Elorus Private Company

Greece

ELORUS retains your personal data only for as long as is required by the contractual terms of each service, along with the applicable fiscal, tax and other legislation in force, based on the purpose of the processing, and then the data is anonymised or destroyed. ELORUS will always require from you for the minimum required by the law personal data in order to provide our services, including, but not limited to, name, surname, e-mail address, invoicing postal address, credit card details, a billing method that may also include bank account details in case of remittance, and other details related to the services that have been provided. We mainly receive your personal data in order to perform our contractual agreement with you either as a user of our services or/and as our supplier and / or as a visitor to our website. Children’s data In general, we do not collect or process personal data of children or provide services to people under 18 years of age. Personal data processing ELORUS process your personal data for one or more of the following legitimate reasons: To sign and perform a contract and carry out our contractual obligations To comply with a legal obligation and fulfil our tax, accounting and reporting obligations. To serve our and third party legitimate business interests. Legitimate interest is when we have a business or commercial reason to use your information. But even then, such use is consistent with the fundamental rights of individuals, for example: To provide you with effective customer service and support. To respond to your requests. To improve the security and usability of our website. To execute business transactions with you. To keep you updated on the evolution of our services. To file your complaints. You have given us your consent. Subject to a valid consent you have freely provided the lawfulness of such processing is based on that consent.

ELORUS will delete your data: When they are no longer necessary for the purposes for which that information was collected and processed Upon your request or objection, provided there are no overriding legal grounds requiring us to maintain that information When they are not necessary for us to comply with our legal obligations. Upon the withdrawal of your consent in case that the collection and process of your personal data was based on your consent.

ELORUS takes the appropriate technical and organizational measures to ensure that your personal data is transferred, stored and processed in accordance with the appropriate security standards and in accordance with the provisions of the General Data Protection Regulation (GDPR 2016/679) and the relevant Greek legislation in force and the decisions of the Hellenic Data Protection Authority (HDPA). How we share your data In the course of the performance of our contractual and legal obligations your personal data may be provided to various service providers and suppliers. Those service providers and suppliers are bound by Data Processing Agreements, and they are obliged to safeguard confidentiality and data protection according to GDPR. Such service providers and suppliers may be: External legal consultants. Financial and business advisors. IT companies and communication providers. Certified public accountants - auditors and accountants Transfers of data ELORUS doesn’t transfer personal data to countries outside the European Economic Area ("EEA").

Netherlands

Cloud hosted

DigitalOcean, Azure

no

When requested to, ELORUS will delete your entire personal & business data, 30 calendar days after we receive the corresponding request. Within this 30-day period, you have the right to cancel the deletion order by sending another request through our communication channels. The data deletion is permanent. Once your personal & business date are deleted, they cannot be retrieved or restored in any way.

no

2021-01-21

no

no

yes

security@elorus.com

no

no

no

no