use by adults. Where one of our websites is intended for use by a younger audience, we will obtain consent from the person with parental responsibility before we collect personal data where it is required by applicable laws and regulations (the age at which consent is necessary varies from Country to Country).
- We sometimes use your personal data to carry out age verification checks and enforce any such age restrictions.
What purpose do we use your data for?
We collect, process and disclose your personal data only for specific and limited purposes. For example, to process your payments, to assess and handle any complaints, to develop and improve our products, services, communication methods and the functionality of our websites, to provide personalized services, communications as well as service recommendations to you.
We also create profiles by analysing the information about your online surfing, searching and buying behaviour and your interactions with our brand communications by building segments (creating groups that have certain common characteristics) and by placing your personal data in one or more segments.
We collect, process and disclose your personal data for the following purposes:
- To process your payments, if you purchase our services, to provide you with your order status, deal with your enquiries and requests, and assess and handle any complaints;
- To process and answer your inquiries or to contact you to answer your questions and/or requests;
- To develop and improve our products, services, communication methods and the functionality of our websites;
- To communicate information to you and to manage your registration and/or subscription to our newsletter or other communications;
- To understand and assess the interests, wants, and changing needs of consumers, to improve our website, our current products and services, and/or developing new products and services; and
- To provide personalised products, communications and targeted advertising as well as product recommendations to you.
When we collect and use your personal data for purposes mentioned above or for other purposes, we will inform you before or at the time of collection.
Where appropriate, we will ask for your consent to process the personal data. Where you have given consent for processing activities, you have the right to withdraw your consent at any time. In some cases, we rely on legitimate interest for processing your personal data. A legitimate interest could exist for example, when you sign up for a loyalty scheme with one of our companies and we use the personal data collected to conduct data analytics to improve our products or services. This ground will only be used where it is necessary to achieve a legitimate interest, for example to optimise a service, and does not outweigh your rights as an individual. This legal basis will only be relied upon where there is no less intrusive way to process your personal data. We can assure you that if legitimate interest is used as a ground for processing your personal data, we will keep a record of this and you have the right to ask for this information.
We also process your personal data when we have a legal obligation (e.g., tax obligations) to perform such processing. For example, a court order or a subpoena may require us to process personal data for a particular purpose, or we may be compelled to process personal data to report suspicious transactions under the local anti-money laundering rules.
Who will it be shared with?
strb. shares your personal data internally and with selected third-parties. For example, we share your personal data with third-party service providers, other third-parties, as well as in case of business transfers or legal disclosure.
strb. shares your personal data internally and with selected third-parties in the following circumstances:
- Other third-parties. Your personal data will also be used by us or shared with our advertisers, advertising networks, advertising servers, social media networks, and analytics companies or other third-parties in connection with marketing, promotional, data enrichment and other offers, as well as product information.
- Business transfers. Your personal data will be used by us or shared with strb. for internal reasons, primarily for business and operational purposes. If another entity acquires us, our businesses or substantially all or part of our assets, or assets related to strb. websites, your personal data will be disclosed to such entity as part of the due diligence process and will be transferred to such entity as one of the transferred assets. Also, if any bankruptcy or reorganization proceeding is brought by or against us, all such personal data will be considered an asset of ours and as such it is possible they will be sold or transferred to third-parties.
- Legal disclosure. We may transfer and disclose your personal data to third-parties:
- To comply with a legal obligation;
- When we believe in good faith that an applicable law requires it;
- At the request of governmental authorities conducting an investigation;
- To detect and protect against fraud, or any technical or security vulnerabilities;
- To respond to an emergency; or otherwise
- To protect the rights, property, safety, or security of third-parties, visitors to strb. websites, or the public.
International data transfers
strb. operates businesses in multiple jurisdictions, some of which are not located in the European Economic Area (EEA). While countries outside the EEA do not always have strong data protection laws, we require all services providers to process your information in a secure manner and in accordance with GDPR and EU law on data protection. We utilize standard means under EU law to legitimize data transfers outside the EEA.
strb. will only send personal data collected within the European Economic Area (EEA) to foreign countries in circumstances such as:
- To follow your instructions;
- To comply with a legal duty; or
- To work with our agents who we use to help run our business and services.
If we do transfer personal data to outside of the EEA, strb. will make sure that it is protected in the same way as if it was being used in the EEA. We’ll use one of the following safeguards:
- Transfer to a non-EEA Country whose privacy legislation ensures an adequate level of protection of personal data to the EEA one;
- Put in place a contract with the foreign third-party that means they must protect personal data to the same standards as the EEA; or
- Transfer personal data to organisations that are part of specific agreements on cross-border data transfers with the European Union (e.g., Privacy Shield, a framework that sets privacy standards for data sent between the United States and the European countries).
How do we protect your personal data?
strb. takes the security of your personal data very seriously. We take every effort to protect your personal data from misuse, interference, loss, unauthorised access, modification or disclosure.
Our measures include implementing appropriate access controls, investing in the latest Information Security Capabilities to protect the IT environments we leverage, and ensuring we encrypt, pseudonymise and anonymise personal data wherever possible.
Access to your personal data is only permitted among our employees and agents on a need-to-know basis and subject to strict contractual confidentiality obligations when processed by third-parties.
How long do we keep your personal data for?
We will keep your personal data for as long as we need it for the purpose it is being processed for. For example, where you make a purchase online with us we will keep the data related to your purchase, so we can perform the specific contract you have entered and after that, we will keep the personal data for a period which enables us to handle or respond to any complaints, queries or concerns relating to the purchase.
Your data may also be retained so that we can continue to improve your experience with us and to ensure that you receive any loyalty rewards which are due to you.
We retain the identifiable data we collect directly for targeting purposes for as little time as possible, after which we employ measures to permanently delete it.
We will actively review the personal data we hold and delete it securely, or in some cases anonymize it, when there is no longer a legal, business or consumer need for it to be retained.
What are your rights?
Your rights in relation to your personal data how it is processed. You can exercise these rights at any point. We have provided an overview of these rights below together with what this entails for you. You can exercise your rights by sending an email or submitting a request through the “Contact Us” form on our websites.
Where we process your personal data, you have a number of rights over how the data is processed and can exercise these rights at any point. We have provided an overview of these rights below together with what this entails for you. You can exercise your rights by sending an email or submitting a request through the “Contact Us” form on our websites.
- The right to access and rectification. You have the right to access, correct or update your personal data at any time. We understand the importance of this and should you want to exercise your rights, please contact us.
- The right to data portability. The personal data you have provided us with is portable. This means it can be moved, copied or transmitted electronically under certain circumstances.
- The right to be forgotten. Under certain circumstances, you have right to request that we delete your data. If you wish to delete the personal data we hold about you, please let us know and we will take reasonable steps to respond to your request in accordance with legal requirements. If the personal data we collect is no longer needed for any purposes and we are not required by law to retain it, we will do what we can to delete, destroy or permanently de-identify it.
- The right to restrict processing. Under certain circumstances, you have the right to restrict the processing of your personal data.
- The right to object. Under certain circumstances, you have the right to object to certain types of processing, including processing for direct marketing (i.e., receiving emails from us notifying you or being contacted with varying potential opportunities).
- The right to lodge a complaint with a Supervisory Authority. You have the right to complaint directly with Hellenic Data Protection Authority about how we process your personal data.
- The right to withdraw consent. If you have given your consent to anything we do with your personal data (i.e., we rely on consent as a legal basis for processing your personal data), you have the right to withdraw your consent at any time (although if you do so, it does not mean that anything we have done with your personal data with your consent up to that point is unlawful). You can withdraw your consent to the processing of your personal data at any time by contacting us with the details provided below.
Further information and advice about your rights can be obtained from the Hellenic Data Protection Authority.
How do you contact strb.?
strb. nominated Data Protection Officer who can be contacted at strb. address and email firstname.lastname@example.org
When a privacy question or access request is received we have a dedicated team which reviews the contacts and seeks to address the specific concern or query which you are seeking to raise. Where your issue may be more substantive in nature, more information may be sought from you. All such substantive contacts receive a response. If you are unsatisfied with the reply received, you may refer your complaint to the Supervisory Authority in Greece which is the Hellenic Data Protection Authority (www.dpa.gr)
How do we keep this notice up to date?