Last updated on 1^st of June, 2018.

Welcome to OneAppy application (www.oneappy.com) (hereinafter the “Application”). The OneAppy platform is a product of the company under the name “Everit” (hereinafter the “Company”). This version of the application also exists in an HTML environment, so what is included in this data protection policy and applies to the Application, also apply to the HTML version.

The COMPANY (“COMPANY”) takes the privacy of its clients seriously into account. This Privacy Notice is to let you know how the Company protects the privacy of your communications and collect, process, use and store your personal data through our Website as well as the rights you have with regard to the foregoing collection and processing of your personal data. By using our Application and using our services you acknowledge of having read and fully taken into account this Privacy Notice.

This Privacy Policy applies only to this Application. Users must bear in mind that the Application may also contain links to other sites, however our Company is not responsible for the practices and conditions of data protection or the content of such websites.

1. Definitions

For the purpose hereof, the following definitions apply:

1.1. “Recipient” means any natural or legal person, public authority, service or other body to which personal data is disclosed, whether a third party or not.

1.2. “GDPR” – the General Data Protection Regulation (EU) 2016/679, of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC, as amended, replaced or superseded and in force from time to time and as transposed into member-state legislation.

1.3. “Processing” – Any operation or set of operations which is performed by the Company upon the personal data of the users of the Application, whether or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction;

1.4. «Company» – Our Company under the name E. NOMIKOS & CO. with the distinctive title “Everit”, located in Argyroupoli, 14 Iteas Street, PO 164 52, Athens, Greece, tel. +30 212 000 6000, VAT Number EL800585313 – Tax Authority ILIOUPOLIS and which has the exclusive and full ownership of “Oneappy” application.

1.5. “Business User” means the enterprise that uses the application services and creates application / applications within the platform to attract its own customers as end users to the ONEAPPY platform.

1.6. “Website” – the website accessible via the www.oneappy.com domain name, which is a translation of the Application and its capabilities into an HTML environment, including all of its web pages.

1.7. “Profiling Setting” means any form of automated processing of personal data for the assessment of personal aspects relating to an individual, in particular the analysis or anticipation of aspects relating to personal preferences or interests, the credibility or behavior, position or movements of the data subject.

1.8. “Personal Data” – any information which relates to a User, who can be identified directly or indirectly.
1.9. “Consent” – Any explicit, specific and freely given indication by which the User, after having been fully informed, signifies her agreement to personal data relating to her being processed.

1.10. “User” means the user of the Application to whom the data are referenced and whose identity is known or can be identified, that is, it may be identified directly or indirectly.

2. Subject Matter

2.1. This policy defines the terms and conditions that our Company maintains to protect the privacy of users of the Application. This policy includes the rules on the basis of which we collect and process your personal data and ensure that this information is kept confidential.

2.2. Our Business reserves the right to modify and update this policy whenever it deems necessary, and any changes made effective by their public appearance in the Application.

2.3. Should any of these terms be considered invalid, illegal or abusive for any reason, the other terms will remain valid and strong as they are to the extent that they do not conflict with the will expressed in this policy.

3. Principles of Data Processing

We fully respect your fundamental rights and render protection of your privacy a priority of the Company. In this context, when processing your personal data, we follow the following basic principles:

3.1. We submit your personal data to legitimate and legitimate processing, and we maintain full transparency vis-à-vis the way we handle your personal data.

3.2. We collect and process your data only for specified, explicit, and legitimate purposes as outlined in this policy, and we do not process it further in a manner incompatible with these purposes.

3.3. We process your personal data only to the extent that it is appropriate and relevant to the above purposes, while limiting the processing to the measure necessary for these purposes.

3.4. We make reasonable efforts with your own assistance to ensure that your processed data is accurate and, where necessary, updated with regard to the purposes of the processing, taking all reasonable steps to immediately delete or correct it in case of inaccuracy.

3.5. We keep your personal data in a form that allows you to identify yourself only for the time required for the above processing purposes.

3.6. We process your personal data in a way that guarantees its security by using appropriate technical or organizational measures.

3.7. We do not intend to further process your personal data for purposes other than the ones for which they are collected.

3.8. We inform you that there is no obligation to provide your personal data and that there are no possible consequences from the choice not to provide it. Furthermore, we inform you that your personal data will not be used for automated decision making, including profiling.

3.9. Without prejudice to what is stated in this policy, we do not disclose and transmit your personal data to third parties without your consent, unless permitted by law or by our contractual agreement with you.

3.10. Please be advised that we do not pass on your personal data to a third country or international organization for which there is no European Commission decision under the GDPR.

3.11. In general, we comply with all applicable laws and comply with all our statutory obligations, as data controllers of your personal data.

4. Types of Data Collected

4.1 The types of personal data that we collect and process from you are categorized into what we collect and process on: (a) entering and navigating the Mobile Application; (b) creating a personal account; and (c) providing services (such as, without limitation, service retention, product order, use of a reward program, and so on), you grant to our Company the following types of personal data.

When entering and navigating our Application we provide the following data:
• Internet Address (IP Address).
• Navigation data within the site.
• Traffic and location data.
• Device_mac address data during the log in phase.
• Service preference information.

When creating your personal account, you provide the following data:
• E-mail address.
• Name and distinctive title.
• Contact info.

When using our Application Services you provide the following data:
• Content produced by the User.
• Elements of a selected service.
• Transaction details.

4.2 The Company does not collect or gain access in any way to special categories (“sensitive”) of personal data or data relating to criminal convictions and offenses by its clients. You have an obligation to refrain from posting such data concerning yourself or third party data subjects. In the event that you submit such data to our Application, these will be removed as soon as we become aware of them. We have no liability to you or to any third parties for any processing of sensitive data due to your actions or omissions in breach of this obligation.

5. Purposes and Legal Bases of Data Processing

5.1. Personal data necessary for the navigation and use of our Website is collected and processed by the Company pursuant to Article 6 § 1 (b) of the GDPR for the following purposes:

• Technical capability for the smooth operation of our Website.

• Friendly and user-friendly operation of our site.

• Improve your online experience while navigating and using our site.

• Recording consumer habits through the use of anonymous statistical data.

5.2. Personal data necessary for the provision of our services within our contractual relationship is collected and processed by the Company pursuant to article 6 § 1 (b) of the GDPR for the following purposes:

• Performance of our contractual obligations towards our Users and Clients.

• Immediate, adequate and efficient provision of our services.

• Tax use and use for pricing and proof of delivery of ordered products / services.

• Communicating with our clients in the framework of the execution of our services and for the resolution of any complaints.

• Improvement, management and review of our products and services to meet the needs of our clients as much as possible.

• Administration, organization and function of our business.

• Management of our clientele.

• Extrajudicial or judicial use for the protection of our lawful rights and interests.

5.3. the Company collects and processes your personal data solely for the purposes mentioned above and only to the extent that is strictly necessary to effectively serve them. Data collected are relevant, appropriate and no more than what is required in view of the above purposes, whereas we strive to keep them accurate and up to date. Furthermore, your data are retained only for the period required to achieve the purposes, for which they are collected and processed, and are afterwards deleted.

6. C onsent

6.1. The Company may process personal data only with your lawful consent for the following purposes:

• For the purposes of commercial communication, marketing and advertising of our services or third party services via SMS, telephone, e-mail, internet, fax, mail, social media and / or any other appropriate communication channels.

• For personified market research and / or analysis purposes to better understand your needs, preferences, interests, experiences and / or habits as a consumer.

• To operate and manage any reward programs, improvement of questionnaire functions and feedbacklist.

6.2. You give us your consent to the processing of your personal data for the above purposes with an electronic statement in a manner clearly distinguishable from other consents or notice and in an intelligible and easily accessible form using clear and plain language. Your consent is freely given and your personal data is given without such a provision being a legal or contractual obligation or a requirement on behalf of the Company for the performance of a contract between us.

6.3. In this context, by giving your consent, you explicitly state that you wish to provide your consent for the above purposes in accordance with the terms and conditions of this policy. You may provide your consent in the following ways :

• When setting up your user account.

• When ordering products / services as well as when drawing up any type of contract through our website.

6.4. You have the right to withdraw your consent at any time. Withdrawal of your consent does not affect the lawfulness of the treatment of your data prior to its revocation. Your consent is also revoked in the same manner as provided.

7. Data Recipients

7.1. Subject to the terms of this Agreement and in particular Clauses 6.4 and 7.5, our Business does not assign your personal data or interconnect its file for financial or other consideration with any third party private businesses, of course, legal persons, public authorities or services or other organizations, in addition to the reservations expressly set forth herein and the Terms of Use.

7.2. In order to serve the processing purposes referred to in this policy, our Company may provide access to or transmit the following types of personal data to the following processors for and on behalf of:

• Your personal data to any provider of web hosting services with which we maintain a contractual relationship.

• Your personal data in the business, providing us with software maintenance and support services for software and database programs.

7.3. The processing of your personal data by the above partners with us is conducted under our control and only at our command and is subject to the same data protection policy or to a policy of at least the same level of protection.

7.4. In the event that it is required by a court or other administrative authority and in any other case that is legally bound to do so, our Company may transfer your personal data to the extent specified by law, but after you have been informed.

7.5. You acknowledge and authorize our Company to provide, upon your order and on your behalf, your contact information, in particular your name, address, e-mail, address, and mobile and / or fixed telephone number, (or any of them) as well as any other requested personal data to any Business User, that is, a professional or business you have requested / accepted to provide for your chosen service. Our Business expects and asks Professionals to respect your Personal Data, use them only for the purposes of our Application and its HTML version and not to disclose it to third parties. However, you acknowledge and accept unreservedly that our Company may not supervise such professionals or companies in complying with the above commitments, that you undertake the relevant risk and that our Company is not responsible or owed any responsibility kind of compensation if a professional who has accessed your Personal Data uses them for reasons other than the provision of his or her services to you or if he communicates them to third parties without your permission.

8. Data Security and Confidentiality

8.1. In order to ensure the proper use and integrity of your personal data and to prevent their unauthorized or accidental access, processing, deletion, alteration or other use, the Company applies appropriate internal policies and takes all appropriate organizational, technical, physical, logical and procedural security measures, as well as technical standards, in accordance with applicable laws and regulations.

8.2. The processing of your data by the Company is conducted in a manner that ensures their confidentiality and physical and logical security, taking into account the latest developments, implementation costs and the nature, scope, context and purposes of the processing, as well as the risks for your rights and freedoms, which are applicable in each circumstance.

8.3. Your personal data is processed solely by authorized personnel of the Company, bound by strict obligations of confidentiality.

9. Retention of Personal Data

10.1. We keep your personal data for as long as it is each time necessary for the relevant purposes of their processing.

10.2. the Company may retain your personal data after the expiration of their relevant processing purposes in the following limited cases :

• In case that there is a legal obligation under a relevant statutory provision.

• For reasons of tax and social security audit reasons within the statutory limitation period.

• For research or statistical purposes of for the proper organization and operation of our business provided that anonymity or pseudonymization of your data takes place.

• In case of any claims against the Company, for as long as necessary to defend our rights and legitimate interests before any competent court and any other public authority.

10.3. After the period of retention, your personal data is erased from our databases and systems in accordance with our data protection policies and provided that their retention is no longer required for the fulfillment of the purposes we have described above.

10. Your Rights

10.1. As a data subject, you have the right to request and receive access, update, and a copy of your personal data that we collect and process. If you wish to copy a part or all of your personal data, please contact us with the details of our Business that we quote in the relevant chapter hereof.

10.2. We further inform you that you have the ability at any time to exercise your rights under the terms and conditions of the law as they result from the GDPR regarding the correction, erasure and portability of your personal data, as well as limitation and opposition to the processing their,

10.3. The above requests are addressed in writing by post or email to our Business Contact Details as set forth herein. Our Business will respond to any of your requests within one month of receiving it. Upon your notification, this period may be extended by a further two months if necessary, taking into account the complexity of the request and the number of requests. Any rejection of your request will be justified.

10.4. If your request does not meet the requirements of applicable law, the Company reserves the right either to: (a) impose a reasonable fee, taking into account the administrative costs of providing the information or communicating or executing the requested action, or (b) reject your request.

10.5. If there are any doubts as to the identity of the individual submitting the request, we reserve the right to request the provision of additional information necessary to confirm his / her identity.

10.6. If your rights are infringed, we inform you that you have the right to file a complaint with the Personal Data Protection Authority or other competent supervisory authority.

11. User Obligations

11.1. By using our Application and by providing your personal data upon your consent, you acknowledge that you are required to state your actual, accurate and complete information requested by the Company. Furthermore, you must inform our Company of any changes to your information so as to ensure it is kept up-to-date and accurate.

11.2. If you are found to be in breach of your obligations or if our Company has reasonable suspicion that the information you provide is false or incomplete or in any way contrary to applicable law or this Privacy Notice, we retain the right to reject your application for registration or to suspend or terminate your account immediately without notice. In this case, you have no right to any compensation due to the rejection of your application, or the suspension or termination of your account.

11.3. You acknowledge that our Company may delete, cross-check, supplement or modify the information you provide based on information lawfully provided by third parties. In this case, our Company will provide you with relevant notice in compliance with applicable law.

11.4. By using our Application you confirm that you are over sixteen (16) years old. If you are under the age of sixteen (16) you have the obligation to abstain from any use of our Website and from any transfer of your personal data without the consent of the person who exercises your parental responsibility. If you fail to comply with the foregoing obligations, you must immediately notify the Company. In any case, using the Application, you acknowledge that the Company is not responsible for your violation of the obligations mentioned above to the extent that it is unable, even if it makes reasonable efforts, to verify your age or to receive consent from your guardian.

12. In ternational Jurisdiction and Applicable law

12.1. In order to resolve any dispute arising between our Company and users of the Application regarding this data protection policy and its subject matter, the courts of Athens are competent and Greek law is applicable without regard to its conflict rules.

12.2. If a provision of the present Privacy Notice is canceled by a decision of a competent court as unlawful, invalid or unenforceable, this will not affect the validity and enforceability rest of its provisions, which will remain in full force and will be accordingly applied.

13. BUSINESS AND COMMUNICATION DATA

13.1 The services of the Application are provided by the company with the distinctive title “Everit” (“Company”). The details of our Business are as follows:
• Commercial Name: E. NOMIKOS KAI SIA EE
• Distinctive title : Everit
• Spokesperson: Mr Evangelos Nomikos
• Data Protection Officer: Mr Evangelos Broumas
• Location: Athens,Greece
13.2. For any further information or request regarding this data protection policy, please contact the representative and our Data Protection Officer on the following information:
• Street Iteas 14 Str.
• PO 16452, Athens
• Greece
• Tel: +30 2120006000
• Fax: +30 2120006090
• email: info@everit.gr, info@oneappy.com