Privacy Policy

At Orfium (hereafter as “Company” or “Orfium International Limited”), we are committed to maintain the highest standards of personal data protection and comply with pertinent privacy legislations. Our Privacy Policy presents our commitments to protecting the personal data processed after collected from any source. This privacy policy (“Policy”) describes how Hexacorp and its related companies collect, use and share personal information. The Company encourages you to read this Policy before using the Site or submitting any personal data. Your use of the Site signifies your agreement to our processing of personal data as described in this Policy and that you agree to all of the terms of this Policy. 

The contact details of our Company are the following:

Address: 13-18 City Quay, Dublin 2, D02 ED70

Tel.: + (+30) 2109228995

E-mail: info@ofrium.com

https://www.orfium.com

Our Data Protection Officer will provide you with any information relevant to the processing activities of your personal data carried out by our Company and will assist you in exercising the rights awarded to you by the GDPR and outlined below.

The contact details of the Company’s Data Protection Officer are the following:

Advanced Quality Services Ltd.

Address: 1 Sarantaporou str, 145 65, Agios Stefanos Attikis, Greece

Tel.: + (+30) 2106216997

E-mail: dpo@orfium.com

https://www.aqs.gr

What we collect

We get personal information about you in a range of ways

  • Information You Give Us Using Our Site. We collect your‎ name, postal address, email address, phone number, username, password, demographic information (such as your gender and occupation), date of birth, mobile service provider, purchase history, payment data (credit card information and other financial information), social media data, as well as other information you directly give us.
  • Information Automatically Collected by Us While You Use Our Site. If you have consent with the use of cookies in your browser, we automatically log information about you and your computer. For example, when visiting our Site, we log your computer operating system type, browser type, browser language, the website you visited before browsing to our Site, pages you viewed, how long you spent on a page, access times, Information about your subscription, Interaction with the service (which songs, playlists, other Orfium users you interact with, etc.), The details of Queries you make, User Generated Content (as defined in the General Terms of Use), Technical data (URL, IP address, unique device ID, network and computer performance), Transactional information enabling digital rights management, Location information,  and information about your use of and actions on our Site.
  • Information you give us directly by other means.
  • Information which is produced from the execution of our contractual relationship.
  • Information which is produced during the compliance with our legal obligations.

Cookies

We may log information using “cookies.” Cookies are small data files stored on your hard drive by a website. We may use both session Cookies (which expire once you close your web browser) and persistent Cookies (which stay on your computer until you delete them) to provide you with a more personal and interactive experience on our Site. This type of information is collected to make the Site more useful to you and to tailor the experience with us to meet your special interests and needs. For more details, you can access the Cookie Policy in this link. 

 Categories of data

The personal data we process on a case by case basis is:

  • Regular Personal Data: full name, birthdate, ID number, VAT number, address, phone number, e-mail.
  • Special Categories of Personal Data: Health Data of our people (in cases where it is necessary to fulfill our obligations imposed by the law).

Purpose of Processing

The reasons we process your data are on occasion to contact you in order to answer your questions and requests, to evaluate your resume, to sign contracts with you, to fulfill our contractual obligations to you, to fulfill the legal obligations arising from national and EU law.

Lawful basis for processing

In particular, the lawful basis for processing your data are as follows:

• Article 6 par. 1a GDPR you, the data subject has given consent to the processing of your personal data for one or more specific purposes;

On this basis we rely, for example, for processing your data after you have posed a question using our site or after you have filed a form or after an email you have sent us.

• Article 6 par. 1b GDPR processing is necessary for the performance of a contract to which you, the data subject, are counterparty or in order to take steps at the request of the data subject prior to entering into a contract; 

On this basis we rely, for example, for processing your data during negotiations of any kind of contract or commercial agreements by disclosing your data when required by a third party recipient, Bank and Insurance Organization through which we can fulfill our contractual obligations to you.

• Article 6 par. 1c GDPR  processing is necessary for compliance with a legal obligation to which the controller is subject.

On this basis, we rely to comply with our statutory obligations such as tax or insurance provisions, or obligations arising from the labor law.

• Article 9 par. 2b GDPR Processing is necessary for the purposes of carrying out the obligations and exercising specific rights of the controller or of the data subject in the field of employment and social security and social protection law in so far as it is authorised by Union or Member State law or a collective agreement pursuant to Member State law providing for appropriate safeguards for the fundamental rights and the interests of the data subject.

On this basis we rely, for example, for processing your data during our fulfillment to our contractual obligations to you.

Τhe period for which your personal data will be stored

Hexacorp retains your personal data for as long as the processing purpose persists, and after its expiration, we lawfully maintain your personal data when it is necessary to comply with a legal obligation under ΕU or national law (for example, Labor, Tax Insurance and Administrative Law) as well as in the case where the maintenance is necessary for the foundation, exercise or support of the legal claims of our company.

What are your rights

Right of Access

You have the right to receive a) confirmation regarding the processing of your data, and b) a copy of your personal data.

Right to rectification

You have the right to obtain from Hexacorp the rectification of inaccurate personal data concerning you, or ask to have incomplete personal data completed, when they are inaccurate.

Right to erasure 

You have the right to obtain from Hexacorp the erasure of personal data concerning you, if you no longer wish to have such data processed and if there is no legitimate reason for us to own it as a controller.

In particular, this right shall be exercised when the lawful basis for processing is your consent and you withdraw it, so the data should be deleted if there is no other lawful basis for processing, when your personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed or unlawfully processed or if you object to the processing and there are no compelling and legitimate reasons for processing.

It should be noted, however, that this is not an absolute right, as the further retention of personal data by Hexacorp is lawful when necessary for reasons such as compliance with a legal obligation of the Organization or the foundation, exercise or support of legal claims.

Right to restriction of processing

As an alternative to the right to erasure and the right to object, you have the right to request that we process your data only in specific cases.

When do you have this right?

When:

  • you invoke the inaccuracy of your data, and we, as Controller, examine the request,
  • the processing is unlawful,
  • the data is no longer necessary for the purpose of processing, but you ask from us to retain it for the exercise and defense of your legal claims,
  • You have exercised the right to objection and we, as a controller, is examining the existence of an overriding legal interest therein.

The exercise of this right may be combined with the right to rectification and the right to object. 

Specifically,

a) If you request the rectification of your inaccurate data, you may request a restriction of processing for as long as Hexacorp examines the rectification request,

b) If you request the right to objection, you may request at the same time the limitation of the processing for as long as Hexacorp examines the counterclaim.

Right to data portability

You have the right to receive your personal data that has been processed by Hexacorp as a controller in a structured, commonly used and machine readable format (for example XML, JSON, CSV, etc.). You also have the right to ask Hexacorp to transmit this data to another processor without any objection

The right to portability can only be exercised by you when all of the following conditions are fulfilled : 

  • personal data are processed by automated means (printed forms are excluded)
  • the lawful basis for processing is either your consent or the performance of a contract to which you are a party (Article 6 (1) (c) of the GDPR);
  • It is your own personal data as the data subject that are processed and has been provided by you.
  • the exercise of the right does not adversely affect the rights and freedoms of others.

Right of objection

You have the right to oppose, at any time and for reasons related to your particular situation, to the processing of personal data concerning you when the processing is based either on (a task performed in the public interest) or on (if Hexacorp has a legitimate interest), including profiling.

The Organization will be required to stop such processing unless it demonstrates imperative and lawful reasons for processing that override your interests, rights and freedoms, or for the foundation, exercise or support of legal claims.

Right to non-automated individual decision making including profiling

If Hexacorp needs to make a decision that produces legal effects for you based solely on automated processing the following apply :

  • Hexacorp as a controller may lawfully make such a decision only if you have given us your explicit consent or when the decision is necessary for the conclusion or performance of a contract between us or if such a decision is permitted by EU or national law, which provides for appropriate measures to protect the rights of the subject.
  • If this decision is made as necessary for the conclusion or performance of a contract between us, namely Hexacorp as a controller and you as the data subject or upon your explicit consent, you have the right to challenge this decision, so that Hexacorp will be obliged to apply measures to protect your rights, ensure human interference in decision-making, or the right to express an opinion and challenge your decision as a subject of the data.
  • If Hexacorp intends to perform automated data processing, including profiling, it will provide you, upon receipt of your data (when collected by you) or in a reasonable time (when taken from another source) and the following additional information:
  • whether and to what extent automated decision-making takes place, including profiling,
  • on the logic followed,
  • on the importance and predicted consequences of the processing,
  • information on the subject’s right to object, which is clearly and separately described from any other information.
  • in any case of profiling, you are entitled to limit the processing at any stage,
  • Hexacorp will be required to delete the relevant personal data if the basis for profiling is your consent and it is revoked or if you exercise the right to delete its data and if there is no other legal basis for processing in accordance with the provisions of Regulation.
  • You have the right to oppose at any time and for reasons related to your particular situation to the processing of your personal data when the processing is based on the legitimate interest of the Organization, including profiling and Hexacorp will cease submitting the personal data processed unless it demonstrates imperative and legitimate reasons for processing that override the interests, rights and freedoms of the subject or for the foundation, exercise or support of legal claims.

You have the right to submit a Complaint to the Data Protection Authority

If you find that your personal data is being processed unlawfully or your personal data has been violated, provided that you have previously contacted the DPO for the matter and you have exercised your rights towards us, and you either did not receive a reply within one month (extending the deadline to two months in the case of a complex request) and either you believe that the answer you received from us is inadequate and your issue is not resolved, you can contact the Greek Data Protection Authority, Kifissias Avenue 1-3, PC 11523, Athens, email: complaints@dpa.gr, fax 2106475628. For more information see the Web Portal www.dpa.gr.

Changes To This Privacy Policy

We may change this privacy policy. If we make any changes, we will change the Last Updated date above.