Welcome to www.goldenhall.gr website (hereinafter referred to as the "Website").

The Website has been created by the company " Malls Management Services - Management of Shopping Centers S.A" (hereinafter referred to as the "Company"), which is based in Maroussi, 37A Kifissias Avenue, PC 15123, in order to provide information regarding the operation of the “Golden Hall” shopping center and the services provided to the visitors of its premises, including parking services, as well as regarding the use of the Website. 

The Company is the Data Controller with regard to the processing of personal data collected through the use of the website, as well as through other data collection points (hereinafter referred to as "Data Collection Points"), in accordance with the General Data Protection Regulation 2016/679 (hereinafter the "GDPR") and Law 4624/2019. In this notice we provide you with information regarding the type of personal data we collect, the means and purposes for which we process it, the third parties with whom we share this data, and the rights you have as data subject.

Data Collection Points in the context of the Website’ s use and the “Golden Hall Experience”

We strive to create a unique experience for the Users of our services and our visitors (hereinafter “Golden Hall Experience"). The Golden Hall Experience connects, analyzes, and further processes the interaction of the Users of our services and our visitors with various Data Collection Points, including: 

• the use of the Website, by registered and non-registered users, by recording the sessions on the Website, the user's profile, information derived from cookies and those marked as "favorites",
• the participation in competitions and gaming activities via the Website,
• the use of Golden Hall's social media accounts, by the recording of reactions on the corresponding pages,
• the recording of advertisements received via e-mail, and the interaction with Golden Hall surveys,
• the reading or sharing Golden Hall news on third-party websites. 

The data collected create a single user/visitor profile, without legally significant decisions being made. Based on these automated analyses, the Company provides through its Website appropriately personalized browsing content, as well as targeted marketing communication to its registered users.

YOU CAN ACTIVATE THE GH EXPERIENCE FEATURE WHEN YOU REGISTER ON THE WEBSITE AND DEACTIVATE/ENABLE IT THROUGH YOUR PROFILE SETTINGS.

Data Collection Points in the context of the use of our parking services 

We use controlled entry and exit points with retractable barriers in the parking areas operating within the Golden Hall premises, for the proper and efficient provision of our parking services and for the purpose of pricing our services. 

In this regard, when you enter the controlled parking areas of the mall, your vehicle's license plate number is recorded through the camera installed at the retractable barrier in order to issue your parking ticket and enable you to enter the parking area. Upon completion of your stay in the parking area, we will proceed to legally charge you for the parking services we offer, based on your vehicle's license plate number and the duration of your vehicle's stay in the parking area.

Furthermore, when you use the parking services we offer you, we maintain a digital customer register in which we record specific data relating to our customers, in compliance with our obligations under tax legislation and in the context of the tax audits to which the Company is subject.Data collection points in the context of the operation of the shopping center and the provision of our services

We collect your personal data when you submit to us, according to the rules of the operation of Golden Hall, requests for permission to enter the premises of the shopping center in order to carry out certain actions or activities related either to its premises or to the premises of the stores located within it, such as carrying out technical works or taking photographs/videos.

What personal data do we process?

The personal data that may be collected when you browse the Website are the following:

• In case you subscribe to our newsletter, we collect your email address.
• If you wish to contact us, we collect data included in the corresponding contact form, such as name, surname, email address, mobile phone number, and information regarding your request.
• Technical information when visiting the Website, such as your IP address, date and time of visit, browser and operating system type, device model, and other information collected through cookies and similar technologies related to the security, functionality, personalization, analysis and commercial use of your visit to the Website. For more details about the information collected through cookies and similar technologies, please visit our Cookies Policy.

Furthermore, in the context of the Golden Hall Experience feature, for registered users who have enabled this feature, the following personal data is processed:

• Basic loyalty account information, such as your first name, last name, email address, date of birth, gender, age, telephone, home address, zip code, username, user registration number, password. In addition, if you choose to subscribe to this feature through your account with a third party (such as Facebook), we will also collect your username, social media user registration number, profile picture, date of birth, email address, gender.
• Digital media user behavior data, including user browsing data on the Website (e.g., scrolling, clicks, visits to web pages, redirection to another website, broader location, age group). In addition, if you choose to log in through your third-party account (such as Facebook), we will collect information about your interaction with the Company's respective social media accounts (such as, whether our official account is followed, likes or other reactions to advertisements, including Google AdWords, Facebook Ads).
• Third-party website information, including data we collect when you interact with products and services advertised on partner sites that demonstrates your consumer preferences.
• Users’ profile data, including users’ marital status, shopping and spending preferences,  educational level, professional status, loyalty class, services/digital material selected, as well as offers, bonuses, or discounts earned and redeemed by the user.

When you use the parking services we offer you, we process the following personal data: 

• for the purposes of the proper provision and invoicing of our services: vehicle's license plate (domestic/foreign), time of entry of your vehicle into the parking area and duration of its stay there, 
• for the purposes of our Company's compliance with its tax obligations and the tax audits by the competent authorities to which it is subject, we collect the following data as required by law: vehicle's license plate (domestic/foreign), vehicle category and vehicle factory.

When you submit requests for permission to enter the premises of the shopping center in order to carry out certain actions or activities related either to its premises or to the premises of the stores located within it, we process the following personal data:

• Name(s) of the person(s) entering our premises
• Number plate of the vehicle(s) entering our premises
• Name(s) of the person(s) responsible for the intended action or activity
• Mobile telephone number of the contact person(s)Information relating to the intended action or activity (e.g. name of the store linked to the intended action or activity, date and proposed hours for starting and completing the intended action or activity, type of action/activity/work), together with the other information you provide us with
• The number of the ID card or other identification document of the person(s) who will enter our premises, in case their entry takes place at any time between 23:00 and 07:00.

Why do we process personal data?

1. In the context of using the Website and the Golden Hall Experience feature, the Company processes your data in accordance with the following purposes and legal bases:

A. Contract

The processing of personal data is necessary for the provision of the services associated with the registration and support of the loyalty account (i.e., the registered user), as well as for the overall provision of services provided to our registered users, in accordance with the Terms & Conditions. 

B. Legal obligation

We are obliged to process your requests for the protection of your personal data and to comply with any requests for personal data we receive from competent police, judicial or other supervisory authorities.

C. Legitimate Interest

It is in the legitimate interest of the Company to process your personal data in order to ensure the uninterrupted and secure operation of the Website, to maintain backups, to ensure business continuity issues, and to detect and prevent fraud. 

In addition, it is in the legitimate interest of the Company to process your personal data in order to ensure a prompt and effective response to any request or question you may have through the submission of a contact form, through the Website or through our other official channels.

Furthermore, it is in the legitimate interest of the Company to profile users by fully automated means, with the use of which no legal or other important decisions are made. In this regard, we process your overall loyalty account usage data and transaction data, in order to better understand our registered users and to further develop and improve the Golden Hall Experience.

It is also in the Company’s legitimate interest to send marketing communications, as well as discounts and offers, through different channels, such as e-mail, SMS/Viber/Whatsapp, push notifications in mobile applications and social media ads. You can enable or disable marketing communications during your registration, in the user settings or by simply pressing the "unsubscribe" button.

D. Consent

In case you wish to receive newsletters from us, you can give your consent via a special field on the Website and subscribe to the relevant service. In this case, we will process the name, surname, and email address you provide for informational and promotional purposes. You may revoke your consent at any time by selecting the "unsubscribe" link at the bottom of each such communication. 

In addition, if you provide your consent to the use of technologies such as cookies and other trackers, information about you is automatically collected, in accordance with the Cookies Policy of the Website, for security, analysis, personalization and/or advertising purposes. You may withdraw your consent at any time through the Cookies Policy of the Website.

2. When you use the parking services we offer you, we process your personal data for the following purposes and in accordance with the following legal bases:

A. Contract

The processing of your personal data is necessary in order to properly and efficiently provide you with our parking services within the parking areas operating in the “Golden Hall” shopping center, and for the purpose of invoicing them.

Β. Legal Obligation

We are obliged to process your personal data when this is expressly provided by the law or in order to comply with our obligations under the applicable legislation (e.g. tax legislation). 

3. When you submit requests for permission to enter the shopping center’ s premises, where required, we process the personal data you provide to us for the purpose of examining your request, providing the requested permission and further managing the permission granted (e.g. to allow certain persons and vehicles to enter our premises). 

The lawful basis for processing personal data in this context is to safeguard the legitimate interests of our Company and in particular to protect the premises of our shopping center and the persons within it, as well as its smooth and uninterrupted operation.

Who do we share your data with?

To best fulfil the above processing purposes, the Company may share your personal data with the following categories of recipients:

• Website support companies.
• Data storage and server hosting providers.
• Lawyers, consultants, accountants, and auditors.
• Social media and advertising companies, such as Facebook, Google, Twitter, Taboola, Sitecore.
• Companies that take on of Data Protection Officer duties.
• Other Group companies with whom we work with to fulfil the purposes described above.
• Companies that provide security services related to the shopping center
• Any other administrative, judicial, public authority or any other legal entity or individual to whom the Company may have a relevant obligation or right to communicate such data by virtue of law or a court decision or generally in order to defend its legitimate interests (e.g. the obligation to transfer data to the Independent Authority of Public Revenue (mydata) in the case of the digital customer register).

Our Website uses trackers that allow us to better advertise and develop our services, including Facebook business tools. Please note that specifically in the context of Facebook Business Tools, we operate with Meta Platforms Ireland Ltd. as Joint Data Controllers, in accordance with the Data Sharing Agreement, which sets out -among other things- our responsibilities for complying with our obligations under the GDPR with respect to joint Processing. Meta Platforms Ireland Ltd. is responsible for satisfying the rights of Data Subjects under Articles 15-20 of the GDPR with respect to Personal Data stored by Meta Platforms Ireland Ltd. after joint Processing. You can find more information in the privacy policy of Meta Platforms Ireland Ltd.

Among the recipients listed above are suppliers based outside the EU/EEA, and specifically in the USA. Therefore, some of your personal data is transferred internationally. For this reason, we have taken increased due diligence measures, such as data minimization, anonymization, and encryption techniques, as well as signing strict standard contractual clauses. 

The Company has taken all necessary measures so that its staff and associates are specifically authorized for these purposes and are fully bound by the confidentiality and obligations provided by law regarding the collection and further processing of your above data.

How does the company protect your data?

Our Company has taken all appropriate organizational and technical measures, in accordance with the technological standards and applicable laws and regulations, to ensure that the processing of personal data, either by the Company or by third parties on its behalf, is lawful, proportional and has the appropriate level of security so as to prevent any unauthorized or accidental access, processing, deletion, alteration or other use of such data.

For how long will the personal data be kept?

The personal data processed by the Company shall be kept for the period necessary to fulfil the purpose of the processing. At the end of this period, the data will be deleted, unless otherwise is required by the law or for the establishment, exercise, or support of legal claims of the Company. 

More specifically:

- Where the processing of your personal data is based on the performance of the contract between us, your personal data is stored for as long as necessary for the performance of the contract and the provision of the services we have undertaken towards you or for as long as required by law for the establishment, exercise, and/or support of our legal claims based on the contract.

- The data collected through the newsletter subscription is retained until you withdraw your consent, while account and user profile data is retained for as long as the account remains active.

- Where the processing is mandatory under the applicable law, your personal data will be stored for the period provided for by the relevant laws applicable in each case.

Your rights

In any case, we would like to inform you that according to the applicable legislation, you have and can exercise the following rights:

• the right to access your personal data, as well as information related to the processing,
• the right to correct inaccurate and complete any incomplete data,
• the right to erasure ('right to be forgotten'),
• the right to restrict the processing of your data in the cases expressly provided for by law,
• the right to the portability of the data, in a structured, commonly used and machine-readable format (e.g., USB), to you or to another data controller,
• the right to object to processing based on the legitimate interests of the Company,
• the right not to be subject to processing based solely on automated means and to request human intervention to challenge any decisions taken,
• the right to withdraw any consent immediately and freely. 

You can exercise these rights communicating a relevant written request with our Company, to which we undertake to respond within one (1) month of receipt. This deadline may be extended for two (2) additional months taking into account the complexity of your request and the number of requests received in general.

Contact details

For any questions or requests regarding the protection of your personal data, you can contact the Data Protection Officer via e-mail; personaldata@lamdadev.com.

Right of Complaint 

In case you believe that we have not satisfied your request and the protection of your personal data is compromised in any way, you may lodge a complaint via a dedicated portal in the Hellenic Data Protection Authority website (Athens, 1-3 Kifissias Avenue, PC 115 23 | tel: +30 210 6475600). Detailed instructions for filing a complaint can be found on the Authority's website.

What happens to third-party websites?

The Website provides access to third party websites through links. These links have been placed solely for the convenience of the Website Users, while the websites to which they refer are subject to the respective terms of use and privacy notices. The placement of links is not an indication of approval or acceptance of the content of the respective websites by the administrator of the Website, who bears no responsibility for their content nor for the privacy practices or accuracy of the materials contained therein. The Company has no control over the websites owned by third parties or their content, which are accessed through this website or made available on it and, therefore, the Company does not support, finance, advise or otherwise accept any responsibility for these websites or their content. . If the User decides to use, through the links of the Website, any of the third party websites, he/she accepts that he/she does so at his/her own risk.