Best Practice Consulting (“Company”, or “we”) takes its users’ privacy very seriously and undertakes to comply in full with the applicable law (Regulation (EU) 2016/679 – hereinafter defined as the “GDPR”).
Data Controller and DPO
Data Controller is Best Practice Consulting S.A. with registered offices in 6, Anapafseos Street, Metamorfosi Attica 144 51, Greece (“Controller”).
The Data Protection Officer (“DPO”) can be contacted at: firstname.lastname@example.org/.
The Data we process
The following data can be processed:
2) Special categories of data such as those relating to health status (Article 9 of the GDPR). Where that occurs, processing is performed on the basis of the user’s consent, to comply with the obligations connected to adverse event reporting, to fulfil legal or regulatory obligations or contractual or pre-contractual obligations involving the supply of goods or services (including requests for information on our products and their correct use). In any event, the legal basis for processing of particular categories of data is Article 9.2 (a) and (i) of the GDPR.
Why and how we process your personal data
With your consent, the Company may process your ordinary personal data to enable you to benefit from the available services and functionalities and optimise their performance, to perform statistics on its usage, to manage requests and reports received through the Website, to manage your registration to any restricted-access areas and initiatives (e.g. competitions) which may be present on the Website pursuant to Article 6.1.a of the GDPR. The Company may also process your personal data to fulfil obligations stemming from laws, regulations and European Union law: the legal basis for the processing for this purpose is Article 6.1. (c) of the GDPR.
Furthermore, with your optional consent, your ordinary personal data may also be used for institutional communications (including newsletters) or promotional activities (marketing) i.e., sending advertising material and/or commercial communications pertaining to the Company’s services to the contact details indicated using traditional methods and/or contact methods (i.e. paper-based mail, telephone calls with operator etc.) or automatic means (i.e. communications via Internet, fax, e -mail, text messaging, apps for mobile devices such as smartphones and tablets, social network accounts e.g. Facebook or Twitter, etc.). The legal basis for the processing for this purpose is Article 6.1. (a) of the GDPR.
Finally, the Company may process your ordinary and sensitive personal data to protect its rights in legal proceedings (Articles 6.1.(f)
All your data are processed using automatic and electronic instruments suitable to ensure full security and confidentiality.
Necessary processing and optional processing
The forms to be completed on this website require you to confer personal data which are strictly necessary to handle your communications and requests. Such Data are marked with an asterisk [*]. If you do not wish to confer them, we will not be able to handle your communication/request.
Conversely, forms may also provide the possibility to confer personal data which are not strictly necessary to handle your requests: providing such data is optional – failure to do so has no consequence.
Links to other websites
How we store data and for how long
In compliance with Article 5.1.(c) of the GDPR, the computers and programmes used by the Company are set up in such a way to reduce the use of personal and identifying data to a minimum. Such data are processed only to the extent required to achieve the purposes indicated in this Policy, and will be stored for as long as strictly necessary for achievement of the specific purposes pursued – in any event, the criterion used to determine the storage period is based on compliance with time limits permitted by law and the principles of data minimisation, storage limitation or rational management of our records.
How we ensure your personal data’s security and quality
The Company undertakes to ensure security of the user’s personal data and comply with provisions on security provided by law to avoid data loss, illegitimate or unlawful uses of data or unauthorised access to data, with particular but not exclusive reference to Articles 25-32 of the GDPR. The Company uses many types of advanced security technologies and procedures intended to aid protection of the user’s personal data; for example, personal data are stored on secure servers situated on premises with protected and controlled access. The user can assist the Company to update and correct their personal data by communicating any change of address, qualifications, contact information, etc.
Persons who have access to the data
Persons belonging to the following categories are authorised to process the user’s data: technical and administrative staff, IT staff, product managers, device vigilance staff, as well as other staff members who require processing the data for performance of their job duties.
The Data can be communicated also in countries outside the EU (“Third Countries”) for the same purposes and/or for administrative and accounting purposes pursuant to Article 6.1.(f) and Recital 48 of the GDPR.
Additionally, the Data can be communicated, also in Third Countries, to: (i) institutions, authorities, public bodies for their institutional purposes; (ii) professionals, independent consultants – working individually or in partnerships – and other third parties and providers which supply to the Company commercial, professional or technical services required to operate the Website (e.g., provision of IT and Cloud Computing services) for the purposes specified above and to support the Company with the provision of the services you requested; (iii) third parties in the event of mergers, acquisitions, transfers of business -or branches thereof, audits or other extraordinary operations; The mentioned recipients shall only receive the Data necessary for their respective functions and shall duly undertake to process them only for the purposes indicated above and in compliance with data protection laws. The Data can furthermore be communicated to the other legitimate recipients identified from time to time by the applicable laws. With the exception of the foregoing, the Data shall not be shared with third parties, whether legal or natural persons, who do not perform any function of a commercial, professional or technical nature for the Controller and shall not be disseminated. The parties who receive the Data shall perform processing as Data Controller, Processor or persons authorised to process personal data, as the case may be, for the purposes indicated above and in compliance with the applicable data protection law.
Regarding any transfer of Data outside the EU, including in countries whose laws do not guarantee the same level of protection to personal data privacy as that afforded by EU Law, the Controller informs that the transfer shall in any event take place in accordance with the methods permitted by the GDPR, such as, for example, on the basis of the user’s consent, on the basis of the Standard Contractual Clauses approved by the European Commission, by selecting parties enrolled in international programmes for free movement of data (e.g. EU-USA Privacy Shield) or operating in countries considered safe by the European Commission.
You may at any time exercise the rights afforded by Articles 15-22 of the GDPR, including the right to obtain confirmation of the existence of personal data which relate to you, check its content, origin, correctness, location (also with reference to any Third Countries), request a copy, request correction and in cases provided by law, restriction of processing, deletion, oppose to direct contact activities, oppose to direct marketing (also limited to particular means of communication). Likewise, you may always withdraw consent and/or make observations on specific issues regarding processing operations of your personal data which you regard as incorrect or unjustified by your relationship with the Company, or lodge a complaint with the Data Protection Authority. You may contact the Controller and/or DPO at the addresses displayed above to make any requests regarding personal data processing by the Company, to exercise your legal rights and to obtain an updated list of the parties who have access to your data.
- technical cookies: these are necessary for correct functioning of a website and to permit browsing by the user; without these the user may not be able to visualise the pages correctly or to use some services.
- profiling cookies: these are used for creating user profiles to send advertising messages in line with preferences shown by the user during browsing.
Cookies, whether “technical” or “profiling”, can also be classified as:
- “session” cookies, which are deleted immediately on closing of the browser;
- “persistent” cookies, which remain in the browser for a determinate period of time; these are used, for example, to recognise the device which connects to a website, facilitating user authentication operations;
- “own” cookies, generated and managed directly by the operator of the website on which the user is browsing;
- “third party” cookies, generated and operated by parties other than the operator of the website on which the user is browsing.
The Website uses “technical” cookies and in particular the following types of cookie:
(i) own cookies, session or persistent, necessary to allow browsing on the Website, for the purpose of internal security and systems administration;
(ii) third party cookies, persistent, used by Website to send statistical information to Google Analytics, by way of which the Company can perform statistical analysis of access/visits to the Website. The cookies used pursue exclusively statistical purposes and collect information in aggregated form. By way of two cookies, one persistent and the other session (expiring on closure of the browser), Google Analytics also saves a register with times of commencement of visits to the Website and exit from same. It is possible to prevent Google from taking the data by way of the cookies and the subsequent formulation of the data by downloading and installing the plug-in for browser from the following address: http://tools.google.com/dlpage/gaoptout?hl=it
You can choose to which cookies to give your consent. In the case of third party cookies, users shall provide or deny consent directly to the owner of the cookie in question, to which the Company merely refers: most third party cookies present on the website can be disabled by users on their own browser or by consulting directly the sites of the operators using the links indicated in the table below. In any event, we point out that disabling cookies could impair your ability to use the Website and/or prevent you from benefitting in full from the available functions and services.
Instructions for operation of cookies on the various browsers:
- Select the menu on the upper right-hand corner of the browser tool bar
- Select Settings
- Select the link Show advanced settings
- In the section Privacy select Content settings
- In the section Cookie change the following settings based on the action required for operation of the cookies:
Allow sites to save and read cookie data
- Keep local data only until you quit your browser
- Prevent sites from setting any data
- Block third party cookies and site data
- Manage exceptions for some Internet sites
- All cookies and site data
For more information visit the relevant Google page
- Click on the menu in the upper right corner of the browser tool bar
- Select Options
- Select the Privacy section
- In the section Tracking, select the appropriate button if you want to communicate to sites your wish not to be tracked
- In the section History, select from the drop-down menu Use Custom Settings change the following settings depending on the action desired for cookie operation:
Accept cookies from websites (select the appropriate button);
- Accept third party cookies (select from the drop-down menu one of the following Options: always, from most visited or never);
- Store them for a set period of time (select from the drop-down menu one of the following Options: until they expire, when Firefox is closed or ask every time);
- Again, in the History section, select Show cookies if you wish to clear the cookies present on your computer.
For more information visit the relevant Mozilla page
- Click the Tools button
- Select Internet Options
- Select Privacy
- In the scrolling menu, select one of the following options change the following settings according to what you want to do to handle the cookies:
Block all cookies
- Medium High
- Accept all the cookies
- Select specific sites that you will accept cookie from: click “Sites” and in the “Address of Website” box, type a website address then click “Block” or “Allow”
For more information visit the relevant Microsoft page
- Open Safari
- Click on Safari
- Select Preferences and then click on Privacy
- In the “Block Cookies” section choose the way Safari should handle cookies.
- Click on Details to see which websites have stored their cookies
For more information visit the relevant Apple page
- Start Opera
- Select “Settings” in the main menu in the top left-hand corner of the screen
- Select “Privacy & Security”
- In the section “Cookies”, select one of the following options:
Allow local storage
- Keep local data only until I quit my browser
- Do not permit sites to save any data
- Block third party cookies and site data
- By selecting the button “All cookies and site data” you can remove the cookies present on your computer.
For more information visit the relevant Opera page