PRIVACY AND PERSONAL DATA
PROTECTION POLICY

PRIVACY AND PERSONAL DATA
PROTECTION POLICY

The protection of your personal data is important for us!

Please take some time to read this Privacy and Personal Data Protection Policy, in order to find out about the way our company under the name “NARRATOLOGIES P.C.” and the distinctive title “NARRATOLOGIES”, whose registered office is in Kallithea, Attica, with VAT No. 801338914, acting by Aliki Giovitsa dau. of Vikente, and which hereof and for reasons of brevity will be referred to as “the Company”, acting as Processor, collects, stores, uses and generally processes your personal data, when you visit, register or use the Company’s website (hereinafter the “Website”) and its mobile application (hereinafter the “Application”).

The following terms of this Privacy and Personal Data Protection Policy, hereinafter referred to as the “Privacy Policy”, are an integral part of the Website’s and Application’s Terms of Use, which will be referred to herein as the “Website” and the “Application” respectively and relate to the use of the website and Narratologies application services by a simple visitor, but also by a registered user of our online services, as described in the Terms of Use.

The use of our website and the registration in our application services, implies the unconditional acceptance, consent, approval and agreement by the visitor-user with the terms of use and this Privacy and Personal Data Protection Policy.

This Privacy Policy is informative to the data subjects (an identified or identifiable natural person) according to articles 13-14 of the General Data Protection Regulation of the EU 2016/679 (GDPR) and its acceptance implies your consent to the collection and processing of your personal data as described in detail in it.

We inform you that you have the right to revoke your consent to the collection and processing of your personal data at any time, without prejudice to the legality of the processing of your personal data by Narratologies until that moment, by contacting us at info@narratologies.com For more general questions regarding this Privacy Policy, but also any issues related to the processing of your data and the exercise of your rights, you can contact the Company’s Data Protection Officer (DPO) at the e-mail address dpo@narratologies.com.

This Privacy Policy does not in any way cover the relationship between the visitors / users / members of the Website / Application ad any services that are not subject to the control and / or ownership of Narratologies. Users should be aware that our website may contain links to other websites, but Narratologies is not responsible for the practices and terms of personal data protection policy or the content of such websites.

1. A few words about the Website and the Application

The website www.narratologies.com is the Company’s website, where you can be informed about the Company’s actions and the Services it provides.

Additionally, the User can download the Company Application from Google Play and the Apple Store for free.

The Application offers the Customer/ User the opportunity to combine the individual tour in various parts of the city of Athens with gaming. The User selects one of the suggested characters of the Application and while walking (the Application follows his own pace), he discovers new parts of the city, while being informed about the architecture of the area, the traditions, the shops, the local producers and craftsmen, the traditional art and sight. As the User moves and discovers more places and information he earns gems, which he can then redeem by obtaining discounts at partner and recommended stores, restaurants, museums and hotels.


2. What is Personal Data?

The term “Personal Data”, refers to any information that concerns a natural person, such as name, age, postal address, etc., which makes it possible to verify the identity of a person.

3. What is Personal Data Processing?

The term “Processing” refers to any operation or series of operations with or without the use of automated means, in personal data or sets of personal data, such as the collection, registration, organization, structure, storage, adaptation or modification, retrieval, obtaining of information, use, disclosure by transmission, dissemination or any other form of disposal, association or combination, restriction, deletion or destruction.

4. Is it mandatory to provide your Personal Data?

The provision of your Personal Data to the Company may be necessary to achieve the Company’s purposes as set forth in this Privacy and Personal Data Protection Policy or may be optional.

The mandatory or optional nature of the Personal Data provision is indicated by an asterisk (*) next to the personal data of a mandatory nature.

If you refuse to provide the information that is marked as mandatory in the Application, it will be impossible to achieve the purpose for which the specific Data are collected and will not be possible for you to register in the Application. The provision of additional, optional Data to our Company, does not bring any consequences regarding the main purposes of data collection, since their provision serves exclusively to optimize the quality of the services provided by us.

In particular, for the creation of an account in the Application, the visitor must state his name, age, e-mail and a password. During the registration process, the visitor is asked to provide additional optional information, if and when he/ she wishes, such as place of residence, date of birth, gender and contact phone number. After registration, the above account information can be viewed and modified at any time and free of charge by the Application User himself, by using his personal password or upon request to Narratologies.

5. What Personal Data do we collect?

We collect the Personal Data that you provide to us voluntarily during your registration in the Application, as well as when you participate in the activities provided by the Application, such as the publication of messages in our online platforms (online forum) and your participation in competitions, but also the information that you provide to us when you contact us directly.

In any case, we take care to collect only your Personal Data which are absolutely necessary and are appropriate and clear for the intended purpose.

The Data are distinguished on one hand in the Personal Data that you provide to us during your registration and include the following:

– E-mail address

– Username

– Password

– Age

In particular, with regard to age, we must clarify that if you are a minor, you must be at least 16 years old in order to use our Services, otherwise, the use of both our Website and our Application requires the provision of your parents’ consent.

On the other hand, the Application automatically collects upon its installation, use and browsing specific Data, which are necessary in order to ensure the security and efficient operation of the Application and which are intended for internal analysis and evaluation of the Application, such as in particular the following:

– Name/Surname

– E-mail

– Gems accumulated within the application

– Stores (online and physical), which are in the application and the User has visited as well as when he visited the stores (if User has visited a physical store, then we know the position of the User at that particular time)

– Points of cultural interest in the city, which are in the Application and which the User has visited (i.e., we know the position of the User at that particular time)

– Points and neighbourhoods (in terms of Application) that have been visited by the User

– Rating of online and physical stores visited by the User

The latest Data can be divided into the following categories:

● Recording and Usage Data

These Data are collected for the purpose of analysis and internal evaluation of the Application, as well as for commercial use and is recorded in special files (Company Cloud). Depending on the use of the Application, the Data recorded may relate to the IP address, your device details, the browser used, and settings and information about your activity in the Application, such as the date and time of its use, pages and documents you saw, searches and other actions. The Data may also relate to event information on your device, such as system connection failures and other related technical issues.

Device Data refer to information about the computer, mobile phone, tablet or other device used to access the Application. Depending on the device used, the device Data may include information such as the IP address or the proxy server, the Application identification number on your device, the location, the browser, the device model, the internet service provider and/ or the mobile phone provider, information about the configuration of the operating system and more.

We may also ask you for permission to access certain features of your mobile device, such as your mobile phone camera, mobile storage and other features. If you wish to change our access to these features you can make changes to your device settings.

● Location Data

We collect Data about the location of your device, which may be either accurate or unclear. How much information we collect about the location depends on the settings of the device you are using to access the Application. For example, we may use GPS rechnology or other similar technology to collect geolocation information that tell us about your current locations, based on your IP address. You may choose not to collect your location information either by not allowing us to access this information or by disabling your location setting in your device. We inform you, however, that if you choose not to allow us to access this information you will not be able to use specific features from our Services (e.g., redemption of gems).

6. How do we use your Personal Data?

We use your Personal Data that we collect through the Application for various business purposes as described below.

– To complete the Services orders through the Application. The Company processes your Data in order to fulfil its contractual relationship, to process the order of Services, to oppose, raise or exercise legal claims. Please note theat your Data may need to be transferred to third parties for the delivery of the Services you have ordered (e.g., redemption of gems by providing discount at partner and recommended stores, etc.). For more information on how we make your Personal Data available to third parties, see terms 9 and 10 below.

– To create a User Account, our Company processes the Data provided to us in order to provide you with account functions and to facilitate the provision of Services.

– For Communication, our Company uses your Data to respond to requests / questions you submit, refund requests and / or any complaints. The information you share with us, enables us to manage your requests and respond to you in the best possible way. We can also keep a record of your requests / questions to us so that we can better respond to any future communication. We do this based on our contractual obligations to you, our legal obligations and our legitimate interests in order to provide you with the best possible service and to be able to improve our services based on your personal experience.

– To evaluate, develop and improve the services we provide. We do this based on our legitimate business interests.

– To ensure that you will always receive the most interesting content on our Website or Application, we will use the Data you have provided to us by giving your consent to receive Application Notices or – for our Website – your consent to placing cookies on your device. For example, we may display a list of recently viewed Services or offer recommendations based on your purchasing history and any other data you have shared with us.

– To protect your account from fraud and other illegal activities: This includes using your Data to maintain, update and protect your account. For example, we check your password when you log in and use automated IP address tracking to detect possible false logins from unexpected locations.

– To process payments and prevent fraudulent transactions, we do so based on our legitimate business interests. This also helps protect our customers from fraud.

– To comply with our contractual obligations to you or in accordance with the provisions of law or in execution of court decisions.

– To send you communications required by law or necessary to inform you of changes in the services we provide. For example, updates on these privacy notices, service withdrawal notices, and legally required information about your purchases. These service messages will not contain promotional content and do not require prior consent when sent by email or text message (SMS). If we do not use your personal data for these purposes, we will not be able to comply with our legal obligations.

– Finally, we know that the processing of your Data is carried out either by the specially authorized personnel of the Company, or through computer systems and electronic devices by the Company.

7. For what purpose do we process your Personal Data?

The personal data declared by the User anywhere on the Website and the Application are intended exclusively to ensure the operation of the services provided and the legality of the relevant transactions and may not be used by any third party without complying with the provisions of the General Data Protection Regulation (EU) 2016/679, national legislation and the relevant acts of the Data Protection Authority as currently in force concerning the protection against processing personal data. Finally, by using the services of the Website and the Application, it is possible to request or collect other information for statistical purposes, which however are disconnected from the personal data of the user / member in accordance with the provisions of data protection law.

8. What is the legal basis for the processing of your Data by the Company?

– Data protection legislation that sets out the various reasons why a company may collect and process your personal data, including the terms of our contractual relationship.

– Your consent, where required. For example when you choose to receive a newsletter. When collecting your personal data, we will always inform you what data is necessary in relation to a particular service.

– The Company’s obligations arising from the law (e.g., tax legislation, e-commerce legislation, etc.).

– The legitimate interest of our Company. In certain cases, we collect your Data in a way that is reasonably expected as part of the operation of our business and that does not substantially affect your rights, freedoms or interests.

9. Who are the recipients of your Data?

Access to your Data is provided to the absolutely necessary staff of the Company, which is committed to maintaining confidentiality and our partner companies or third-party service providers, who process your Data as Processors on our behalf and in accordance with our orders.

The Company shares your Data with:

● Stores and / or commercial enterprises that cooperate with the Company for the promotion and advertising of their products and services through the Application. These are the stores and businesses that, as mentioned above, will be proposed and promoted through the Application and will provide you with specific discounts for making purchases as a form of redemption of points you will collect during your tour.

● Third-party service providers that process personal data on behalf of the Company, for example (indicatively mentioned) for credit card and payment processing, hosting, management and maintenance of our data, e-mail distribution, research and analysis, management of brand and services promotions, Google, Facebook, as well as management of certain services and elements. When we use third-party service providers we enter into agreements that oblige them to implement appropriate technical and organizational measures to protect your personal data.

● Other third-parties, to the extent necessary for the following purposes: (i) compliance with a government request, court order or applicable law; (ii) preventing illegal uses of the Website and our Application or violations of the Terms of Use of the Website and our Application and our policies; (iii) our protection against third party claims, and (iv) helping to prevent or investigate fraud (e.g., counterfeiting).

● To other third parties when you yourself have given your consent.

You may also share your Data:

● When you use certain social media data on our Website or Application, you may create a public profile that includes information such as username, profile picture and city. You can also share content with your friends or the general public, including information about your interaction with our Company. We encourage you to use the tools we provide to manage the Company’s social media sharing in order to control the information you make available through the Company’s social media.

10. What is the policy applied by third-parties with whom we share your Data in accordance with the above?

• We provide only the information needed to perform their specific services.

• They may use your Data only for the exact purposes set forth in our contract with them.

• We work closely with them to ensure that your privacy is respected and protected at all times.

• If we stop using their services, any of the data they hold will be deleted or made anonymous.

To enhance your customer experience on the Website and Application, we use the following companies, which will process your Personal Data as part of their contracts with us:

● Google

● Facebook

In case you wish to receive more information regarding the disclosure of your Data to third parties, please contact us by mail at info@narratologies.com.

11. How we ensure that Data Processors respect your Data?

The Data Processors on our behalf have agreed and contractually committed with the Company:

● to maintain confidentiality;

● to not send your Data to third parties without Company’s permission;

● to take appropriate security measures;

● to comply with the legal framework for the protection of personal data and in particular Regulation 979/2016 / EU (otherwise known as GDPR).

12. International Data Transfer

● The personal data we collect (or process) in the context of our Website and Application will be stored in Greece. However, some of the Data recipients with whom the Company shares your Personal Data may be located in countries other than the one where the initial collection of your Personal Data took place. Legislation in these countries may not provide the same level of data protection as the country where you originally provided your Personal Data. However, when we transfer your Personal Data to recipients in other countries, including the US, we are committed to protecting your Personal Data as described in this Privacy Policy and in accordance with applicable law.

● We take measures to comply with applicable legal requirements for the transfer of personal data to recipients in countries outside the European Economic Area or Switzerland that do not provide an adequate level of protection. We use various measures to ensure that your Personal Data transferred to these countries enjoy adequate protection in accordance with data protection rules. These include signing the Contract Clauses, certifying that the recipient has adopted European binding rules or complying with the EU-US and Switzerland-US Privacy Shield.

13. How long do we keep your Data?

We retain your Personal Data for as long as necessary to fulfill the purposes set forth in this Privacy Policy (unless a longer retention period is required by applicable law). Generally, this means that we will keep your personal data for as long as you have an account with our Company. Regarding your Personal Data related to purchases of services, we retain this data for a longer period of time in order to comply with our legal obligations (such as tax and commercial law and for warranty purposes). At the end of this retention period, your data will be completely or anonymously deleted, for example by aggregation with other data, so that it can be used in an unrecognizable way for statistical analysis and business planning.

14. Is your Data secure;

We are committed to safeguarding your Personal Data.

Recognizing the importance of the security of your Personal Data, we have taken all appropriate organizational and technical measures to secure and protect your Data from any form of accidental or improper processing. We use the most modern and advanced methods to ensure maximum security.

The www.narratologies.com website uses TLS protocol for secure online trading. This encrypts all the Data you provide, including your credit card number, name and address, so that it cannot be decrypted or changed when you transfer it over the Internet. In addition, we use Mapbox SDK services for your maps and browsing in the Application.

Additionally, the information used to identify you as an account user is the Username Password and the Personal Security Password. Each time you enter your details, you are given access to your personal account. This process is achieved securely through encryption when transported over the Internet, through the Google Firebase platform used by the Company. By the same standards, you have the option to change your Personal Security Password as often as you wish. After entering the desired code, the new code is coded and stored in the Company’s systems. For this reason, you are the only one who knows your password and you are solely responsible for maintaining the confidentiality of the password by third-parties.

These measures shall be reviewed and amended as necessary.

15. What are your rights?

– You have the right to access your personal data.

This means that you have the right to be informed by us if we process your Data. Αν επεξεργαζόμαστε Δεδομένα σας μπορείτε να ζητήσετε να ενημερωθείτε για τον σκοπό της επεξεργασίας, το είδος των Δεδομένων σας που τηρούμε, σε ποιους τα δίνουμε, πόσο διάστημα τα αποθηκεύουμε, if decisions are made automatically, but also for your other rights, such as the right to correct, delete data, restrict processing and lodge a complaint with your national Data Protection Authority.

– You have the right to correct inaccurate personal data.

If you find that there is an error in your Data you can request us to correct it (e.g., name correction or change of address notification).

– You have the right to erasure/ right to be forgotten.

You can ask us to delete your data if it is no longer necessary for the above-mentioned processing purposes or you wish to revoke your consent in case this is the only legal basis.

– You have the right to your Data portability.

You may ask us to receive in a readable form the Data that you have provided to us or ask us to transmit it to another Data processor.

– You have the right to restrict processing.

You can ask us to restrict the processing of your Data for as long as your processing objections are pending.

– You have the right to object and revoke your consent to the processing of your Data.

You may object to the processing of your Data and we will stop processing your Data unless there are other compelling and legitimate reasons that prevail over your right. If you have given your consent to the collection, processing and use of your data, you may revoke your consent at any time with future effect.

– In case we rely on our legitimate interest.

In cases where we process your personal data based on our legitimate interest, you can ask us to stop for reasons related to your personal situation. We must then do so if we do not believe we have a legitimate reason to continue to process your Personal Data.

16. How can you exercise your rights?

In order to exercise your rights, you can submit a relevant request to the Data Protection Officer, at the postal address of the Company (NARRATOLOGIES P.C., 190 Syggrou Avenue, PC 17671, Kallithea, Attica, Greece) or at its e-mail address entitled “Exercise of Right” and we will take care to examine it and answer you as soon as possible.

Exceptionally:

● if you wish to correct your Data in your user account, you can log in to it and make any correction / change without the need to submit a Request.

● if you wish not to receive web push notifications from the Company you can disable the option from your browser setting

● Identity check

● to protect the confidentiality of your information, we will ask you to verify your identity before making any request that you submit under this Privacy Policy. If you have authorized a third party to submit a request on your behalf, we will ask them to prove that they have your permission to act for this purpose.

17. When do we respond to your Requests?

We respond to your requests free of charge without delay, and in any case within one (1) month from the time we receive your request. However, if your Request is complicated or there is a large number of your Requests, we will inform you within a month if we need to receive an extension of another two (2) months within which we will respond to you.

If your Requests are manifestly unfounded or excessive, in particular due to their recurring nature, the Company may impose a reasonable fee, taking into account the administrative costs of providing the information or performing the requested action or refuse to follow up on the Request.

18. What is the applicable law during the processing of your Data by us?

Applicable Law is the Greek Law, as formulated according to the General Regulation for the Protection of Personal Data 2016/679 / EU, and in general the current national and European legislative and regulatory framework for the protection of personal data.

The competent courts for any disputes arising related to your Data are the Courts of Athens.

19. Where can you apply if we violate the applicable law for the protection of your Personal Data?

You have the right to lodge a complaint with the Data Protection Authority (postal address 1-3 Kifissias, PC 115 23, Athens, tel. 210. 6475600, e-mail address contact@dpa.gr), if you consider that the processing of your Personal Data violates the applicable national and regulatory framework for the protection of personal data.

20. How will you be informed of any changes to this Policy?

We update this Privacy Policy whenever necessary. If there are significant changes to the Privacy Policy or the way we use your Personal Data, we will post this update on our website before the changes take effect and we will notify you in any appropriate way.

We encourage you to read this Policy at regular intervals to know how your Data is protected. This privacy policy was last modified on 03/11/2021.

21. Questions and Comments

We hope this Privacy Policy has helped you understand how we handle your Personal Data and your rights to control the handling of our Company

If you have any unresolved questions, or comments or concerns about our Privacy Policy please contact our Data Protection Officer who will be happy to assist you:

● Email: dpo@narratologies.com or

● Letter to the Data Protection Officer at NARRATOLOGIES P.C., 190 Syggrou Avenue, PC 17671, Kallithea, Attica, Greece