Personal data

Your personal data includes any information that may lead, either directly or in conjunction with other information to your identification as an individual or relate to an identifiable individual.

This category includes data such as your name, VAT number, social security number, your physical and email addresses, your fixed telephony and mobile numbers, bank / debit / prepaid cards, your email addresses, rating information, your internet search history (log files, cookies, etc.), and any other information that allows your unique identification in accordance with the provisions of the General Data Protection Regulation (GDPR 2016/679) and the relevant Greek legislation in force and the decisions of the Hellenic Data Protection Authority (HDPA).

Who we are

ELORUS offers cloud invoicing software and applications including time tracking, business expense management, business reporting etc. The contact details of the company are as follows:

13 Theofilopoulou
11743 Athens, Greece
Email: info@elorus.com
Website: www.elorus.com

This Privacy Policy is intended to inform you of the terms of collection, processing and transfer of your personal data that we may collect as Data Controller.

Personal data collection

ELORUS will always require from you for the minimum required by the law personal data in order to provide our services, including, but not limited to, name, surname, e-mail address, invoicing postal address, credit card details, a billing method that may also include bank account details in case of remittance, and other details related to the services that have been provided.

We mainly receive your personal data in order to perform our contractual agreement with you either as a user of our services or/and as our supplier and / or as a visitor to our website. ELORUS retains your personal data only for as long as is required by the contractual terms of each service, along with the applicable fiscal, tax and other legislation in force, based on the purpose of the processing, and then the data is anonymised or destroyed.

Children’s data

In general, we do not collect or process personal data of children or provide services to people under 18 years of age.

Personal data processing

ELORUS process your personal data for one or more of the following legitimate reasons:

  • To sign and perform a contract and carry out our contractual obligations
  • To comply with a legal obligation and fulfil our tax, accounting and reporting obligations.
  • To serve our and third party legitimate business interests. Legitimate interest is when we have a business or commercial reason to use your information. But even then, such use is consistent with the fundamental rights of individuals, for example:
    • To provide you with effective customer service and support.
    • To respond to your requests.
    • To improve the security and usability of our website.
    • To execute business transactions with you.
    • To keep you updated on the evolution of our services.
    • To file your complaints.
  • You have given us your consent. Subject to a valid consent you have freely provided the lawfulness of such processing is based on that consent.

How we share your data

In the course of the performance of our contractual and legal obligations your personal data may be provided to various service providers and suppliers. Those service providers and suppliers are bound by Data Processing Agreements, and they are obliged to safeguard confidentiality and data protection according to GDPR. Such service providers and suppliers may be:

  • External legal consultants.
  • Financial and business advisors.
  • IT companies and communication providers.
  • Certified public accountants - auditors and accountants

In any case, we take the appropriate technical and organizational measures to ensure that your personal data is transferred, stored and processed in accordance with the appropriate security standards and in accordance with the terms of this Policy and the applicable data protection regulations.

Transfers of data

ELORUS doesn’t transfer personal data to countries outside the European Economic Area ("EEA").

Data Retention

We will process and store your Personal Data for the duration of our relationship with you, and as long as necessary to fulfil our contractual and legal obligations.

We will delete your data:

  • When they are no longer necessary for the purposes for which that information was collected and processed
  • Upon your request or objection, provided there are no overriding legal grounds requiring us to maintain that information
  • When they are not necessary for us to comply with our legal obligations.
  • Upon the withdrawal of your consent in case that the collection and process of your personal data was based on your consent.

Automated decision and Profiling

In executing our business activities, we do not use any automated decision-making. We may process though some aspects of your data, in order to enter into a business relationship with you.

Marketing activities

We may process your personal data to notify you about our services and offers that may be of interest to you or your business. The personal data that we process for this purpose consists of information you provide to us and data we collect when you use our services. We can only use your personal data to promote our products and services to you if we have your consent to do so or if we consider that it is in our legitimate interest to do so.

You have the right to object at any time to the processing of your personal data for marketing purposes.

Your data protection rights

You have the following rights in terms of your personal data:

  • The right to request access to your Personal Data, you can ask to receive a copy of your data and to check if they are lawfully processed. In order to receive this copy, you can contact us through our website.
  • The right to have your Personal Data corrected. This provides you with the right to correct any missing or incorrect data.
  • The right to have your Personal Data erased (right to be forgotten). This provides you with the right to have your personal data erased in case there is no legitimate reason for us to continue processing them.
  • The right to object to the processing of your personal data (right to object) when we rely on a legitimate interest, but there is something particular about you that makes you want to oppose processing for that reason. If you file an objection, we will no longer process your personal data for those purposes.
  • You also have the right to object to the processing of your personal data if they are processed for direct marketing purposes. This also includes profiling to the extent that it is related to such direct marketing. If you object to the processing of your personal data for direct marketing purposes, then we will no longer process your personal data for such purposes.
  • The right to restrict the processing of your personal data. You have the right to request from us to restrict the processing of your personal data ie to use them only in certain instances.
  • The right to receive a copy of the personal data concerning you, in a structured, commonly used and machine-readable format in order to transmit the data to a third party. You also have the right to request from us to directly transmit your personal data to another party (data portability).
  • The right to withdraw your consent you gave to us in order to process your personal data at any time. Please note that any withdrawal of consent shall not affect the lawfulness of processing based on consent before it was withdrawn by you.
  • In order to exercise your rights, you can contact the company or fill in the form included in our website.

Right to submit a complaint

Before you submit a complaint, you should contact with us and exercise the above-mentioned rights stipulated in GDPR. If we don’t satisfy your request or you feel that your concerns have not been properly addressed by us, you have the right to submit a complaint at the Hellenic Data Protection Authority at www.dpa.gr

Personal data security

We at ELORUS have trained and responsible employees, and we recognize the importance of protecting privacy and all your personal information. To that end, we have appropriate security policies and we use the appropriate technical and organizational measures such as anonymization, pseudonymization, data encryption, firewalls, access levels, employee authorization levels, training, and periodic inspections.

Any partner who has access to the above information uses them to serve the above purposes only. We share the information that you provide to us only through the ways described in this Policy.

Cookies policy

According to the amended Draft E-Privacy Directive 2009/136/EC OF the European Parliament and of the EU Council, our website accepts the use of "cookies". These are tools that are used to collect and analyse the information which is necessary for the functionality of your website. To find out more about how we use cookies in our website please see our cookie policy.

Enforcement of the Privacy Policy

This Policy was published by ELORUS on 10 Oct, 2018 and is subject to periodic improvement and review.

Any changes to this Policy will apply to the information collected from the date of publication of the revised version and to the existing information we hold. The use of our website after the publication of changes, implies acceptance by you of these changes.