PRIVACY POLICY

The company named “FIRST RUNNER PARTICIPATIONS MONOPROSOPI AE” based in Athens, Valaoritou Street, No. 17, with VAT number 801332670 of the Tax Office of FAE ATHENS and GEMI number 154587601000 (hereinafter the “Company”), as the Data Controller, recognizes and gives great importance to compliance with national and European legislation related to the protection of the respective natural person (individual) from the processing of personal data concerning him/her.

The purpose of this is to inform you as the Company’s contractors or users of our services regarding the processing to which your personal data are submitted in the context of the Company’s operations or in the context of using our platform called “FIELDOO” or our general business relationship, in accordance with the current legislation and in particular Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter the “Regulation”).

Specifically, through this you will obtain information on the following:

Our Company.
General principles for the Processing of Personal Data.
What data of yours may be subject to processing.
What are the purposes of the processing.
To whom the data may be disclosed.
What is provided in case of any transfer of data to third countries.
What is the time period for which the data are kept.
What happens when the data retention period expires.
What are your rights as data subjects.
What are the obligations of the Company in processing your data.
Protection against attempts of electronic data theft.
Websites

Update - amendment of this Personal Data Protection Statement

Our Company

Our company is a Greek anonymous company registered with the General Commercial Registry (GEMI) under number 154587601000, based in Athens, at 17 Valaoritou Street, Postal Code 10671. Our company, among other activities, as reflected in its articles of association, has developed and operates the “FIELDOO” platform, which is an internet-digital platform with a large network of independent associates who perform various micro-tasks on behalf of various companies (platform workers). The “FIELDOO” platform connects businesses with freelance professionals and contributes to providing additional income to each professional by executing mini-tasks near their residence in the field of marketing [e.g. promotional actions, mystery-secret shopping, shelf checks, photos, counting, product checks in the store, promotional actions, merchandising, checks, sales, etc.].

2.General principles for processing personal data

In the context of its operations, the Company ensures that the processing of your data is carried out in accordance with the following general principles and specifically:

Collection to be carried out in a legitimate and lawful manner, where required with your consent, for a defined, clear and lawful purpose.
Any processing (following collection) is carried out in a lawful manner, in compliance with the relevant declaration of the subject and the purposes as notified.
The individual data collected is relevant to the processing purpose, appropriate and no more than required within the context of the respective processing purpose.
The data is checked for accuracy and is subject to regular updating and updating in accordance with the existing procedures established for this purpose.
The data is kept in a form that allows the identification of each individual subject for the required period of time within the context of the processing purpose.
Our Company takes appropriate security measures to protect the data of each subject and prevent risks such as loss, unauthorized access, destruction, illegal use or disclosure.

Before processing, each individual data subject is duly informed by our authorized representatives, providing, where required, their consent voluntarily and actively. If you provide your consent, we inform you that you can revoke it at any time, without prejudice to the legality of the processing based on the consent prior to its revocation. Your consent is not required in the following cases: a) for the execution of a contract you have concluded with the Company, b) in order to take measures regarding your request prior to the conclusion of the contract, c) for the Company’s compliance as “Data Controller” with its legal obligations. For the protection of your vital interests, d)For the performance of a task carried out in the public interest or in the exercise of official authority (insofar as it is applicable) e)When processing is necessary for the purposes of the legitimate interests pursued by the Company, except where such interests are overridden by your interests or fundamental rights and freedoms.

3. What personal data of yours may be processed

The Company collects, maintains, and processes personal data that you disclose or have disclosed to it as candidates and/or existing customers and/or users of the FIELDOO platform with any relationship and/or as generally dealing with the Company at all stages of our transactional relationship. It should be noted that the Company processes only personal data that is necessary for the respective processing purpose each time.

Specifically, data processing by the Company, depending on the subject of the data, may include the following categories:

Identification Data, e.g. name, surname, gender, father’s name, address, family status, photos, age, date of birth, ID card/passport number, AMKA, AMA, AFM.
“Communication data, e.g. email/letter addresses, telephone/fax numbers.
Payment data, e.g. bank accounts (beneficiary details and Iban).
Case-by-case data necessary or useful for the conclusion and management of a contract and, in general, a transactional relationship, with their subjects, such as indicative data regarding education, experience, spoken foreign languages, skills, location, and evaluation of the subjects.
Other data that are case-by-case relevant and necessary for the predetermined purpose for which they are processed.
The personal data processed by the Company are kept in electronic and magnetic media and/or in written form depending on the case

Personal data processed by the Company are kept in electronic and magnetic media and/or in written form depending on the case. Especially regarding the protection of minors: The Company recognizes the need to protect the personal data of minors, as defined by the current institutional framework. Data of minors are kept by the Company only if they have been provided by those exercising parental responsibility and only for the purposes of fulfilling a relevant transactional relationship for the benefit of minors. It should be noted that under no circumstances does the Company transact directly with minors, nor are the products and services provided by it intended for direct use by minors. It transacts only with those exercising parental responsibility for them

4.What are the purposes of processing.

The Company may process your personal data for the following purposes and under the following circumstances:

In the context of executing the contract or before its conclusion, especially:

For the identification and verification of your details,
For communication either in the pre-contractual stage or regarding issues related to your transactional relationship with the Company,
For the provision of the requested product or service on behalf of the Company and/or its partners and/or the evaluation of the partners regarding their ability to fulfill duties and services,
For the collection of the necessary information to evaluate the possibility of product availability or service execution.

In the context of the Company’s compliance with the obligations established by the current legislative and regulatory framework, especially regarding the notification and transmission to the competent Supervisory, Independent, Police, Judicial, and Public Authorities, as well as third legally unauthorized legal entities, where required by the applicable legislation.
In the context of the Company’s lawful operation, the defense of its interests, and the general smooth operation and protection of your transactions, especially regarding the collection and/or analysis of data related, among other things, to the assessment and management of risks within the Company’s operation and the security of personnel. In the context of informing you by the Company about new products and/or services i) of the Company and ii) of third-party Companies, which the Company offers and match your interests and preferences, provided that you give your explicit consent for this purpose. In this case, we inform you that you have the right to withdraw your consent at any time, without prejudice to the legality of the processing based on the consent prior to its revocation

5.To which recipients may your information be disclosed

Recipients of the data, which the Company is obliged or entitled to disclose based on a legislative or regulatory provision or a court decision or in the context of the lawful operation of your commercial and contractual relationship with it, may be third parties to the Company, natural or legal persons, acting on its behalf, including the following categories: i. Professionals for carrying out the necessary preparatory actions for the out-of-court and judicial pursuit of the collection by the Company of their overdue and due debts, as applicable, ii. Archive keeping and destruction companies, iii. Companies for the supply and support of information systems, iv. Market analysis and product promotion and marketing companies, v. Security and security companies, vi. Companies providing consulting services, including legal and / or financial advisors and auditors of the Company, vii. Insurance companies and insurance intermediaries in the context of providing insurance products, iix. Real estate appraisers, ix. Insurance Funds, Public Organizations, Chambers and Public Enterprises, x. Credit Institutions, Payment Institutions, Electronic Money Institutions, xi, Supervisory, Judicial, Independent and other Authorities at national and European level for the fulfillment of the Company’s obligation under the law or regulatory provision or court decision, such as indicative: Greek Competition Commission, Public Authorities of Greece and abroad, Courts, Public Prosecutors, Investigating Officials, Notaries, Judicial Curators, Mortgage Offices, Greek and foreign Lawyers, Sworn Accountants and Audit firms. It is noted that the Company will also provide you with more specific information regarding any transmission of your data to the above recipients, if provided for by the applicable legislation.

The Company may disclose your personal data to the competent Supervisory, Independent, Police, Judicial and Public Authorities, where required by the applicable legislative and regulatory framework, on a regular or ad hoc basis, if a relevant request is submitted or if it is obliged to submit a report with the said data without prior specific information. It is noted that in the event that the Company assigns the processing of personal data to third parties, who act on its behalf, they must fully comply with the Company’s instructions, and such compliance is ensured through specific provisions in the relevant contractual texts of external assignment (outsourcing) and the observance of corresponding procedures

6. What happens in case of any transfer of data to third countries?

The company processes your personal data mainly in Greece and in any case within the European Economic Area. However, the company may transmit/accept personal data to/from other companies and interconnect certain files, if required, in the context of implementing its work and complying with the provisions of the applicable legislative framework. The above-described transmission or interconnection is carried out in accordance with the provisions of European legislation for companies based in countries within the European Economic Area (EEA) or the local legislative framework for other companies outside the EEA. The transmission of personal data to countries outside the EEA is only carried out if these countries provide an adequate level of personal data protection. In the event that the third country outside the EEA does not provide an adequate level of personal data protection, personal data can be transmitted to that country only if data protection is provided for by a data transmission agreement that ensures an adequate level of protection or if the conditions explicitly provided for by European and national legislation are met (e.g. you as the subject of the data to which the data refers have explicitly consented to the transmission). The company ensures that the necessary procedures are carried out by the competent authorities on a local basis.

7. How long is the data kept?

The company processes your personal data throughout the duration of the respective contract and after its termination or resolution, for as long as is required by the applicable legislative framework. Specifically, your personal data processed by the Company are kept for the entire duration required by the processing purpose for which they are submitted for processing and/or the applicable framework. After this duration, the data is kept in accordance with the current institutional framework for the period provided for by the termination of the business relationship or for as long as is required to defend the Company’s rights before a court or other competent authority. In any case, the Company does not store your personal data for longer than is legally permissible and necessary for the purposes of providing its services. The storage period varies and depends on the nature of the information and the purposes of the processing

8. What happens when the data retention period has passed?

In case the data retention period expires, the Company pays special attention to the way they are destroyed. Specifically, for this purpose, it has established and implements a relevant procedure, which is applied after it is examined that the retention of archival material is not required for compliance with legal and regulatory requirements or for the protection of the interests of the Company, and is based on the instructions of the Personal Data Protection Authority ¹. The Company ensures that the above file destruction process that contains personal data also binds third parties that provide services on its behalf and on behalf of any other persons with whom it cooperates under outsourcing contracts or other agreements

9. What happens when the data retention period has passed.

After verifying your identity, as a Data Subject, you have the following rights:

Right to Information: The Company is obliged to inform you about the processing of your data, such as which data it processes, for what purpose, for how long it keeps them, in a transparent, understandable and easily accessible form, using clear and simple wording.
Right of Access: You have the right to receive confirmation from the Company as to whether or not personal data concerning you are being processed and, if so, to access that data.
Right to Rectification: You have the right to request from the Company the correction of any inaccurate personal data and the completion of any incomplete personal data.
Right to Erasure: You have the right to request from the Company the erasure of personal data, which can be satisfied if specific conditions are met.
Right to Restriction of Processing: You have the right to obtain from the Company the restriction of processing, provided that specific conditions are met.
Right to Object: You have the right to object, at any time, to the processing of personal data concerning you. In this case, the Company must stop the processing, unless it demonstrates compelling and legitimate reasons that override your interests, rights and freedoms as a data subject or for the establishment, exercise or support of legal claims.
Right to Data Portability: You have the right to request from the Company to receive your personal data, which you have provided in a structured, commonly used and machine-readable format, or to have the Company transmit it to another provider.

For your further convenience regarding the exercise of your relevant rights, the Company takes care to develop internal procedures to respond promptly and effectively to your relevant requests. To exercise your above rights, please either contact us by phone at 2103637277 or submit your request to [email protected], using the specially designed forms of the Company. If you believe that the protection of your personal data is affected in any way, you can also appeal, if you wish, to the Personal Data Protection Authority, using the following contact details: Website: www.dpa.gr / Postal Address: Kifisias Avenue 1-3, Postal Code 115 23, Athens Call Center: +30 210 6475600 Fax: +30 210 6475628 Email: [email protected]

10. What are the Company's obligations when processing your data.

Privacy and Processing Security: The processing of personal data is confidential and is carried out exclusively by persons under the control of the Company. These people are selected based on strict criteria established by the Company, which aim to provide adequate guarantees in terms of knowledge and personal commitments to confidentiality. In addition, appropriate applications based on high-level security standards have been integrated into the network to protect personal data, while the necessary checks are carried out regularly to strictly apply the criteria and procedures established by the Company for this purpose. The Company takes appropriate organizational and technical measures to ensure the security of data and their protection from incidents of violation such as accidental or unlawful destruction, accidental loss, alteration, prohibited dissemination or access, and any other form of unlawful processing. The measures taken aim to ensure a level of security commensurate with the risks involved in the processing and nature of the data subject to processing.
Information Systems Security: The Company has established appropriate measures to ensure the confidentiality of all information entered into its information systems, which achieve the protection of data transmitted through the data and voice networks used by the Company. At the same time, the access of users to the Company’s information systems is effectively controlled and the protection of the information managed by these systems is ensured, incidents of violation of the security of the Company’s information systems are detected in a timely manner and prevented as far as possible.

11.Protection against electronic data interception attempts

The company aims to protect you from malicious third-party actions and specifically from attempts of electronic theft of your data. The company informs you via email and provides you with clear instructions through alternative networks, proposing ways of protection and drawing your attention to the methods that are usually used and the risks involved. In particular, it is clear that the company, according to its internal procedures, does not ask you in any way (by phone, email, or any other means of communication) to disclose personal data (identity details, bank account numbers, etc.) or their codes (user id, password). Therefore, such messages should be deleted immediately, while informing the company accordingly. The company may only request such data from you during the user registration process on the “FIELDOO” platform

12. Online Websites

If you use the website of the “FIELDOO” platform, you should be aware that the Company collects personal data of visitors/users of the “FIELDOO” platform only when they voluntarily provide them for the purpose of providing services that are available electronically (e.g. submitting a request for a visitor/user to receive information about products and/or services on behalf of the Company, submitting comments/suggestions on behalf of visitors/users, and/or registering as a user on the “FIELDOO” platform). The personal data collected on the “FIELDOO” platform depend on the requested service each time by the visitor/user and may include name, father’s name, ID number, age, gender, profession, Tax Registration Number, address, phone number, email address, AMA, AMKA, IBAN, or any of the data mentioned above under G depending on the subject of the data. In some cases and depending on the requested service, some of the aforementioned data may be optionally completed by the visitor/user. The Company may process part or all of the data sent by visitors/users for the purpose of providing services that are available electronically, as well as for statistical and improvement purposes of the services-information provided. The website of the “FIELDOO” platform may contain links to other websites that are the responsibility of third parties (natural or legal persons). In no case is the Company responsible for the terms of protection and management of personal data that these websites follow.

The Company may collect identification data of visitors/users of the “FIELDOO” platform using corresponding technologies, such as cookies and/or monitoring of Internet Protocol (IP) addresses. Cookies are small text files that are stored on the hard drive of each visitor/user and do not access any document or file from their computer. They are used to facilitate the visitor/user’s access to specific services and/or pages of the website, for statistical reasons, to determine useful or popular areas, as well as to estimate the effectiveness of the website and improve the performance of the website. This information may also include the type of browser used by the visitor/user, the type of computer, the operating system, the internet service providers, and other such information. In addition, the information system of the “FIELDOO” platform automatically collects information about the locations visited by the visitor/user and about the links to third-party websites that they may select through the use of the Company’s website. The visitor/user of the “FIELDOO” platform can configure their web browser in such a way that it either warns them about the use of cookies in specific services or does not allow the acceptance of cookies in any case. For this purpose, they can refer to the instructions of their network browser or to the help screen to learn more about these functions. For example, in Internet Explorer, they can go to Tools/Internet Options/Security and Privacy to adjust the browser to their requirements. If the visitor/user of the “FIELDOO” platform does not allow the use of cookies for their identification, this may affect the Company’s ability to provide certain services (e.g. transactions through i-bank Internet Banking and Mobile Banking) or information that may be useful to them. Finally, the Company may exploit the capabilities provided by Google Analytics, and specifically Display Advertising, using the features of Remarketing, in order to promote its products and/or services on the internet. In particular, third-party providers, including Google, display the Company’s advertising messages on various websites on the internet. The Company and third-party providers, including Google, use cookies (such as the Google Analytics cookie) or third-party cookies (such as the DoubleClick cookie) jointly to update, optimize, and serve advertising messages based on someone’s previous visits to the Company’s website. Visitors/users of the “FIELDOO” platform may declare that they do not wish to receive such messages and be excluded from future actions within the framework of Display Advertising and adjust their Google Display Network ads using Ads Settings or activate, if they wish, the Google Analytics opt-out browser add-on, via the link https://tools.google.com/dlpag… (seeking any further subscription at the link https://support.google.com/chr…). On the website, the company uses the Cookie Script, a tool that allows the user to see all active cookies, accept them all, reject them all (except for the necessary functional ones), or choose which ones to have active and which ones not. Absolutely necessary cookies:

XSRF-TOKEN - This cookie is written to help with site security in preventing Cross-Site Request Forgery attacks.

CookieScriptConsent - This cookie is used by Cookie-Script.com service to remember visitor cookie consent preferences. It is necessary for Cookie-Script.com cookie banner to work properly.

M. UPDATE – AMENDMENT OF THIS PERSONAL DATA PROTECTION DECLARATION

The Company reserves the right to update, supplement, and/or modify this statement in accordance with the applicable legislative framework. In this case, the updated statement will be posted on the “FIELDOO” platform’s website, which is https://www.fieldooapp.com.