The content of this document is protected by copyright under national and international provisions on Intellectual Property and is the property of BLUESTREAM SOLUTIONS LTD. Any use, reproduction, copying, sale, republication, distribution and modification in part or in summary by anyone without the prior written permission of BLUESTREAM SOLUTIONS LTD is prohibited.
Website Personal Data Protection Policy - Introduction
BlueStream Solutions Ltd, hereinafter BLUESTREAM, was founded in 2008 in Thessaloniki. The company is a fast-growing service provider, offering both on-premises and multi-cloud infrastructure services. BLUESTREAM respects the personal data of visitors. The company processes the visitor's data in accordance with the obligations arising from the applicable National and European Framework. The company takes all appropriate security measures to ensure that processed personal data are secure.
This document is a point of information for “data subjects” in accordance to article 13 and 14, Section 2 of the 2016/679 EU Regulation (General Data Protection Regulation, hereinafter referred to as GDPR). Carefully read this policy that states simply and clearly all points regarding any personal data collected by BlueStream. Specifically:
- The type of personal data that are processed through the website.
- Who are the data recipients.
- What is the time-period that the data are stored in its systems.
- How long does the company keep the personal data?
- Which are the rights of the data subjects and how they can exercise these rights.
The "Data Controller" for all personal data gathered via the www.bluestream.gr website, is the company BLUESTREAM SOLUTIONS LTD with VAT number 998071751. The company’s headquarters are located at the 10th km of Thessaloniki - Thermi, Zip Code 57001, Thessaloniki. The contact email is email@example.com and the contact phone +30 2310 474296. The company acknowledges and respects the rights of all internet users and their right to protect their personal data.
BLUESTREAM declares that for the purposes of the activities performed, the company processes personal data of visitors via its website, always in accordance with the 2016/679 EU Regulation (GDPR). Any inquiries or requests regarding personal data can be emailed to firstname.lastname@example.org.
Purpose of Processing
The personal data of website visitors are used in different ways. These ways are defined by the purpose of the processing. When BLUESTREAM performs certain activities, it needs to have access to specific personal data. For example, when a website visitor wants to send a message asking to be contacted by BlueStream, the visitor will need to provide through a contact form (located in the website) their contact details: name, phone number and email.
Legal use of Personal Data
BLUESTREAM serves its legitimate interests but company caring for rights and freedoms of the visitors. This happens when there is a legitimate interest of the company or a legal obligation or the consent of the data subject. For example, if data subject wants to use the contact form, then it needs to have been given clear and free consent.
Personal Data Collection
The collection of personal data happens via the company’s website www.bluestream.gr. Specifically:
- All Personal data (name, phone and email) are inserted by the visitor (who wishes to be contacted by BLUESTREAM) in a special Contact Form placed in the company’s website for the visitor to be contacted by BLUESTREAM.
- The Visitor could contact BLUESTREAM by a communication message (email). All Personal data that may be contained in an email are then collected by BLUESTREAM.
- Personal data which the visitor submits to a special Campaign Form, such as name, phone and email are collected.
- Personal data such as the visitor’s IP address are collected when visiting the website.
Types of Personal Data
BLUESTREAM collects only data that are necessary. This occurs when there is a legitimate reason to do so. Specifically:
Contact forms provide a quick communication channel between the business and anyone.
A Visitor uses the “Contact Form” to communicate with the company. This type of communication requires personal data (name, telephone number and email). The processing on this personal data is under the consent of the data subject.
A Visitor could send an email to BLUESTREAM. Personal data that may be contained in a communication message (email) are collected. For example, first name, second name, contact email, telephone etc.
Personal data are collected, when a visitor fills the special Campaign Form. For example, a promotional campaign in social media such as LinkedIn. A campaign may connect the user to the website and the user completes the Campaign Form in order to access information related to the campaign. The collected personal data such may include:
- Name and Surname
- Contact Telephone and Email
- Language (Greek or English)
- Professional Title / Job
Also, the company may ask for information regarding the visitor’s interests in technology areas or other technology information related to the specific promotional campaign.
The above information is needed by BLUESTREAM in order to successfully communicate with the data subject about their specific technological interests. The company will inform the subject about relevant products or promotions or special offers or to provide information about its products or services. BLUESTREAM processes this personal data based on the consent of the data subject once they have provided them.
When a computer or other device is connected to the internet or a website, then the device is given an IP address. The website has access to that IP address as this is the way the internet operates. Other information is also collected like the type of browser and the operating system of the device. This information is anonymous, meaning it does not provide the visitor’s identity and it is collected for the minimum period necessary to cover internet security requirements. This information is mandatory for the secure operation of the website and its collection does not require the visitor's consent.
BLUESTREAM does not offer products and services to children. All activities are only to an adult audience. The company does not collect information about children or minors through the website.
BLUESTREAM does not collect sensitive personal data, such as racial or ethnic origin, political opinions, religious or philosophical beliefs, health data, genetic data and data about a person's sexual orientation.
This website is not profiling and does not make decisions based on automated personal data processing practices.
This website may contain links to other websites. This "Personal Data Policy" do not apply to access to other websites. BLUESTREAM is not responsible for the privacy practices or the content of other websites that do not belong to the company.
Access to Personal Data
Only when necessary, authorized BLUESTREAM employees, based on to their job description duties, have access to personal data.
Any partners who will need to access personal data during the provision of services to BLUESTREAM, such as web hosting providers or web operators, are bound by a special confidentiality agreement to protect privacy and communications and to comply with the company’s security policies and the GDPR.
Personal data is not shared with third parties for advertising, commercial or promotional purposes.
Transmission of Personal Data
The personal data of the website is not passed to third parties.
Personal data are stored for as long as it is necessary for the purpose for which they are collected. Personal data is retained for six (6) months after the last communication. Also, personal data may be deleted earlier if a withdrawal of consent occurs. The withdrawal of consent does not affect the lawfulness of data processing that is based on consent given before its withdrawal. Consent can be withdrawn at any time.
Data subjects’ rights
Data subjects have the following rights:
The right to be informed / transparency (Articles 12-14 of the GDPR): You have the right to know who is processing your data, what categories of data they are using and why. BLUESTREAM must give you clear information in plain language.
The right of access (Article 15 of the GDPR): You have the right to request access to your personal data that BLUESTREAM has about you. You can exercise this right, free of charge, in most cases by making an access request in writing.
The Right to withdraw consent (Article 7 of the GDPR): The data subject has the right to withdraw its consent at any time. The withdrawal of consent shall not affect the lawfulness of data processing that is based on consent given before its withdrawal.
The right to rectification (Articles 16 of the GDPR): If your data is inaccurate and/or incomplete then you have the right to have the data rectified.
The right to erasure - “right to be forgotten” (Articles 17 of the GDPR): You have the right to have your personal data erased under specific conditions, like when your data is no longer necessary, or you have withdrawn your consent, or your data has been unlawfully processed. In other cases, such as, but not limited to, when there is an obligation to process personal data imposed by law, public interest, this right is subject to specific limitations or does not exist.
The right to restriction of processing (Articles 18 of the GDPR): You have the right to obtain restriction of processing when the accuracy of your personal data is contested, or the processing is unlawful, or the controller no longer needs the personal data for the purposes of the processing.
The right to data portability (Article 20 of the GDPR).: You have the right to have your data transmitted to another data controller. BLUESTREAM provides the portability of the data free of charge, in a format that will allow to be accessed and commonly used and in a machine-readable format. If technically feasible, BLUESTREAM can transmit the data directly to another controller, without objection.
The right to object (Article 21 of the GDPR): You have the right to object to the processing of your personal data by BLUESTREAM, if this is not contrary to the public interest.
Complaint to the Hellenic DPA: You have the right to submit a complaint to the Hellenic DPA (Data Protection Authority), website: www.dpa.gr , email: email@example.com and contact telephone: 210 6475600. Before you submit a complaint, you must appeal to the controller.
Exercise of Rights
The exercise of rights or questions regarding the personal data of the website are submitted to the email: firstname.lastname@example.org. The requests are satisfied within one (1) month from receipt. Replies to requests and related information shall be provided free of charge unless it is excessive or repetitive. Identification is required to exercise the rights.
Personal Data Security
BLUESTREAM has been certified according to ISO 27001. The company has an extensive information security plan consisting of policies, procedures, controls and measures. Its information security policy is the foundation that connects all other policies about information security and data protection. The company implements all required physical, organizational and technical security measures for the safe processing of personal data. Where necessary, the company uses measures such as encryption, passwords, restricted employee access and confidentiality agreements.
BLUESTREAM makes every effort to keep personal data secure and to avoid unauthorized access, as well as their destruction or corruption. However, the way the internet works does not allow guarantees to be provided that unauthorized persons will never be able to violate the physical, organizational and technical measures applied, gaining access to and possibly using personal data for unlawful purposes.
This statement is often updated. BLUESTREAM has the right to modify and update individual parts of this policy without the obligation to inform the data subjects. Data subjects are notified of changes if it is required by the law.
This statement, that was last updated on December 21th 2022, is posted and available always on the BLUESTREAM website.
About the personal data processing through a video surveillance
Regarding the level B’ Update for the processing of personal data through a video surveillance system you can read more here.