Privacy Statement and Personal Data Protection Policy

The following Privacy Statement outlines the framework for the collection, use, processing, and retention of personal data by [Business Name] (hereinafter referred to as the “Data Protection Officer”) in connection with your access to the website “picxora.com,” in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR), as well as with the applicable national and European legislation.

Data Protection Officer

The personal data collected is controlled and processed by the Data Protection Officer, Picxora, resident of Leonida 32 Sukies Thessaloniki Greece, VAT No.: 136249120, email: info@picxora.com , and phone number: +30 6973860098.

Scope of This Statement

This Privacy Statement applies to:

• All users of the website “picxora.com” and any application available therein.

• Representatives of our clients, partners, and suppliers.

• All contractual clients, partners, and users of our services in general.

The hereby Privacy Statement describes the type of personal data or personal information that we collect, the manner in which we use this information, the manner in which we process and protect the information that we collect, the duration of info storage, who we share the info with, who we transfer the data to, the rights which the data subjects may exercise as far as the use of their personal data is concerned. We also describe how we may be contacted regarding your personal data protection practices and how your rights may be exercised.

Privacy Statement

1. The types of personal data we collect

2. How we use that data

3. How we process and protect the data

4. How long we retain the data

5. Who we may share the data with and to whom we may transfer the data

6. The rights of data subjects under the GDPR

7. Privacy Statement updates

8. How you can contact us

1. Personal Data We Collect

We collect personal data in the course of communication and interaction with users of our website and our clients/partners/suppliers through various channels: website forms, social media, telephone, SMS, and email. We can collect part of personal data in accordance with the nature of our affiliation with the counter – party.

This may include (but is not limited to):

• Contact details (e.g., full name, address, e-mail, personal phone number).

• Information regarding third parties we are asked to contact on your behalf (the DPO assuming that their consent has already been confirmed).

• Information via the “Contact” form or via our newsletter signup.

• Technical data and use data, such as the IP address of computers / smart gadgets that have access to the website, any website requests and references, browser types, access time and date, analytics, logs.

If you are a contractual client, we may also collect the following personal data types in the course of our services:

• Date of birth,

• gender,

• nationality,

• marital status,

• Bank account information,

• Business/employment history,

• education, professional skills,

• language abilities and other personal skills,

• Tax and financial data about you or your company,

• Study and research results, and history notes regarding your use of social media,

• Social media content, contacts, analytics, and account information.

Our Company, solely in exception and only by explicit written consent beforehand, may process our clients’ biometric data, for specific AI – powered digital marketing services, such as:

• Creation of personalized AI promo videos.

• Face or voice simulations for a multi – faceted content.

• AI technology applications, such as deepfake / voice clone / AI avatars, via process apps, i.e. ……………

Biometric data include, for instance, voice, face, facial expressions, body movements, and general body characteristics which can be used for identification or personification purposes.

In fulfilment of terms of security imposed by the law, and aiming towards our clients’ securitization, such biometric data is kept and stored in encrypted environments, is not shared with third parties unless required for service delivery, and the client has provided their explicit written consent, it is retained for a strictly marginalized time frame, necessary for the delivery of the specific service agreed upon. Biometric data is not used for any automated decision making or any profile creation.

Such data processing is solely based on the person’ s consent (GDPR Article 9 par. 2a), which is required firmly and in writing, before any collection, use and processing of such data. This consent may be revoked by the client in any given time, and the legitimacy of any process based on the consent before revocation is not put into question.

2. How We Use the Data We Collect

Data are collected and used by the DPO for the following purposes, in accordance with the standing legislation:

• For communication and management of our Company’ s relations with the website users, prospective clients, contractual clients, associates and suppliers.

• For the fulfilment of our contractual obligations regarding the delivery of our services, our affiliations, and staff hiring (as far as contracts for project delivery, affiliation, supply, jobs).

• For payment processing regarding the delivery of our Company and affiliates’ services.

• The delivery of targeted advert material, updates and notifications regarding our available services, and other notifications regarding the functioning of our Company, and the content of our available services.

• When permitted by legislation, for contact purposes and for the management of participation in special events, promotional actions, programs, offers, research, contests, and market research.

• Q & A’s, and applications of data subjects.

• Our Company’ s function, evaluation and improvement (including development, enhancement, analysis, and improvement of our services, our communication management, data analysis and realization of logistical, fiscal and other internal functions).

• Alignment with, and enforcement of, the applicable legislative requirements, the relevant market archetypes, contractual obligations and our policies.

• Use of otherwise collected data, for which a special notification is provided during, or before, collection.

The DPO may process personal data for legitimate business interests including some, or all, of the folllowing:

• Anywhere applicable, to improve, modify, adapt, or otherwise enhance our services and communications in accordance with our clients and affiliates’ interests.

• Fraud detection and prevention.

• Improvement of network security and our informatics systems.

• Better understanding of the ways in which people interact with our website and improvement of the navigation experience and use of its apps.

• Direct marketing purposes.

• Communication via e-mail.

• Assessing promotional and advertising effectiveness.

Any time that your personal data is subjected to processing for such purposes, we guarantee the safety of your rights in the utmost manner. If you wish, you can express your dissent to such a process, by submitting a relevant application to the DPO, whose contact information is available at the “Contact us” form of our website. Please bear in mind that, by exercising such a right, we may find a difficulty providing our full services to you, or the quality of the present website’ s available services may be affected.

3. How we process and protect personal data

We process the personal data we collect, for the purposes listed above and for a specific amount of time, in order to ensure that such data will not be retained for a greater amount of time than necessarily needed for the purpose for which they are collected in the first place.

As a Company, we maintain administrative, technical and natural assurances, aiming at the protection of personal data you provide us with inadvertently, illegally or by unauthorized destruction, loss, tampering with, access, disclosure, or use. In order for us to satisfactorily ensure the safety and confidentiality of your personal data, we apply the following security measures:

• Data encryption during transfer

• Strong user IP control

• Enhanced network infrastructure

• Network monitoring applications

4. How long we store the collected information and data

Your personal data is retained by our Company for a singular time frame, in order to fulfil, each time, the purposes described in the present Privacy Statement, complying with the current legislation as far as the manner of data retention is concerned. Bearing in mind any reservation applicable by the current legislation, we retain your personal data in order to fulfil our company obligations and obligations of compliance (i.e. compliance with our fiscal and logistical obligations).

Personal data collected by us, are stored into our storage systems, in a manner which permits the identification of the person to which they are referred, for as long as strictly necessary, in the purpose framework for which the data were collected, except in case it is necessary for such data to be subjected to further processing, in case the Company has to fulfil a possible legal or / and contractual obligation.

The time framework is singularly based on:

• The need for storing collected personal data, in order for us to be able to serve our website’s users.

• The need for ensuring our DPO’ s legal interest, as described in «Purposes» above.

• The content of our contractual obligations towards our clients when delivering our services, which renders data processing and storage necessary for an allotted time framework.

• Specific legal obligations and bonds.

When you fill in the contact form at the «Contact us» section of our website, or you submit in any other manner your personal data, such data are stored for up to ten (10) days in our Company’ s database. In case you co-operate with our Company as a client, affiliate or supplier, the storage duration is defined in specifically prepared contracts and agreements, based on the above criteria. Any information not definitive of your person, may be stored indefinitely. After the allotted storage time has passed, the personal data is completely deleted from our Company’ s storage database, or is anonymized by the DPO.

Regarding specifically our newsletter contact list, your personal data is retained until you unsubscribe from the list, via a special link included in the newsletter structure, or in the manner described in this Policy, via the “Contact us” section of our website.

5. Information we share

We do not spread or / and divulge the personal data we collect for you, except in cases described in the present Privacy Statement. We may, as an exception for very specific cases, and informing you beforehand, share personal data with suppliers or affiliates who deliver their services on our behalf, per our instructions. In no case whatsoever, we provide any kind of authorization, to such suppliers or affiliates, for the use or disclosure of information and personal data, unless such a use or disclosure is deemed necessary for service delivery on our behalf, or for compliance with specific legal obligations.

Furthermore, we are obligated to disclose any personal data of yours, in case we are legitimately required to do so, under the standing legislation or under any ongoing legal procedure concerning you, to any Authority or government officials. We may also be obligated to personal data disclosure when such an action would be essential or suitable for prevention of physical harm, or economic loss, fraud, or any other illegal activity, suspected or ongoing. We reserve, also, the right to transfer personal data in case we sell or transfer our whole enterprise or part of it, or any estate (including rebranding, dissolution or closeout.

6. Your rights as data subjects

A data subject may exercise, in accordance with GDPR Articles 15 to 22, the following special rights:

• Right to access: the data subject reserves the right to access their personal data, in order to confirm that they have been processed according to the standing legislation.

• Right to correction: the data subject reserves the right to require the correction of any inaccurate or missing data referring to their person, so the accuracy of this information may be ensured and adapted to data processing.

• Right to deletion: the data subject reserves the right to require that the DPO delete information concerning their person, and no more process such data.

• Right to process limitation: the data subject reserves the right to require that the DPO limit processing of their data.

• Right to data mobility: the data subject reserves the right to require the mobility of data, a.k.a. the data subject can receive the initially provided data in a structured and often-used form, or the data subject can require that the data be transferred to another DPO.

• Right to objection: the data subject, who has provided the DPO with their personal data, reserves the right to object to data process for a variety of reasons, as stated in the GDPR, without being obliged to justify their decision.

• Right to not be subjected to an automated personal decision-making: the data subject reserves the right to not be subjected to a decision based solely on an automated process, including modification, if such a characterization produces any legal consequences for, or affects, the data person.

• Right to submit a complaint to a monitoring authority: Every data subject reserves the right to submit a complaint to a monitoring authority, especially to the EU Member State of their permanent residence, their workplace or the location of the alleged access, if the data subject believes that the personal data process regarding their person, violates the GDPR.

Every time that the process is based on consent, according to GDPR Article 7, the data subject may anytime withdraw their consent. In such case that we may need to process your date for legal reasons, a notification in writing will be provided by our Company to you beforehand. In such a case, we will be limiting the data process only to what is necessary in order to meet these special requirements.

If you realize that any data we process is inaccurate or missing, we urge you to contact us, in order for us to be able to take any measures necessary to check their accuracy and to make corrections or additions, where essential.

If you need more information about the processing of your personal data, you can visit the “Contact us” field of our website, so you may contact the DPO straight away.

7. Privacy Statement Updates

The present Privacy Statement (as all policies and statements included in this website) may be updated and modified every so often, in order to align with any change in privacy policies according to national and international legislation. For any modification that takes place, we will let you know, by uploading, on our website “picxora.com”, a clear notification with the modification / addition content, or we will be including this content in our newsletter, in case you are a contractual client or an affiliate of our Company or you have subscribed in our website.

8. How to contact us

If you have any queries or commentary about the present Privacy Statement, or if you wish to exercise any of your rights, please contact the DPO in the following:

Picxora Info Desk

Phone:+30 6973860098

E-mail: info@picxora.com