Purpose of the Protection Policy
The protection of your personal data is a commitment undertaken by ORFIUM Music Rights Greece. We take into serious consideration the necessity of protecting both your privacy and your personal data, and to this end, we focus our constant efforts on fully complying with all existing data processing rules, pursuant to the imperatives defined by European and Greek law.
The present policy provides every necessary information with regard to the data we process, the purpose and the legal basis of the processing, the duration of data storage, your rights relevant to the processing of your data and the way to exercise them, the terms and conditions put into force for the valid granting of your consent regarding the processing of your data, the legitimate interests the company is aiming to secure, as well as its cookies policy
Abidance of the basic principles of lawful processing
The present Personal Data Protection Policy dispenses extensive and thorough information on the kind of personal data collected by ORFIUM Music Rights Greece and aims at the compliance of the Company with the basic principles governing the processing of Personal Data, the respect towards the rights of physical persons and the ensuring that all Personal Data in its possession are:
Within the framework of the abidance of the above-mentioned data processing principles, ORFIUM Music Rights Greece has put into force a variety of technical and organizational measures constantly updated and adjusted according to the existing international optimization practices, while implementing a series of internal security policies. In addition, its workforce is properly and incessantly trained with regard to the abidance of the above-mentioned principles of lawful data processing. Moreover, the latest technology is employed to ensure the confidentiality of your communication with our company, as well as the protection of your personal data (collaboration with internationally acclaimed and certified hosting providers, SSL certificates, data encryption).
Data processing officer
The anonymous company with the registered brand name “ORFIUM GREECE SINGLE-MEMBER S.A.” and the distinctive title “ORFIUM MUSIC RIGHTS GREECE”, seated in Athens, in 103, Kallirois str, with VAT Registration number 801380551 and Number of General Registry 155579901000, as lawfully represented, phone number: 210 922 89 95, operating as an Independent Management Entity (henceforth: IME) as defined in the Law 4481/2017 and the Directive 2014/26/EU, is appointed as data processing officer. The company’s stated business object is the management and protection of copyright for musical works on behalf of more than one holders, for their collective benefit.
Data protection officer
The company “Advanced Quality Services Ltd.”, seated in Agios Stephanos, Attiki, in 1A Sarantaporou & Tyrnavou str., postal code: 145 65, phone number: 210 6216997 and e-mail: email@example.com, is appointed as data protection officer.
“Personal Data”: Any information pertaining to an identified or identifiable physical person (“Data Subject”). An identifiable physical person is defined as person whose identity can ascertained, directly or indirectly, in particular through a reference to an identifying element such as name or surname, location data, online identifiers or one or more features that appertain to the physical, physiological, psychological, financial, cultural or social identity of the specified physical person.
“Special categories of personal data”: Personal data indicative of the racial or ethnotic origin, the political views, the religious of philosophical convictions or the participation to a workers’ union, as well as the processing of genetic data, of biometric data as a means for the indisputable identification of a person, of medically relevant data, or of data pertaining to the sexual activity and orientation of a physical person.
“Data processing”: Any action or series of actions carried out with or without the use of automated means, affecting personal data or sums of personal data, such as the collection, registration, organization, classification, storage, adjustment of data, or the modification, retrieval, search for information, use, disclosure through transmission, dissemination or any other form of disposal of data, the correlation or combination of data, the restriction, the erasure or the destruction of data.
“Profiling”: Any form of automated personal data processing consisting in the use of personal data for the evaluation of personal aspects of a physical person, in particular for the analysis or the prediction of character aspects that pertain the physical person’s work efficiency, financial status, health record, personal preferences, interests, credibility, behavior patterns, current location or relocations.
“Data Processing Officer”: The physical or legal person, the public authority or service or any other entity that, singly or jointly with others, defines the purposes and the mode of personal data processing.
“Data Processing Performer”: The physical or legal person, the public authority or service or any other entity that processes personal data on behalf of the data processing officer.
“Recipient of Data”: The physical or legal person, the public authority or service or any other entity to whom personal data are disclosed, whether it is a third party or not.
“Consent” (granted by the Data Subject): Any free-willed, precise, explicit and fully conscious indication of volition, through which the Data Subject expresses agreement, via a declaration or a definite confirmatory action, to the processing of the pertinent personal data.
“Breach of Personal Data”: The breach of security that leads either to an illegal destruction, loss, modification, unauthorized disclosure or access to personal data that have been transmitted, stored or submitted to processing in any other way.
Personal Data collected by ORFIUM Music Rights Greece
Due to its nature, activities, and business object, ORFIUM Music Rights Greece is likely to collect one or more of the below-mentioned data categories:
The cookies we use do not store personal data or personal info that could lead to the identification of the concerned person. Moreover, they do not store data collected with any other method. If you wish to prevent the collection of data by cookies, please configure your browser settings to erase all existing cookies from your computer’s hard disc, block all future cookies and receive a notification warning prior to the storage of a cookie.
Minors’ personal data
Personal data of children/minors may be collected within the framework of the employment relation between the company and its employees, namely for the specification of the employees’ family status with regard to wages and working rights issues etc.
The personal data of children/minors are submitted to processing on the part of the company with a view to their major interest, the protection of their privacy and the need to ensure their legal representation.
Furthermore, the company’s website is addressed to individuals having completed their eighteenth (18th) year of age. The company undertakes to make every possible effort to verify the age of the users and is committed to abstain from collecting and processing personal data of minors. In case of a verified underage user, the company will not process the data of the concerned person and will immediately erase all pertinent information, conserving only the necessary data for grounding and backing up its legal claims or for the granting of consent by the minor’s legal guardians.
The company may use your personal data for the following lawful processing purposes:
(a) To reply to your inquiries and questions pertaining to our services or get back to you following a request submitted through our webpage’s contact form.
(b) To establish any lawful legal claim or defend the company against any attempt of fraud, cyberattack or any other illegal activity.
(c) To assess our webpage’s traffic with the aim to enhance the users’ navigation experience.
(d) For company-related functions, such as internal management, prevention against fraud, use by informational systems for purposes of administration, billing, invoicing, management of contractual or pre-contractual relations, such as service providing, work implementation, proceeds and payments, audits, operational or computerized service, fulfillment of contractual obligations etc.
(e) Data given to us upon the signing, progression and dissolution of the contractual/employment relation.
(f) To ensure the company’s compliance with all its legal obligations (tax, insurance, customs, bookkeeping etc.), to prevent financial crimes, as well as to safeguard its superior legitimate interests, such as the transmission of data to law firms of competent authorities.
Data Processing Legal Basis
The collection and processing of the above-mentioned subjects’ personal data is grounded on:
The above is the legal basis for processing the personal data of clients, partners and employees of our company, with whom a contractual relation has been established, within the framework of the attainment of the above purposes.
The above is the legal basis for complying with our legal obligations as employers, the payment of our employees, associates and partners, the safekeeping of medical records of the employees, the notification of competent authorities for the recruitment of employees (Ergani, Labor inspectorate).
The above is the legal basis for exceptional activities, in which personal data processing cannot be grounded on any other legal basis (e.g. personal data processing for satisfying the requests submitted by you etc.)
The above is the legal basis for the processing of personal data within the framework of an employment relation.
The above is the legal basis for the processing of personal data in the civil, administrative or penal legal affairs of the company.
The above is the legal basis for the personal data processing within the framework of the employment relation between us.
Our company abstains from using personal data for profiling purposes.
Duration of Personal Data conservation
The personal information given to us by you will be conserved only for the time period needed for the attainment of the processing purpose and in compliance with all existing legal provisions.
Recipients of your personal data
The standard rule is not to transmit personal data to third parties, with the exception of partners that are necessary or facilitate us in offering our services to you, but only under a set of rules and conditions that guarantee that your personal data are not submitted to any kind of illegal processing, other than the purpose of the transmission according to the above-mentioned.
Our company is in collaboration with third-party service providers (e.g. computer systems support companies, cloud services providers, consultancy companies etc.) that may be processing personal data on our account. Ιt should be noted that the above-mentioned associates have previously signed binding contracts as prescribed by the GDPR defining their respective obligations with regard to the processing of personal data for determined and lawful purposes and the non-submission of personal data to any form of processing that is incompatible to the aforementioned purposes, the abidance of confidentiality and the overall compliance with the GDPR.
In case it is necessary to transmit your personal data to a third country outside the European Economic Area, we always assure that a substantial level of protection is provided, contractually binding our counterparty or our associate to whom we transmit your personal data, according to the standardized contractual clauses approved by the EU (more info: here) so as to guarantee an equal amount of protection as the one provided in Greece.
What are your data-related rights and how you can exercise them
As prescribed in the General Data Protection Regulation, the “Data Subject” benefits from certain rights pertaining to the personal data processing carried out by ORFIUM Music Rights Greece. In particular, you benefit from:
Moreover, in case of a verified data breach that could significantly endanger your data and provided that it does not fall into any of the exceptions stated in the General Data Protection Regulation, we are obliged to inform you on the matter without any unjustified delay.
In case of a granted consent for the processing of specified categories of personal data by the company, you have the right to revoke your consent at any given moment, with future effect. The consent’s revocation does not affect the legality of the processing based on the consent granted before its revocation. In case of a consent revocation, the company is entitled to further process your data only in cases of other lawful reasons justifying the processing.
For the purpose of ensuring the exercise of your rights the company is reserved to request further information deemed necessary for the verification of your identity prior the exercise of your rights. We are obliged to respond to the pertaining request at the latest within one month starting from the date of its confirmed submission. In the case of a complicated request or/and an overflowing number of pending requests, this deadline can be extended by two months. In that case, you will be notified within a month from the submission of your request for the causes that are likely to lead to the small delay in the materialization of the request. However, in case of a request manifestly ungrounded or excessive or unjustifiably submitted ad nauseam, the company has the right, on the basis of the pertinent legislation, either to impose a reasonable fee or to refuse the further materialization of your request.
If you consider that any of your rights or our company’s legal obligation with regard to personal data protection is violated, and provided that you have previously addressed the matter to our Data Protection Officer, having thus exercised your rights towards our company without receiving any reply within the above-mentioned deadline, or if you consider this reply to be unsatisfactory, leaving the matter unresolved, you have the right to file a complaint before the competent supervisory authority (Hellenic Data Protection Authority, Kifisias Boulevard 1-3, postal code: 115 23, Athens, e-mail: firstname.lastname@example.org, fax number: 2106475628.
Contact ORFIUM Music Rights Greece
You can get in contact with us at the address of our head offices: 103, Kallirois str., by calling us at +30 210 22 41 950, or by sending us an e-mail at email@example.com.
Updating of the Personal Data Protection Policy
The efficiency of the present policy is reevaluated on at least a yearly basis, for keeping up with legislative amendments and any changes in the company’s activities and operations, as well as for responding to the data subjects’ needs. Every change is to be published on our website, with a concurrent update of the exact time and date of the last revision, appearing on the upper part of the Personal Data Protection Policy Statement.