Personal Data Protection
The management and protection of the personal data of visitors/users of cremservices.gr services are subject to the terms of this section as well as the relevant provisions of Greek (Law 2472/1997 on the protection of individuals with regard to the protection of personal data, as supplemented by the decisions of the Chairman of the Personal Data Protection Committee, Presidential Decrees 207/1998 and 79/2000, and Article 8 of Law 2019/2000) and European law (Regulation (EU) 2016/679, Directives 95/46/EC and 97/66/EC).
In all cases, CREM SERVICES SA reserves the right to change the terms of personal data protection without prior notice.
 CREM SERVICES SA collects the following personal information:
Orders placed via e-commerce (personal advertisements, forms, etc.)
The following information is requested in order for visitors/users to use the e-commerce services and make payments: Full name / Company name – Address / Company Headquarters – Postcode – Telephone number – E-mail address – Fax number – VAT – Tax Office – City – Country.
The above information is required for the issuance of the relevant invoices (tax documents) and is kept in the financial records of CREM SERVICES SA, in compliance with tax legislation. CREM SERVICES SA may use this information, in anonymised form, in order to record the purchasing interests of parties entering into transactions and to make new offers, unless visitors/users of these services request that no such offers be made. Such information shall never be transmitted or communicated to third parties.
The following information is requested in order for your CV to be registered in the CREM SERVICES SA database: Full name – Telephone number – E-mail address – Age – Specialisation – Level of studies – City/Region. CREM SERVICES SA keeps a record of the information you have entered solely for the purpose of operating this service. Such information shall never be disclosed to third parties. Your requests for changing, erasing and/or updating data shall be satisfied within thirty  days, as detailed in the relevant section.
The following information is requested in order for visitors/users to subscribe to the newsletter mailing lists of CREM SERVICES SA: Full name / Company name – E-mail address. CREM SERVICES SA keeps a record of recipients’ e-mail addresses solely for the purpose of sending such newsletters. Such information shall never be disclosed to third parties. Newsletter recipients can opt to be removed from the record of e-mail addresses by making use of the Unsubscribe option. CREM SERVICES SA may remove any recipient without providing reasons.
Visitors/users interested in advertising on cremservices.gr must enter the following information in the relevant request in order to receive all the necessary information: Full name / Company name – Address / Company Headquarters – Telephone number – Fax number – E-mail address – Contact person – City – Country. Such information shall never be disclosed to third parties. CREM SERVICES SA shall not be held liable for the personal data protection policy implemented by advertised parties during their transactions with visitors/users of the services.
 Personal Data Retention Period
The Company keeps and processes your data, for: (a) as long as the use of the selected service continues and/or until we receive a request from you for their removal; (b) as long as required under tax legislation.
Detailed information on the exercise of your rights can be found in the section: Communication – Data Subjects’ Rights.
 Personal Data Security
Personal data are processed in a manner that ensures confidentiality. Our company and its affiliates use the appropriate technical and organisational security measures, follow rules and other procedures to protect your personal data from any unauthorised access, disclosure, loss or accidental/unlawful destruction and any other form of unlawful processing.
 Communication – Data Subjects’ Rights
You are hereby informed that, with regard to all the aforesaid processing purposes, you may exercise, as appropriate and at any time, the right of access, rectification and/or erasure of your Personal Data, as well as the right to portability and/or objection, without providing specific justification to this end, by sending a letter to this effect to our company or an e-mail message to email@example.com.
If you exercise any of the above rights, our company will take all possible steps to satisfy your request within one (1) month of its submission and identification, informing you in writing of the satisfaction of your request or the reasons that prevent the exercise of the right in question, in accordance with the General Data Protection Regulation.
More specifically, in cases of withdrawal of consent to use your electronic address, consent may also be withdrawn electronically by using the Unsubscribe option incorporated in all relevant communication.
 Credit Card Details
The use of a credit card by users of e-commerce services to pay for the relevant services is charged only once by the associated bank and only for the specific transaction. Your credit card details are registered only at the associated bank and are not disclosed to our competent services.
 Transmission to Third Parties
Your personal data are not transmitted or disclosed to third parties or companies, save where necessary for performance of our company’s tax obligations. In all cases, all our associates take the measures necessary to protect and process your personal data solely in the context of our express, written mandate.
 General terms of personal data protection
CREM SERVICES SA safeguards the personal nature of your data and cannot transmit them to any third party (whether natural or legal person) on any grounds, save under the relevant statutory provisions and solely to the competent authorities.
CREM SERVICES SA and its marketing department, in particular, may process, in anonymised form, certain or all of the data you have sent for statistical purposes, financial purposes and for the purpose of improving its services – information provided.
Notice on the processing of personal data regarding the video surveillance system
The société anonyme with the name ‘CREMATION SERVICES SOCIÉTÉ ANONYME’, trading as ‘CREM SERVICES SA’ (hereinafter the “company”) manages your personal data in compliance with the General Data Protection Regulation (hereinafter “GDPR”) (EU 2016/679) and Law 4624/2019.
You are hereby informed with regard to the management of your personal data by our company.
The Controller is the société anonyme the name ‘CREM SERVICES SA’, trading as ‘CREM SERVICES SA’, with registered offices in Chalandri, Attica at 126, Pentelis Avenue, GR-15234. For any issue concerning the processing of your personal data by our company, you can also contact us by telephone at 222.1121752 and online by e-mailing us at firstname.lastname@example.org.
2. Data processed
The company collects and manages your following personal data: a) image data and b) audio data.
3. Purpose of Processing
Your personal data are processed using a video surveillance system in order to protect the legitimate interests of persons and goods. Processing is necessary for the purposes of legitimate interests that we pursue as controller. More specifically, our legitimate interest consists of the need to protect the premises and goods found therein from illegal acts, including but not limited to theft. The same applies to the safety of the lives, physical integrity, health and assets of company staff and third parties legitimately found in the area under surveillance. Image and audio data are collected. Collection is limited to spaces, including but not limited to the entrance, where it has been assessed that there is an increased likelihood of illegal acts, such as theft, without focusing on spaces where the privacy of the persons whose image is being recorded may be excessively restricted, including their right to respect for their personal data.
4. Legal basis for processing
In view of the above purpose served by the processing of your data, the legal basis for the processing of these data is the protection of the legitimate interests of the company (Article 6(1)(f) GDPR).
The material collected is accessible only by our competent or authorised personnel charged with security of the premises.
This material shall not be transmitted to third parties, save in the following cases: a) to the competent judicial, prosecution and police authorities when it includes information necessary to investigate a criminal act involving persons or goods relating to the controller; b) to the competent judicial, prosecution and police authorities when requesting data in the performance of their duties; and c) to the victim or the perpetrator of a criminal offence, in cases of data which may constitute evidence of the act.
6. Retention Period
Your data are retained by the company for fifteen (15) days and, after this period has elapsed, are automatically deleted, subject to the subparagraphs below.
If an incident comes to our attention during this period, we will isolate part of the video and retain it for one (1) further month, for the purpose of investigating the incident and institute legal proceedings to protect our legitimate interests; if the incident concerns a third party, we will retain the video for a further period of up to (3) months.
Where legislation requires the retention of personal data for a period shorter or longer than the one noted above, the retention period shall be curtailed or extended accordingly.
Where the company is involved in administrative proceedings, litigation (e.g. civil action), judicial investigation (e.g. criminal inquiry), etc., your data will be kept until the legal proceedings have irrevocably ended in all cases.
After these periods have elapsed, your data will be destroyed.
7. Your rights as a personal data subject
7.1. Right of access
You have the right, by sending a request to the company either in writing or via e-mail at email@example.com, to obtain confirmation as to whether or not the personal data that concern you are being processed by the company and, if so, you have the right to access your personal data and the following information: a) the purposes of the processing; b) the relevant categories of personal data; c) the recipients or categories of recipients to whom your personal data have been or are to be disclosed and, in particular, recipients in third countries or international organisations; d) where possible, the period for which your personal data will be stored or, where that is not possible, the criteria determining said period; e) the right to request that the company erase your personal data or to limit the processing of your personal data or to object to such processing; f) the right to lodge a complaint with a supervisory authority.
7.2. Right to erasure
You have the right, by sending a request to the company either in writing or via e-mail at firstname.lastname@example.org, to request the erasure of personal data concerning you, where any of the following reasons applies: a) your personal data are no longer necessary for the purposes for which they were collected or were otherwise processed; b) your personal data were unlawfully processed; c) your personal data must be erased in order to comply with a legal obligation under the applicable law to which the company is subject.
This right shall not be substantiated insofar as processing is necessary: a) to comply with a legal obligation imposed by the applicable law to which the company is subject; or b) to establish, exercise or defend legal claims of the company.
7.3. Right to restrict processing
You have the right, by sending a request to the company either in writing or via e-mail at email@example.com, to ensure that the company restricts the processing of your personal data, where any of the following reasons applies:
a) the accuracy of your personal data being contested by you. In this case, the restriction of processing concerns the period required for the company to verify the accuracy of your personal data;
b) the processing is illegal, you oppose the erasure of your personal data and you request instead the restriction of their use;
c) the company no longer needs your personal data for processing purposes, but you require said data to establish, exercise or defend legal claims.
7.4. Right to object
You have the right, by sending a request to the company either in writing or via e-mail at firstname.lastname@example.org, to object, at any time and for reasons relating to your particular situation, to the processing of your personal data on the basis of Article 6(1)(f) GDPR. The above right shall not be substantiated insofar as the company demonstrates compelling and legitimate grounds for processing, which override your interests, rights and freedoms or for the establishing, exercising or defending its legal claims.
7.5. Right to lodge a complaint
You have the right to lodge a complaint with the Hellenic Data Protection Authority (www.dpa.gr, 1-3, Kifisias Avenue, GR-11523), where you consider that your personal data are being processed by the company in violation of the applicable legislation.
With regard to your above rights, which require the submission of a request to the company, you are hereby informed that the company will make every effort to respond to your request without delay and, in all cases, within one month of receiving the request. That period may be extended by two further months where necessary, taking into account the complexity and number of requests. In such cases, the company shall inform you of any such extension within one month of receipt of the request, together with the reasons for the delay. This service is provided free of charge. If, however, your request is manifestly unfounded or excessive, you may be charged a reasonable fee or we may refuse to comply with your request. This reasonable fee is set taking into account the administrative costs of providing the information or communication or taking the action requested. In order for us to examine a request related to your image, you will need to advise us approximately when you were within range of our cameras and provide us with an image of yours in order to enable us to locate your data and withhold the data which portray third parties. Alternatively, you may visit our premises in order for us to display the images in which you appear.
The company implements appropriate technical and organisational measures to ensure an appropriate level of security for your personal data, such as security of company premises on a round-the-clock basis, as well as use of software that meets strict security requirements.
Notice on the processing of personal data regarding the live streaming of a farewell ceremony
Applicable as of 1 March 2022
The company with the name ‘CREMATION SERVICES SOCIÉTÉ ANONYME’, trading as ‘CREM SERVICES SA’ (hereinafter “CREM SERVICES SA” or the “company”), with registered offices in Chalandri, Attica at 126, Pentelis Avenue, GR-15234, manages the personal data that concern you in compliance with the General Data Protection Regulation (EU 2016/679) (hereinafter “GDPR”), Law 4624/2019 and other applicable personal data protection legislation.
“Personal data” means mean any information relating to natural persons (“data subjects”) who are identified or identifiable (hereinafter “Data” or “personal data”), while “controller” means any person who determines the purpose and manner of processing of personal data.
INTRODUCTION – CONTROLLER
This policy informs you on how CREM SERVICES SA collects and processes information that concern you as controller when the company provides customers with the live transmission (streaming) service of a farewell ceremony for a deceased person that you attend, so that the ceremony can be attended remotely by persons of the deceased person’s close family or friends who cannot attend in person for any reason. Such persons are indicated to the company by each of our customers to whom we provide cremation services (hereinafter “customers”).
Please note that attendance of the ceremony via live streaming by such persons constitutes processing of data by natural persons not falling within the scope of the GDPR, in the sense that it concerns processing that takes place solely in the context of the personal or domestic activity of third parties and is, therefore, not linked to any professional or commercial activity (Article 2(2)(c) GDPR).
Attendees who do not wish to undergo any processing of their data during the provision of the aforesaid may stand outside the camera’s image/audio recording range, which is clearly marked in the ceremony hall, and there are information signs concerning the processing via live streaming.
HOW WE COLLECT YOUR DATA
We collect and process personal data that concern you during the live streaming of a farewell ceremony you attend when you enter the image/audio recording range of the camera used to provide the live streaming service.
WHICH DATA WE COLLECT
The data we collect from you includes:
The company does not require the processing of personal data belonging to special categories (e.g. health data) in order to provide the live streaming service; however, if you voluntarily disclose such data during the ceremony, the processing will concern data that you have been manifestly disclosed as a data subject.
PURPOSE OF PROCESSING
The purpose of collecting/processing your data is:
LEGAL BASIS FOR PROCESSING
The legal basis for processing the personal data collected is that the processing is necessary for the purposes of:
a) the company’s legitimate interests, particularly in order to fulfil its contractual obligations towards its customers, to digitally modernise its services through the use of technological tools for the purpose of offering remote attendance of farewell ceremonies, to maintain a safe environment at the company’s premises for reasons pertaining to the COVID-19 pandemic.
b) and the legitimate interests of third parties who are relatives of the deceased, to attend the farewell ceremonies of their loved ones via live streaming, because, despite their wish to attend in person, they are impeded by serious obstacles such as remoteness, financial reasons, health problems, transport difficulties, etc.
The company shall always balance your rights and interests to protect your data against the rights and interests of the company or third parties.
RECIPIENTS OF PERSONAL DATA
The recipients of your data necessary to fulfil the above processing purposes, and within the context of the competences of each recipient, may be the competent employees of the company in the context of performing their duties, third-party service providers such as IT, Internet and technical support companies whose services are necessary for the performance of the company’s services, or state authorities. Finally, third parties who are relatives of deceased persons and who have been indicated to us by our customer in order to attend the ceremony remotely will be recipients.
It should be noted that, when accessing and processing personal data, the employees and agents of the company fully comply with the provisions of the GDPR as well as with other applicable data protection legislation. The company requires that its employees and associates take all the necessary technical and organisational measures to prevent the disclosure of the personal data they process, and have data management and processing procedures in place and implement them in a lawful manner and protect data in accordance with the GDPR. With regard to third parties who are relatives of deceased persons and attend ceremonies via live streaming, they have been informed that video recording/photography/audio recording of the ceremony even using with their own means of storage is prohibited.
The personal data that concern you will be retained and processed by the company solely for the duration of the farewell ceremony during the live streaming. No image/audio of the ceremony is recorded and stored on storage media by the company, and no recording by third parties that attend remotely is permitted.
TECHNICAL AND ORGANISATIONAL PROTECTION MEASURES
The company, processors processing data on its behalf and performance agents/assistants implement appropriate technical and organisational security measures to protect personal data against unauthorised access, abuse, loss or destruction. Such measures include but are not limited to the use of software that meets strict security standards, network security measures, disabling the possibility of recording on the live streaming platform, careful selection of processors and check of compliance with the GDPR, clear marking of the camera’s image/audio recording range and provision of a distinctive space for those who do not wish to be viewed via live streaming, placement of information signs at the ceremony hall, etc.
If minors are present at the premises, they must stand outside the camera’s image/audio recording range, unless their parents or guardians provide consent.
Under the GDPR, you have the following rights: right of access, right of rectification, erasure, restriction of processing, portability and opposition to the processing of your data by the company, under the specific conditions set out in the GDPR and depending on the legal basis and processing process.
In order to exercise the above rights, you can contact our company via e-mail at email@example.com or post at 126, Pentelis Avenue, Chalandri, Attica, GR-15234. Where you exercise any right, we will take all possible steps to satisfy your request as soon as possible. The minimum applicant data required will be retained in order to safeguard the legitimate interests of the company.
Finally, you can submit any query about how your data are processed and protected to the company, and where you consider that any of your rights is being violated, you have the right to complain to the Hellenic Data Protection Authority (1-3, Kifisias Avenue, GR-11523, Athens, tel. 210 6475600) using the special HDPA form available on the website https://www.dpa.gr/el/syndesi/polites/kataggelia.
CHANGES TO THE POLICY
The company may amend this policy. Please check the date of application at the top of this policy to see when it was last revised. Any revision will take effect as soon as we upload the revised policy.