Privacy Policy for ReDataset

Thank you for visiting redataset.com

General Information

The company with trade name "Resolute Cepal Greece S.A.", located in 8 Xenofontos Street P.C. 10557, Athens, Greece (hereinafter"RCG", "we") is the owner of the website redataset.com (hereinafter the "website").

This Privacy Policy applies to users (natural persons/data subjects) of the website (hereinafter referred to as "users","you" or "data subjects") who visit and use our website or contact us via email or via telephone or through our website contact form.

Contact details

Telephone: +30 210 325 4147

Email:dpo@res-cep.com

Data Controller

In the context of providing its services, RCG collects and processes personal data as a Data Controller, for the purposes described in this Privacy Policy in accordance with the General Data Protection Regulation ("GDPR") and the applicable Greek legislation, including Law 4624/2019 on the protection of personal data, while taking the appropriate technical and organizational measures to protect personal data.

RCG's data obligations are regulated by the Hellenic Data Protection Authority ("HDPA") (www.dpa.gr) with regards to the treatment of all data received and processed.

Please read this Privacy Policy carefully which explains how we collect and use your personal data and tells you about your privacy rights and how the law protects you.

Principles of data processing

RCG respects your privacy and is committed to protecting your personal data, as well as in general keeping all information collected confidential. We will not lend or sell your information to third parties. Personal data shall be:

Processed lawfully, fairly and in a transparent manner in relation to the data subject.
Processed for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
Adequate, relevant and limited to what is necessary in relation to the purposes that we have set.
Accurate and kept up to date.
Kept for no longer necessary in relation to the purposes for which they are collected and in accordance with the applicable data protection legislation.

How we collect your personal data

Directly from you: We collect personal data directly from you: - When you visit our website, seek information, make a request, log in to your account, or contact us for any reason via the online contact form, via email at redataset@res-cep.comor via telephone at +30 210 325 4147 or when you subscribe to our Newsletter.
By automated means using the website: When you visit the Redatase website, we may collect data from you based on your browsing and using our services. This data may include search history, IP address, screen resolution, type of browser used, operating system and settings, access times and URL reference as well as data collected through cookies.

What information we collect about you

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

The data that we collect in the course of our business activity and operation of Redataset website varies according to the purpose of collection and include the following:

Personal data, namely your email address and your own personal password or in order to login to your account (only for authorized users) or microsoft credentials in order to login via Microsoft account. Personal data and contact information such as name, surname, email address.
Any information you provide to us during our communications.
Website navigation data when you visit the Redataset website, and data collected through cookies.

It is important that the personal data we hold about you is accurate and current. We would be grateful if you would keep us informed if your personal data changes during your relationship with us.

Purposes of data processing

In general, the purposes of data processing will be:

To support, promote and perform the contractual relationship with our website's users, and to inform users about our services.
To carry out our business.
To communicate with the users and send informational messages concerning the stages of the contract/processing.
To provide information on services for which you have expressed interest and in general to respond to users' requests.
To provide smooth access and use of our website and enforce the website's Terms of Service
To comply with legal obligations.
To conduct a general analysis and evaluation and improve the provided services through our website to tailor our web presence to your needs, making our website easier and more efficient to use.
To support and promote our company and our services, to carry out advertising and other promotional campaigns.
To communicate with users for direct marketing purposes.

RCG does not apply any automated decision-making process.No automated processing of certain data for the purposes of evaluating certain aspects (limited profiling) is done without human intervention.

Legal basis of processing

The legal basis for the processing of personal data collected in accordance with the above is:

Processing of the personal data is necessary for the performance of the contract between you and RCG, in particular to provide the services and/or information requested or in order to take steps at your request prior to entering a contract.
Processing is necessary for the purposes of the legitimate interests pursued by RCG, such as for the purposes of promoting the RCG's image and its services, ensuring the security of networks and information. RCG will always balance your rights and interests in the protection of your personal data against RCG's rights and interests or those of the third party.
Processing is necessary for compliance with a legal obligation to which RCG is subject (such as tax law or lawful law enforcement requests).
Your consent, in order to process your personal data to use non-essential cookies on our website, in order to process your personal data for direct marketing purposes, to send newsletters and updates, to provide personalized offers or any other specific purposes where consent is required under the applicable data protection legislation

How long do we keep this information?

We will only retain your personal data for as long as necessary to fulfil the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements.

In case you contact us or submit a request, your personal data is retained for as long as it is required for fulfilling your request and for twelve (12) months after the completion of such procedure.

However, some necessary personal data regarding your contractual relationship with RCG as well as information concerning your notification on the processing of your data and your consent, where applicable, may be retained:

To the extent required by law.
In order to comply with court proceedings (any ongoing or future court proceedings).
To establish, exercise or defend our legal rights, personal security of the users and the public.
To establish the lawfulness of processing of user data by RCG.

If you subscribe to our newsletter, your personal data is retained for as long as you wish to receive the newsletters and you do not object to your personal data processing for such marketing purposes.

Who Do We Share Your Information With?

We share data only as far as legally permitted to do so and only as strictly necessary.

We will share your personal data and give access to authorized personnel from RCG within the exercise of their duties, on a strictly need-to-know basis and only as far legally justifiable.

For the fulfilment of each of the above processing purposes and within the scope of recipients' responsibilities, the recipients of the user's data may be:

External third-party service providers such as:
- Our IT providers and service providers in order to provide IT and system administration services;
- Our appointed professional advisers including auditors, accountants, lawyers, bankers, insurers who provide consultancy, banking, legal, insurance and accounting services, to the extent that they may require access to the information to provide advice.
- Internet companies and software companies to the extent that this is necessary for the provision of the website services and satisfaction of your requests.
If required to do so to meet applicable law, the order of a Court or market rules and codes of practice applicable to the circumstances at the time.
Public authorities, such as tax authorities, judicial, public and independent authorities, law enforcement, where such transfer/access to data is strictly necessary for the defense of legal rights or the fulfilment of the Company's obligations.

We wish to inform you that we require from all our employees and third parties to respect the security of all personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

In the future we may choose to sell, transfer, or merge parts of our business or our assets. We may seek to acquire other businesses or merge with them. In such case, we may share your information with such new owners (third parties). Should such a change happen to our business, then we will ensure the new owners use your personal data in the same way as set out in this privacy policy.

International Transfers

The personal data we collect is stored in our secure servers in European Union. RCG does not transfer personal data to any third countries outside the European Economic Area and international organizations where there is no adequate level of protection. However, in exceptional cases, RCG may transfer personal data outside the EEA provided such transfer is required by the applicable regulatory or legislative framework or RCG deems it as necessary for the performance of its contractual obligations, such as via processors who may use. In this case we will ensure that there is an appropriate level of protection corresponding to the level of protection of personal data in the EEA and that the transfer in question is lawful on condition that there is an adequacy decision of the European Commission or the required guarantees of Articles 44-50 of the GDPR are provided, such as the European Commission's Binding Corporate Rules or Standard Contractual Clauses.

Your Rights

In relation to the collection and processing of data, under the GDPR (articles 12-22), you have the following rights depending on the certain legal basis and processing procedure:

Right of Access: You can request access to your personal data that we hold about you (commonly known as a "data subject access request"). This enables you to receive a free copy of the personal data we hold about you and to check that we are lawfully processing it.
Right to Rectification: You can request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
Right to Erasure:You can request erasure of your personal data under specific conditions. This enables you to ask us to delete or remove personal data where there is no reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing or you have withdrawn your consent (see below), or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
Right to Object: You can object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes.
Right to Restriction of Processing: You can request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios:
- (a) If you want us to establish the data's accuracy.
- (b) Where our use of the data is unlawful but you do not want us to erase it.
- (c) Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims.
- (d) You have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
Right to Data Portability: You can request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Right to Withdraw Consent: You can withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
• Right not to subject to automated individual decision-making, including profiling: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
Right to Be Informed / Transparency: You have also the right to submit a request to RCG inquiring on how we process and protect your personal data.

How to Exercise Your Rights

You may exercise the abovementioned rights by sending your request to the following email:dpo@res-cep.com or by post at the following address:
Attention to Data Protection Officer, Resolute Cepal Greece S.A.,
8 Xenofontos Street, Athens, P.C. 10557, Greece.

In order for the rights to be validly exercised, you may be asked to properly identify yourself, for the purpose of verifying that the personal data indeed belongs to the natural person exercising its rights..

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we reserve the right to charge a reasonable fee if your request is clearly repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

RCG will take all possible measures to respond to all legitimate requests within 30 days from their receipt except for exceptional cases, where the above-mentioned period may be extended for two (2) more months, if necessary, considering the complexity of the request and/or the number of requests. In this case, RCG will inform you about any extension within the month of the delivery of the request, as well as about the reasons for such delay.

If you consider that your rights are infringed, you have the right to make a complaint about the way in which we handle your personal data at any time to the Hellenic Data Protection Authority at:contact@dpa.gr (1-3 Kifissias Avenue, Ampelokipi, www.dpa.gr, +30 2106475600).

We would, however, appreciate the chance to deal with your concerns before you approach the HDPA, so please contact us in the first instance.

Data Security

RCG implements appropriate technical and organizational security measures to ensure the best protection of personal data against any unlawful processing, as well as to guarantee the possibility of restoring the availability and access to them. These measures aim to ensure a level of security that corresponds to the risk, considering the nature, scope, context, and purposes of processing as well as the risks of varying likelihood and severity for the rights and freedoms of natural persons, while applying procedures for the regular testing, monitoring and evaluation of the effectiveness of said technical and organisational measures.

Such measures include but are not limited to:

Encryption
Measures for ensuring ongoing confidentiality, integrity, availability, and resilience of processing systems and services
Measures for ensuring the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident
Processes for regularly testing, assessing, and evaluating the effectiveness of technical and organizational measures in order to ensure the security of the processing
Measures for user identification and authorization
Measures for the protection of data during transmission
Measures for the protection of data during storage
Measures for ensuring physical security of locations at which personal data are processed
Measures for ensuring events logging
Measures for ensuring system configuration, including default configuration
Measures for internal IT and IT security governance and management
Measures for ensuring limited data retention
Measures for ensuring accountability
Measures for allowing data portability and ensuring erasure

We ensure all our third-party providers of services or data processing have in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

Third-Party Links

Our website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. You should be informed about how these third parties process your personal data by their relevant privacy policies.

Changes to this Privacy Policy and your duty to inform us of changes to your information

We may update this Privacy Policy from time to time. Every revision will be implemented as soon as we publish the revised policy, so you are strongly advised to check this policy regularly.

Contact Us

If you have any questions about this Privacy Policy and how we process your personal data, you may contact us via:

Telephone: +30 210 325 4147
Email: dpo@res-cep.com

Last updated: July 2025