Data Protection Policy
This Policy aims to provide users/visitors of the website https://www.thecrimelab.gr/, owned by the company “The Crime Lab,” with specific information regarding the processing of their personal data during their navigation and use of the website, as the Data Controller under the applicable legislation.
Key Concepts
The processing and protection of your personal data are governed by the provisions of the General Data Protection Regulation (EU) 2016/679 – GDPR, the currently applicable national legislation for personal data protection (Laws 4624/2019, 2472/1997, 3471/2006, as applicable), and related decisions and guidelines from the Data Protection Authority or other relevant Supervisory Authorities, in addition to this Policy.
For a better understanding of this Policy, the following key terms are defined:
- “Data Subject”: Any user, visitor, existing or potential client, and any natural person interacting with the website.
- “Personal Data”: Any information that can directly or indirectly identify a natural person (“Data Subject”), such as name, postal address, contact details (phone, mobile), email address, etc.
- “Processing”: Any operation or set of operations performed on personal data, whether by automated means or not, such as collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination, alignment, combination, restriction, erasure, or destruction of personal data that have come or will come to the Company’s knowledge, either directly from you through the website or within the context of your transactional relationship with it.
- “Data Controller”: Manolis Sfakianakis, who owns this website and determines the purposes and means of processing personal data through this website.
- “Data Processor”: A natural or legal person, public authority, agency, or other body/company that processes personal data on behalf of the Data Controller.
- “Recipient”: A natural or legal person, public authority, agency, or other body/company to whom personal data are disclosed, whether a third party or not.
What Data Is Collected, for What Purpose, and on What Legal Basis
Through this website, the necessary personal data are collected and processed as needed for the best possible service or (potential) cooperation with you, the fulfillment of our legal obligations, or based on your specific consent. Specifically, we process the
following data in these instances:
Activity | Data | Purpose | Legal Basis |
Website Entry | Address | Providing personalized services to you, proper connection creation, system security, and stability | a) Legal obligation b) Legitimate interest for the secure provision of the website and services to the public |
Contact Form | Name, email, subject, message, date-time | Submitting queries, reporting issues, expressing interest for communication and further information | a) Our cooperation and relationship, at your request b) Legitimate interest for direct service and communication with interested parties |
Lab Request Form | Full name, email, phone, case description, date-time | Reporting issues, incident reporting, further communication, and updates | a) Our cooperation and relationship, at your request b) Your explicit consent regarding any special category data |
Newsletter Subscription | Email, date-time, Privacy Policy acceptance version | Updates on our products and services | Your consent |
Cookies | (See Cookie Policy) |
Special Categories of Data
Regarding sensitive personal data (special categories), such as data related to your racial or ethnic origin, religious or philosophical beliefs, health data, or data concerning your sexual life or orientation, we generally do not collect or request such data through our website. Should you provide us with such data, depending on the subject of our communication (especially within the context of describing your case), they will be processed by us with your explicit consent as an integral part of your request.
Data Relating to Minors
This website is not intended for individuals under 18 years of age. We do not process personal data from minors. However, it is noted that if the processing of personal data is based on consent according to Art. 6(1)(a) of the GDPR, regarding the provision of information society services directly to a child, the minor’s consent and the subsequent processing will be lawful only if the minor is at least 15 years old, or if provided or approved by their legal representative.
Recipients of Your Data
The personal data collected within our relationship through the website are processed only by:
- The company “The Crime Lab” and its authorized team, who are bound by confidentiality and follow appropriate security measures,
- Our partners to whom we assign specific tasks on our behalf, either as Data Processors under Art. 28 of the GDPR, or as joint or independent Data Controllers, ensuring GDPR-compliant processing of your data with contractual terms and security measures,
- Public authorities, police, and other competent authorities when required by the applicable legal framework,
- We do not transfer your data to third countries (outside the EU or EEA) or international organizations that do not ensure an adequate level of protection. Any transfer by us or our Processors will comply with the applicable legal framework and necessary safeguards, particularly Art. 44 et seq. of the GDPR.
Retention Period of Personal Data
We retain your personal data for as long as necessary for the nature and purpose of the respective processing, or as defined by the applicable legislative and regulatory framework, considering our legal obligations, potential cooperation, and any legal claims, justifying the retention period of personal data. Specifically, for newsletter subscriptions, we retain your information as long as you remain subscribed without withdrawing your consent, maintaining the ability to update it. After the necessary period, data that are no longer needed are securely and irretrievably deleted.
Your Rights Regarding Your Data Processing
Every client, interested party, and generally every visitor of this website, as a data subject, maintains control over their data and may exercise their rights at any time, as provided in the GDPR, especially Articles 12-23, and the applicable national legislation, under specific conditions:
- Right to information and provision of data processing information before and during processing (Art. 12, 13, 14 GDPR)
- Right of access to personal data concerning you and processed by the Company as Data Controller (Art. 15 GDPR)
- Right to rectification of data (Art. 16 GDPR)
- Right to erasure of your personal data (“right to be forgotten”) (Art. 17 GDPR)
- Right to restrict the processing of your personal data (Art. 18 GDPR)
- Right to data portability (Art. 20 GDPR)
- Right to object (Art. 21 GDPR) and to object to automated decision-making, including profiling (Art. 22 GDPR)
- Right to withdraw your previously given consent (Art. 7(3) GDPR)
- Right to lodge a complaint with the competent supervisory authority (Art. 77 GDPR)
Upon receiving your written request to exercise your rights, we will make every effort to take the necessary actions to satisfy it within one (1) month from the date of receipt or, in any case, to inform you of the status of your request.
Data Security
Our Team takes care to implement appropriate technical and organizational measures to ensure an appropriate level of security during data processing, particularly against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access to personal data, as per Art. 32 of the GDPR. We have relevant Policies in place and generally adhere to processing principles (Art. 5 GDPR) to ensure the availability, integrity, and confidentiality of your data.
Specifically, regarding measures we take for the security of your data through our website, indicative measures include encryption of the user’s communication channel with the web application (TLS 1.3), tiered access using credentials at the administrative level, physical and electronic security at the data center level, and Policies. We also ensure an adequate level of protection and security from our partners who have access to personal data within our cooperation, in accordance with Art. 26 or 28 of the GDPR, with relevant contractual terms.
For any further clarification regarding the processing of your personal data, you may contact us at info@thecrimelab.gr.
This Privacy Policy may be modified at any time, and the updated version will be posted on the website. Therefore, users are encouraged to regularly review this Policy.
Last update: 14/02/2023