Privacy Policy

The protection of your data and privacy is very important to us. Please read this privacy policy carefully, as it contains important information about who we are and how and why we collect, store, use, and share your personal data. It also explains your rights regarding your personal data and how to contact us or the supervisory authorities if you have a complaint.

This Privacy Notice applies to the use of the Q-Pass application, the Q-Pass website hosted at https://www.q-pass.gr/, as well as any other form of media, websites, or applications related to or connected with us (collectively, the “Q-Pass Platform”).

We collect, use, and are responsible for certain personal data related to you. When we do this, we are subject to the applicable data protection legislation based on Law 4624/2019, Law 2774/1999, the decisions and guidelines of the Personal Data Protection Authority, and the EU General Data Protection Regulation (GDPR) in relation to goods and services we offer to individuals in the European Economic Area (EEA).

Important Terms

It would be helpful to start by explaining some key terms used in this policy:

We, Us, Q-Pass	The company named Q Digital Services IKE, commonly known as Q-PASS, with VAT number 800666870, Kalamata Tax Office, which is legally represented and headquartered in Kalamata at Nea Eisdou - Akovitika TK 24100, the administrator and exclusive beneficiary of the website www.q-pass.gr and the corresponding application for mobile devices and tablets.
Personal Data	Any information relating to an identified or identifiable natural person
Data Subject	The person to whom the personal data relates
Favorite Store(s)	The ability for the user to select one or more stores as favorites through the website or application, allowing the stores to communicate directly with the user for updates and providing benefits, including exclusive offers, promotional actions, or new products and/or services and other information.
Partner Stores	Stores that provide services or products through the Q-Pass Platform

Personal Data We Collect

Q-Pass provides a platform where the User can purchase products and/or services from Partner Stores of their choice. A prerequisite for starting our transaction as well as your interaction with the Partner Stores is the disclosure of certain personal information from you. We may collect and use the following personal data related to you:

We may process data that allows us or the partner stores to contact you (“Contact Details”). Contact data may include your name, email address, phone number, postal address, and/or social media account identifiers. If you log in to our Platform using a social media account, we will receive contact data from the relevant social media account provider.
We may process your account data on the Platform (“Account Data”). Account data may include your account ID, name, gender, email address, business name, account creation and modification dates, website settings, the stores you have set as favorites, and marketing preferences. If you log in to our website using social media, we will receive account data from the relevant social media account provider, including your photo, full name, and the email address used.
We may process information about transactions, including purchases of products and/or services that you enter into with us and/or through our Platform (“Transaction Data”). Transaction data may include your name, your contact details, pseudonymized payment card details, and transaction details.
We may process information contained in or related to any communication you send us (www.q-pass.gr/contact) or that we send you (“Communication Data”). Communication data may include the content of the communication and the metadata associated with the communication.
We may process data regarding your use of the Platform and our services (“Usage Data”). Usage data may include your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views, and navigation paths on the website, as well as information about the timing, frequency, and pattern of your use of our service.
We may process order and shipping information (“Order Data”). This data may include order history, order number, and delivery address.

We collect and use the above personal data to provide you with our products and services. If you do not provide us with the personal data we request, we may delay or be unable to provide products and/or services to you.

How We Collect Your Personal Data

We collect most of the above personal data directly from you; however, we may also collect information:

from publicly accessible sources,
directly from third parties, e.g.:
- third parties we use to service your order, such as payment service providers.
- third parties you connect with us to create your account, such as Facebook, Instagram, and Twitter.
from cookies on our website — for more information about the use of cookies, refer to our cookie policy (www.q-pass.gr/cookies)
through our IT systems, e.g.
- through automated monitoring of our websites and other technical systems, such as our networks and computer connections, access control systems, communication systems, email, and instant messaging systems.

How and Why We Use Your Personal Data

According to the applicable data protection legislation, we can only use your personal data if we have a suitable reason, e.g.

When you have given us your consent.
For compliance with our legal and regulatory obligations.
For the performance of a contract with you or to take steps at your request before entering into a contract.
For the purposes of serving our legitimate interests or the interests of a third party.

Legitimate interest is when we have a business or commercial reason to use your information, provided this is not overridden by your rights and interests. We will conduct an assessment when we rely on legitimate interests, to balance our interests against yours.

The table below explains the purposes for which we process your data.

Purpose	Why We Use Your Data
To provide you with our services and fulfill our contractual obligations	For user service purposes, execution and delivery of orders (fulfilling the contract you have with us or with the Partner Stores or taking steps at your request before the contract) or to handle your payments or any refunds (where applicable) and to provide the partner stores with the necessary information for the preparation or delivery of your order.
Prevention and detection of fraud and illegal activities	To serve our legitimate interests or the interests of a third party, including Partner Stores, for the purposes of minimizing fraud or illegal activities that could be harmful to you and/or us.
Conducting checks to identify our customers and verify their identity	To serve our legal and regulatory obligations.
Operational reasons, such as improving efficiency, experience, and quality	For the operation of our Platform, processing and fulfilling orders, providing our services, providing our goods, creating invoices, accounts, and other documents related to payments and credit checks. The legal basis for this processing is our legitimate interests, namely the proper management of our website, services, and activities or the performance of the contract between you and us or taking steps at your request to enter into such a contract.
Ensuring the confidentiality of our commercially sensitive information	To serve our legitimate interests or those of third parties (e.g., partner stores) such as protecting trade secrets and other commercially valuable information. To comply with our legal and regulatory obligations.
Statistical analysis to help us manage our business, e.g., regarding our financial performance, customer base, product range, or other efficiency measures	To serve our legitimate interests or those of third parties, namely to become as efficient as possible so that we can provide you with the best services and optimal experience.
Updating and improving customer data	For the purposes of fulfilling the contract you have with us or with the partner stores or taking steps at your request before the contract. To comply with our legal and regulatory obligations. To serve our legitimate interests or those of third parties, e.g., ensuring that we can communicate with our customers regarding existing orders and new products.
Commercial promotion of our services and the services of selected third parties for: existing and former customers, third parties who have previously expressed interest in our services, third parties with whom we have not had previous transactions.	To serve our legitimate interests or those of third parties, namely to promote our business to existing and former customers.
Calculating delivery or pickup time	User service, execution, and delivery of orders. We collect location data, such as information about the location of your device, which may be either accurate or inaccurate. How much information we collect depends on the type and settings of the device you use to access the Website and/or the Application. For example, we may use GPS and other technologies to collect geographical location data that tells us your current location (based on your IP address). You can opt out by allowing us to collect this information either by denying access to the information or by disabling the location setting on your device. Please note, however, that if you choose to opt out, you may not be able to use certain aspects of the Services or there may be a delay in preparing your order.
Sending Push notifications	Optimizing services to the user in terms of their service and the more efficient use of the application. We may ask you to send you promotional notifications regarding your account or certain features of the application. If you want to opt out of receiving these types of communications, you can disable your device settings.
To respond to any questions, complaints, or communications you have had with us
Research and analysis	For research and analysis purposes regarding the use of our website and services, as well as research and analysis of other interactions with our business.
Record keeping	For the purposes of creating and maintaining our databases, backing up our databases, and our business records in general.
Security	For security purposes and to prevent fraud and other criminal activity. The legal basis for this processing is our legitimate interests, namely the protection of our website, services, and businesses and the protection of others.
Insurance and risk management	for the purposes of obtaining or maintaining insurance coverage, managing risks, and/or obtaining professional advice.
Legal claims	We may process your personal data where necessary for the establishment, exercise, or defense of legal claims, whether in legal proceedings or in an administrative or out-of-court procedure.
Legal compliance and vital interests	We may also process your personal data when this processing is necessary for compliance with a legal obligation to which we are subject or to protect your vital interests or the vital interests of another natural person.

Where we process special category personal data, we will also ensure that we are permitted to do so in accordance with the applicable data protection legislation, e.g.

we have your explicit consent.
the processing is necessary to protect your vital interests (or those of another) when you are physically or legally incapable of giving consent, or
the processing is necessary for the establishment, exercise, or defense of legal claims.

Commercial Communication (Marketing)

We may use your personal data to send you updates (via email, text message, phone, or mail and push notifications) regarding our services and products, including exclusive offers, promotional actions, or new products and/or services.

We may also share your personal data with partner stores that you have selected as favorites so that they can send you updates regarding their services and products, including exclusive offers, promotional actions, or new products and/or services.

We have a legitimate interest in using your personal data for marketing purposes (see above “How and why we use your personal data”). This means that we usually do not need your consent to send you marketing information. However, where consent is required, we will ask for this separately and clearly.

You have the right to opt out of receiving marketing communications at any time:

By contacting us at www.q-pass.gr/contact or
using the “unsubscribe” link in email messages or the “STOP” number in SMS messages or
updating your marketing preferences in your account profile in the q-pass application.

We may ask you to confirm or update your preferences if you request us to provide further products and/or services in the future or if there are changes in the law, regulation, or the structure of our business.

We will always treat your personal data with the utmost respect and will never sell it to other organizations for marketing purposes.

With Whom We Share Your Personal Data

We regularly share personal data with:

companies in our group
Partner Stores to service your order
Partner Stores that you have selected as favorites for the purpose of sending updates regarding their services and products, including exclusive offers, promotional actions, or new products and/or services.
third parties we use to service your order, such as payment service providers.

Access to your personal data by third-party service providers is only permitted if we are satisfied that they take appropriate measures to protect your personal data. We also impose contractual obligations on service providers to ensure that they can only use your personal data to provide services to us and you.

We may also need to:

share your personal data with external auditors.
disclose and exchange information with law enforcement and regulatory authorities to comply with our legal and/or regulatory obligations;
share certain personal data with other parties, such as potential buyers of some or all of our activities or during a restructuring.

If you want more information about who we share our data with and why, please contact us.

Retention of Your Personal Data

Your personal data is retained at our offices and at the offices of our group companies, service providers, agents, and partner stores as described above (see above: “With Whom We Share Your Personal Data”).

Some of these third parties may be based outside the EEA. For more information, including how we ensure your personal data is protected when this happens, see below: “Transfer of Your Personal Data Outside the EEA”.

How Long Will Your Personal Data Be Retained

Your data will be retained for as long as you have an account with us or we provide products or services to you. We will then retain your personal data for as long as necessary:

to respond to any questions, complaints, or claims made by you or on your behalf.
to demonstrate that we treated you fairly.
for record-keeping purposes required by law.

We will not retain your personal data for longer than is necessary. Different retention periods apply for different types of personal data. When it is no longer necessary to retain your personal data, we will delete or anonymize it.

Transfer of Your Personal Data Outside the EEA

If your data is to be transferred to entities or other third parties that are based or process personal data in a country that is not a member of the European Community or the European Economic Area, before we transfer the data we ensure that, unless legally permitted in exceptional cases related to the recipient, there is an adequate level of protection for personal data (e.g., through an adequacy decision of the European Commission, through appropriate safeguards or agreements through the Standard Contractual Clauses between our Company and the recipient), or there is your sufficient consent.

Your Rights

You have the following rights, which you can exercise free of charge:

Right of access	You have the right to request free access to the personal data we hold about you.
Right to rectification	You have the right to request the correction of inaccurate personal data and the completion of incomplete information.
Right to erasure (“right to be forgotten”)	You have the right to request the deletion of your personal data, under certain conditions, such as when the data is no longer necessary, you have withdrawn your consent, the data has been processed unlawfully, etc.
Right to restriction of processing	You have the right to request the restriction of the processing of your personal data when their accuracy is contested, the processing is unlawful, the data is no longer needed, you have objections regarding automated processing.
Right to data portability	You have the right to request the transfer of your data to another data controller.
Right to object	You have the right to object to the processing of your personal data by an organization, provided that it does not affect the public interest.
Right not to be subject to automated individual decision-making, including profiling	You have the right to object when a decision concerning you is based solely on automated processing, including profiling, and that decision produces legal effects or significantly affects you.

If you wish to exercise any of these rights, please:

complete a data subject request form — available on our website at www.q-pass.gr/contact or
send us an email, call, or write to us — see below: “How to contact us” and
provide us with sufficient information for the purposes of identifying and verifying your identity (e.g., your name, address, and customer reference number or subject) and any additional identifying information we may reasonably request from you.
Let us know which right you wish to exercise and the information to which your request relates.

The time to complete user requests is within one (1) month and at no cost to the user. If it is not possible to complete within one (1) month, the user will be informed by email of the reasons for the delay (e.g., due to the complexity of the request or multiple requests) and the deadline may be extended for an additional one (1) month.

If you wish to lodge a complaint about how we handle your personal data, you can also contact us in the above manner. We will investigate your complaint and work with you to resolve it.

If you still believe that we have not handled your personal data in accordance with the law, you can lodge your complaint with the office of the competent supervisory authority at:

Data Protection Authority,

Kifisias 1-3, T.K. 115 23,

Athens Telephone Center +302106475600

Fax: +302106475628

Email: contact@dpa.gr

Maintaining the Security of Your Personal Data

We have appropriate security measures in place to prevent the accidental loss, use, or unauthorized access to personal data. We will provide access to your personal data only to those who have a legitimate business need. Those who process your information will do so only in an authorized manner and are subject to a duty of confidentiality.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulatory authority of a suspected data security breach.

Changes to This Privacy Policy

This privacy notice was published on 10.08.2021 and last updated on 10.08.2021.

We may change this privacy notice from time to time — when we do, we will notify you by email.