1. Introduction
This Policy applies to the company “LYTUM S.A.”, hereinafter referred to as the Company.
The Company is committed to protecting the personal information collected when you use our website and our other services. This Privacy Policy sets out the Company’s commitment to protecting personal data with regard to the collection, use, transfer, and retention thereof.
2. Collection and Use of Personal Data
The Company has designed a standard contact form on its website in order to facilitate communication with any interested party. This form is used for any questions or requests and directs them to the appropriate department or member of staff. In order to manage and respond to your questions and requests, we may collect and store your full name, email address, address, contact details, and any other information you may have provided to us. This information is used strictly in order to respond satisfactorily to your questions or requests and will not be disclosed to third parties, except for those referred to in this Policy or where disclosure is required or permitted by law.
In addition, we provide the Company’s telephone numbers for more direct communication, where required.
Users are also given the option to subscribe to the Company’s newsletter by completing their name and email address. In any case, if the user wishes to withdraw their consent, they may unsubscribe from the Company’s newsletter through the body of the email message received by the user. At the same time, the email address is also deleted from the Company’s systems.
In certain cases, our website may be used by prospective partners; therefore, the data subject should take note of the Data Subject Information Notice – Job Applicants.
For the lawful processing of your data under Regulation (EU) 2016/679, we identify a lawful basis before processing personal data. In the above cases, the lawful basis for the processing of personal data by us is the granting of your explicit consent to the processing, by submitting the respective form only if you agree with this Policy.
3. Transfer of Personal Data
The Company may transfer personal data that has been collected to the extent that this is reasonably necessary for the management of its lawful business activities. Such transfers shall be protected by appropriate safeguards, such as clauses regarding the disclosure of personal data to subcontractors, clauses regarding the disclosure of personal data to third-party suppliers, clauses regarding the disclosure of personal data necessary for legal compliance, etc. In addition, we may transfer personal data where such processing is necessary for compliance with a legal obligation to which we are subject.
4. Retention of Personal Data
The Company is committed not to retaining personal data for a period longer than necessary and shall ensure that such data is securely deleted. For additional information regarding the retention period and deletion period, please refer to the “Contact” section of the website.
5. Rights of Data Subjects
In this section, the Company explains the rights arising from Regulation (EU) 2016/679 and how data subjects may exercise these rights. For additional clarifications, please refer to the “Contact” section of the website.
5.1 Right of Access
The Company considers that the personal data collected directly from data subjects is accurate and complete. Individuals may access their own personal data by using the Data Subject Rights Exercise Request.
5.2 Right to Rectification and Erasure
The data subject may request the updating, deletion, or removal of any information retained about them, and any third party that processes or uses the data must also comply with such request. A deletion request may only be rejected if an exception applies. The Right to Erasure may be exercised by using the Data Subject Rights Exercise Request.
The Company is obliged to erase personal data where one of the following applies:
- the personal data is no longer necessary for the purposes for which it was collected or processed;
- the data subject withdraws their consent and there is no other lawful basis for the processing;
- the data subject objects to processing carried out on the basis of the legitimate interests of the Data Controller and there are no overriding legitimate grounds for the processing;
- the personal data has been unlawfully processed.
If a request for the erasure of personal data has been received, identity has been verified, the request meets one of the above requirements, and there is no lawful reason opposing the processing, the Company must erase all relevant data in full. The request must be recorded in the Data Subject Request Register.
If the Company is unable to erase the personal data, it shall ensure that:
- it cannot or will not attempt to use the personal data to justify any decision concerning an individual or in a way that affects that individual in any manner;
- it does not provide any other organisation with access to the personal data;
- it protects the personal data with appropriate technical and organisational security measures and undertakes to permanently erase the information if, or when, it becomes available.
5.3 Right to Restriction of Processing
The data subject has the right to request from the Controller the restriction of processing by using the Data Subject Rights Exercise Request.
5.4 Right to Object
The data subject has the right to object, at any time and on grounds relating to their particular situation, to the processing of personal data concerning them by using the Data Subject Rights Exercise Request.
5.5 Right to Data Portability
Upon request, the data subject shall have the right to receive a copy of the personal data in a structured format by using the Data Subject Rights Exercise Request.
Such requests must be processed within one (1) month, provided that there is no excessive burden and that the privacy of individuals is not compromised. A data subject may also request that their data be transferred directly to another system. This request must be fulfilled free of charge.
If the Company is unable to fully respond to such request within one (1) month, the Data Protection Officer must nevertheless provide the following information to the Data Subject, or to their legally authorised representative, within the specified period:
- confirmation of receipt of the request;
- any information that has been located to date;
- details of any information or amendments requested that will not be provided to the data subject, the reason(s) for the refusal, and any available procedures for objecting to the decision;
- an estimated date by which the remaining responses will be provided;
- an estimate of any costs to be borne by the data subject, for example where the request is excessive in nature; and
- the name and contact details of the Data Protection Officer.
6. Amendments
If the Company chooses to change this Privacy Policy, we will publish the changes on the Company’s website. Where the changes are significant, we may also choose to send an email to the affected users with the new details. Where required by law, we will obtain your consent in order to make such changes.
7. Contact
If you have any concerns or complaints regarding this Policy, please contact us:
Telephone: +30 211 1097700
Email: dpo@aambience.gr
If you believe that our processing of your data violates the applicable legislation, you may submit a complaint to the competent supervisory authority:
Hellenic Data Protection Authority, Tel.: +30 2106475600 – email: contact@dpa.gr)
Video Surveillance System Information Notice
You can download the Video Surveillance System Information Notice here.
Data Subject Rights Exercise Request
You can download the form to submit a request for the exercise of your rights here.

