panSOS Privacy Policy

1. General

panSOS considers the protection of users’ personal data to be of utmost importance and sets the absolute protection of users’ data and the unrestricted access of users to them as a key priority.

The policy followed by the owners and administrators of panSOS, Maria and Stergios Athanasiou, regarding personal data provided by users through the application, aims to create a secure application for making emergency calls.

This privacy policy is an integral part of the terms of use.

2. Role of the controller

The Data controllers are the owners of panSOS, Maria and Stergios Athanasiou. As controllers, they ensure the non-disclosure and confidentiality of users’ personal data as well as the unhindered exercise of their relevant rights. The controllers ensure that the processing of the personal data of the users of the application is governed by the provisions of the applicable Greek and European legislation as well as by the relevant decisions and opinions of the Hellenic Data Protection Authority (HDPA) and in particular, is subject to the provisions of Laws 2472/1997 “Protection of Individuals with regard to the Processing of Personal Data”, 3471/2006 “Protection of personal data and privacy in the electronic telecommunications sector”, 3917/2011 as they have been amended and are currently in force and Regulation (EU) 2016/679 of the European Parliament and of the Council, adopted on 27 April 2016, replacing EC Directive 95/46 (N 2472/1997) and put into effect on 25 May 2018 (hereinafter referred to as the “Regulation”). The Regulation harmonises privacy laws across Europe through uniform and common rules on transparency.

3. Personal data, definition

According to Article 4 subparagraph 1 of the Regulation, “personal data” means any information relating to an identified or identifiable “natural person” (data subject). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, identity number, date of birth, home address, E-Mail address, telephone number, device’s IP address, online identifier, or by reference to one or more factors specific to physical, psychological, genetic, social, economic or cultural identity of the natural person concerned.

4. Definition of users in the panSOS application – Obligations of E-Mail senders

For the purposes of the present, users of the application are considered to be both those who send an emergency alert by calling or texting (SMS) or by E-Mail and the recipients of this alert. The sender of an E-Mail message, before sending an E-Mail, must notify the recipient of the E-Mail and also inform him/her about the recipient’s possibility to learn about the protection of his or her personal data through the application’s website – www.panSOS .gr (where the terms of use and this Privacy Policy are available) before the recipient receives the E-Mail through panSOS.

5. Use of the app by a minor

If the application is used by a minor who has reached the age of 16, but not of 18, the processing of his personal data is permitted after the consent of his or her legal guardians (parental care or custody) has been given. Under the technology available, the controllers make reasonable efforts to verify in these cases that the consent comes indeed from persons with parental responsibility for the minor.

6. Collection and processing of personal data, purpose of processing

E-Mails are sent via a preset panSOS E-Mail address. No personal data other than the recipient’s E-Mail address, the date and time of the message sent, the content of the E-Mail that may be automated or not, and the sender’s coordinates of GPS-Tracking (location data), if the latter is enabled by him/her is collected.

This data is stored on the application’s E-Mail account and the controllers are bound to delete them at the latest two weeks after their storage. The collection and processing of this information (personal data) is done for technical reasons and only for the execution of the user’s order (sending an emergency E-Mail), based on the provision of Article 6 par. 1 element b GDPR as it is necessary to fulfill the obligations arising from the above-mentioned use of the application in the way that the user has chosen.

The controllers are bound not to use the users’ E-Mail address to send spam.

In case that the controllers decide to further process the data of the users, they will be asked to consent to the processing of their data for specific purposes. The consent of the user to the processing of his or her personal data is free, explicit and fully informed. The user has the right to withdraw his/her consent at any time (continuing right to opt out). The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. It shall be as easy to withdraw as to give consent.

7. Personal data that is not subject to processing

Using panSOS does not require to create a personal account or register users. However, the user needs to register the phone number or E-Mail address to which he/she wishes to send his/her emergency message according to the settings he/she has selected. From the above data, the phone numbers, the SMS content of the above numbers as well as the IP of the users are not collected or stored on an application database. No cookies are installed on users’ devices. The controllers do not have access to the IP of the users, the recipients’ phone numbers or the SMS content. The app’s website does not use google analytics. Neither cookies are installed nor users’ IPs are collected. Under no circumstances is an automated profile of users’ data created (profiling).

8. Disclosure of users’ personal data to third parties

Data is not transmitted or disclosed to any third party affiliated or associated enterprises/companies or to any third partner or external entity (except technical associates of panSOS) but will be solely known to its processors and owners. The controllers undertake not to transfer or in any way disclose the personal data of the users to any third party, third country or international organization, information gathering centres or other third party service providers, or grant third parties licenses to use them in any way, unless this is required by law or by the competent judicial or prosecuting authorities.

The controllers may disclose and announce users’ personal data on public-interest grounds or within the exercise of official authority, as long as the latter has been entrusted to the controllers, or when such action is required in order to comply with the relevant provisions of the law, court decisions or in case requested/ordered by any other state, public, prosecuting or regulatory authority, in compliance with European and national legislation.

A user’s personal data may be disclosed to the technical associates of panSOS for technical reasons only and when this is absolutely necessary in order to solve technical issues of the application. Those persons are subject to strict contractual obligations of non-disclosure and confidentiality, the breach of which can result in severe civil and criminal penalties.

In addition to the aforementioned notification for reasons of technical support, in any other case that panSOS is about to disclose a user’s personal data, it shall ask the permission and the explicit consent of the users before proceeding to the abovementioned action.

During the use and navigation within the application no ads will be displayed. Personal data of users are not processed for direct marketing purposes.

9. panSOS security measures to protect and keep users’ personal information private

panSOS has been designed bearing security features in order to protect and keep safe on a permanent basis the personal data of the users of the application.

10. Personal data processing guarantees

The controllers make every effort to ensure that the personal data of the users are maintained in accordance with domestic law and the Regulation, in full compliance with the principles governing their processing (Article 5 of the Regulation). In this context, data controllers shall ensure that the data shall be:

– processed lawfully, fairly and in a transparent manner in relation to the data subject (“lawfulness, fairness, transparency”);

– collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;

– adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (“data minimisation”);

– collected solely for the purposes of this Agreement or if compliance with any legal obligation is required;

– accurate and, where necessary, updated;

– kept in a form which permits identification of data subjects for no longer than it is necessary for the purposes for which the personal data are processed;

– processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (“integrity and confidentiality”);

– processed in accordance with the rights of the data subject as set out in Articles 13 to 21 of the Regulation.

11. User (Data subject) Rights

panSOS enables the user (Data subject) to access his/her personal information, update, remove, and restrict the processing of his or her data. He/She may also deny the processing of his/her data or transfer his/her data from panSOS. In particular, the user, in respect of his/her personal data and in accordance with Articles 13 to 21 of the Regulation and other legislation has the rights of:

– Information about his/her data that are maintained in electronic form and in document files.

– Access to his/her data (Article 15 of the Regulation). In particular, he/she is entitled to request access to his or her personal data. By requesting access he/she may be informed of whether the personal data relating to him/her are being processed and, if so, he/she is entitled to be informed about the purposes of the processing, the relevant categories of data, the third party recipients to whom his/her data may have been disclosed, the data-retention period, his/her possibility to exercise his/her rights as a user in accordance with the Regulation, the possibility of lodging a complaint with a supervisory authority. He/She is entitled to be informed of possible changes in the way his/her data are processed since he/she was last informed and of the security measures imposed on the controllers as well as the methodology applied to the process of automatic processing of personal data, including profile training, if available. He/She is entitled to take measures to stop the processing of his/her personal data if this processing is likely to cause significant or non-pecuniary damage to him/her.

– Correction of inaccurate and incomplete data (Article 16 of the Regulation)

– Deletion of data relating to him/her (“Erasure – Right to be forgotten”) (Article 17 of the Regulation), and without undue delay if the data are no longer necessary for the purposes for which they were collected or there is no other legal basis or compelling legitimate grounds for processing. The user has the right of his/her data destruction if this data is erroneous or whose processing no longer wishes.

– Restriction of data processing (Article 18 of the Regulation). In case that the accuracy of the data is disputed by the user for a period of time that allows the controller to verify the accuracy of the user’s data, the user may object to the processing of his or her data and request the limitation of their use due to the illegal processing. In the event of a request for correction, deletion or limitation of the processing of the data, the controller shall inform the user of the correction, deletion of data, cessation of their use or limitation of the processing realized at the user’s request in accordance with Articles 16, 17 , 18 of the Regulation. At the same time, he shall inform each recipient, to whom the data has been disclosed, of this action, e.g. to another controller unless this proves to be impracticable or involves a disproportionate effort.

– Right to data portability (Article 20 of the Regulation). The user has the right to receive from the controller the personal data concerning him/her without objection and which he has provided in a structured, commonly used and machine-readable format as well as the right to transmit it to another controller properly and as specified in Article 20 of the Regulation. This right shall be without prejudice to the performance of a task in the public interest or within the exercise of the public authority delegated to the controller.

– Objection (Article 21 of the Regulation). The user has the right to object at any time and for reasons related to his/her particular situation to the processing of data concerning him/her and is based on Article 6 par. 1 (e) or (f) of the GDPR in accordance with the specific provisions of Article 21 of the Regulation. The controller satisfies the request unless there are compelling legitimate grounds for the processing that override the user’s interests, rights and freedoms or in order to support legal claims.

In order for the user to exercise any of the above rights or in case of any questions regarding this policy he/she may contact the controllers and processors in writing at the address

Maria & Stergios Athanasiou

Marktstr. 17

71254 Ditzingen

Germany

or at the E-Mail address info@pansos.gr describing his/her request for a specific action, such as correction, temporary non-use, non-transmission or deletion. The controllers are required to respond in writing to the request within a period of one month from the receipt of the request, substantially, satisfying the user’s request or adequately justifying its rejection. In case the controller has reasonable doubts concerning the identity of the natural person making the request, he may ask for additional information that are necessary to confirm the identity of the data subject.

If the controllers do not respond within the deadline or the users do not agree with these actions, they have the right to complain to the Personal Data Protection Authority in writing (Kifisias 1 – 3, 115 23 Athens, Greece) or online (www.dpa.gr).