A+ A- | print
DATA PROTECTION POLICY

Data Protection Policy

1.1 PRIVACY NOTICE

PREAMBLE
This website is owned and operated by Tsakos Group (“The Group”, “we”), which is committed to complying with any applicable Data Protection Legislation.

This Privacy Notice provides information on the collection of personal data during the use of this Website (“The Website”). It also explains how this personal data is used, shared and protected, as well as how the Website users (“the users”, “you”, “data subjects”) can exercise their rights in this respect.

DATA PROTECTION PRINCIPLES
The following principles lie at the heart of the Group’s approach to processing personal data:

  1. Lawfulness, fairness and transparency;
  2. Purpose limitation;
  3. Data minimization;
  4. Accuracy;
  5. Storage limitation;
  6. Integrity and confidentiality (security);
  7. Accountability.

THE CATEGORIES OF PERSONAL DATA WE COLLECT
Personal data is information that relates to an identified or identifiable individual. It could be as simple as a name or a number or could include other identifiers such as an IP address or a cookie identifier.

We process different types/categories of personal data that could be grouped together as follows:

  1. Identification Data: first and last name filled in the contact form;
  2. Contact Details: email address, address, post code, country filled in the contact form;
  3. Εmployment Data: Company name filled in the contact form;
  4. Technical Data: details about the type of device (which can include unique device identifying numbers),  operating system, browser and applications connected to the services provided through the device, the user’s Internet service provider or mobile network, the user’s IP address, an approximate location (usually no more precise than city level) which can be determined from users’ IP (Internet Protocol) address, Cookies.
  5. Usage Data: the time users access the Website and the duration of each usage, the sit users come to the Website from or go to after leaving a webpage/feature of the Website, selections, choices and preferences made and set when using the Website;
  6. Other Categories that may be included in a message sent through the contact form.

PURPOSE AND LEGAL BASIS OF DATA PROCESSING
We collect and process your personal data for the following purposes based on the corresponding legal basis:

  1. Handling your queries/ requests sent through the contact form, on the legal basis of the legitimate interests pursued by the Group, for compliance with a legal obligation to which the Group is subject or in order to take steps at your request prior to entering into a contract -depending on the nature of your message;
  2. To ensure that each function of the Website operates properly, on the legal basis on the performance of a contract;
  3. To analyze the use of the Website and, consequently, improve its content, on the legal basis of the legitimate interests pursued by the Group.

WHO WE MIGHT SHARE YOUR PERSONAL DATA WITH
We only share your personal data when this is necessary to handle your requests or to fulfill an obligation imposed by law, in particular with:

  1. our third-party partners, service (web development, maintenance and hosting) providers for the purposes of the proper functioning of the Website. All these partners provide sufficient guarantees to implement appropriate technical and organizational measures in such a manner that processing will meet the requirements of the applicable Data Protection Legislation and ensure the protection of the rights of the data subjects;
  2. professional advisors and auditors for the purpose of seeking professional advice or to meet our audit responsibilities when deemed necessary, based on the nature and content of a message submitted through the contact form;
  3. lawyers, insurance companies/brokers when deemed necessary, based on the nature and content of a message submitted through the contact form;
  4. any third party in order to meet our legal and regulatory obligations, including statutory or regulatory reporting or the detection or prevention of unlawful acts, tax, regulatory or other public authorities.

Such sharing or transfers of personal data are protected by appropriate safeguards (e.g. appropriate contractual clauses, data processing agreements, policies/ rules for intra-group disclosures of personal data, etc.) and if recipients operates outside the EEA, appropriate protections are in place to ensure that your personal data remains adequately protected including adequacy decisions adopted by or standard contractual clauses approved by the European Commission.

LINKS TO OTHER WEBSITES
The Website may contain hyperlinks to other websites/services owned and operated by third parties. The operators of other websites/services may process your personal data in accordance with their own Privacy Policy. Therefore, you should exercise caution and review the Privacy Policies applicable to any external websites you may be redirected to

SECURITY SAFEGUARDS
We recognize the importance of information security and we implement appropriate technical and organizational measures as well as physical and logical security rules and procedures. These measures, rules and procedures are constantly reviewed and enhanced.

DATA RETENTION
We are committed not to retain personal data for a period longer than necessary for the purposes for which the personal data were obtained and/or to meet legal and regulatory requirements.
Further information on our Retention Policy will be provided to you upon request to the Data Protection Officer (DPO).

DATA SUBJECTS’ RIGHTS
In accordance with the General Data Protection Regulation (“GDPR”) and the Greek Data Protection Legislation, Data Subjects have the following rights:

  • The right to be informed regarding your personal data being processed;
  • If the processing of personal data is based on your consent, the right to withdraw consent for future processing of that data;
  • The right to request access to and rectification of your personal data;
  • Subject to limitations as provided for in the GDPR or the Greek Data Protection Legislation, the right to request restriction of the processing of your personal data.
  • Subject to limitations as provided for in the GDPR or the Greek Data Protection Legislation, the right to request erasure of your personal data.
  • Subject to limitations as provided for in the GDPR or the Greek Data Protection Legislation, the right to personal data portability.

You have the right to lodge a complaint with the competent data protection authority, the Hellenic Data Protection Authority, located in Athens, 1 – 3 Kifisias Avenue, P.C. 115 23 (tel. +30 210 64 75 628 – email: complaints@dpa.gr).


1.2 COOKIES POLICY

WEBSITE COOKIES
A cookie is a small text file that is downloaded onto ‘terminal equipment’ (i.e. a computer or smartphone) when a user accesses a website. It allows the website to recognise that user’s device and store some information about the user’s preferences or past actions (country, items seen, etc).

The Group uses technologies like cookies to provide, improve and protect the Website. It should be noted that cookies do not harm the computer nor the files into which they are kept and they do not allow acquisition of personal identification data.

The use of session cookies (which are not stored permanently on the user’s computer and disappear when the browser is closed) is strictly limited to transmitting session identifiers (consisting of random numbers generated by the server) necessary to allow the safe and efficient exploration of the site. Persistent Cookies remain on the user’s computer or other electronic device for a longer time until their deletion from the user.

Apart from their expiration, cookies are also categorized depending on their functionality as per below:

  1. Cookies necessary for the functionality of a Website (e.g. for the navigation to the Website or the filling out of online forms, such as contact forms). In case a user rejects these Cookies, some sections of the Website may not function properly.
  2. Functional Cookies ensure personalized user experience during navigation, by saving favorite preferences and settings.
  3. Performance Cookies are used for the amelioration of the services provided and the facilitation of their usage.
  4. Third party Cookies are installed by Google and other third companies – partners, when users enter different websites. These Cookies are governed by the relevant Cookie Policy of each provider.

In the table above, users can find the Cookies used by the Group, as well as their duration, purpose, legal basis and source:

Cookie Name Source Purpose Legal Basis Duration
__utm.gif google-analytics.com Google Analytics Tracking Code that logs details about the visitor's browser and computer. Consent Session
__utma tsakoshellas.gr Collects data on the number of times a   user has visited the website as well as dates for the first and most recent visit. Used by Google Analytics. Consent 2 years
__utmb tsakoshellas.gr Registers a timestamp with the exact time of when the user accessed the website. Used by Google Analytics to calculate the duration of a website visit. Consent 1 day
__utmc tsakoshellas.gr Registers a timestamp with the exact time of when the user leaves the website. Used by Google Analytics to calculate the duration of a website visit. Consent Session
__utmt tsakoshellas.gr Used to throttle the speed of requests to the server. Consent 1 day
__utmz tsakoshellas.gr Collects data on where the user came from, what search engine was used, what link was clicked and what search term was used. Used by Google Analytics. Consent 6 months
_ga tsakoshellas.gr Registers a unique ID that is used to generate statistical data on how the visitor uses the website. Consent 2 years
_gat tsakoshellas.gr Used by Google Analytics to throttle request rate. Consent 1 day
_gid tsakoshellas.gr Registers a unique ID that is used to generate statistical data on how the visitor uses the website. Consent 1 day
r/collect doubleclick.net This cookie is used to send data to Google Analytics about the visitor's device and behavior. It tracks the visitor across devices and marketing channels. Consent Session

   
For the safe navigation to www.tsakoshellas.gr, the Group conforms with the European Directive 2009/136/EC regarding the protection of personal data and private life in the field of electronic communications. This Directive was integrated to the Greek Law by L. 4070/2012 (Α’82/10.04.2012) “Settings of Electronic Communications, Transportation, Public Constructions and other provisions”.

It should be noted that the installation of cookies is not allowed before obtaining prior consent. Exception to this rule are only cookies which serve functional needs of the Website and are necessary for its appearance and effective functioning.

CONTACT US
To exercise any of the Data Subjects’ rights or make a complaint to us relating to your privacy or for any other questions about the use of your personal data, you can  submit a written request or send an email to the DPO, 367 Syngrou Ave., Megaron “Makedonia” , 175 64 P. Faliro, P.O Box 79 141, Athens, Greece, email:  dpo@tsthellas.gr

CHANGES
We may change these Privacy Notice and Cookies Policy. Any changes will become effective when we post the revised documents on the Website. We encourage you to periodically review these Privacy Notice and Cookies Policy to stay informed about how we collect, use, and share your personal data.