Privacy Policy

Notice on Article 13 of Regulation (EU) 2016/679 for the processing of personal data of subscribers of the website

Inventio Consulting (hereinafter referred to as the “Company") bears primary responsibility for issues related to personal data and privacy. In this context, the Company addresses the present Notice to the subscribers of its website www.inventioconsulting.com (hereinafter referred to as the “Website") in accordance with Article 13 of Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as "GDPR") to inform them about how the Company collects and processes their personal data.

      1. Controller
      The Controller is the Company. This means that the Company determines the purposes and means of processing of personal data in accordance with the GDPR and the applicable data protection legislation in general.
      2. Sources of personal data collection
      The Company collects the subscribers’ personal data directly from them and not from third parties.
      3. Processing of personal data and legal bases
      The following table sets out the purposes of processing of personal data collected by the Company, the categories of the personal data collected, as well as the legal basis for such processing.
      Purpose of Processing Personal Data Legal Basis of Processing (GDPR provisions)
      1. Newsletters and reports name, surname,
      e-mail address
      Art.6 par.1 (a) – processing is based upon the data subject’s consent.
      2. Access to company’s premium reports name, surname, e-mail address,
      username, password
      Art.6 par.1 (a) – processing is based upon the data subject’s consent.
      4. Disclosure to third parties and recipients
      The Company may use messaging applications / platforms, ensuring that they provide adequate data protection. Access to this data may be also available to IT professionals in the context of providing relevant services to the Company if this is necessary in the context of their services.
      5. Security
      The Company shall process personal data by taking all appropriate organizational and technical measures for data security and protection against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access and any other form of illicit processing.
      6. Subjects' rights
      This section sets out the data subjects’ rights with respect to their personal data. These rights are subject to certain exceptions, reservations or limitations. Data subjects should submit any requests responsibly. The Company will respond as soon as possible and in any case within one (1) month of receipt of the request. If the review of the request is going to take longer, the data subject shall be informed accordingly. For any further information with respect to the exercise of the rights, please address to the email: This email address is being protected from spambots. You need JavaScript enabled to view it. The Company ensures the exercise of the following rights:
      6.1. The right to information
      Data subjects have the right to request and receive clear, transparent and easily understandable information about how the Company processes their personal data in accordance with the Company’s policies and procedures.
      6.2. The right to access
      Data subjects have the right to access their personal data free of charge, in accordance with the relevant policies and procedures of the Company, with the exception of the following cases where there may be a reasonable charge to cover the administrative expenses of the Company:
      • manifestly unreasonable or excessive / repeated requests, or
      • additional copies of the same information.
      6.3. The right to rectification
      Data subjects have the right to ask for their personal data to be corrected if they are inaccurate or incomplete, in accordance with the relevant policies and procedures of the Company.
      6.4. The right to erasure («to be forgotten»)
      Data subjects have the right to request the deletion or removal of their personal data when they are no longer necessary for the purposes collected or there is no legitimate reason to continue processing them in accordance with the Company’s policies and procedures. The right of deletion is not absolute, to the extent that there is a particular legal obligation or other legitimate reason for the retention of such personal data by the Company.
      6.5. The right to restriction of processing
      In some cases, data subjects have the right, in accordance with the relevant policies and procedures of the Company, to restrict or remove further processing of their personal data. In cases where processing has been restricted, personal data remain stored, without further processing.
      6.6. The right to data portability
      Data subjects have the right to request their personal data, which they have provided the Company with in a structured, commonly used and machine readable format, and to transfer that data to another controller in accordance with the relevant policies and procedures of the Company.
      6.7. The right to object
      Data subjects have the right to oppose, at any time and for reasons related to their particular situation, to the processing of their personal data based on Article 6 (1) (f) of the GDPR (processing for reasons of lawful interest of the Company), on the basis of that provision. In such case, the Company as controller will no longer submit the personal data unless it demonstrates imperative and legitimate reasons for processing that override the interests, rights and freedoms of the subject, or the filing, exercise or support of legal claims.
      6.8. Rights on automated decision-making mechanisms
      The Company does not make automated individual decision-making, including profiling.
      6.9. Right to withdraw consent
      In case personal data are being processed on the basis of the data subjects’ prior consent, data subjects have the right to withdraw their consent at any time and the Company will cease the specific activity for which data subjects have previously consented, unless there is an alternative legal basis which justifies the continued processing of the data for this purpose, a case for which the Company will inform the data subjects respectively.
      6.10. How to exercise the rights
      The exercise of the aforementioned rights takes place with the submission of a written application to the Company in accordance with its policies and procedures. The Company reserves the right to reply no later than one month upon receipt of the request, in accordance with the terms of the GDPR.
      7. Retention period for personal data
      For each category of personal data, the Company determines the retention period in accordance with the provisions of the law and its policies and procedures.
      8. Contact person for personal data issues
      For any matter relating to the processing of personal data, data subjects may contact: Marialena Iosifidi
      Office Manager
      32, Kifisias Avenue, 15125, Athens
      +30 210 6829493
      This email address is being protected from spambots. You need JavaScript enabled to view it.
      9. Contact of the Data Protection Authority
      For further information and advice on the exercise of the rights or to submit a complaint, data subjects may address to the Greek Data Protection Authority:
      Address: 1-3, Kifisias Avenue, P.C. 115 23, Athens.
      Telephone: +30-210 6475600
      Fax: +30-210 6475628
      E-mail: This email address is being protected from spambots. You need JavaScript enabled to view it.
      10. Amendments of the present Notice
      The Company aims to review and keep up-to-date the present Notice in order to comply with privacy laws and new developments. Any updates to this Notice will be communicated to data subjects immediately.
      Publication date: 01/09/2018