e-Amanda.gr is committed to protecting the privacy of all our users and customers. This privacy policy (“Privacy Policy”) outlines how we gather, define, and use your Information (as defined below).
This privacy policy applies to Information collected by us, or alternatively provided by you through our Website or in any other way (such as by email, over the telephone, by post or in meeting discussions). It is also intended to assist you in making informed decisions when using our Website and our services. Please take some time to read and understand our policy.
All your personal Information shall be held and used in accordance with the EU General Data Protection Regulation 2016/679 (“GDPR”) and national laws implementing GDPR and any legislation that replaces it in whole or in part and any other legislation relating to the protection of personal data.
If you wish to know what information we collect and hold about you, or to exercise any of your rights as set out in Section 10 below, please write to us at the address on our contact page or via e-mail at info@e-Amanda.gr, or visit Privacy Policy Section of our Website.
If you wish to know what information we collect and hold about you, or to exercise any of your rights as set out in Section 10 below, please write to us at the address on our contact page or via e-mail at info@e-Amanda.gr, or visit Privacy Policy Section of our Website.
The legal basis for processing your Information
Under GDPR, the main grounds that we rely upon in order to process your Information are the following:
-
Necessary for compliance with a legal obligation – we are subject to certain legal requirements which may require us to process your Information. We may also be obliged by law to disclose your Information to a regulatory body or law enforcement agency.
-
Necessary for the purposes of legitimate interests – either we, or a third party, will need to process your Information for the purposes of our (or a third party’s) legitimate interests, provided we have established that those interests are not overridden by your rights and freedoms as laid out in the EU General Data Protection Regulation, including your right to have your Information protected. Our legitimate interests include activities such as responding to requests and inquiries from you or a third party, the delivery/implementation of our products or services (including but not limited to web design, web development, content management, digital marketing and hosting of websites, databases, SSL certs, email, SMS and any other e-Amanda.gr advertised product or services), optimizing our website and customer experience, informing you about our products and services and ensuring that our operations are conducted in an appropriate, fair and efficient manner.
-
Consent – in some circumstances, we may ask for your consent to process your Information in a particular way.
What data is stored by e-Amanda.gr about me, my business or its employees?
e-Amanda.gr is a business to client service company and collects personally identifiable information (PII). As such, we securely collect, process or store Information from owners/employees of businesses or individuals. We do not work on ‘personal’ websites’. e-Amanda.gr only ever collects Information necessary needed for our services to function or to provide the delivery, administration or statistical analysis of services our customers have requested or for enabling quotations to potential customers.
We have a policy of limited usage or retention of paper-based materials. Most date worked with is stored in electronic format, with the exception of hardcopy customer contracts, invoicing and company admin records (e.g. staff contracts, CV’s etc.).
We classify the data we hold under the following categories:
- Existing Paying e-Amanda.gr Customers:
For paying customers of e-Amanda.gr we may store any business/company or employee data submitted to us for use in the fulfillment or billing of our services. Data would typically be limited to contact full names, company name, email address(es), phone number(s), mobile number(s), materials, including but not limited to any communication emails, website/server login details, strategic business information, website briefs, notes on phone calls or meetings, or contact details provided of other individuals involved in the quotation purposes.
We do not store credit card details on our servers, only a unique customer ID. - Past e-Amanda.gr Customers:
Following the end of a customer relationship, we may retain certain customer detail for a period of 5 years to ensure compliance with tax requirements, if applies. Customer website data will be fully deleted from our servers within 90 days of the customer leaving (or earlier if requested). - Non e-Amanda.gr Customers Seeking Quotations:
Where owners or employees of businesses seek quotes for our services, we request and securely store the person’s full name, company name, email address(es), phone number(s), mobile number(s), and details of the service request. For quotation purposes, we may also securely store materials, including but not limited to any subsequent communication emails, design materials, website/server login details, strategic business information, website briefs, notes on phone calls or meetings, or contact details provided of other individuals involved in the quotation purposes. - Subscribers to e-Amanda.gr’s Email Newsletter:
Our email newsletter subscription asks for your first name, last name and email address. Typically our newsletters will only use your email address, but may be personalised with your name. - Admin/Staff Related:
e-Amanda.gr office administrative data for accounts, staffing and other administrative purposes.
What Information is collected on e-Amanda.gr?
You may provide us with Information in a number of ways:
- by visiting e-Amanda.gr.ie’s contact form you may provide us with personal information such as name, company name, email address, phone/ mobile phone number and possible additional information if you choose to do so in the comments box.
- by corresponding with us by email, in which case we may retain the content of your email messages together with your email address and our responses;
- in phone calls or meetings with e-Amanda.gr staff where related notes may be securely stored;
- through our mailing list opt-in where we request your name and email address.
We may collect Information about your computer, including where available your IP address, operating system, browser type and the geographical location of your computer, for system administration, prevention of fraud or business lead identification purposes. We also use statistical and user behavior analysis software (Google Analytics, AcyMailing) to get a better idea of how to improve user experience on our website. We may also report aggregate information.
This is statistical data about browsing actions and patterns and does not identify you as an individual. In all cases, the suppliers of these products have stated their GDPR compliance.
How does e-Amanda.gr use your Information
We will hold, use and disclose your Information for our legitimate business purposes including:
- answering or dealing with the purpose of the query, or implementation / quotation for the service(s) requested and any follow-on service or product dealings in the event of a customer.
- emails and postal communication related to billing of our services;
- direct marketing to keep you up to date about important changes to our business, service(s), interruptions/outages/updates, product upgrades, or useful product, service, case study, or digital marketing information, research, tips or advice which may help our customers businesses. These communications may also include details of our services (including where we may be re-sellers of third-party products or services), advise you of news and industry, product or company updates, events, promotions or competitions. Before we do so, you will be given an option to opt-out of such communications and an option to unsubscribe will also be provided with each communication;
- to apply profiling technology which analyses our customers’ engagement with our direct marketing communications, activity and interests so that we can send you content that is relevant to you.
- to provide further services to you by sharing your Information to trusted GDPR compliant third parties who we use in provision of our products or services. Further details about this are set out in the section 7 below on Sharing your Personal Information.
- to release Information to regulatory or law enforcement agencies, if we are required or permitted to do so.
We do not process or hold certain sensitive personal data (known as special category data in GDPR) where you include it in information you send to us e.g. if you include information about your health in enquiries. We have processes in place to limit our use and disclosure of such sensitive data other than where permitted by law.
How e-Amanda.gr share’s your Information
In certain circumstances we will share your Information. Details of those parties are set out below along with the reasons for sharing it.
- Employees: We may disclose your personal data to our employees on a need to know basis. Our employees sign confidentiality agreements on commencement of employment.
- Trusted third party partners: In order to provide certain services, we may share your information with reputable and trusted third party business partners, suppliers and sub-contractors such as IT, hosting, backup, CRM, business productivity, security, billing, phone, network, email logistics providers or data center infrastructure companies (e.g. Gmail). For security reasons we will not publish a full list here to minimize targeting of data within these businesses. We can supply a list of such partners upon request. We will not share your data with any third party if it is not a necessity in providing services to you or where the third party does not clearly state their own GDPR compliance policies either publicly or within a direct contract with e-Amanda.gr.
- Regulatory and law enforcement agencies: As noted above, if we receive a request from a regulatory body or law enforcement agency, and if permitted under GDPR and other laws, we may disclose certain personal information to such bodies or agencies.
- New business owners: If we or our business merges with or is acquired by another business or company, we will share your personal information with the new owners of the business or company and their advisers. If this happens, you will be sent notice of such event and you will be afforded an opportunity to opt-out.
- Aggregated and De-Identified Information: We may share information that has been aggregated or reasonably de-identified, so that the information could not reasonably be used to identify you. For instance, we may publish aggregate statistics about the use of our services.
Transfers outside EEA.
We use cloud-based services where personal data may be processed for the purposes of providing our services to you and this may require the transfer of this data outside of the EEA e.g. Gmail.
Where personal data is transferred outside of the EEA, your rights as a data subject are protected by data transfer mechanisms such as Standard Contractual Clauses and EU/US Privacy Shield and we have only chosen suppliers who have stated their GDPR compliance.
Retention of your Information
We will only retain your Information for as long as is necessary for the purpose or purposes for which we have collected it. The criteria that we use to determine retention periods is determined by the nature of the data and the purposes for which it is kept. For example, if we receive your Information through a competition entry, we will retain your data for as long as is necessary to administer the competition. If we receive your Information when you apply for a job, we will retain your data for as long as is necessary to process your application, and maintain application statistics.
If we receive your Information following a request for assistance, information or quotation for our services, we will retain your data for as long as is necessary to process your request or generate a quotation and for as long as you are an active sale prospect (i.e. have not communicated your intention not to engage with e-Amanda.gr). We will also maintain your data for statistics related to business lead activity and quotations. If you are a e-Amanda.gr customer we will retain your data for the full duration of the period we provide you with our services and for a period of 5 years after the end of the customer relationship thereafter to ensure compliance with tax requirements. Customer website data will be fully deleted from our servers within 90 days of the customer leaving (or earlier if requested). For non-customers, we will not directly market to you for longer than five (5) years, unless you consent to receive direct marketing by opting in again before the expiry of that five (5) year period.
In certain circumstances, once we have deleted or anonymised your data, we may need to retain parts of it (for example, your email address), in order to comply with our obligations under GDPR or other legislation, or for fraud detection purposes.
If we receive your Information following a request for assistance, information or quotation for our services, we will retain your data for as long as is necessary to process your request or generate a quotation and for as long as you are an active sale prospect (i.e. have not communicated your intention not to engage with e-Amanda.gr). We will also maintain your data for statistics related to business lead activity and quotations. If you are a e-Amanda.gr customer we will retain your data for the full duration of the period we provide you with our services and for a period of 5 years after the end of the customer relationship thereafter to ensure compliance with tax requirements. Customer website data will be fully deleted from our servers within 90 days of the customer leaving (or earlier if requested). For non-customers, we will not directly market to you for longer than five (5) years, unless you consent to receive direct marketing by opting in again before the expiry of that five (5) year period.
In certain circumstances, once we have deleted or anonymised your data, we may need to retain parts of it (for example, your email address), in order to comply with our obligations under GDPR or other legislation, or for fraud detection purposes.
Security
We use reasonable technical and organisational security measures to protect your data and to prevent the loss, misuse or unauthorised alteration of any data in our control and will use our reasonable endeavours to ensure that such information is kept as secure as possible.
Data submitted through the e-Amanda.gr.ie contact form or mailing list form is https encrypted and automatically fed into our website database. e-Amanda.gr is hosted on EU servers and are contractually committed GDPR compliance.
Where data is stored electronically on our servers, we have implemented appropriate IT security measures to secure your personal data. These measures include server patching/maintenance routines, anti-virus protection, firewalls and data encryption technologies and access protocols. Periodic third party security penetration test are also carried out on servers to ensure security hardness and any recommendations deployed. Physical server and data center policies are in place with our data center partner SwissNS GmbH. Unfortunately, no data transmission over the Internet or electronic storage system can be guaranteed as secure, however, we will ensure that the technical and organisational measures in place are regularly reviewed to ensure that they are up-to-date and functioning effectively.
Customer requests sent to e-Amanda.gr will only be acted upon if the request is from an authorised customer contact listed in our client database. For security reasons, customer requests must be submitted to info@e-Amanda.gr. from an authorised email address. Requests will not be acted upon over the phone.
Data submitted through the e-Amanda.gr.ie contact form or mailing list form is https encrypted and automatically fed into our website database. e-Amanda.gr is hosted on EU servers and are contractually committed GDPR compliance.
Where data is stored electronically on our servers, we have implemented appropriate IT security measures to secure your personal data. These measures include server patching/maintenance routines, anti-virus protection, firewalls and data encryption technologies and access protocols. Periodic third party security penetration test are also carried out on servers to ensure security hardness and any recommendations deployed. Physical server and data center policies are in place with our data center partner SwissNS GmbH. Unfortunately, no data transmission over the Internet or electronic storage system can be guaranteed as secure, however, we will ensure that the technical and organisational measures in place are regularly reviewed to ensure that they are up-to-date and functioning effectively.
Customer requests sent to e-Amanda.gr will only be acted upon if the request is from an authorised customer contact listed in our client database. For security reasons, customer requests must be submitted to info@e-Amanda.gr. from an authorised email address. Requests will not be acted upon over the phone.
e-Amanda.gr & customer security & privacy responsibilities
Website Content Management Security & Passwords: e-Amanda.gr is responsible for providing reasonable security updates to our Website content management system.
The customer is fully responsible for ensuring that passwords to our website and content management system are not easily guessed or hackable (e.g. minimum 10 characters with mix of alphanumeric characters) and are securely stored. e-Amanda.gr ensures that website or content management system admin areas are encrypted across https.
The nature of the Internet is such that no business can guarantee or warrant the security of any server or web application, especially as the underlying technology will be provided by third parties or upon open source software. We will however take all reasonable steps and organisational measures to protect servers and data through appropriate schedule server patching routines and server / network access controls.
SSL Certificates: e-Amanda.gr using SSL certificates in order to encrypt the communication with customers, end to end.
Network control: This includes the configuration, management, and securing of network elements such as virtual networking, DNS, and gateways. The controls provide a means for services to communicate and interoperate. This is e-Amanda.gr’s responsibility as it is outside the control of the customer.
Backup Services: e-Amanda.gr is responsible for backups, disaster recovery and implementing operational controls to restrict authorised access to the backup servers and data. No customer access is given to this facility and any requests for data restores must be submitted to e-Amanda.gr.
The customer is fully responsible for ensuring that passwords to our website and content management system are not easily guessed or hackable (e.g. minimum 10 characters with mix of alphanumeric characters) and are securely stored. e-Amanda.gr ensures that website or content management system admin areas are encrypted across https.
The nature of the Internet is such that no business can guarantee or warrant the security of any server or web application, especially as the underlying technology will be provided by third parties or upon open source software. We will however take all reasonable steps and organisational measures to protect servers and data through appropriate schedule server patching routines and server / network access controls.
SSL Certificates: e-Amanda.gr using SSL certificates in order to encrypt the communication with customers, end to end.
Network control: This includes the configuration, management, and securing of network elements such as virtual networking, DNS, and gateways. The controls provide a means for services to communicate and interoperate. This is e-Amanda.gr’s responsibility as it is outside the control of the customer.
Backup Services: e-Amanda.gr is responsible for backups, disaster recovery and implementing operational controls to restrict authorised access to the backup servers and data. No customer access is given to this facility and any requests for data restores must be submitted to e-Amanda.gr.
Your rights relating to your Information
You have certain rights in relation to personal information we hold about you. Details of these rights and how to exercise them are set out below. We will require evidence of your identity before we are able to act on your request.
- Right of Access. You have the right at any time to ask us for a copy of the Information about you that we hold, and to confirm the nature of the Information and how it is used. Where we have good reason, and if the GDPR permits, we can refuse your request for a copy of your Information, or certain elements of the request. If we refuse your request or any element of it, we will provide you with our reasons for doing so.
- Right of Correction or Completion. If Information we hold about you is not accurate, or is out of date or incomplete, and requires amendment or correction you have a right to have the data rectified, updated or completed. You can let us know by contacting us at the address or email address set out above.
- Right of Erasure. In certain circumstances, you have the right to request that Information we hold about you is erased e.g. if the Information is no longer necessary for the purposes for which it was collected or processed or our processing of the Information is based on your consent and there are no other legal grounds on which we may process the Information.
- Right to Object to or Restrict Processing. In certain circumstances, you have the right to object to our processing of your Information by contacting us at the address or email address set out above. For example, if we are processing your Information on the basis of our legitimate interests and there are no compelling legitimate grounds for our processing which override your rights and interests. You also have the right to object to use of your Information for direct marketing purposes.You may also have the right to restrict our use of your Information, such as in circumstances where you have challenged the accuracy of the Information and during the period where we are verifying its accuracy.
- Right of Data Portability. In certain instances, you have a right to receive any Information that we hold about you in a structured, commonly used and machine-readable format. You can ask us to transmit that Information to you or directly to a third party organisation.
This right exists in respect of Information that:
you have provided to us previously; and is processed by us using automated means.
While we are happy for such requests to be made, we are not able to guarantee technical compatibility with a third party organisation’s systems. We are also unable to comply with requests that relate to Information of others without their consent.
You can exercise any of the above rights by contacting us at the address or e-mail address set out above. You can exercise your rights free of charge. In making any request in this regard, please provide us with sufficient information to enable us to identify you. We reserve the right to request you to provide additional information in order to enable us to identify your personal data and/or to verify your identity.
If you wish to receive a copy of the data which we hold about you, when contacting us please provide us with €10 and we will respond to your query as quickly as possible but in any event within 40 days of receipt of your request.
Most of the above rights are subject to limitations and exceptions. We will provide reasons if we are unable to comply with any request for the exercise of your rights.
you have provided to us previously; and is processed by us using automated means.
While we are happy for such requests to be made, we are not able to guarantee technical compatibility with a third party organisation’s systems. We are also unable to comply with requests that relate to Information of others without their consent.
You can exercise any of the above rights by contacting us at the address or e-mail address set out above. You can exercise your rights free of charge. In making any request in this regard, please provide us with sufficient information to enable us to identify you. We reserve the right to request you to provide additional information in order to enable us to identify your personal data and/or to verify your identity.
If you wish to receive a copy of the data which we hold about you, when contacting us please provide us with €10 and we will respond to your query as quickly as possible but in any event within 40 days of receipt of your request.
Most of the above rights are subject to limitations and exceptions. We will provide reasons if we are unable to comply with any request for the exercise of your rights.
Consent
To the extent that we are processing your Information based on your consent, you have the right to withdraw your consent at any time. You can do this by unsubscribing via the link provided in any direct marketing communication, or contacting us at the address or email address set out above.
Cookies
Similar to other commercial websites, our Website “cookies” and web server logs to collect information about how our Website is used. A cookie is a very small text document, which often includes an anonymous unique identifier. When you visit a website, that site’s computer asks your computer for permission to store this file in a part of your hard drive specifically designated for cookies. Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.allaboutcookies.org
Information gathered through cookies and web server logs may include the date and time of visits, the pages viewed, time spent at our Website, and the websites visited just before and just after our Website.
Cookies, in conjunction with our web server’s log files, allow us to calculate the aggregate number of people visiting our Website and which parts of the website are most popular. This helps us gather feedback so that we can improve our Website and better serve our customers. Cookies do not allow us to gather any personal Information about you and we do not generally store any personal Information that you provided to us in your cookies.
We use ‘session’ cookies which enable you to carry information across pages of the Website and avoid having to re-enter information. Session cookies enable us to compile statistics that help us to understand how the Website is being used and to improve its structure.
Changes to our Privacy Policy
This privacy policy can be changed by us at any time. If we change our privacy policy in the future, we will advise you of material changes or updates to our privacy policy by e-mail, where we are holding your e-mail address.
How can I request a copy of, an update of, or deletion of data stored about me or my business?
You can request a copy of what data we have on record for you or request any changes to that data by emailing info@e-Amanda.gr.ie and separately providing us with a processing fee of €10 and we will respond to your query as quickly as possible but in any event within 40 days of receipt of your request.
