Privacy policy EN - Multisport

Personal data protection policy

PERSONAL DATA PROTECTION POLICY OF BENEFIT SYSTEMS GREECE MIKE

1. WHO ARE WE – INFORMATION ABOUT THE PERSONAL DATA CONTROLLER

1.1. We are “Benefit Systems Greece Single Member Private Company” with the distinctive title “Benefit Systems Greece MIKE” registered with the Greek General Commercial Registry under the number 146033201000, with seat in Nea Smyrni of Attika, at 12 Agias Foteinis Str., Greece (hereinafter referred to as: “Benefit Systems”, “us”, “we”).

1.2. We exercise all due care and diligence to ensure that your personal data are processed in accordance with the applicable legislation, including Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“General Data Protection Regulation or GDPR in short”).

1.3. Benefit Systems perceives as priority the security of the data processed by us. We have implemented appropriate policies and procedures in this respect. We conduct trainings to our staff with regard to data protection, data confidentiality and security. We also conduct regular checks of the implemented security models in terms of their adequacy to the security of the data processed by us.

1.4. In order to provide our services, we process certain personal data. The purpose of this Policy is to inform you about the scope of the data that we are processing, the purposes, the legal basis for the processing, the storage periods, the persons to whom the personal data may be disclosed, as well any other information required by law.

2. CONTACT DETAILS FOR BENEFIT SYSTEMS GREECE MIKE

2.1. Contact details of Benefit Systems are as following:

Address: Benefit Systems Greece MIKE, to the attention of the „Data Protection Officer”, 12 Agias Foteninis Str., 17121 Nea Smyrni, Greece

Contact Person: Florou Garyfallia

E-mail: dpo@benefitsystems.gr

Telephone: +30 6943034186

contact form linked to Web site: https://benefitsystems.gr/en/contacts/

3. WHAT PERSONAL DATA WE ARE PROCESSING, WHY IS THAT NEEDED AND ON WHAT LEGAL BASIS? HOW DO WE COLLECT PERSONAL DATA, PROCESSED BY US?

3.1. Personal data regarding issuing and use of MultiSport and MultiSport Kids cards

– All natural persons, using the MultiSport card are included here, including regular card and test card users

3.1.1. In order to issue the MultiSport card to particular user, Benefit Systems collects the first name and the family name of the card user, their email -on an optional basis-, as well as the name of the client company paying to Benefit Systems the fee for the card under the terms of the contract, concluded by and between Benefit Systems and the client company. These data are printed on the MultiSport card together with the unique number (bar code) of the card. We receive these data from the client company. The data for the persons, who use MultiSport card as accompanying persons are being collected by the person who pays us the price for the accompanying person’s MultiSport card and namely the client company, with which we have signed contract.

3.1.2. If contract for providing of services under Program MultiSport between Benefit Systems and the client company/user of MultiSport card (if there is any) provides for fee for second issuance of the card due to loss/theft/brakeage/damage, Benefit Systems can store information for number of cases in which certain card is declared lost/stolen/broken/damaged.

3.1.3. In order for the МultiSport card user to utilize sports, recreational and other services, included in the Program MultiSport by the issued card, Benefit Systems shall process information for visited sports facilities, date of visits and the services, used by the particular person. This is being provided to us by the visited sport facilities. We need this information for the fulfilment of our financial obligations to the persons who manage the sports/recreational centers, included in the MultiSport Program, as well for checking if the registered sports/recreational services are really utilized by the use of active card MultiSport.

Please, read carefully! Benefit Systems does not share with company client’s information for visits at the facilities, as well as the services, used by particular card user, except for cases of established misuse of certain card or breach of the Terms of Use of MultiSport cards and only in case if Benefit Systems decides to exercise its rights and to block particular MultiSport card which had been misused.

3.1.4. All МultiSport cards are personal – they are being provided to certain natural persons to be used personally by them. In order for the МultiSport user to utilize sports, recreational and other services, included in the Program MultiSport upon visit to the sports facility, the card user must identify himself/herself by presenting document issued by competent state, municipal, educational and other institution and which contains first name, family name and picture (e.g ID card, driving license, student ID card, transportation card ID, etc.). This is necessary to make sure that the person who really uses the MultiSport cards at the certain facility is really the person whose name is printed on the particular card.

Please, read carefully! Benefit Systems does not require and does not need copies from ID documents. That is why, if any MultiSport card user is requested to provide such ID copies they have the right to refuse presenting such and we thereby encourage such users to contact Beneft Systems immediately to inform about such practice.

3.1.5. For purposes of prevention, establishment and managing the cases of misuse of MultiSport card (unauthorized use) or noncompliance of the Terms of Use of MultiSport card (published on this website or described thereunder in the respective agreements between Benefit Systems and client companies and/or users, who use the cards on the grounds of direct contract with Benefit Systems, in case there is any), Benefit Systems is entitled to require from the card users to confirm their visits at certain sports facility, by signing of application form, located at the sports facility or to analyze internally the information for activity of the particular MultiSport card.

3.1.6. In order to process and answer to applications/requests/complaints filed by MultiSport card users, Benefit Systems may process the following personal data with regard to the means by which contact with Benefit Systems had been made:

– First and family name of the user of MultiSport card and the name of the client company;

– Their e-mail address (in case the communication is by e-mail) or telephone number (in case communication is through a telephone conversation) or address (for applications/requests/complaints sent by mail)

– Information contained in the application/request/complaint document.

3.1.7. In order to defend our lawful rights against claims of MultiSport card users, client companies or sports facilities, parties of the MultiSport Program, Benefit Systems retains the collected personal data of MultiSport card users, described above for the period stated hereunder in this Policy, after termination of the service contract between Benefit Systems and the relevant client company or of the contract between Benefit Systems and the relevant sports facility or the contract between Benefit Systems and the relevant card user (in case there is any).

3.1.8. In order to comply with the requirements of the applicable tax, accounting, social security and other legislation for storage of documents, Benefit Systems stores collected personal data of card users described above, for a specified time period, determined hereunder in this Policy, after termination of the contract between Benefit Systems and the respective client company or of the contract between Benefit Systems and the respective sports facility, part of the MultiSport Program and/or the contract between Benefit Systems and the respective user of the MultiSport card (in case of such contract). The reason for this is that Benefit Systems collects and uses the above-mentioned personal data in order to fulfill their financial obligations to the entities, operating and managing the sports/recreational facilities included in the MultiSport Program and in order to settle their financial relations with the persons who pay Benefit Systems the price for the MultiSport cards.

3.1.9. In order to inform the users of MultiSport cards of the new services or changes in the network of sports and other facilities included in the MultiSport Program or other changes related to the Program MultiSport, Benefit Systems may process e-mail addresses of MultiSport card users or the e-mail addresses of contact persons included in the contracts with the client company. Also, we may send to the users of MultiSport cards marketing information about our services and events organized by us, if they have given us their consent for receiving such communications.

3.1.10. For purposes of broadening the partners’ network (i.e for purpose of including more sports facilities) and for improving its services, Benefit Systems may process generalized statistic information for the visited sports facilities or the services, used by the card holders.

3.1.11. The purpose for processing of personal data by us is not to create individual profiles to combine data bases or to perform any kind of advertising targeting. We do not perform automatized decision making without human interference and do not use automatized systems with purpose to create individual profiles of persons who use MultiSport cards.

3.2. Personal data of representatives of contracting parties and contact persons of contracting parties

3.2.1. In order for Benefit Systems to conclude contract with contracting party – legal entity, either partner (i.e. person, managing sports, recreational or other center), client (employer) or other contracting party, Benefit Systems processes (checks and uses) information about the representative(s) of the contracting party, who will sign the contract. In case that the contract is signed by attorney, Benefit Systems shall collect and process the Power of Attorney as the document containing personal data.

This information is necessary for Benefit Systems to check if the person who signs the contract on behalf of the contracting party is entitled with due power of representation. These data are being collected directly from the contracting party or from public accessible resources – e.g. the commercial register.

3.2.2. For the purpose of making contact with contracting party of Benefit Systems which is legal entity, the contract with contracting party usually includes contact details of certain individuals (full name, telephone number and/or e-mail address). These data are used in case communication is necessary for concluding, fulfilment or termination of the contract with the contracting party.

3.2.3. For compliance with legal requirements about data which must be entered in the accounting documents or registers, the data about legal representatives of contracting parties may be used and stored by Benefit Systems upon issuing of accounting documents, for entering of accounting documents in accounting registers upon fulfilment of obligation for storage of accounting documentation and information, upon performance of the legal defense of Benefit Systems (if necessary).

3.3. Personal data of persons, who use the contact form on the website or who communicate with us in any other way by any, including job applicants

3.3.1. You can send us questions, requests and/or publish comments by variety of means – for example by signing a contact form, integrated with our website, as well as through our profiles and fan sites in the social networks. In order to identify you and to process your message and send you our response (if such is required) we process your identification data and contact data which were filled upon sending of your message to us.

3.3.2.Processing of your personal data by us is separate and different from processing of your data by controllers of the respective social networks for the purposes and on the basis, defined thereunder.

3.3.3. Signing of the contact form, sending it to us and/or publishing by you of any questions, requests and/or comments is completely voluntary and performed upon your initiative. Your personal data that is processed for the purposes of review and feedback to received questions, requests and other statements and for the purposes of publishing of your comments on our profiles and/or fan sites in social networks shall be stored by us for a period of one month after processing by us of the statement sent to us.

3.3.4. So that we can assess your suitability for a particular job position you are applying for, announced by Benefit Systems or person(s) acting in its behalf, we process certain personal data in compliance with our Policy for personal data processing of job applicants.

3.4. Legal bases on which personal data are being processed

3.4.1.Benefit Systems processes the above-mentioned personal data on the following legal bases:

3.4.1.1. Fulfilment of contract, under which the MultiSport card user is a party (in case of concluded contract);

3.4.1.2. Compliance with obligations required by law, e.g. in the tax and accounting laws;

3.4.1.3. Consent for processing of personal data for sending marketing information to the users of the MultiSport card about our services and events organized by us;

3.4.1.4. Publication of the personal data by you, when you decide to provide us and make publicly available information about you in our website and other social media.

3.4.1.5. Legitimate interests of Benefit Systems, as described above and namely: to provide the services under the contracts with the client companies pursuant to the terms and conditions of these contracts, including to issue and deliver the MultiSport cards, to provide the availability of using these cards in the respective sports facilities, to fulfil its financial obligations to the persons, who manage the sports facilities, to check, establish and remedy cases of misuse of MultiSport cards (e.g not allowed use of the cards) or violation of the Term of Use of MultiSport cards, to seek and include new sports facilities in Program MultiSport, to provide information for newly included facilities to current clients and to perform data analytics in order to improve its services provided to the users of the MultiSport cards. Other legitimate interest of Benefit Systems involving prevention of fraud and necessity for carrying out legal defense in cases of legal claims against Benefit Systems.

4. TO WHOM PERSONAL DATA MAY BE DISCLOSED AND WHO ARE THE PERSONS WHO PROCESS PERSONAL DATA ON OUR BEHALF

4.1. On condition that the disclosure of personal data is in compliance with the respective personal data legislation, Benefit Systems discloses or may disclose, if necessary the following personal data to the following persons:

– Printing agencies, who are engaged with printing the MultiSport cards, to whom we disclose only data, which is necessary to be printed on the cards- – name and surname, name of the client company with whom we have signed contract for providing of services under Program MultiSport, optionally term of validity of the card (if applicable) and unique barcode number, printed on the card. The printing agencies may be provided also with information of the office address, to which the cards must be delivered;

– Our partners (sports and recreational facilities) upon registration of visit of user of MultiSport card for using of services within their establishments, record data in our system and in the forms, samples of which are sent by us. Data which partners are instructed to collect is limited to information described in the Terms of Use of the of MultiSport cards. In case that partners wish to collect personal data, different from the data described in the Terms for Use of Cards, they act as sole controllers and they are obliged to inform you about the processing of the data by them in the capacity of sole controllers;

– Clients (employers who signed the contract with Benefit Systems) – in case of established misuse of the MultiSport cards or breach of the Terms of Use, breach of contract with consequent blocking of particular MultiSport card, we will inform the client who pays us the price of the card. Upon exercising of some of the rights described hereunder, it might be necessary to reveal to the client information about these rights, if, in order to comply with your rights, it will be necessary to inform the client about these. Upon necessity of payment of price for issuing of duplicate triplicate of damaged/lost/stolen MultiSport card information for number of losses/damages/reported thefts may be disclosed to the client company, who pays us the price of the card in order to issue the duplicates triplicates (if it is stipulated in the contract);

– Vendors of additional services, supplied within the Program MultiSport (included, but not limited to organizers of sports contests and other events for which the users of cards had manifested their will to participate, as in this case only data, needed for the specific sports event are disclosed);

– Companies providing informational systems, which we use and their maintenance including the terminals – card readers in the sports facilities, which are included in the Program MultiSport;

– Companies, providing payment services – in case that some payment is needed by virtue of contract or act of legislation;

– Persons providing services, related to servicing of MultiSport cards– e.g. persons who are in charge of telephone line for questions from the users of cards (call-center). These persons are not granted with any access to data, related to use of your card but can check if your card has been valid for the discussed month or other basic information. In case that we are processing your request, we must review your data, related to the use of the MultiSport cards, the call-center sends us the request and we process it internally within our organization;

– Companies, who provide to Benefit Systems legal, accounting, consultancy, tax and auditing services – upon necessity part of your data may be disclosed to our suppliers of services for the purposes of updating of our accounting registers with necessary information or from the purposes for issuing of required documents or for the purposes of performing of financial or other audit. In case Benefit Systems needs legal, tax and other consultancy services, we may disclose your personal data to our external services suppliers;

– As Benefit Systems is part of a multinational group – Benefit Systems Group, your personal data may be disclosed to and processed by: (a) Benefit Systems International Sp. z o.o., with address: Mlynarska 8/12, 01-194 Warsaw, Poland, (b) Benefit System SA, with address: Pl. Europejski 2, 00-844 Warsaw, Poland, and (c) Benefit Systems Bulgaria OOD, with address: 11- 13 Yunak St., 1612, Sofia, Bulgaria. These companies, all three of which are located within the EU, receive your personal data for the sole purpose of providing to us administrative, managerial and other services (e.g. IT support of some software systems that we use and/or providing data storage and management services);

– If necessary, to competent state authorities to fulfill legitimate obligations envisaged for Benefit Systems – e.g. Tax Authorities for tax accountability purposes.

4.2. Benefit Systems does not transfer or by any other means process personal data outside the EU.

5. FOR HOW LONG WE PROCESS PERSONAL DATA AND WHY

5.1. All personal data are being processed by Benefit Systems for limited period of time. Depending on the purpose, Benefit Systems is processing personal data as following:

5.1.1. Personal data, processed for purposes of issuing of invoices and fulfilment of our legitimate obligations regarding compliance with tax and accounting legislation and other legal acts, may be stored for the maximum term established by law – 20 years.

5.1.2. Personal data, which is contained in accounting documents and registers, as well as personal data related to payments from or to Benefit Systems are also being stored within the term described in the previous provision.

5.1.3. Personal data related to the use of MultiSport card is stored until the expiration of the limitation period for claims/actions for breach by the users of the cards, client companies and partners. In the common case the maximum period is 5 years.

5.1.4. The processing of data for contact with persons appointed for contact persons under contracts with client companies of Benefit Systems, for purposes of sending of up-to date information for the sites in which MultiSport cards may be used, changes in the Terms of Use of MultiSport cards or other relevant information, shall be suspended by the termination of contract for services upon change of contact person of the client company, and in case of objection for the processing of personal data for such purposes by the data subject.

6. WHAT ARE THE RIGHTS OF THE PERSONS WHOSE PERSONAL DATA ARE BEING PROCESSED (DATA SUBJECTS) AND HOW TO EXERCISE THESE RIGHTS

6.1. Pursuant to the GDPR the data subject is entitled to the following rights regarding processing of his/her personal data:

6.1.1. if the processing is based on consent – right to withdraw his/her consent at any time, but the withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal – it can be exercised when the data subject contacts Benefit Systems to the contact details, mentioned above;

6.1.2. right to access to the personal data (i.e. to request whether his/her personal data are being processed and to receive copy from the processed data as well as information about the purpose of processing and to whom personal data are or will be disclosed – Art. 15 of the GDPR);

6.1.3. right to rectification of the personal data (i.e. to request rectification of inaccurate personal data concerning him/her or completing of incomplete personal data– Art. 16 of the GDPR);

6.1.4. right of erasure of personal data (i.e. to request personal data to be erased upon the condition of Art. 17 of the GDPR, including data for which there is no legal basis for processing or which have been unlawfully processed);

6.1.5. right to restriction of processing of personal data (i.e. to request personal data to be stored without being processed by other means under the conditions of Art. 18 of the GDPR);

6.1.6. right to data portability (i.e. under the conditions of Art. 20 of the GDPR to obtain personal data in a structured, commonly used and machine-readable format, and to request from us to transmit them to another data controller if the transfer is technically feasible and the other controller agrees to accept them), if certain requirements apply;

6.1.7. right to object against processing of personal data for purposes of direct marketing and to object against processing of personal data for purposes of legitimate interests of the controller under the conditions of Art. 21 of the GDPR;

6.1.8. right to lodge a complaint with the Hellenic Data Protection Authority in case of violation of the applicable legislation concerning personal data protection.(www.dpa.gr)

7. AMENDMENTS IN THIS POLICY

7.1. We shall review and update this Policy on regular basis in order to comply with legislative changes and to make effort to improve the level of the personal data security. For this reason, we encourage you to review this Policy on a regular basis.

Final version of this Policy is dated 08.10.2019