This Privacy Policy (“Policy”) forms part of the Terms of Use, the General and Specific Terms of Service (“Terms”) and explains how the company with the corporate name BOOKING HERO I.K.E. and the commercial title ebarber (the “Company” or “we” or “us” or “ebarber”) processes the Personal Data of its Clients, Enterprise Customers and Users (the “Users”), as defined in the Terms. By accessing or using our Services, as defined in the Terms, means that you have read and agreed to the content anticipated in this Policy, hence we encourage you to take a moment and go through it.
This Policy describes how and what type of Personal Data will be collected, processed and used during and following your visits to our website www.ebarber.gr (the "Website") and the respective application for mobile devices both in Apple Store and Google Play (the “Application”), hereinafter referred to collectively as the “Platform”, why your Personal Data is collected, with whom it is shared and your rights in this regard.
When we process your data, we are regarded either as a "data controller" or under certain situations, you may provide your Personal Data to a Business Partner or Enterprise Customer and in this instance, they are "data controller's" and we are "data processors”.
This Policy does not apply to any websites controlled by third parties not affiliated with us that our Platform may link to ("Third Party Sites”). Please review the privacy statements of Third Party Sites as the Company is not responsible for and has no influence on the content or the privacy practices of Third Party Sites.
The terms of this Policy are subject to any additional terms, disclaimers or other contractual terms you have entered into with the Company, and any applicable mandatory laws and regulations.
If you have any questions about how we use your Personal Data, please contact us at info@ebarber.gr
We do our best to limit the processing of your Personal Data to what is strictly necessary and process them in compliance with our legal obligations. The type of Personal Data we request from you or receive depends on the purpose of the processing activity and may include:
• General identification and contact information: name, last name, addresses, e-mail address, phone number, date of birth and other contact details
• Identification numbers issued by government bodies or agencies: VAT number in case of an independent barber
• Credential data: username and password
• Payment information: your card details when paying for our services
• Details about the devices and technology you use, such as location data, your website browser settings, IP address
• Information related to your Booking or Appointment, such as the date of your last visit, Information about any special request you have when Booking an Appointment
• Information about how you use the Platform and Services.
• Marketing and communication preferences, customer feedback and survey responses
• Photos and/or videos uploaded by the Enterprise Customers (barbershops), acting as a data controller
• Information about employees, such as CV, uploaded by the employees
• Social media accounts: We may receive certain Personal Data about you when you use our Social Media Pages, including your social media account ID and profile picture. If you select to connect any of your other social media accounts to your account(s), personal information from your other social media account(s) will be shared with us, which may include Personal Data that is part of your profile relating to those accounts or your connections’ or followers’ profiles.
• Sensitive data: Details about your race or ethnicity and health, including sickness, bodily injury, allergies, medical history and other sensitive data that you voluntarily give when making a Booking or submitting a review.
We process your Personal Data for specific purposes. For each processing operation, only data relevant for the purpose in question is processed.
In particular, we process your Personal Data for the following purposes:
• Setting up and administering your requested Account (Account Registration).
• Managing your Bookings and Appointments on behalf of the Enterprise Customers.
• Communicating with you and sending alerts and reminders via SMS and email.
• Contact you to solve technical problems and fix bugs.
• Processing your comments, reviews or survey responses.
• Processing your transactions and billing management.
• Delivering any emails, surveys, newsletters and alerts that you have signed up to.
• Facilitating your booking and delivering our Services to you.
• Responding to customer service requests, complaints, questions and feedback and providing information about your requested service.
• Resolving any litigation and investigation process.
• Administering the Platform and other systems and protecting them.
• Improving our Platform and Services by using data analytics.
• Personalising your experience and delivering to you the type of content, features and products that you are most interested in.
• Processing your preferences for marketing, automated decision-making, profiling, cookies and any other processing activities that you can opt-out of.
• Developing and carrying out marketing activities.
• Compliance with applicable laws and regulatory obligations (including laws outside your country of residence), such as those relating to anti-money laundering, sanctions and anti-terrorism; compliance with legal processes; and responding to requests from public and governmental authorities (including those outside your country of residence).
• Establishment, exercise or defence of our legal claims and pursue available remedies or limit our damages.
• Recognition, exercise, defence and preservation of our legal rights or of the persons we may represent.
Possible consequences of not providing your Personal Data could include our inability to fulfil our obligations under a contract or our breach of one or more obligations under applicable legislation (for example, accounting or tax legislation).
The legal basis for processing your Personal Data depends on the purpose of the processing and the stakeholders involved in such processing. In particular, providing your Personal Data may be necessary for:
In particular, providing your Personal Data may be necessary for:
• the execution of a contract to which you are a party or the execution of pre-contractual measures taken at your request (for example, in the event of a request for information for contract)
• compliance with a legal obligation applicable to us (for example, in matters of invoicing, fraud detection, taxation, litigation and investigation)
• the purposes of the legitimate interests pursued by us (or a data recipient) provided that these interests override your fundamental rights and freedoms (for example, provision of good customer service, protecting and improving our Platform).
• In certain cases, we will ask for your free, prior and informed consent before processing some of your Personal Data (for example, for direct marketing communication).
Also, we may process sensitive Personal Data, such as Details about your race or ethnicity and health, including sickness, bodily injury, allergies, medical history and other sensitive data when you voluntarily give to us when making a Booking or submitting a review or with your explicit consent.
We collect your Personal Data either directly from you or from third parties, such as our Business Partners and Enterprise Customers. We might also collect your Personal Data from publicly available information (on the Internet).
The Company may collect information when the User visits the Platform either through cookies or through stored data. For more information on how the Company uses stored data and cookies, the User should read Company’s Cookie Policy [here].
If you plan to give us someone else’s Personal Data (e.g., when making a Booking for them), they must have access to this Policy and you must get their consent before sharing any information with us.
We use regular scanning for malware. Your personal information is behind secure networks and is only accessible by a limited number of people who have special access rights to such systems and are required to keep the information confidential. In addition, our entire website is encrypted using Secure Socket Layer (SSL) technology.
We also implement other security measures (in accordance with data protection regulations) when a User makes a Booking or accesses their information to maintain the security of personal information.
Data collected and processed will be protected by physical and logical methods that minimise the risks of unauthorised access, dissemination, loss and destruction of data, in accordance with Articles 25 and 32 of the GDPR. The duration of the processing of data shall not exceed the time necessary to achieve the purposes for which the data were collected.
Depending on the type of Personal Data that is processed, only certain departments have access to your Personal Data. Within our Company, access to your Personal Data is limited to the departments and employees that are required to perform the respective purpose of processing.
Moreover, we will transfer your Personal Data to external recipients only insofar as this processing is necessary for purposes as described above and for which we have the respective legal basis to do so. These recipients are only allowed to process your Personal Data under our written instructions and have no claim to process your Personal Data for their own, independent purposes. They will receive your data from us under contract and process your Personal Data for legal purposes or to protect our own interests. Under no circumstances will we sell or rent your Personal Data to third parties without your explicit and informed consent. Therefore, we may transfer your Personal Data to external third parties, including:
• Service providers instructed by us (including the sub-processors of these service providers) such as in the areas of marketing, customer support, business support tools, business development and sales partners, analytics, telecommunication providers
• IT and hosting service providers.
• Third-Party Payment Processors such as Stripe and Viva
• Our Business Partners and Enterprise Customers
• Our Partner’s IT and hosting service providers
• Government and regulatory organisations
• Legal and accountant advisors and other experts
• Other parties with your consent.
The Platform might include links to third party websites ("Third Party Sites”), and often these links are solely there as pointers to information on topics that might be useful to you. Clicking on those links might allow third parties to collect or share data about you.
We do not control these Third Party Sites and are not responsible for their privacy standards. When you leave the Platform, please remember that this Policy no longer applies, and we encourage you to read the privacy policy of any website you visit.
Parts of the Platform may allow you to submit your own content, such as reviews and photos of your experience. It is important to remember that these submissions can be viewed by the public, and we are not responsible for any actions taken by other individuals if you post Personal Data on one of our social media platforms. Moreover, the Enterprise Customers might upload photos or videos from the Customers for which they are entirely responsible acting as a data controller and they must get Customers’ consent before sharing or uploading any photos or videos on the Platform. We recommend you are cautious about providing certain information (e.g., card details or your address) and that you refer to the privacy and cookie policies of the social media platforms you use.
There are circumstances in which we and the Third Parties with whom we share your Personal Data may transfer your Personal Data out of the country in which it was collected for the purposes of carrying out the Services we provide to you. Where such transfers take place, we take appropriate steps to ensure that your data always has an adequate level of protection in the countries to which it is transferred.
For example, if we transfer your Personal Data from a country within the European Economic Area (EEA) to a country outside the EEA, we take appropriate safeguards to ensure that such transfers provide a level of protection that complies with data protection requirements. If there are specific further requirements under the laws of the country in which you use our services, we will comply with those as well. In particular, for transfers from the EEA to non-EEA countries, we rely on a number of safeguards:
• Adequacy decisions issued by the EU Commission (including the United States, to the extent that recipients have been certified under the EU-US Privacy Framework or other applicable reciprocal agreement between the EU and the US),
• Standard contractual clauses mutually agreed in our contract with the data recipient (including any additional measures, if required),
• Further appropriate safeguards in accordance with Articles 46-49 GDPR (for example, binding corporate rules).
We retain your Personal Data for as long as necessary to achieve the purposes described above. The length of time for which we retain your Personal Data is determined by factors such as the scope, nature and purposes of our processing of your Personal Data and whether we have legitimate interests or legal obligations that require us to retain your Personal Data.
When Personal Data is no longer needed, our company policies require that we either anonymise or aggregate the data (in which case we may further retain and use the anonymised or aggregated information for analytics purposes) or securely erase it or make it inaccessible.
Under the GDPR, you are entitled to the following rights:
• Access and copy of your data: You may ask us to confirm whether we are processing your Personal Data and the specific pieces of Personal Data we have collected and provide you with a copy of your Personal Data.
• Rectification of your data: You may be able to view or change the data we hold about you by logging in to your online account. If this does not work, you can always ask us to rectify and complete your Personal Data that is inaccurate or incomplete.
• Erasure of your data: You may have the right to request that we delete your Personal Data, under certain conditions, such as when: (a) your Personal Data are no longer necessary in regard to the purposes for which we collected them; (b) you withdraw your consent (where applicable); (c) we have legal obligation to erase your Personal Data. Sometimes we cannot meet your request because of legal reasons. But don’t worry, we will tell you if this applies when you make your request.
• Restriction of the processing of your data: If you have a particular reason (for example where you contest the accuracy of that Personal Data or you object to us), you can ask us to limit the ways in which we are using your data.
• Data portability: You can ask us to move, copy or transfer your Personal Data to a different organisation, where it is reasonable and fair.
• Objection to our processing activities: For certain types of activities, like direct marketing, you can ask us to stop at any time.
• Objection to automated decision-making and profiling: You can also object if we are making decisions that are based solely on automated processing, including profiling (this basically means we are using your data to guess what you are interested in or make decisions about you). If there are circumstances when it is really important for us to use your data, we may be unable to stop the processing. But don’t worry, we will let you know if this is the case - and our reasons.
• Withdraw your consent: When the processing of your Personal Data is based on a consent legal basis, you have the right to withdraw your consent at any time with effect for the future by sending us a written request at our email info@ebarber.gr and we will delete your Personal Data from our repository. Please note that if you withdraw your consent, we may not be able to process your Personal Data in order to provide you with our Services. Following the User's withdrawal request, all of his/her personal data will be deleted, except in the case of further retention provided for by regulatory obligations.
• Right to lodge a complaint: If you have concerns regarding the way we process your Personal Data, you have the right to lodge a complaint at any time with the responsible supervisory authority for data protection in your country of habitual residence, place of work or where you believe there has been a breach of data protection law. The supervisory authority responsible for Greece is the Hellenic Data Protection Authority (HDPA) and you can find their contact details here.
To exercise any of your rights set out in the previous section, we encourage you to contact us by email at info@ebarber.gr or a letter to our postal address: 196 Leoforos Syngrou Ave Kallithea Attica, 176 71 Greece
For security reasons and before providing any Personal Data to you, we may ask you to send us a written request with a proof of your identity (e.g. copy of your ID). Data such as photo and personal characteristics should be redacted on the copy.
Our use of the information on your identification document is strictly limited: we will only use the data to verify your identity and will not store them for longer than needed for this purpose.
Your request should contain a detailed, accurate description of the Personal Data you want access to and sufficient information about your interactions with us so that we can locate your Personal Data.
We will analyse this request and keep you informed of further developments within one (1) month from the receipt of this request, according to the article 12 (3) GDPR. Please note however, that the deadline may be extended by two (2) further months where necessary, taking into account the complexity and number of the requests, as provided by the law. In such a case, we will inform you of any such extension within one (1) month of receipt of the request, together with the reasons for the delay.
We will usually not charge you a fee when you exercise your rights. However, we are allowed by law to charge a reasonable fee or refuse to act on your request if it is manifestly unfounded or excessive.
Our Services are not directed to individuals under the age of eighteen (18). If we become aware of the processing of data of persons under the age of 18 without the valid consent of their parents or legal guardian, we reserve the right to unilaterally discontinue the use of the Services offered, as well as the right to delete the data obtained.
We review this Policy regularly and reserve the right to modify or adapt the provisions of this Policy at any time to take account of changes in our business and legal requirements. We will post the most recent version on this page. If we make changes to this Policy that we consider material, we will notify you via the Platform.
