PRIVACY POLICY

Maya Insights > PRIVACY POLICY

Last Modified: 2024-02-16

1. INTRODUCTION

This Privacy Policy (together with our Terms, the DPA and any other document referred to in it) describes the type of information that we collect from you (“you/your”) through the use of our services (“Services”), or the use of our website https://www.mayainsights.com (“Website”), how that information may be used or disclosed by us and the safeguards we use to protect it.

Our Website and Services may contain links to third party websites that are not covered by this Privacy Policy. We therefore ask you to review the privacy statements of other websites and applications to understand their information practices.

We have drafted this Privacy Policy to be as clear and concise as possible. Please read it carefully to understand our policies regarding your information and how we will treat it. By using or accessing our Website or the Services, you agree to the collection, use and disclosure of information in accordance with this Privacy Policy. This Privacy Policy may change from time to time and your continued use of the Website or the Services is deemed to be acceptance of such changes, so please check periodically for updates.

Please check back regularly to keep informed of updates to this Privacy Policy. Please read this Privacy Policy carefully and ensure that you understand it. Your acceptance of our Privacy Policy is deemed to occur upon your first use of our Services and/or Website. If you do not accept and agree with this Privacy Policy, you must stop using our Services and/or Website immediately.

You have the right to make a complaint at any time to the Hellenic Data Protection Authority (HDPA), the Greek supervisory authority for data protection issues (https://www.dpa.gr/). We would, however, appreciate the chance to deal with your concerns before you approach the HDPA so please contact us in the first instance. It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

If you have any comments on this Privacy Policy, please email them to [email protected]

2. WHO WE ARE

2.1 Here are our details:

– Our Website address is https://www.mayainsights.com

– Our company name is MAYA INSIGHTS P.C

           – Our registered address is Chiou 56, Athens 104 39, Greece

           – Our Data Protection Officer can be contacted at [email protected]

2.2 We respect your right to privacy and will only process personal information about you or provided by you in accordance with the Data Protection Legislation which for the purposes of this Privacy Policy shall mean: (i) the General Data Protection Regulation ((EU) 2016/679) (GDPR), (ii) Law No. 4624/2019 “on the Hellenic Data Protection Authority, the implementation of Regulation 2016/679 and the transposition of Directive 2016/680” (Government Gazette A/137/29.08.2019) and any other national implementing laws, regulations and secondary legislation, as amended or updated from time to time, in Greece and other applicable privacy laws.

3. WHAT WE MAY COLLECT

3.1 Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

3.2 We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:

  • Identity Data includes first name, last name, username or similar identifier. When you email, phone, live chat or otherwise, we may collect information such as your first name, last name, email address and phone number;
  • Contact Data includes billing address, invoicing address, email address and telephone numbers;
  • Financial Data includes bank account and payment card details;
  • Transaction Data includes details about payments and other details of our Services you have purchased from us;
  • Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this Website;
  • Profile Data includes your username and password, your interests, preferences, feedback and survey responses;
  • Usage Data includes information about how you use our Website and Services;
  • Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences;
  • Cookies Data like many websites, we use “cookies” to enhance your experience and gather information about visitors and visits to our websites;
  • Third Parties and Information we receive from other sources. We may receive information about you if you use any of the other websites we operate or through the Services we provide. In this case we will have informed you when we collected that data that it may be shared internally and combined with data collected on our Website. We are also working closely with third parties (including, for example, business partners, suppliers, sub-contractors, advertising networks, analytics providers, and search information providers) and may receive information about you from them;
  • Analytics includes third-party analytics services (such as Google Analytics) to evaluate your use of the Website, compile reports on activity, collect demographic data, analyse performance metrics, and collect and evaluate other information relating to our Website and internet usage. These third parties use cookies and other technologies to help analyse and provide us the data. By accessing and using the Website, you consent to the processing of data about you by these analytics providers in the manner and for the purposes set out in this Privacy Policy.

3.3 We may also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this Privacy Policy.

3.4 We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.

3.5 We will ensure that your personal data is processed lawfully, fairly, and transparently, without adversely affecting your rights. We will only process your personal data if at least one of the following basis applies:

a) You have given consent to the processing of your personal data for one or more specific purposes;

b) processing is necessary for the performance of a contract to which you are a party or in order to take steps at the request of you prior to entering into a contract;

c) processing is necessary for the purposes of the legitimate interests pursued by us or by a third party such as our financial payments, except where such interests are overridden by the fundamental rights and freedoms of the data subject, in particular where the data subject is a child.

3.6 If you provide personal information to us about another data subject, you are responsible for ensuring that you have their consent to provide that data for the uses set out in this Privacy Policy and for bringing this Privacy Policy to their attention.

4. HOW WE MAY COLLECT AND USE YOUR DATA

4.1 We (or third party data processors, agents and sub-contractors acting on our behalf) may collect, store and use your personal information by way of different methods to collect data from and about you including through:

Direct interactions. You may give us your information by filling in forms via our Website or via any Order Form or other documentation or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:

a) visit the Website;

b) subscribe to our Services, create an account on our Website or sign an Order Form or other related documentation;

c) carry out our contracts with you and/or provide the relevant Services to you;

e) request marketing to be sent to you;

f) enter a competition, promotion or survey; or

g) give us some feedback.

4.2 In addition to the above, we may use the information in the following ways:

a) To personalise your Website experience and to allow us to deliver the type of content and product offerings in which you are most interested.

b) To administer a contest, promotion, survey or other site feature.

c) If you have consented to receive our e-mail newsletter, we may send you periodic e-mails. If you would no longer like to receive promotional e-mail from us, please opt-out, remove or modify information you have provided to us. If you have not opted-in to receive e-mail newsletters, you will not receive these e-mails. Visitors who register or participate in other site features such as marketing programs and ‘members-only’ content will be given a choice whether they would like to be on our e-mail list and receive e-mail communications from us.

d) Present Website content effectively to you.

e) Provide information, and services that you request, or (with your consent) which we think may interest you.

f) Tell you our charges,offers or proposals.

4.3 We will only use your personal data when the Data Protection Legislation allows us to. Most commonly, we will use your personal data in the following circumstances:

a) Where we need to perform the contract we are about to enter into or have entered into with you.

b) Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.

c) Where we need to comply with a legal or regulatory obligation, for example compliance with health and safety, tax or other statutory obligations.

4.4 Generally we do not rely on consent as a legal basis for processing your personal data other than in relation to our marketing communications or sending third party direct marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by contacting us at [email protected] , and we will either delete your data from our systems or move your data to our “unsubscribe list”. However, you acknowledge this will limit our ability to provide the best possible services to you.

4.5 As already indicated above, with your permission and/or where permitted by law, we may also use your data for marketing purposes which may lead to us contacting you by email and/or telephone with information, news and offers on our Services. We agree that we will not do anything that we have not agreed to under this Privacy Policy, and we will not send you any unsolicited marketing or spam. We will take all reasonable steps to ensure that we fully protect your rights and comply with our obligations under the Data Protection Legislation.

5. WHERE WE STORE YOUR DATA AND SECURITY

5.1 We may transfer your collected data to storage outside Greece. It may be processed outside Greece to fulfil your order and to receive our Services and deal with payment. If we do store or transfer data outside Greece, we will take all reasonable steps to ensure that your data is treated as safely and securely as it would be within Greece and under the Data Protection Legislation. Your acceptance of this Privacy Policy shall be your consent permitting us to store or transfer data outside Greece if it is necessary for us to do so.

5.2 Data security is of great importance to us, and to protect your data we have put in place suitable physical, electronic and managerial procedures to safeguard and secure data collected through our Website and/or as a result of the provision of the Services to you. We abide by the principles governing the processing of personal data under the Data Protection Legislation and we take appropriate organisational and technical measures to ensure the security and confidentiality of your personal data and to protect them against any accidental or unlawful destruction, accidental loss, alteration, unauthorised disclosure or access, as well as any other form of unlawful processing. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

5.3 We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

5.4 By giving us your personal data, you agree to this arrangement. We will do what we reasonably can to keep your data secure.

5.5 We have implemented security measures such as a firewall to protect any data and maintain a high level of security.

5.6 Notwithstanding the security measures that we take, it is important to remember that the transmission of data via the internet may not be completely secure and that you are advised to take suitable precautions when transmitting to us data via the internet and you take the risk that any sending of that data turns out to be not secure despite our efforts.

5.7 If we give you a password upon registration on our Website, you must keep it confidential. Please don’t share it apart from those that they have a business need to know.

5.8 We will keep personal data for as long as is necessary.In general we will keep your personal data for as long as we have a business relationship with you or another person (for example, a legal entity for which you are the authorized representative / agent or beneficial owner) in relation to which we have obtained your personal data.

We may however be required to retain personal data for a longer period of time to ensure we comply with our legislative requirements or to defend ourselves against legal claims and proceedings. We review our data retention obligations to ensure we are not retaining data for longer than we are legally obliged to.

6. DISCLOSING YOUR INFORMATION

6.1 We are allowed to disclose your information in the following cases:

6.1.1 If we want to sell our business, or our company, we can disclose it to the potential buyer.

6.1.2 We can disclose it to other businesses in our group.

6.1.3 We can disclose it if we have a legal obligation to do so, or in order to protect other people’s property, safety or rights.

6.1.4 We can exchange information with others to protect against fraud or credit risks or to defend ourselves against legal claims and proceedings.

6.2 We may contract with third parties to supply services to you on our behalf. These may include cloud hosting processing, data visualization processing, customer communication processing, payment processing, search engine facilities, advertising and marketing. In some cases, the third parties may require access to some or all of your data.

6.3 Where any of your data is required for such a purpose, we will take all reasonable steps to ensure that your data will be handled safely, securely, and in accordance with your rights, our obligations, and the obligations of the third party under the Data Protection Legislation. Any third party that we share data with will not be permitted to use it for any other purpose than fulfilling their contract with us.

7. YOUR RIGHTS

7.1 Under the Data Protection Legislation, you have the right to:

  • request access to, deletion of or correction of, your personal data held by us at no cost to you;
  • request that your personal data be transferred to another person (data portability);
  • be informed of what data processing is taking place;
  • restrict processing;
  • to object to processing of your personal data;
  • withdraw your consent to processing if we rely on consent;
  • complain to a supervisory authority.

7.2 You also have rights with respect to automated decision-making and profiling as set out in section 10 below.

7.3 You have the right to ask us not to process your personal data for marketing purposes. We will usually inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes.

7.4 To enforce any of the foregoing rights or if you have any other questions about our Website or this Privacy Policy, please contact us at [email protected] .

7.5 If you have exercised any or all of your data protection rights and still feel that your concerns about how we use your personal data have not been adequately addressed by us, you have also the right to complain to the Hellenic Data Protection Authority (HDPA), the Greek supervisory authority for data protection issues (https://www.dpa.gr/).

8. LINKS TO OTHER SITES

8.1 Please note that our terms and conditions and our policies will not apply to other websites that you get to via a link from our Website. We have no control over how your data is collected, stored or used by other websites and we advise you to check the privacy policies of any such websites before providing any data to them.

9. CHANGES

9.1 We may modify or amend this privacy policy from time to time. We will reasonably endeavor to notify you appropriately when we make changes to this privacy policy and we will amend the revision date at the bottom of this page. We do however encourage you to review this statement periodically so as to always be informed about how we are processing and protecting your personal information.

10. AUTOMATED DECISION-MAKING AND PROFILING

10.1 In establishing and carrying out a business relationship, we generally do not use any automated decision-making. In the event that we use personal data for the purposes of automated decision-making and those decisions have a legal (or similarly significant effect) on you, you have the right to challenge to such decisions under Data Protection Legislation, requesting human intervention, expressing their own point of view, and obtaining an explanation of the decision from us.

10.2 The right described in section 10.1 does not apply in the following circumstances:

a) the decision is necessary for the entry into, or performance of, a contract between the you and us;

b) the decision is authorised by law; or

c) you have given you explicit consent.

10.3 Where we use your personal data for profiling purposes, the following shall apply:

a) Clear information explaining the profiling will be provided, including its significance and the likely consequences;

b) Appropriate mathematical or statistical procedures will be used;

c) Technical and organisational measures necessary to minimise the risk of errors and to enable such errors to be easily corrected shall be implemented; and

d) All personal data processed for profiling purposes shall be secured in order to prevent discriminatory effects arising out of profiling.

11. YOUR AGREEMENT

11.1 By using our Website and by way of acknowledgment, you agree to our Privacy Policy.

12. DISPUTE RESOLUTION

12.1 We will use our best efforts to negotiate in good faith and settle any dispute that may arise out of or relate to this Privacy Policy or any breach of it.

12.2 Any dispute shall not affect our ongoing obligations under this Privacy Policy.

12.3 This Privacy Policy and any dispute or claim relating to or connected with it (including non-contractual disputes or claims) shall be governed by and construed in accordance with the laws of the Republic of Greece and the courts of Greece are the only place where disputes or claims relating to or connected with this Privacy Policy (including non-contractual disputes or claims) may be decided.

13. Compliance with Google API Services User Data Policy
We adhere to the Google API Services User Data Policy, including the Limited Use requirements, for any information received through Google APIs. Our use and transfer of information obtained from Google APIs will strictly follow the guidelines set by Google, ensuring that the data is handled in a secure and responsible manner. For more information on the Google API Services User Data Policy and the Limited Use requirements, please visit the Google API Services User Data Policy. By using our services, you acknowledge and agree to the use and transfer of your data in this manner.

14. Data Sharing with Third-Party Tools

Maya Insights P.C provides services that may involve the extraction of data to third party cloud computing or AI services to enhance business operations and decision-making. This includes, but is not limited to:

  • Marketing Data: Information related to marketing campaigns, outcomes, and strategies.
  • CRM Data: Customer relationship management data, including customer interactions, sales, and engagement metrics, without referencing identity critical information or anonymizing it.
  • Behavioral Data: Data on user actions, preferences, and patterns derived from the use of our client’s services.

In sharing this data with third-parties, such as cloud computing or AI services, we ensure purpose-limited sharing where: 

  • Data is shared strictly for the purposes of processing, storage, and analysis to deliver the services our clients require and offer automations regarding insights or improvements in marketing, sales, and overall business strategies. 
  • Data is used in order to provide or improve user-facing features that are prominent in the application’s user interface;
  • Third-parties comply with applicable laws related to data protection and adhere to certain security and encryption practices.

Third-party representatives are not allowed to read the data unless:

  • They first obtained the client’s affirmative agreement to view specific data.
  • It is necessary for security purposes (for example, investigating a bug or abuse);
  • It is necessary to comply with applicable laws; or
  • The data (including derivations) is aggregated and used for internal operations in accordance with applicable privacy and other jurisdictional legal requirements.

All other transfers, uses, or sales of user data are prohibited, including:

  • Transferring or selling user data to third parties like advertising platforms, data brokers, or any information resellers.
  • Transferring, selling, or using user data for serving ads, including retargeting, personalized or interest-based advertising.
  • Transferring, selling, or using data to determine credit-worthiness or for lending purposes.

By linking data sources, clients give their permission for their data to be transferred and processed using third-party tools, subject to the restrictions outlined above.

15. Data Management Practices

  • Provide Consent over Data Platforms : Upon the integration of data platforms with our service, clients are presented with a consent prompt detailing the data scope/permissions given to Maya Insights P.C. Clients have the option to agree or decline. By engaging with our services, clients acknowledge and agree to the terms of data sharing as outlined.
  • Opt-Out and Data Deletion: At any point, clients can choose to opt out of further data collection and sharing. Additionally, clients have the right to request the deletion of their data from our systems. Such requests can be made by contacting [email protected] and will be honored within 3 working days. This process ensures that clients have continuous control over their third party connected data or their internal processed data.
  • Changes to Our Data Policy: Our data management practices may evolve over time. Should any changes occur, we will notify our clients via email, providing comprehensive details about the adjustments and their effective date. This commitment to transparency ensures that clients remain well-informed about how their data is managed and protected by Maya Insights P.C. The recipients of the email are the owners of the application account.

By engaging with our services, clients acknowledge and agree to the terms of data management as outlined.


16. Data Retention policy
This policy applies to all non-personal data collected, processed, and stored by Maya Insights P.C in the course of its operations.


16.1. Retention Guidelines

  • Non-personal data will be retained for an indefinite period unless a specific business need or legal requirement necessitates its deletion.
  • Maya Insights P.C will regularly review the necessity of retaining non-personal data to ensure compliance with this policy.
  • Non-personal data may include but is not limited to:
    • Marketing data
    • Operational data
    • Analytical data
    • Statistical data

16.2 Data Deletion Procedures

  • Upon request, individuals may submit a formal request for the deletion of their non-personal data.
  • Requests for data deletion will be promptly reviewed and processed by the designated Data Protection Officer (DPO) or relevant department.
  • If the data is determined to be non-essential for business purposes or no longer necessary for the purposes for which it was collected, it will be securely deleted from all systems and databases.
  • Maya Insights P.C will maintain records of data deletion requests and actions taken in response to such requests.

16.3 Compliance

  • Maya Insights P.C will ensure compliance with all relevant laws and regulations governing data retention and deletion, including but not limited to the General Data Protection Regulation (GDPR) in the European Union.
  • Any updates or changes to this policy will be communicated to all relevant stakeholders.

16.4 Data Security

  • Maya Insights P.C will implement appropriate technical and organizational measures to safeguard non-personal data from unauthorized access, disclosure, alteration, or destruction.
  • Access to non-personal data will be restricted to authorized personnel on a need-to-know basis.

16.5 Review and Revision

  • This policy will be reviewed and updated periodically to ensure alignment with changing business needs and regulatory requirements.
  • Employees are encouraged to provide feedback or raise concerns regarding this policy to the Data Protection Officer or relevant department.

16.6 Contact Information, for inquiries or requests related to data retention and deletion, please contact [email protected].