Effective Date: 06.03.2018
Vrahimis & Associates LLC (“we” and ”us”) also known as “R. Vrahimis & Associates” is committed to protecting your privacy.
The information we collect and how we use it
When you use the Website you may provide us with, and we may collect from you, information that relates to you, including your personal information.
You may provide us with your information in a number of ways, including:
- completing forms on the Website (such as “Contact Us” forms);
- corresponding with us by e-mail, phone or otherwise;
- subscribing to email updates, newsletters or other subscriptions and features made available on the Website from time to time;
- reporting a problem or requesting support for the Website;
- communicating with us through third party social media websites or applications (e.g. Twitter, Facebook, Instagram); and
- participating in our promotions and surveys on the Website.
The information you give us may include your name, postal address, e-mail address, telephone number, your credit or debit card number and expiry date, date of birth, social media account details (such as Facebook and Twitter), and any other information you provide on registration, on placing an order and through other means on the website to the extent reasonably necessary to provide the services that are available through our Website to you by us.
With regard to each of your visits to our Website, we may automatically collect the following information:
- technical information, including IP address, login information, browser type and version, time zone setting, browser plug-in types and versions, operating system, platform, device type, hardware model, MAC address, unique device identifiers and mobile network information;
- information about your visit, including the full URL clickstream to, through and from our Website (including date and time);
- information about your network, such as information about devices, nodes, configurations, connection speeds, and network and application performance and location information from Wi-Fi access points;
- pages you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page.
We process this information for the purpose of:
- dealing with your inquiries and requests;
- providing and personalising our service for you;
- to notify you about changes to our service;
- compiling your profile;
- processing your payment;
- crime prevention and prosecution of offenders;
- as part of our efforts to keep the Website safe and secure;
- maintaining information as a reference tool or general resource (for analytics and research);
- providing appointments/interviews;
- gathering information to form statistical and trend analysis;
- research and analytics on an aggregate and/or anonymous basis ;
- meeting legal, regulatory and compliance requirements;
- providing you with offers and information on products/services that may be of interest to you; and
- carrying out market research campaigns.
We also gather this information and statistics for the purposes of monitoring Website usage and may provide such aggregate information to third parties. These statistics will not include information that can be used to identify you.
We may combine information we receive from other sources with information you give to us and information we collect about you. We may use this combined information for the purposes set out above.
Please be aware that communications over the Internet, such as emails are not secure unless they have been encrypted. Your communications may route through a number of countries before being delivered – this is the nature of the internet. We cannot accept responsibility for any unauthorised access or loss of personal information that is beyond our control.
We believe that we have appropriate policies, rules and technical measures to protect the personal data that we have under our control (having regard to the type and amount of that data) from unauthorised access, improper use or disclosure, unauthorised modification, unlawful destruction or accidental loss.
All of our employees and data processors that have access to, and are associated with, the processing of your personal information are obliged to respect the confidentiality of our visitors’ information.
We ensure that your information will not be disclosed to government institutions or authorities except if required by law or when requested to by regulatory bodies or law enforcement organisations.
To whom will your information be disclosed?
- R. Vrahimis & Associates LLC;
- our employees;
- our affiliates;
- our associates
- our group companies and their employees;
- successors in title to our business;
- third party consultants, contractors or other service providers who may access your personal information when providing services (including but not limited to marketing services and IT support services) to us;
- government bodies and law enforcement agencies and in response to other legal and regulatory requests; and
- auditors or contractors or other advisers auditing, assisting with or advising on any of our business purposes, in any jurisdiction where we operate.
When we share your information with R. Vrahimis & Associates LLC, they will be a data controller of your data and use it for the purposes set out in the section above titled “The information we collect and how we use it”. R. Vrahimis & Associates LLC can be contacted at https://lawyer4travel.com/contact/
Additionally, we may disclose your personal information to third parties:
- in the event that we sell or buy any business or assets, in which case we may disclose your personal information to the prospective seller or buyer of such business or assets;
- if we are acquired by a third party, in which case personal information held will be one of the transferred assets; and
Your rights in relation to your information
You can email to us at any time to obtain a copy of your information and to have any inaccuracies corrected. Where appropriate, you may have your personal information erased, rectified, amended or completed. Please email us via https://lawyer4travel.com/contact/
Please make sure you include your full name and address. We should be grateful if you would also provide brief details of the information of which you would like a copy or which you would like to be corrected (this helps us to more readily locate your data).
We will require proof of your identity before providing you with details of any personal information we may hold about you. We may charge a small fee to cover the administration costs involved in providing you with a copy of your information.
We use the following categories of cookies for our Website:
Strictly Necessary Cookies
These cookies are essential in order to enable you to move around our Websites and use its features. The information collected by these cookies relate to the operation of our Website, for example website scripting language and security tokens to maintain secure areas of our Website.
These cookies collect anonymous information about how you use our Website, for example which pages you visit most often, whether you receive any error messages, and how you arrived at our Website. Information collected by these cookies is used only to improve your use of our Website and never to identify you. These cookies are sometimes placed by third-party providers of web traffic analysis services, such as Google Analytics.
These cookies remember choices you make, for example the country you visit our website from, your language and any changes you have made to text size or other parts of web pages that you can customise, to improve your experience of our Website and to make your visits more tailored and enjoyable. The information these cookies collect may be anonymised and cannot be used to track your browsing activity on other websites.
Targeting or Advertising Cookies
These cookies collect information about your browsing habits in order to make advertising more relevant to you and your interests. They are also used to limit the number of times you see an advert as well as help measure the effectiveness of an advertising campaign. The cookies are usually placed by third party advertising networks. They remember the websites you visit and that information is shared with other parties such as advertisers.
We use Google Analytics. For information on how Google processes and collects your information in regard to this product and how you can opt-out, please see here.
We also use Google AdSense to publish adverts. When you view or click on an advert a cookie will be set to help better provide advertisements that may be of interest to you on this and other websites. You may opt-out of the use of this cookie by visiting Google’s Advertising and Privacy page.
You may disable cookie support on your browser but be aware that by doing so, you will lose certain features that require a cookie to work properly. We may use the information collected by the cookie to provide us with various statistics without identifying any individual.
For more information on managing cookies, please go to www.allaboutcookies.org, or visit www.youronlinechoices.com www.youronlinechoices.eu which has further information about behavioural advertising and online privacy.
In the event the purposes for processing change, then we will contact you as soon as practicable and seek your consent where such notification relates to a new additional purpose for processing.
Owing to the global nature of the Internet infrastructure, the information you provide may be transferred in transit to countries outside the European Economic Area. We also operate globally and so it may be necessary to transfer your personal information to other companies within our group of companies located in countries outside of the EEA. Countries outside of the EEA may not have similar protections in place regarding your data and its use as set out in this policy. However, we have taken the steps outlined above to try and protect the security of your information.
We will keep you up-to-date with details of our products and services, products and services of our affiliates or other related entities and products and services of third parties by email, text/SMS, post]using the information that you have supplied if you gave permission for this when you subscribed. You can change your preferences by contacting us as described below.
Use of your personal information submitted to other websites
We are not responsible for the privacy policies and practices of other websites even if you accessed the third party website using links from our Website. We recommend that you check the policy of each website you visit and contact the owner or operator of such website if you have concerns or questions.
Regulation (EU) 2016/679
We are fully compliant with Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). To achieve this end:
- Consent: Processing of your personal data is based on consent. Therefore, via our controller, we must be able to demonstrate that the data subject (hereinafter “you”) has consented to processing of his or her personal data. For this purpose:
- Withdrawal of consent: You have the right to withdraw your consent to the processing of your personal data at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before your withdrawal. In order to exercise your right to withdraw your consent to the processing of your personal data, you are obliged to inform R. Vrahimis & Associates LLC, 31 Christodoulou Sozou Street, Hermes Building Office 203, 1096, Nicosia, Cyprus Tel. +35722872200, Fax:+35722872202 https://lawyer4travel.com/contact/ of your decision to withdraw from this consent with a clear statement (e.g. with a letter which is going to be sent to us by post, telefax or e-mail), or simply by using the attached specimen of withdrawal of consent to the processing of personal data form, without this being obligatory. You may also complete and submit electronically from our website www.lawyer4travel.com the specimen of withdrawal of consent to the processing of personal data form or any other such clear statement. If you use this capability, we shall transmit without delay a receipt confirmation of your withdrawal of consent to the processing of personal data on a fixed medium (e.g. e-mail).
- Please note that when assessing whether consent is freely given, utmost account shall be taken of whether, inter alia, the performance of our contract/agreement, including the provision of our services, is conditional on consent to the processing of personal data that is not necessary for the performance of that contract.
- Children: All personal data of children shall be treated in the same manner as the personal data of adults. If you are traveling with children under the age of 16 please note that, in relation to the offer of information society services* directly to a child that is below the age of 16 years, personal data processing shall be lawful only if and to the extent that consent is given or authorised by the holder of parental responsibility over the child. Although we do not offer our services directly to children but only via and at the request of their lawful custodians (whether they are actually traveling with their parents, or whether they are traveling with teachers, relatives, or other adult traveling companions), we assume that the personal data of the children traveling with you are given to us by full and unequivocal consent of all lawful custodians (e.g. both their parents) and you expressly agree that by providing us with the a child’s’ personal data, you have obtained or you give such consent as appropriate. If for any reason we become aware that we have received personal data of children traveling with you that have been given to us without their lawful custodians’ consent we shall immediately notify the appropriate authorities and, where applicable, the lawful custodians of the children concerned.
- Principles of Processing: The data subject’s (hereinafter “your”) personal dataǂ shall be:
- Collected only for specified, explicit and legitimate purposes i.e. only for the purposes of providing coverage for legal services to you according to the retainer package you have purchased, and shall not be further processed in a manner that is incompatible with this purpose.
- Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed. We shall only collect:
- Your name in conjunction with your date of birth so that we can identify you.
- Your home address including your country, your telephone number and your e-mail address, for further identification but also so that we can contact you for the purposes of our agreement.
- Your arrival and departure dates in Cyprus so that we know when we can expect you in Cyprus, activate your particular package and organise our work.
- Confirmation of your payment by your provider to ensure payment of our bills. Please note that this information is given to us by your credit card provider and we do not collect or process any of your credit or billing information other than to note that you have paid us and for what package.
In addition to the information mentioned herein above, your personal data shall be given a unique identifier code which you shall be using to contact us and against which your personal data shall be stored.No other personal information shall be collected by us unless you wish to communicate with us through third party social media websites or applications (e.g. Twitter, Facebook, Instagram) or participate in our promotions and surveys on the Website, in which case your information shall be kept in a separate list for as long as necessary to perform only those purposes whereupon you shall get another notification regarding the processing of your personal data.
- Accurate (as far as we are able to know because you are the source of that information and you are solely responsible to provide it accurately to us) and, where necessary, kept up to date. We shall take every reasonable step to ensure that any personal data given by you to us are inaccurate, and having regard to the purposes for which they are processed, that they are erased or rectified without delay. To achieve this purpose you are obliged to notify us as soon as possible for any such inaccuracies. If you provide information that is not accurate, current or complete, or if we have reason to believe that the information you have provided us is not accurate, current or complete, we have the right to prohibit you from any and all future use of our services.
- Kept in electronic form which permits your identification for no longer than is necessary for the purposes for which the personal data are processed.
- Your personal data shall be erased automatically:
- At the end of each month following the month of your declared departure date from Cyprus or the expiry date of your cancellation period (whichever comes last) unless:
- By that time two months have not elapsed from your confirmation of payment information and in such case your personal data shall be kept for a longer period until credit card cancellation rights expire and be erased automatically at the end of that month, or
- Albeit unlikely, if asked to do so, for whatever other reasonable time the Cypriot VAT and Tax authorities or Police, or other competent authority require.
- We shall not store your personal data for longer periods but we may, for statistical purposes, retain and process “number of clients” “country of origin” and “dates of travel” details, which shall not be connected in any direct or indirect manner to you and shall not include information that can be used to identify you.
- Processed in a manner that ensures security of the personal data from hacking (by using an internet firewall) and from unauthorised access by using password access to the database), including protection against unauthorised or unlawful processing (by allowing our employees password-protected limited access to your information on a “need to know basis”) and against accidental loss, destruction or damage (by appropriate backups).
- Data subject’s rights: The data subject (hereinafter “you”) has the following rights:
- Transparency of information: You have the right to know what information is collected from you, who may use it and why. Please see paragraph 4.1 below for more details.
- Access: You have the right to obtain from the controller confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data and the following information:
- The purposes of the processing.
- The categories of personal data concerned.
- The recipients or categories of recipient to whom the personal data have been or will be disclosed.
- Where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
- The existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning you or to object to such processing.
- The right to lodge a complaint with a supervisory authority.
- Where the personal data are not collected from you, any available information as to their source.
- The existence of automated decision-making, including profiling and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you.
- Rectification: You have the right to obtain without undue delay from the controller the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
- Erasure (“right to be forgotten”): You have the right to obtain from the controller the erasure of personal data concerning you without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
- The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
- You withdraw consent on which the processing is lawfully based and where there is no other legal ground for the processing.
- You object to the processing (see paragraph 3.8 below) pursuant to your right to object to processing which is necessary for the purposes of the legitimate interests pursued by the controller or by a third party and there are no overriding legitimate grounds for the processing, or you object to the processing for marketing purposes.
- The personal data have been unlawfully processed.
- The personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
- The personal data have been collected in relation to the offer of information society services.Where the controller has made the personal data public and is obliged pursuant to the above paragraphs to erase that personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.Provided that the above shall not apply to the extent that processing is necessary:
- For exercising the right of freedom of expression and information.
- For compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
- For reasons of public interest in the area of public.
- For archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in in so far as the right referred to is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
- For the establishment, exercise or defence of legal claims.
- Restriction in processing: You have the right to obtain from the controller restriction of processing where one of the following applies:
- The accuracy of the personal data is contested by you, for a period enabling the controller to verify the accuracy of the personal data;
- The processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead.
- The controller no longer needs the personal data for the purposes of the processing, but they data are required by you for the establishment, exercise or defence of legal claims.
- You have objected to processing pending the verification whether the legitimate grounds of the controller override yours.Where processing has been restricted pursuant to the above paragraphs, such personal data shall, with the exception of storage, only be processed with the your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State. I you have obtained restriction of processing pursuant to the above paragraphs you shall be informed by the controller before the restriction of processing is lifted.
- Notification for rectification: The controller shall communicate any rectification or erasure of personal data or restriction of processing carried out in with your rights to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. The controller shall inform you about those recipients if you request it.
- Data portability: You have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:
- The processing is based on consent and
- The processing is carried out by automated means.In exercising your right to data portability you shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible. The exercise of this right shall be without prejudice to your Right to erasure (“right to be forgotten”). Your right to data portability shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller. Your right to data portability shall not adversely affect the rights and freedoms of others.
- Right to object: You have at any time the right:
- To object on grounds relating to your particular situation, to the processing of personal data concerning you, that are necessary for the purposes of the legitimate interests pursued by the controller or by a third party, including profiling based on these. In such a case the controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
- To object to processing of personal data concerning you for direct marketing purposes, which includes profiling to the extent that it is related to such direct marketing. In such a case the personal data shall no longer be processed for such purposes.At the time of the first communication with you at the latest, the rights referred to in paragraph 3.8.1 and 3.8.2 above shall be explicitly brought to your attention and shall be presented clearly and separately from any other information.
- To object on grounds relating to your particular situation to the processing of your personal data concerning you that are used for scientific or historical research purposes or statistical purposes, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
- In the context of the use of information society services you may exercise your right to object by automated means using technical specifications.
- Automated individual decision-making, including profiling: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This shall not apply if the decision:
- Is necessary for entering into, or performance of, a contract between you and a data controller;
- Is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the your rights and freedoms and legitimate interests; or
- Is based on your explicit consent.In the cases referred to in paragraphs 3.9.1 and 3.9.3 above, the data controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision. Decisions referred to in paragraphs 3.9.1, 3.9.2 and 3.9.2 above shall not be based on special categories of personal data unless you have given explicit consent to the processing for one or more specified purposes or the processing is necessary for reasons of substantial public interest which shall be proportionate to the aim pursued and suitable measures to safeguard your rights and freedoms and legitimate interests are in place.
- Controller: The controller responsible for, and able to demonstrate compliance with, paragraph 2 above is Mr. Robertos Vrahimis, a shareholder (lawyer-member) of R. Vrahimis & Associates LLC who can be found at 31 Chr. Sozou street, Hermes House, Office 203, 1096 Nicosia, Tel. +35722872200, Fax +35722872202, email@example.com.
- Transparency of information: Because the personal data relating to you are collected from you, for transparency purposes, the controller shall provide you with all of the following information at the time when your personal data are obtained (i.e. upon buying one of our packages):
- The identity and the contact details of the controller.
- The purposes of the processing for which the personal data are intended as well as the legal basis for the processing.
- The legitimate interests pursued by the controller or by a third party.
- The recipients or categories of recipients of the personal data.
- The period for which the personal data will be stored and, if that cannot be determined, the criteria used to determine that period.
- The existence of the right to request from the controller access to and rectification or erasure of personal data or restriction of processing concerning you or to object to processing as well as the right to data portability.
- The existence of the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
- The right to lodge a complaint with a supervisory authority.
- Whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether you are obliged to provide the personal data and of the possible consequences of failure to provide such data.The controller shall provide a copy of the personal data undergoing processing. For any further copies requested by you, the controller may charge a reasonable fee based on administrative costs. Where you make the request by electronic means, and unless otherwise requested by you, the information shall be provided in a commonly used electronic form.
- Communications: The controller shall also take appropriate measures to make any communication to you regarding your Rights (as explained in paragraph 3 above) relating to processing, in a concise, transparent, intelligible and easily accessible form, using clear and plain language, in particular for any information addressed specifically to a child. The information shall be provided in writing, or by other means, including, where appropriate, by electronic means. When requested by you, the information may be provided orally, provided that your identity is proven by other means. Where the controller has reasonable doubts concerning the identity of the natural person making the request regarding your rights, the controller may request the provision of additional information necessary to confirm your identity.
- Identification: If the purposes for which a controller processes personal data do not or do no longer require the your identification by him, he shall not be obliged to maintain, acquire or process additional information in order to identify you for the sole purpose of complying with the EU Regulation. Therefore where the controller is able to demonstrate that he is not in a position to identify you he shall inform you accordingly, if possible. In such cases your Rights (as explained in paragraph 3 above) shall not apply, except where you, for the purpose of exercising your rights, provide additional information enabling your identification.
- Timeframe: The controller shall provide information on action taken on a request under your Rights to you without undue delay and in any event within one month of receipt of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests. The controller shall inform you of any such extension within one month of receipt of the request, together with the reasons for the delay. Where you make the request by electronic form means, the information shall be provided by electronic means where possible, unless otherwise requested by you.
- Delay and Complaints: If the controller does not take action on your request, the controller shall inform you without delay and at the latest within one month of receipt of the request of the reasons for not taking action and on the possibility of lodging a complaint with a supervisory authority and seeking a judicial remedy. The Cypriot Supervisory authority is the Commissioner for the Protection of Personal Data and his website can be found here
- Fees: Information provided for transparency purposes and any communication and any actions taken regarding your Rights shall be provided free of charge. Where requests from you are manifestly unfounded or excessive, in particular because of their repetitive character, the controller may either:
- Charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the action requested; or
- Refuse to act on the request.The controller shall bear the burden of demonstrating the manifestly unfounded or excessive character of the request.
- Special categories and criminal convictions: Please note that processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation is prohibited unless it is processed for lawful purposes. One of those lawful purposes is the processing of personal data that are necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity. Although we shall not ask you of any such data in our website, it may be necessary to obtain such data from you in furtherance of your defence or your legal claims e.g. your religious affiliation in Cypriot divorce cases or your political opinions in extradition proceedings or refugee applications regarding countries where civil or human rights are not protected. Although we shall not ask you of any such data in our website also please note that limited processing of your criminal record may be needed in cases where this is relevant to your defence or legal claims e.g. to defend in a criminal case against you, or in custody hearings where this is relevant etc. Under our code of ethics and legal obligations this special categories or criminal convictions shall always remain in strict confidence with your personal lawyer at the time and shall not be kept in any general database, but only in your personal file.
For further information from us on data protection and privacy or any requests concerning your personal information please email us via https://lawyer4travel.com/contact/
* “information society service” Comprises any e-commerce service normally provided for remuneration, at a distance, by means of electronic equipment for the processing (including digital compression) and storage of data, and at the individual request of a recipient of a service.
** “Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
ǂ “Personal data” means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
ǂǂ “Lawful” processing that applies to our contact/agreement purposes means that:
- The data subject has given consent to the processing of his or her personal data for one or more specific purposes;
- Processing is necessary for the performance of a contract to which the data subject is party (“our contract/agreement”) or in order to take steps at the request of the data subject prior to entering into a contract;
- Processing is necessary for compliance with a legal obligation to which the controller is subject;
- Processing is necessary in order to protect the vital interests of the data subject or of another natural person;
- Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.