Privacy notice on Olympiacos FC’s pages on social media (“social networks”)
Olympiacos FC (henceforth, “the FC” or “we” or “Data Controller”) is the administrator of all official @olympiacosfc corporate pages on social media on Facebook, Instagram, X, YouTube, TikTok, Viber, Threads, LinkedIn, WhatsApp (henceforth “social media” or “social networks”), and, pursuant to the applicable National and European Legal and Regulatory Framework on the protection of personal data, is the Data Controller with respect to processing personal data that occurs on the @olympiacosfc pages in the aforementioned social networks.
1. Scope
The aim of this Privacy Notice is to describe the type of personal data we collect, when our Olympiacos FC (@olympiacosfc) pages on social media are accessed, the reasons why we collect and process said data, the legal basis of their processing, as well as your rights as data subjects, in compliance with our transparency and consent obligations as provided by the General Data Protection Regulation (henceforth “GDPR”) and Greek law 4624/2019.
The FC reserves the right to amend and adjust this Policy, whenever deemed necessary, whereas any amendment shall take effect upon its communication to you by e-mail, or posting on the Internet, or by any other means the FC considers appropriate.
2. Data collected and collection sources
Α. While simply browsing our page
The FC collects limited and anonymous information on the users and their systems, even when you have no account or you have not signed in the respective social network. When visiting our Olympiacos FC page on social media, no personal data on you are collected, except for aggregate data provided to us by the respective social network, i.e. metrics, such as the number of our page visitors. This piece of information is anonymized and unrelated in any case with specific users and their actions or information from their public or private profiles..
When accessing our page, the browser or your desktop/laptop/mobile application (i.e. Internet Explorer, Google Chrome, Mozilla Firefox, Facebook, Instagram, Twitter apps, etc.) creates a direct link to social networks servers. The social medium creates a direct link to the servers of above social networks. The social network receives that information accessed by the browser or application on our website’s relevant page, even if you have no account in this social network or you are not logged in. This information (including the IP Address) is transmitted by your browser directly a social network’s server that might be located in a third country (i.e. in countries outside the European Union and the European Economic Area) and stored there. The FC collects and has access to no such information, which are collected exclusively via each social medium for its smooth operation.
Β. When interacting with us
When, as a user, you decide to interact with our social media pages (e.g. when you follow one of our pages, when you click “Like” on Facebook or “Follow” on Instagram or add your reaction to our post, when you “Share” it or add your “Comment”, etc.), then we are given access to your name, age and gender. However, we do not store your personal data, nor export them to some other database. Your data is used by the FC for the sole purpose of interacting with you via the respective social networking medium. The FC may delete your comments if they fail to comply with our Policies on the use of social networking media (e.g., if your comments are insulting, illegal or ill-intended). The FC may not edit your comments, nor manage your data in any other way.
Γ. When taking part in a competition or draw
In case that, via our social media pages, a competition or a draw is set, a privacy notice shall be sent about this specific event, in order to inform all participants on the way we will collect, use and process their personal data for this purpose.
3. Purposes of processing and Legal Basis
The FC might access and/or collect and/or process your personal data as mentioned above, to pursue its legitimate interests (article 6, par.1 (f) of GDPR), and in particular:
• To analyse the habits of users visiting our pages,
• To improve page functioning,
• To promote Club initiatives and any promotional actions,
• To provide useful information to page visitors on Club news, participation to competitions, tickets sales, events and participation in various actions and/or offerings of merchandise and services of the Club and/or its official sponsors and partners,
• To establish, exercise or support its legal claims,
• To reply to a message/comment of yours.
The FC collects and/or processes your personal data and/or accesses it for the sole purposes mentioned above kai only to the extent necessary to effectively serve said purposes. These data must always be relevant, proper and no more than the ones needed for the above purposes; they must also be accurate and, if needed, subject to update.
4. Data retention period
The FC does not store your personal data and handles your details only in the way mentioned under sections 2 and 3.
Your personal data are stored only in the server of the respective social medium you follow. When you decide to interact with our social media pages (e.g. when you follow one of our pages, when you click “Like” on Facebook or “Follow” on Instagram or add your reaction to our post, when you “Share” it or add your “Comment”, etc.), these personal details of yours shall appear on the social medium and be visible to your contacts there. This social network κοινωνικό may use these data for advertising, market research and webpage design according to user demands.
Your personal details above, such as “Comments”, “Check in’s, “Likes” or “Reactions”, and their processing is subject to the Terms of Use, Privacy Policy and Cookies Policy of the respective social medium you use, which is recommended that you read carefully, in order to be informed about the purpose and the range of data collection and their processing and use by the respective social network , as well as about your rights and deactivation options to protect your personal privacy.
We remind you that, at any given moment, you may delete or amend any comment or post you have published, using dedicated functionalities and configure the settings on the protection of personal data, depending on your personal account’s requirements on the respective social network.
We note that reports we receive by this social network include nothing but aggregate numbers, statistics, anonymous details, but no personal data, therefore no specific data retention period is provided for this data.
5. Transmission to third parties
In no way does the FC transmit the webpage users’ personal data against fee to any third private entities, natural or legal persons, public authorities or agencies or other organizations.
The FC may provide access to your personal data to third service providers, who will process them as data controllers, on behalf of the FC, and in the context advertising services or product promotion.
Processing of personal data by the above providers working with us is performed under our control and only subject to our mandate and is governed by the same privacy protection policy or a policy of the same level of protection.
Moreover, the FC may transmit your data in the context of its statutory obligations to:
– Tax, auditing and other public authorities when we consider, in good faith, that the Law or other statutory act obliges us to grant access or transfer this data.
– Police or other competent law enforcement agencies or administrative authorities, if so required by Law or any other legally implementing act or mandate.
Any transmission of your data to third countries not belonging to the European Economic Zone (i.e. non-EU member states, Norway, Iceland and Lichtenstein) will be performed in compliance with the legal framework on data protection and only if adequate guarantee of data protection is provided.
Moreover, our webpage may include links to third party webpages. If you click on a third party link, then you will be directed to this third party’s webpage. We recommend that you read the Terms and Conditions, as well as the Privacy Policies of all third party webpages or services you visit. The FC has no control on and assumes no responsibility for the contents, privacy policies or other practices of any third party webpages/websites or services.
6. Your rights as Data Subjects
One of GDPR’s main principles is the protection of the rights of natural persons with respect to their personal data processing. In this context, you have a set or rights pertaining to your personal data under process by the FC. In particular and according to the GDPR, you have the right:
• To be informed about processing of your personal data.
• To have access to your personal data.
• To ask that any inaccurate details about yours, as kept by the FC, be corrected.
• To ask for the erasure of your personal data in certain cases.
• To receive your personal data provided by you to the FC in a structured, commonly used and machine-readable format.
• To apply for transferring your personal data to third parties in certain cases.
• To object to processing your personal data that for the purposes of the FC’s legitimate interests.
• To apply for the restriction of processing of your personal data in certain cases.
• To lodge a complaint with the competent supervising authority, which, for Greece, is the Hellenic Data Protection Authority (“HDPA”). You may contact the HDAP in the following ways: (a) Postal Address: Hellenic Data Protection Authority, Offices: 1-3, Kifissias Ave. P.O. 115 23, Athens, (b) Call center: +30-210 6475600, (c) Fax: +30-210 6475628, (d) Email: contact@dpa.gr.
• To withdraw your consent in the case that processing your personal data is performed on the basis of your prior consent.
More information on these rights, including conditions and ways to perform them, are included in the Privacy Policy, as found on the FC’s official webpage. https://www.olympiacos.org/politiki-aporritou/
7. Data Controller
The FC acts as your personal data Controller. Details of the Controller are the following:
Denomination: | OLYMPIACOS CLUB OF FANS OF PIRAEUS FOOTBALL PUBLIC LIMITED COMPANY |
Distinctive title: | OLYMPIACOS FC |
General Electronic Commercial Register No.: | 44327807000 |
Tax ID: | 094079531 Tax Office: FAE Piraeus |
Seat: | Alexandras Sq., P.O. 18534, Piraeus, Attika |
Legal representative: | DIMITRIOS AGRAFIOTIS |
Data Protection Officer: | Liza Kostarlidou |
Telephone: | 2169002520-2 |
Fax: | 2169002519 |
E-mail: | kostarl.liza@gmail.com |
Questions? If yes, then contact us!
If you have any question on this Notification, please contact our Data Protection Officer.
Definitions
‘General Data Protection Regulation (GDPR)’ – an EU Regulation that intends to harmonize European Legislation on protection of personal fata. It shall take effect on May 25th, 2018, and every reference to it must be construed in a way that also includes national implementing laws.
‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;.
‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
‘sensitive personal data’ means personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, physical and mental health, genetic and biometric data concerning a natural person’s sex life or sexual orientation and data relating to criminal convictions and offences. Because of the nature of sensitive personal fata, legislation is much stricter with the way this data should be processed. The Company processes sensitive personal data only in accordance with the law.
«παραβίαση δεδομένων προσωπικού χαρακτήρα» : η παραβίαση της ασφάλειας που οδηγεί σε τυχαία ή παράνομη καταστροφή, απώλεια,
‘personal data breach’ means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed; .
‘restriction of processing’ means the marking of stored personal data with the aim of limiting their processing in the future;
‘controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;