Terms & Conditions

Ι. GENERAL
1. Respect for your privacy and the management, protection and security of your personal data are a priority for Mastercard Europe Greece Single Member SA ("Mastercard," "the"Company ","us ","we ", ‘’ours’’). This Privacy Policy ("Privacy Policy") informs you, as visitors to the website www.aroundthetable.gr ("Website"), or in any other capacity using the services offered on the Website or participating in promotional or other activities by the Company regarding its services, or using social media channels of the Website and the Around the Table event or otherwise, ("you").:

  • of the types of data it collects or produces for you and,
  • of the purpose of collecting and processing your data and,
  • about how these data are processed and,
  • about their recipients and the purpose for which they are processed,
  • about your rights and choices on your personal data and,
  • about how to contact us concerning any matter you may be concerned about in relation to your personal data.
2. CHANGES IN PRIVACY POLICY 
We may modify or replace all or / or part of this Policy at our sole discretion. Ιf there are substantial changes to this Policy or our practices regarding your data change in the future, we will notify you by publishing the changes to our Website. However, if you wish any clarification or information regarding the changes, or you wish to raise a dispute, a reservation or a question about such changes, you may contact us through e-mail at events@toposophy.com . Please note that any information/clarification provided to you in connection with any changes to this Policy does not constitute a replacement, substitution or modification of this Policy. In any case, we recommend that you review this Privacy Policy from time to time, taking advantage of the ability to always find it as a permanent information point on our Website.

3. If you continue to navigate on our Website, or to use our Services and/or to make purchases through our Sale Platform of the Services, this means that you automatically and unreservedly accept the modified terms of this policy. If you do not agree with this Policy or the modifications, you must not take any action or make any use of the Website or purchase, and you must not provide any personal data. However, you are entitled to ask for your data to be deleted. In any case, for any information or clarification, you may contact us while retaining your rights with respect to your personal data as outlined and described in Section V below.

ΙΙ. PERSONAL DATA CONTROLLER & CONTACT
1. The Data Controller of your personal data is the company with the name "Mastercard Europe Greece SINGLE Member SA ," on behalf of "Mastercard Europe SA," headquartered in Belgium (Chaussée de Tervuren 198A, B1410 Waterloo). The collection of personal data is carried out during the "Around the Table" event within the framework of the Priceless program, as described on the website ("Event"), by the Company providing the services specified on the website and which the Company has entrusted to third-party partners ("Mastercard Providers") who act as data processors while providing the respective services on behalf of Mastercard. Specifically, the Mastercard Providers are the participating restaurants in the Event ("Restaurants"), the private capital company with the name "Dine & Taste Restaurant Marketing & Food Festivals IKE" (Dine & Taste), which is responsible for managing the Event, and the e-table.gr booking platform ("Booking Platform") through which reservations are made at the Restaurants.

2. You may contact us using the contact details of the Event, email: events@toposophy.com or phone: +30 2160042200, to submit your comments, inquiries, observations, or any complaints related to this Policy and the general collection and processing of your personal data. You have the right to file any complaints regarding personal data protection issues that may arise from the processing of your data by the Company to the Hellenic Data Protection Authority, which is the supervisory authority in our country. You can find relevant details at the following link: www.dpa.gr. However, we consider it our obligation and duty to address any concerns you may have regarding your personal data that we process, so please feel free to get in touch with us.

ΙΙΙ. DATA COLLECTION AND PROCESSING
Personal data or information of a personal nature refers to any information concerning an identified or identifiable natural person ("data subject"), where an identifiable natural person is one whose identity can be ascertained, directly or indirectly. These data do not include anonymous information.

1.What types of data we collect for you

During your navigation of the Around the Table website or its social media platforms, your restaurant reservations, and the provision of services on the website, interaction on social media (e.g., comments, likes, etc.), or otherwise, we collect various types of personal data about you, either directly from you or from third parties, or data that we collect or generate by ourselves (including automated means).

Indicatively, we collect the following personal data:
i. Identity Data: (name and surname) that you provide when making a reservation for the Event's services through the website and the reservation platform.
ii. Contact Data: (landline or mobile phone, email address) that you provide when making a reservation for participation in the Event through the website and the reservation platform or as part of receiving commercial communications from our company.
iii. Financial Data: (Mastercard card details) that you provide when making a reservation electronically through the website and the reservation platform. Specifically, we collect the first digits of your Mastercard card to confirm that you are a legitimate user of the website's services. The completion of these digits does not identify your full card details in any case, and neither the website nor any Mastercard Provider, in any case, knows, handles, or stores your card information.<
iv. Data from Social Media (e.g., Facebook, Instagram, Viber, Twitter): If you access or connect to a service of the Website via a social media service or link a Website service to a social media service, the data we collect may also include your user ID and/or the username associated with that social media service, information or content you have allowed the social media service to share with us, as well as your profile picture, email address, or your friends' lists, as well as personal data you have publicly disclosed in connection with that specific social media service. When you access Website services through social media services or when you link a Website service with social media services, you authorize the Company to collect, store, and use such personal data and content in accordance with this Privacy Policy.
v. Public Data and Posts consisting, for example, of comments or content you post in Website services but also in message boards, discussion groups, blogs, and other public user forums. Your personal data accompanying such content, which may include a pseudonym, username, comments, likes, status, profile information, and photograph, becomes public information. Public information and posts are always public, meaning they are available to everyone and may appear in search results on external search engines.
vi. Activity Data and Other Data We May Collect Automatically. When you access and interact with the Website's services, we may automatically collect specific information about these visits (log-in information, device information, network information, usage information, etc.).

For example:

  • Login Information: We record information regarding your use of the Services, including your Internet Protocol (IP) address, the type of browser you use, frequency of access, pages viewed, number of clicks, and the page you visited before navigating to our Services.
  • Device Information: We collect information about the electronic computer or mobile device you use to access our Services, including hardware model, operating system, version, unique device identifiers, and mobile network information.
  • Network Information: We may gather details about your network, such as information related to devices, nodes, settings, connection speeds, and network and application performance.
  • Usage Information: We can collect data about the usage of our Services and certain tools, such as which pages on the Website you have visited, how frequently tools are used, duration and quality of usage, test data, task configuration data, and central data.

vii. Data Collected by Cookies and Other Tracking Technologies. We may also collect cookies and other tracking technologies (such as browser cookies, pixels, beacons) to enhance your experience, allowing us to personalize our content based on your interests. These technologies can be utilized to gather and store activity data related to your use of the Website's services, such as the pages you have visited, the videos and other content you have viewed, the search queries you have submitted, and the advertisements you have encountered. For more information, please refer to our Cookie Policy. 

2. How do we collect your Personal Data

2.1. We collect directly by you the following personal information:

  • During the submission of your reservation through a service of the Event via the Sales Platform, which is responsible for processing, you are obliged to provide the first digits of your card to confirm that you are a Mastercard cardholder, your full name, your email, and your contact phone number. Our website, under no circumstances, is aware of, handles, or stores these details of your card.
  • In your communication with us through the social media channels of the Event (Facebook, Instagram, etc.) and the customer service department, you provide us with your personal information, such as identification data, contact details, or reservations.

2.2. We collect with autoautomatic means the abovementioned data and information about you (Section III. 1, cases vi-vii):

  • Information Collected by Cookies and Other Tracking Technologies
  • Activity data and other data we can collect automatically.
2.3. We collect from third parties the following data and information about you:
  • Data from Social Media (III. 1 case iv.)
  • Your personal data may be shared with us by independent third parties when there is a legal basis for processing, and they have the relevant right to do so. In such cases, you are obligated to be informed about the processing of your personal data by the respective Data Protection Statement of these third parties. These organizations may include social media platforms.
  • Public Data and Publications (III. 1 case v)
2.4 Personal Data from Individuals Under 16
We do not knowingly collect any information from individuals under the age of 16. Our services are exclusively intended for individuals who are at least 16 years of age or older. If you are under 16 years of age, please do not use or provide any information to us, do not subscribe to our mailing list, do not make any reservations, and do not provide any information about yourself to us, including your name, address, or contact details (phone, email, etc.). If we become aware that we have collected or received personal data from an individual under 16 years of age, we will promptly delete it unless consent has been given by a parent or guardian. If you believe that we may have information from or about an individual under 16 years of age, please contact us.


2.5. Sensitive Personal Data
We do not collect and we kindly request that you do not send or disclose sensitive personal data (such as information regarding racial or ethnic origin, political opinions, religious or other beliefs, health, criminal background, or your involvement in trade unions) through the Website, the Company, the Mastercard Providers, or during the use of the Company's services or by any other means.

3. How do we use your personal information?
The primary reason we collect data related to you is to inform you and provide you with the services of the Website, allowing you to interact with these services and participate in the Event. The use of the services provided by the Website, including the provision of online reservation services of the Website's services through the Reservation Platform, requires ensuring the ability to communicate with you. We are allowed to process your personal data to provide personalized services, in accordance with the law (Article 6(1)(b) of Regulation (EU) 2016/679). We also collect data for the following purposes:

  • To measure, analyze, and enhance the Services and functions of the Website.
  • To provide and deliver the products and services you request through the Mastercard Providers, process reservation information, and send you related information, including confirmations.
  • To enhance your experience through the Company's services (both online and offline) by providing content that may be relevant and interesting.
  • To resolve technical issues related to the Services and send you technical warnings, updates, security notifications, and support messages and processes.
  • To respond to your comments, questions, and requests, and provide customer support services.
  • For the purpose of compliance with applicable laws or legal processes and/or to respond to requests from relevant governmental authorities.
  • To complete a corporate transaction such as a proposed or actual reorganization, merger, sale, joint venture, assignment, transfer, or other disposition of all or part of the Company's business (including any bankruptcy or similar proceedings). For example, if the Company is involved in a merger or transfer of all or a substantial part of its operations, the Company may disclose and transfer your personal data to the parties participating in the transaction as part of that transaction.
  • To personalize and improve the Services and offer advertisements, content, or features that match user profiles or interests.
  • To link or combine with information we receive from third parties for better understanding of your needs and improvement of our services.
  • To satisfy your rights regarding your personal data.
  • For other purposes, we will notify you or specify on a case-by-case basis at the point where information about you is initially collected.
4. ON WHAT LEGAL BASIS do we use your personal data?

The Legal basis on which we make use of your information is either one of the following:

i. Performance of a contract to which you are a party.

Specifically, for communication, either at the pre-booking stage or during your reservation via the Reservation Platform, in order to process your reservation through the Reservation Platform and inform the Restaurant, as well as to notify you of any changes to your reservation, for reservation management issues, and for changes to our terms of use, privacy statement, and other policies adopted by the Company.   

ii. Legitimate Business Interest that Does Not Override Your Interests in Protecting Information

 ● To manage and protect our Company and our website (including troubleshooting, data analysis, testing, system maintenance, support, report generation, and data maintenance).

 ● For the prevention and addressing of cases of fraud and other unlawful activities with the aim of protecting the public and personal safety.

 ● To provide you with services that are useful, user-friendly, and enjoyable, including personalized communication with you according to your preferences and stated desires, and to offer products that interest you and are to your benefit based on your preferences.

 ● To better understand our user base to develop and improve our products and services and to tailor the content of the website to your needs and preferences.

 ● To measure the effectiveness of presenting and promoting the Event on third-party websites.

 ● To measure the effectiveness of presenting and promoting the Event on third-party websites.

 ● For market research, evaluation, and analysis of your opinion about our services and our commercial policy, reputation, recognition of our commercial brands, and other distinguishing characteristics.

 ● To use data analysis tools to improve the website, products/services, and our relationships with users.

iii. Compliance with Legal Obligations to Which We Are Bound

As part of its operations, the Company is obligated to process your personal data for the purpose of complying with legal obligations arising from the law.

iv. In the absence of any of the above, your consent.

In particular:

Purpose of Processing Data we process for this purpose Legitimate Processing Basis

Download, Management, and Execution of Your Reservation for the Event through the Website and Sales Platform:

 ● Submission of a reservation by the participant in the Event.

 ● Registration of the reservation.

 ● Confirmation of the reservation to the Event participant.

 ● Communication with participants for updates and reservation-related notifications.

 ● Activation of mechanisms to prevent fraud, whether against you or us.



Pre-Sale or After-Sales Customer Service and Handling including:

 ● Communication from the participant through the communication channels of the Event (conventional means, email, or call center, or through multimedia communication channels such as Social Media).

 ● Communication from the Company upon the participant's request using the provided contact information.

 ● General servicing of the participant regarding matters related to the company, reservation platform, products, services, reservations, social media channels of the Event

 ● Complaints or clarifications.

 ● Exercising of rights.

 ● In general, the management and optimization of the user's experience and servicing on the Website.


Advertising & Marketing

 ● Investigating customer satisfaction with Event’s products and services.

Business analyzes and improvements for:

 ● Uninterrupted operation of Website

 ● Technical excellence and security of transactions.

 ● Technical issues

 ● Drafting reports and keeping data

Statistical analysis to evaluate and improve Website Services and procedures that includes:

 ● Evaluation and improvement of business processes

 ● Better responsiveness and Website management.

 ● Research and/or analysis to better understand the needs of Website users

 ● Research and evaluation to improve existing products and/or services and develop new ones

 ● Evaluation for the creation of new programs, promotions etc.

 ● Adoption of new commercial and business models, programs and collaborations

 ● Promotion of our Company, our products and our services.

 ● Distribution and marketing of our products to other countries.

 ● Disposal and marketing of new products and services.

 ● Advertising and promotion of our Company.

 ● Improvement of your experiences

 ● Delivery of related content

 ● Quality surveys

 ● Statistical analyzes

Α) Identity Data 

 ● First name

 ● Last name


Β) Communication Data,

 ● Mobile phone

 ● e-mail

 In case the call is recorded, you will be notified beforehand by a relevant audio message

 
C) Financial Data:
Card details that cannot identify the card and are not collected by the Website.

Processing for this purpose includes

(A) the absolutely necessary details you give us when submitting your request, that is

 ● Identity Data

 ● Communication Data

 ● Reservation Data

 ● Information that you provide to us related to your request


(B) data that we develop for you.

In case the call is recorded, you will be notified beforehand by a relevant audio message


For the purpose of advertising & marketing, the company may process:

Identity Data

Communication Data

Reservation Data

Cookies

and/or any combination of the above.

The information we process for this purpose is a combination of information that you provide to us (for example, account details, data we receive through cookies and similar technologies.

All the data we collect in the context of the previous processing purposes (Reservations, Cookies,, Campaign Efficiency, etc.) as aggregated and statistical data only, taking all the necessary safeguards not to reveal the identity of the subjects. Moreover, data collected from the corresponding cookies that perform such processing will also be used.
The legal basis for treatment of your personal data is:

(a) performance of the contractual obligations   

(b) compliance with its legal obligations.

(c) legitimate interest

(d) consent ιn cases of data provided by you on a voluntarily basis.

The legal basis for treatment of your personal data is:

(a) compliance with the Company's legal obligation to adopt pre/post-sale customer service tools/means to respond to your queries related to the exercise of your rights.

(b) the legitimate interest of the company to respond to your requests through various communication channels, optimize customer service and management, and provide our customers with the ability to communicate with them and address any of their issues in the best possible way based on their needs and always to the benefit of the subject and which is reasonably expected by the subjects.

Any user may opt-out at any time by accessing his/her personal information for that purpose, such as for the data kept in the relevant purchase file, by stating so to the customer service staff or otherwise or by contacting the Company by any means for any of the above.

(c) performance of a contract if you contact us specifically to raise any issues related to your order

(d) customer's consent to receive communication from the Company for this purpose when they ask the Company to contact them.

The legal basis for treatment of your personal data is:

(a) a legitimate interest of the Company in processing the data of its users, provided to us in the context of reservations for the services of the Event, for the purpose of direct commercial communication regarding related products or purposes

(b) Consent in cases where you voluntarily provide us with your data, authorizing us to send you updates when accepting both the respective Cookies and email correspondence.


The legal basis for treatment of your personal data is:

(a) compliance with a legal obligation for information security and confidentiality

(b) a legitimate interest for network security and to prevent fraud and unauthorized access to data, for our business continuity, upgrading our systems and partners, developing our business and managing and optimizing our technical systems, our commercial processes, operations that override the rights and freedoms of subjects that they reasonably expect that such processing may be performed for this purpose.

The legal basis for this treatment is the Company’s legitimate interests

(a) for the further processing of aggregated data for the purpose of statistical analysis to improve its products and services, taking all the necessary safeguards to collect and process data that do not identify a particular subject and do not affect the rights and freedoms of the data subjects.

(b) to market our products, analyze the usability and functionality of the Website, to verify our customers’ satisfaction, to identify our customers’ preferences for our products, to improve our business performance, to improve our partnerships, always with respect for your rights, freedoms and interests concerning your personal data.


5. WHO are NOTIFIED of your personal data

5.1. The Company may disclose your personal data for the purposes of Section III.2 in the following categories:

i. In the context of the operation of our Website , the provision of Services and your best service, our Company reserves the right to cooperate with third-party service providers that provide us with support and access only to your data that are absolutely needed in order to provide their services to us . Indicatively, the Company cooperates with :

● The Mastercard Providers, as outlined above in Section I, who have access to your personal data, specifically:

➢Dine & Taste Company: Acting as a subcontractor for the Company, processing data on its behalf for the organization and promotion of the Event, the management of the Website, and the provision of support and communication services to users of the Website and participants.

➢Sales Platform: Acting as a processor by order and on behalf of our Company, for reservation services for the Event, communication with Restaurants, and providing support services to users and participants regarding their reservations and participating Restaurants.

➢Third-party company, which, as an executor of data processing by order and on behalf of our Company, hosts and manages our Website.

● Advertising and marketing companies.

● Data analysis and research companies.

● Information system supply and support companies.

● Accountants and lawyers.

ii. To affiliated companies in their capacity as data controllers or data processors.

iii. To competent authorities for compliance with applicable laws.

iv. To our partners, affiliated companies, and their subsidiaries, distributors, resellers, partner channels, and/or assignees, where necessary, to provide the requested Services or support our promotional activities or as permitted by applicable law.

v. In courts, judicial authorities, and other government bodies if required by law or legal procedures or if we believe that disclosure is necessary or appropriate to prevent physical harm or financial loss or in connection with the investigation of suspected or actual unlawful activities.

vi. If you have agreed to receive direct marketing from us and our affiliated companies, we may also share your data for this purpose.

vii. To a third party to whom we reserve the right to transfer all or part of our business.

5.2. Links to Other Websites

Our Services may provide links to other websites and services for your convenience and information. These other websites and services may operate independently of us. The websites we link to may have their own privacy policy and terms of use, which we encourage you to read if you visit any website or service via a link. As long as the websites or services you visit through a link are not related to our Services, we are not responsible for them.

6. TRANSMISSION OF YOUR PERSONAL DATA TO THIRD COUNTRIES

The Company generally maintains your personal data within the European Economic Area. In the event that data are to be transmitted to third countries outside the European Economic Area for which there is no European Commission decision or to International Organizations, all the appropriate safeguards provided for in the applicable data protection legislation on the transfers to third countries will be taken.

IV. PROTECTION AND MANAGEMENT OF YOUR PERSONAL DDATA

1. For the SECURITY of your personal data, our Company takes appropriate technical and organizational measures to protect the personal information we maintain from unauthorized disclosure, use, alteration, or destruction. In each case, we employ encryption and other technologies that can contribute to the protection of the information you provide. We also require our Mastercard Providers and other service providers to comply with strict requirements regarding the protection and security of personal data. The Company, through its respective contractual commitments and partners, takes all necessary security measures to protect and ensure the confidentiality and integrity of personal data. In any case, the security of these data within the platform's environment is subject to reservation due to reasons beyond its sphere of influence, as well as reasons due to technical or other network failures that are not controlled by the Company, or reasons of force majeure or fortuitous events. It is also your responsibility to ensure that the equipment (e.g., personal computer), software, and telecommunications equipment you use are adequately secure and protected from malicious software (e.g., viruses). You should be aware that without sufficient security measures, there is a risk that the data and passwords you use may be disclosed to unauthorized third parties

2. We will retain your reservation data for up to twenty (20) days following the completion of Around the Table. After the expiration of the retention period, the Company will ensure the secure destruction and/or deletion of your data.


V. YOUR RIGHTS

1. With regard to your personal data we collect and process, you have the following rights under European Data Protection Regulation (EU) 2016/679 on personal data protection:

a) Right of access: To request from us access to them to confirm that we are processing them in accordance with the law and / or your own orders and preferences,

b) Right of correction: you may inform us of any changes to your personal information or you may ask us to correct any of the personal information we hold about you.

c) Right to delete or restrict processing: in some cases, you may ask us to delete or restrict the processing of personal information we collect about you or to oppose (the right to oppose) in certain ways in which we use your personal data, provided that Of course the law does not oblige us to the contrary.

d) Data portability: in some cases, you may also ask us to send the personal data you provided to a third party.

e) Where we use your personal data in accordance with your consent, you have the right to revoke this consent at any time without prejudice to applicable law.

2. If you wish to exercise any of your rights or if you have any complaints, please contact us using the contact details provided in Section II. In the case of submitting a request to exercise your rights, the Company will respond to your request within one (1) month from the date of submission. This deadline may be extended by an additional two (2) months following your prior notification, taking into account the complexity of the request and the number of pending requests.

If you wish to exercise any of your rights, you can contact us at any time using the contact details mentioned in Section II.2. The data subject should include in their request their name, email address, the nature, and the date of the request. The data subject must be notified by the Company of the receipt of their request within 72 hours of the request's submission. Once the Company receives a request from an individual to exercise their Data Protection Rights, the Company shall, without undue delay and no later than 72 hours from the time it was informed of this, appoint an individual from the Company to oversee the Processing of Personal Data. If additional information is needed, the Company will communicate with the data subject. The Company must: (a) ensure that the subject matter of the request for the exercise of rights is sufficiently clear. If it is not clear, the individual responding from the Company must contact the requesting party to request further information, and (b) verify the identity of the requesting party. This must include both proof of identity and proof of address

Once the Company receives any additional information required for the subject matter of the request and the appropriate identity verification documents from the data subject, the Company acknowledges the proper receipt of the request for the exercise of rights through communication with the data subject. Subsequently, the Company must confirm whether the request for the exercise of rights is valid. If the request for the exercise of rights is not valid, the Company must communicate with the data subject and explain the reasons for the invalidity of the request. However, if the request for the exercise of rights is valid, the Company must take appropriate action and respond to the request for the exercise of rights. All requests for the exercise of rights will be completed within one calendar month from the receipt of the request for the exercise of rights.

In some cases, the examination, investigation, and resolution of a request for the exercise of rights may require third parties (e.g., Mastercard Providers and other third parties with whom the Company shares personal data) to take certain actions, such as modifying their records in response to a request for correction of personal information or deleting personal information they hold in response to a deletion request. Therefore, in this case, the Company communicates with all third parties that have personal data related to the data subject and asks them to take all necessary actions and ultimately confirm to the Company that they have done so. Copies of all correspondence and other materials received by the Company in relation to any request for the exercise of rights will be retained in the Company's records for 2 years.

If you believe that your rights are in any way infringed, you can also file a complaint with the local Supervisory Authority:

Hellenic Data Protection Authority (www.dpa.gr).
Postal address: 1-3, Kifissias Avenue, PC 115 23, Athens
Call Center: +30 210 6475600
Fax: +30 210 6475628 E-mail: contact@dpa.gr