Last Updated: 28/4/2021
Please read this Policy carefully to get a clear understanding of how we collect, use, protect or otherwise process your Personal Data in accordance with our Website.
2 Who we are and what we do? - Our role in the processing of your Personal Data
Pobuca Ltd (“Pobuca” or “We” or “Our Company”) is an international business solutions provider with a portfolio of 3.000 businesses, from 85 countries around the world that are using its innovative products and solutions. We are a one-stop-shop to grow your business by leveraging technology. We offer state of the art AI-based software solutions and a broad range of services like consulting, technical integration, and after-sales support, aiming at the digital transformation of our clients.
Pobuca is a CX platform that develops and grows returning customers.
We offer a broad range of solutions and consulting services to engage your customers efficiently. We work for strong and long-lasting customer relationships- engaging them in all sales and marketing channels and rewarding them for their loyalty.
This website is controlled by Pobuca Ltd, based at London UK,207 Regent Street, 3rd. floor, W1B 3HH and its affiliate Pobuca – Sieben PC, based at Athens, Greece, Aristomenous 3, Gerakas, email@example.com.
We are the Data Controller regarding to the processing of Personal Data through this website.
4 What Personal Data do we collect about you?
Personal Data are any information that relates to a natural person whose identity is known through reference to name or can be identified indirectly through reference to telephone number, address etc.
In case you are a User of our Website:
- Identification data: (full name) you provide to us when you opt to complete the contact form on our website,
- Contact Information: (email and mobile phone number) voluntarily provided to us when you opt to complete the contact form on our website,
- Message data: any data you may provide to us by filling in the respective field in the contact form,
- IP Addresses
- Cookie data: as analyzed in our Cookies Policy.
5 For which purposes and under which Legal Basis do we process your personal data?
Respecting Greek and EU legislation, we will not process your Personal Data if we do not have a proper justification foreseen in the law for that purpose. Therefore, we will only process your Personal Data, if We have a Legal Basis to do so.
We process your Personal Data according to all principles relating to processing of personal data cumulatively for the purposes referred below:
|Purpose of Processing||Legal Basis of Processing|
Navigate through our website
We process your identification data, your contact data and your message, when you opt to complete our contact form based on your consent.
You have the right to withdraw your consent freely at any time a) regarding cookies by visiting the cookie banner and b) regarding contact form data, by sending us a request at firstname.lastname@example.org .
We process your identification data, your contact data and your message, when you opt to complete our contact form based on your consent in order to communicate with you, our pre-sales, sales and marketing departments.
• Subscribe to our newsletter, webinars, events
• Download marketing and product material (i.e. eBook, case study, etc.)
|The marketing department sends you our news and any marketing communication regarding our services when you subscribe to our newsletter, webinars, and events or when you download our marketing and product material, and you give us your consent.
The right to withdraw your consent can be exercised easily by unsubscribing or by sending us an e- mail at email@example.com.
6 Who Has Access to Your Personal Data and to whom are they transferred?
We limit access to your Personal Data to those who have a genuine business need to know it. Also, those processing your information will do so only in an authorized manner and are subject to a duty of confidentiality.
We do not share your Personal Data with unaffiliated third parties, except as necessary for their legitimate professional and business needs, to carry out your requests, and/or as required or permitted by law or professional standards.
The recipients of your data are only the strictly necessary and have access to your data on a need-to-know basis.
Pobuca Ltd may need to transfer your data to the following categories of recipients:
a) Standard Recipients:
Such as internal and external accountants, HR management, Marketing Specialists, IT specialists, technical support, etc.
b) Special recipients:
We use cloud service providers for hosting of digital data physical and digital security providers, archiving providers for the retention of physical or digital archives
c) Public Authorities and Administrative Bodies:
Tax Office, Judicial authorities, Police, and prosecutorial authorities in case of criminal acts or legal claims etc.
7 International Transfers
In general, we undertake measures in order to process data within the European Union and the EEA and/or third countries with adequacy decisions. However, Pobuca Ltd will not transfer your data to third countries.
8 Data Retention Policy – How long do we keep your data?
We retain your Personal Data for as long as it is absolutely necessary, in order to fulfil the respective processing purpose, as described in this Policy, taking into account any applicable law (European or National) regarding the protection of Personal Data. To determine the retention time of Personal Data, the Company takes into account the nature of Personal Data, the quantity, the purpose of their processing, their security, etc. respecting the data minimization principle.
The data retention time on the cookies installed on your device depend on the type of cookies you choose to install in our cookie banner.
9 What are your rights and how can you exercise them?
Pobuca Ltd fully respects your rights with regard to the processing of your Personal Data. We have created a mechanism for the exercising of the rights of data subjects in order to be able to satisfy them as soon as possible by sending us an e-mail at firstname.lastname@example.org.
In any case your application should be accurate, and you can exercise your right, when the following conditions apply:
|Right of Data Subject||Explanation|
|Rights of Access
(Article 15 of GDPR)
|You can request to:
• Confirm that Pobuca Ltd processes your personal data.
• Provide you with access to any personal data that you do not already have at your disposal
|Right to Rectification
(Article 16 of GDPR)
|You can request to rectify inaccurate personal data.
Pobuca Ltd may seek to verify the accuracy of the data before it rectifies it.
|Right to Deletion/
Right to Erasure
(Article 17 of GDPR)
You can request Pobuca Ltd to erase your Personal Data in case:
Pobuca Ltd is not obliged to comply with the User’s request to erase such User’s Personal Data if the processing is necessary:
|Restriction of Processing
(Article 18 of GDPR)
|You can ask us to restrict the processing (i.e., store but not process) of your personal data when:
- their accuracy is contested (see rectification), so that we can verify the accuracy of the personal data or
- the personal data have been unlawfully processed but you oppose to the erasure of the personal data or
- they are no longer necessary for the purposes for which they were collected, but you still need them for the establishment, exercise or defense of legal claims or there is another legitimate purpose of processing or other legal basis.
- you have exercised you right to object and you wait for its verification
|Right to Data Portability
(Article 20 of GDPR)
|When processing is based on your consent or the performance of a contract and is carried out by automated means, you may request that we provide your personal data in a structured, commonly used and machine-readable format, or you may request to be transferred directly to another controller. However, this right concerns only the data provided by the data subject and not any data produced by the controller based on already collected data.|
|Right to Object
(Article 21 of GDPR)
|You may at any time object to any processing of your personal data, which is based on the legitimate interest of Pobuca Ltd or performance of a task carried out for reasons of public interest.
If you exercise your right to object, Pobuca Ltd has the right to demonstrate compelling legitimate grounds for the processing which override the rights and freedoms of the data subject, however your fundamental rights and freedoms will not be affected.
|Right not to be subject to automated individual decision-making, including profiling
(Article 22 of GDPR)
|You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.|
|Opt-out / Unsubscribe||You have the right to withdraw your consent, where consent is the basis for the processing. Any withdrawal is valid for the future and any processing conducted by Pobuca Ltd up until the point of withdrawal, is lawful.|
|Right to lodge a complaint with the competent Supervisory AuthorityRight to lodge a complaint with the competent Supervisory Authority||You have the right to lodge a complaint with the local competent Supervisory Authority that may occur in relation to all processing activities undertaken by Pobuca Ltd.
In Greece, the competent Authority to which you may address your complaint is the Hellenic Data Protection Authority, situated at Kifissias Avenue (str. Nο 1-3, PC 11523).
You may find more information on how to exercise your right to lodge a complaint here. You can find a list with all the EU Authorities here.
However, since your privacy is a top priority for us, we strongly advise you to reach us for any issues you may be facing regarding our use of your personal data. We would gladly try to find an amicable solution to manage your requests, so we encourage you to contact us by any means.
Pobuca Ltd implements appropriate organizational and technical measures to provide a high level of privacy and security to your Personal Data against accidental or unlawful destruction or alteration, accidental loss, unauthorized disclosure or access and other illegal forms of processing. Our Company is certified with ISO / IEC 27001:2013 since September 2020 and ISO9001 since 2015.
The following list indicates in bullets the applied information security policies:
A.1 INFORMATION SECURITY POLICIES
A1.1 Management Direction for Information Security
A.2 ORGANISATION OF INFORMATION SECURITY
A2.1 Internal Organisation
A2.2 Mobile Devices & Teleworking
A.3 HUMAN RESOURCE SECURITY
A3.1 Prior to Employment
A3.2 During Employment
A3.3 Termination and Change of Employment
A.4 ASSET MANAGEMENT
A4.1 Responsibility for Assets
A4.2 Information Classification
A4.3 Media Handling
A.5 ACCESS CONTROL
A5.1 Business Requirements of Access Control
A5.2 User Access Management
A5.3 User Responsibilities
A5.4 System and Application Access Control
A6.1 Cryptographic Controls
A.7 PHYSICAL AND ENVIROMENTAL SECURITY
A7.1 Secure Areas
A.8 OPERATIONS SECURITY
A8.1 Operational Procedures and Responsibilities
A8.2 Protection form Malware
A8.4 Logging and Monitoring
A8.5 Control of operational software
A8.6 Technical Vulnerability Management
A8.7 Information Systems Audit Considerations
A.9 COMMUNICATIONS SECURITY
A9.1 Network Security Management
A9.2 Information Transfer
A.10 SYSTEM ACQUISITION, DEVELOPMENT AND MAINTENANCE
A10.1 Security Requirements of Information Systems
A10.2 Security in Development and Support Processes
A10.3 Test Data
A.11 SUPPLIER RELATIONSHIPS
A11.1 Information Security in Supplier Relationships
A11.2 Supplier Service Delivery Management
A.12 INFORMATION SECURITY INCIDENT MANAGEMENT
A12.1 Management of Information Security Incidents
A.13 INFORMATION SECURITY ASPECTS OF BUSINESS CONTINUITY MANAGEMENT
A13.1 Information Security Continuity
A14.1 Compliance with Legal and Contractual Requirements
A14.2 Information Security Reviews
Any possible future change of the above regulatory framework will be subject to this.