Privacy policy

Your work is safe with us

1 Introduction
Last Updated: 28/4/2021
Pobuca Ltd is committed to protecting and respecting your privacy. In line with the EU General Data Protection Regulation (Regulation 2016/679 – GDPR) and the Greek applicable legislation in conjunction with the existing decisions and guidelines of the competent authorities, this Privacy Policy sets out information about the Personal Data we collect related to you and the way we use them.
Please read this Policy carefully to get a clear understanding of how we collect, use, protect or otherwise process your Personal Data in accordance with our Website.

2 Who we are and what we do? - Our role in the processing of your Personal Data
Pobuca Ltd (“Pobuca” or “We” or “Our Company”) is an international business solutions provider with a portfolio of 3.000 businesses, from 85 countries around the world that are using its innovative products and solutions. We are a one-stop-shop to grow your business by leveraging technology. We offer state of the art AI-based software solutions and a broad range of services like consulting, technical integration, and after-sales support, aiming at the digital transformation of our clients.
Pobuca is a CX platform that develops and grows returning customers.
We offer a broad range of solutions and consulting services to engage your customers efficiently. We work for strong and long-lasting customer relationships- engaging them in all sales and marketing channels and rewarding them for their loyalty.
This website is controlled by Pobuca Ltd, based at London UK,207 Regent Street, 3rd. floor, W1B 3HH and its affiliate Pobuca – Sieben PC, based at Athens, Greece, Aristomenous 3, Gerakas, info@pobuca.com.
We are the Data Controller regarding to the processing of Personal Data through this website.

3 Who is subject to this Privacy Policy?
This Privacy Policy constitutes a data protection notice to inform you about the way we process Personal Data about data subjects when they are visiting our website and / or we obtain them directly by them in the course of our services.
Hence, this Privacy Policy serves the purposes of a direct/personal information notice under article 13 of the GDPR as well as of a public notice according to article 14 par. 5 of the GDPR and article 32 par. 2 of the Greek law 4624/2019.
Mainly this Privacy Policy is addressed to all Users of our website, meaning the people who browse our website and/or interact with us by filling-in our contact forms.

4 What Personal Data do we collect about you?
Personal Data are any information that relates to a natural person whose identity is known through reference to name or can be identified indirectly through reference to telephone number, address etc.
In case you are a User of our Website:
- Identification data: (full name) you provide to us when you opt to complete the contact form on our website,
- Contact Information: (email and mobile phone number) voluntarily provided to us when you opt to complete the contact form on our website,
- Message data: any data you may provide to us by filling in the respective field in the contact form,
- IP Addresses
- Cookie data: as analyzed in our Cookies Policy.

5 For which purposes and under which Legal Basis do we process your personal data?
Respecting Greek and EU legislation, we will not process your Personal Data if we do not have a proper justification foreseen in the law for that purpose. Therefore, we will only process your Personal Data, if We have a Legal Basis to do so.
We process your Personal Data according to all principles relating to processing of personal data cumulatively for the purposes referred below:

Purpose of Processing Legal Basis of Processing

When you:
Choose Cookies Installation

Navigate through our website


Fill in your contact form for demo, trial and partnerships

Consent
We process your cookies preferences when you make your choices and consent in our cookie banner.

We process your identification data, your contact data and your message, when you opt to complete our contact form based on your consent.

You have the right to withdraw your consent freely at any time a) regarding cookies by visiting the cookie banner and b) regarding contact form data, by sending us a request at marketing@pobuca.com .

We process your identification data, your contact data and your message, when you opt to complete our contact form based on your consent in order to communicate with you, our pre-sales, sales and marketing departments.
Furthermore, upon your consent, you will receive marketing communication.

When you:
• Subscribe to our newsletter, webinars, events
• Download marketing and product material (i.e. eBook, case study, etc.)
The marketing department sends you our news and any marketing communication regarding our services when you subscribe to our newsletter, webinars, and events or when you download our marketing and product material, and you give us your consent.
The right to withdraw your consent can be exercised easily by unsubscribing or by sending us an e- mail at marketing@pobuca.com.

6 Who Has Access to Your Personal Data and to whom are they transferred?
We limit access to your Personal Data to those who have a genuine business need to know it. Also, those processing your information will do so only in an authorized manner and are subject to a duty of confidentiality.
We do not share your Personal Data with unaffiliated third parties, except as necessary for their legitimate professional and business needs, to carry out your requests, and/or as required or permitted by law or professional standards.
The recipients of your data are only the strictly necessary and have access to your data on a need-to-know basis.
Pobuca Ltd may need to transfer your data to the following categories of recipients:
a) Standard Recipients:
Such as internal and external accountants, HR management, Marketing Specialists, IT specialists, technical support, etc.
b) Special recipients:
We use cloud service providers for hosting of digital data physical and digital security providers, archiving providers for the retention of physical or digital archives
c) Public Authorities and Administrative Bodies:
Tax Office, Judicial authorities, Police, and prosecutorial authorities in case of criminal acts or legal claims etc.

7 International Transfers
In general, we undertake measures in order to process data within the European Union and the EEA and/or third countries with adequacy decisions. However, Pobuca Ltd will not transfer your data to third countries.

8 Data Retention Policy – How long do we keep your data?
We retain your Personal Data for as long as it is absolutely necessary, in order to fulfil the respective processing purpose, as described in this Policy, taking into account any applicable law (European or National) regarding the protection of Personal Data. To determine the retention time of Personal Data, the Company takes into account the nature of Personal Data, the quantity, the purpose of their processing, their security, etc. respecting the data minimization principle.
The data retention time on the cookies installed on your device depend on the type of cookies you choose to install in our cookie banner.

9 What are your rights and how can you exercise them?
Pobuca Ltd fully respects your rights with regard to the processing of your Personal Data. We have created a mechanism for the exercising of the rights of data subjects in order to be able to satisfy them as soon as possible by sending us an e-mail at marketing@pobuca.com.
In any case your application should be accurate, and you can exercise your right, when the following conditions apply:

Right of Data Subject Explanation
Rights of Access
(Article 15 of GDPR)
You can request to:
• Confirm that Pobuca Ltd processes your personal data.
• Provide you with access to any personal data that you do not already have at your disposal
• Provide you with other information about your personal data, such as what data Pobuca Ltd has, why it uses it, to whom it might transfer it, whether it transfers it abroad, how it protects it, how long it retains it, what are your rights as a data subject, the process to submit a complaint, the sources of your data (to the extent such information has not already been provided in this Privacy Policy).
Right to Rectification
(Article 16 of GDPR)
You can request to rectify inaccurate personal data.
Pobuca Ltd may seek to verify the accuracy of the data before it rectifies it.
Right to Deletion/
Right to Erasure
(Article 17 of GDPR)

You can request Pobuca Ltd to erase your Personal Data in case:
- you have withdrawn your consent
- at any time when they are no longer needed for the purposes for which they were collected
- if they have been illegally collected
- when you object the processing
- when you no longer wish to receive our services (except for the data that we are obliged to keep by law)

Pobuca Ltd is not obliged to comply with the User’s request to erase such User’s Personal Data if the processing is necessary:
- for compliance with a legal obligation
- for the fulfillment of another legitimate purpose or another legitimate legal basis
- for the establishment, exercise, or defense of legal claims

Restriction of Processing
(Article 18 of GDPR)
You can ask us to restrict the processing (i.e., store but not process) of your personal data when:
- their accuracy is contested (see rectification), so that we can verify the accuracy of the personal data or
- the personal data have been unlawfully processed but you oppose to the erasure of the personal data or
- they are no longer necessary for the purposes for which they were collected, but you still need them for the establishment, exercise or defense of legal claims or there is another legitimate purpose of processing or other legal basis.
- you have exercised you right to object and you wait for its verification
Right to Data Portability
(Article 20 of GDPR)
When processing is based on your consent or the performance of a contract and is carried out by automated means, you may request that we provide your personal data in a structured, commonly used and machine-readable format, or you may request to be transferred directly to another controller. However, this right concerns only the data provided by the data subject and not any data produced by the controller based on already collected data.
Right to Object
(Article 21 of GDPR)
You may at any time object to any processing of your personal data, which is based on the legitimate interest of Pobuca Ltd or performance of a task carried out for reasons of public interest.
If you exercise your right to object, Pobuca Ltd has the right to demonstrate compelling legitimate grounds for the processing which override the rights and freedoms of the data subject, however your fundamental rights and freedoms will not be affected.
Right not to be subject to automated individual decision-making, including profiling
(Article 22 of GDPR)
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
Opt-out / Unsubscribe You have the right to withdraw your consent, where consent is the basis for the processing. Any withdrawal is valid for the future and any processing conducted by Pobuca Ltd up until the point of withdrawal, is lawful.
Right to lodge a complaint with the competent Supervisory AuthorityRight to lodge a complaint with the competent Supervisory Authority You have the right to lodge a complaint with the local competent Supervisory Authority that may occur in relation to all processing activities undertaken by Pobuca Ltd.
In Greece, the competent Authority to which you may address your complaint is the Hellenic Data Protection Authority, situated at Kifissias Avenue (str. Nο 1-3, PC 11523).
You may find more information on how to exercise your right to lodge a complaint here. You can find a list with all the EU Authorities here.
However, since your privacy is a top priority for us, we strongly advise you to reach us for any issues you may be facing regarding our use of your personal data. We would gladly try to find an amicable solution to manage your requests, so we encourage you to contact us by any means.

10 Security
Pobuca Ltd implements appropriate organizational and technical measures to provide a high level of privacy and security to your Personal Data against accidental or unlawful destruction or alteration, accidental loss, unauthorized disclosure or access and other illegal forms of processing. Our Company is certified with ISO / IEC 27001:2013 since September 2020 and ISO9001 since 2015.
The following list indicates in bullets the applied information security policies:
A.1 INFORMATION SECURITY POLICIES
A1.1 Management Direction for Information Security
A.2 ORGANISATION OF INFORMATION SECURITY
A2.1 Internal Organisation
A2.2 Mobile Devices & Teleworking
A.3 HUMAN RESOURCE SECURITY
A3.1 Prior to Employment
A3.2 During Employment
A3.3 Termination and Change of Employment
A.4 ASSET MANAGEMENT
A4.1 Responsibility for Assets
A4.2 Information Classification
A4.3 Media Handling
A.5 ACCESS CONTROL
A5.1 Business Requirements of Access Control
A5.2 User Access Management
A5.3 User Responsibilities
A5.4 System and Application Access Control
A.6 CRYPTOGRAPHY
A6.1 Cryptographic Controls
A.7 PHYSICAL AND ENVIROMENTAL SECURITY
A7.1 Secure Areas
A7.2 Equipment
A.8 OPERATIONS SECURITY
A8.1 Operational Procedures and Responsibilities
A8.2 Protection form Malware
A8.3 Backup
A8.4 Logging and Monitoring
A8.5 Control of operational software
A8.6 Technical Vulnerability Management
A8.7 Information Systems Audit Considerations
A.9 COMMUNICATIONS SECURITY
A9.1 Network Security Management
A9.2 Information Transfer
A.10 SYSTEM ACQUISITION, DEVELOPMENT AND MAINTENANCE
A10.1 Security Requirements of Information Systems
A10.2 Security in Development and Support Processes
A10.3 Test Data
A.11 SUPPLIER RELATIONSHIPS
A11.1 Information Security in Supplier Relationships
A11.2 Supplier Service Delivery Management
A.12 INFORMATION SECURITY INCIDENT MANAGEMENT
A12.1 Management of Information Security Incidents
A.13 INFORMATION SECURITY ASPECTS OF BUSINESS CONTINUITY MANAGEMENT
A13.1 Information Security Continuity
A13.2 Redundancies
A.14 COMPLIANCE
A14.1 Compliance with Legal and Contractual Requirements
A14.2 Information Security Reviews

11 Amendments to this Privacy Policy
This Privacy Policy enters into force beginning the date of its issuance. In case it is necessary to comply with new requirements imposed by applicable laws, guidelines, or technical requirements or in the course of a revision of our processes and practices we reserve the right to amend the current Privacy Policy.
Any possible future change of the above regulatory framework will be subject to this.
Date 01/09/2020