Data Protection Notice

The protection of your personal data is important to WRAPP.

This Privacy Notice (hereinafter referred to as the “Notice”) describes the way the company bearing the name “WRAPP S.A.” (hereinafter referred to as “WRAPP”, “we” or “us”) based in Athens, Chalandri, at 1 Nestoros, P.C. 15231 acting as the Processor, processes your personal data (hereinafter referred to as the “Data”).

This Notice only applies to the use of your Data by us or on our behalf. It does not apply to:

  • Data collected by third parties during your communications or transactions with those third parties or your use of their products or services (for example, where you follow links to third party websites over which WRAPP has no control)
  • Data processed, stored or hosted by WRAPP when we act as a Processor on behalf of our Customers in the course of providing our services, in which case the privacy statement of the relevant Customer will apply, while the processing of your Data by WRAPP will be governed by Appendix I hereof

For any question regarding the processing of your Data, do not hesitate to contact us by:

1. A few words about WRAPP

WRAPP provides integrated software services in the cloud, and specifically services for issuing invoices, interfacing with AADE's my Digital Accounting and Tax Application (myDATA), management of customers, partners and offers to businesses, freelancers, or minors over the age of 15, who have commenced activities in the competent tax office, in accordance with the current legislation, on a monthly or annual basis.

2. What is Personal Data?

Personal data is any information that relates to an identified or identifiable living individual (e.g., name, surname, home or email address, IP address, cookie ID, location data, T.I.N. etc.). Different pieces of information, which collected together can lead to the identification of a particular person, also constitute personal data.

3. What is Hosted Data?

Hosted Data is all that information that you store in your individual user account in order to take advantage of the features and tools provided by WRAPP (e.g. data on income, expenses, collaborators, customers, suppliers, recruitment, offers, projects etc.). It is noted that you are responsible for the accuracy, quality, and legality of the Hosted Data.

For more information regarding the processing of Hosted Data by WRAPP, we refer you to Appendix I.

4. What is Personal Data Processing?

Data processing covers a wide range of operations performed on personal data, including by manual or automated means. It includes the collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of personal data.

5. What Data does WRAPP process?

WRAPP only collects the Data that needs, which are appropriate for their intended purpose. WRAPP periodically reviews the Data it keeps and deletes anything it doesn't need.

The Data we process may include, but is not limited to:

  • Name, postal address, telephone number, email;
  • T.I.N., Tax Office, ID/passport number;
  • Username, password, user id, subscription key, taxisnet credentials, cookies, IP address, geographic location;
  • Date of birth;
  • IBAN, Billing address;
  • Payment card number, CVC code, expiration date;
  • History of payments and transactions;
  • Profession, work experience, qualifications, professional certifications;
  • Hosted Data

Exceptionally, WRAPP processes Hosted Data as a Data Controller, as long as you do not delete it from your individual user account before the possible downgrading of your subscription plan. In this case, WRAPP keeps the Hosted Data stored so that it is again available to you in the event of a re-upgrade of your subscription plan. (see Terms of Use and Appendix I)

6. For what purpose does WRAPP process your data?

WRAPP processes your Data:

  • to fulfil its contractual obligations;
  • to comply with the applicable legislation;
  • for the proper functioning and security of our website;
  • for the facilitation, operation and provision of its services;
  • to verify the identity of users of its services;
  • to facilitate and manage access to and use of its services, including account creation and connection;
  • to provide you with customer, help and technical support services;
  • to further develop, adapt and improve the services and to improve the user experience;
  • to send you e-newsletter;
  • for the promotion of its services;
  • to hire employees and collaborate with partners;
  • to satisfy the requests, regarding the exercise of your rights, that you submit either via email or to the postal address of the company.
7. What is the legal basis for the processing of your Data by WRAPP?

The processing of your Data is carried out according to:

  • the service contract of WRAPP;
  • the terms of use of WRAPP services;
  • your consent, where required;
  • our obligations arising from the law (e.g., tax legislation, etc.);
  • our legitimate interest.
8. Who are the recipients of your Data?

The recipients of your Data are the staff of WRAPP as well as its external partners, who have committed themselves to maintain the confidentiality of the Data they receive in the context of either providing their work or services.

The recipient of your Data is also AADE, to which the documents you issue through the services of WRAPP are transmitted.

As a rule, WRAPP does not transfer your Data to third parties except when clearly required by the current legislative framework.

9. How do we ensure that our partners/ suppliers respect your Data?

Our partners / suppliers have agreed and are contractually bound in writing:

  • to keep confidentiality, and bind their staff, with the respective obligations;
  • not to transfer data to third parties without our written permission.
  • to undertake organizational and technical data security measures for the protection of Data.
  • to inform us of any incident relating to the breach of your Data.
  • to delete or/and return your Data to us, upon the termination of our contract.
  • to comply with the legal framework for the protection of Personal Data, in particular with the General Data Protection Regulation (GDPR).
10. Does WRAPP send your Data outside the EU?

WRAPP may transfer your Data to international organizations outside the EU. In this case, the transfer is made in accordance with article 44 of Regulation 979/2016/EU.

11. For how long does WRAPP keep your Data and when does it delete it?

We keep your Data only for the time required to fulfill the purpose for which we have collected them unless a time extension is required due to our legal claims or legal obligations.

The Data collected by the Cookies, are deleted according to the Cookies page.

12. Is your Data safe?

Your Data is stored either on the servers of WRAPP or its external partners, such as Amazon Web Services.

WRAPP's external partners are bound, with regard to each act of processing your data on behalf of WRAPP, by a special contractual clause, as well as by confidentiality obligations.

To protect your personal data, WRAPP and its partners implement a series of technical and organizational measures. Technical measures include appropriate actions to address online security, risk of data loss, alteration of data or unauthorised access, taking into consideration the risk presented by the processing and the nature of the personal data being processed. Organisational measures include restricting access to the personal data solely to authorised persons with a legitimate need to know for the purposes of this processing operation. These measures shall be reviewed and amended, as necessary.

13. What are your rights?

You have the right to:

  • information about the processing of your personal data;
  • obtain access to the personal data held about you;
  • ask for incorrect, inaccurate or incomplete personal data to be corrected;
  • request that personal data be erased when it’s no longer needed or if processing it is unlawful;
  • object to the processing of your personal data for marketing purposes or on grounds relating to your particular situation;
  • request the restriction of the processing of your personal data in specific cases;
  • receive your personal data in a machine-readable format and send it to another controller (data portability);
  • request that decisions based on automated processing concerning you or significantly affecting you and based on your personal data are made by natural persons, not only by computers. You also have the right in this case to express your point of view and to contest the decision.
14. How can you exercise your rights?

You can exercise your rights using the Application form available here and send it either to the WRAPPs address in Athens, Chalandri, at 1 Nestoros, P.C. 15231 or by email at support@wrapp.ai.

15. When does WRAPP respond to your requests?

WRAPP responds to your requests free of charge, without delay and in any case within (1) one month from the time it receives your request. However, if your request is complex or there is a large number of your requests, it will let you know within the month if it needs to receive an extension of another (2) two months to respond to you.

If your requests are manifestly unfounded or excessive, in particular due to their recurring nature, WRAPP may impose a reasonable fee, taking into account the administrative costs of providing the information or performing the requested action, or refusing to comply with the request. justifying her answer to you.

For more information you can send an email at support@wrapp.ai.

16. Does WRAPP use automated decision making, including profiling during the processing of your Data?

During the processing of your Data, WRAPP does not make decisions, nor does it make profiling, based on the automated processing of your Data.

17. Does WRAPP Process Data of Minors?

In general, WRAPP does not process Data concerning minors under the age of 15, as its services are not directed to them. If, however, we find that we have collected Data from minors under the age of 15, without a legal basis for doing so, we will immediately delete their Data.

18. What is the applicable law during the processing of your Data by WRAPP?

Applicable Law is the Greek Law, as formulated in accordance with the General Regulation for the Protection of Personal Data 2016/679/EU and Law 4624/20219 and in general the current national and European legislative and regulatory framework for the protection of personal data.

Competent Courts for any disputes arising in connection with Your Data are the Courts of Athens, Greece.

19. Where can you go to check if your rights have been respected?

If you do not receive a response within the stipulated deadline (one month with - subject to extension - two months) or the response you receive is unsatisfactory or the issue has not been resolved, you can contact the Data Protection Authority (www.dpa.gr).

20. How will you be notified of any changes to this Notice?

WRAPP updates this Notice whenever necessary. If there are significant changes in the Notice or in the way we process your Personal Data, we will publish on our website (wrapp.ai) the update of this before the changes are made in force and we will notify you in any convenient way. WRAPP encourages you to read this Notice regularly to know how your Data is protected. This Notice enters into force on the 20/01/2023.

Appendix Ι

Data Processing Agreement

This Data Processing Agreement (hereinafter the "Agreement") is concluded between the user of WRAPP's services (hereinafter the "Customer") and WRAPP.

1. Scope

This Agreement governs the obligations of each party in relation to the processing of Hosted Data in accordance with the Terms of Use and the Privacy Policy.

2. Term

This Agreement lasts as long as the Customer is a user of the free or paid WRAPP Services.

3. Defined Terms

For purposes of this Agreement, capitalized terms used herein shall have the meanings described in the Terms of Use and Privacy Policy.

4. Processing of Hosted Data
4.1. Controller

The Customer acts as the Controller with respect to the Hosted Data it stores in its individual user account and is responsible for its accuracy, quality and legality.

4.2. Processor

WRAPP and its external partners act as (sub-) Processors of the Hosted Data stored by the Customer in its individual user account and process it on behalf of and in accordance with the Customer's instructions and the relevant national and European legislation for the protection of personal data.

4.3. Purposes of Processing

The Customer determines the purposes and means of processing the Hosted Data. The purposes for the processing of Hosted Data by WRAPP and its external partners are limited to:

a) fulfillment of the contractual obligations arising from the terms of use, such as the provision of system or software, maintenance services, support services, and other services to the extent agreed by the Parties;

b) installation, operation and monitoring of the underlying infrastructure (hardware, software, servers, connectivity, etc.) required to provide the services under the Terms of Use and to meet the technical, security and organizational requirements for the processing of the Hosted Data;

c) dealing with service issues, technical problems or incidents.

5. WRAPP Commitments

WRAPP shall commit itself:

  • to maintain confidentiality;
  • not to send the Hosted Data to third parties (not listed on Appendix II) without Customer’s authorization;
  • to assist the Customer by providing all necessary information in order to comply and prove its compliance with the obligations arising from the applicable legislative framework regarding the protection of Data;
  • to ensure, throughout the term of processing, that the necessary technical and organizational measures are taken, so that the Data are secure according to the requirements of the current legislation and protected against non-authorized access, disclosure, corruption, erasure or loss. The above technical and organizational measures shall be regularly assessed by WRAPP.
  • to ensure that the individuals it uses (employees or external partners) to process Data on behalf of the Customer have been informed about and have committed in advance to the confidentiality of the Data, are aware of and follow the instructions of the Customer with respect to Data processing and implement all appropriate measures to secure this Data.
6. WRAPP Liability

WRAPP is liable to the Customer for any act or omission performed by it or any other third party designated by it as if it were its acts or omissions.

7. Hosted Data Security Breach Incident Management

WRAPP shall be required to promptly notify the Customer as soon as it becomes aware of any possible, accidental, unauthorized, or illegal destruction, loss, corruption, or disclosure of Data or any possible, accidental, unauthorized, or illegal access thereto. In addition, it is obliged to provide the Customer with any information that it has, and which the Customer may reasonably request in relation to the Data Breach.

8. Transfer of Hosted Data outside the EU

WRAPP may transfer Hosted Data to external partners located in a country or territory outside the EU and allow them to access and process Hosted Data from a country or territory located outside the EEA or the EU-approved Countries, solely for the purposes referred to in clause 4.3., and provided that:

  • the non-EU country applies rules deemed adequate by the EU;
  • the transfer is governed by and in accordance with the standard contractual clauses issued by the European Commission pursuant to Article 46 (c);
  • any other measure has been secured in accordance with articles 46 and 49 of Regulation 979/2016/EU;
  • the Customer has provided his consent.
9. Return and deletion of Hosted Data

Upon Customer‘s request, WRAPP must return and then delete the Hosted Data within sixty (60) days, unless WRAPP is legally required to retain it.

Appendix ΙΙ

List of External Partners / Service Providers

Service Provider Provider Headquarters Guarantees regarding the transmission of Data to Providers outside the EU Purpose of Processing
Stripe Payments Europe Limited Ireland - Processing and execution of electronic payments through the WRAPP platform for the purchase of its services.
Google Ireland Limited Ireland - Understanding the customer journey, in order to evaluate the performance of the WRAPP platform and services.
Amazon Web Services EMEA SARL Luxembourg - All data stored, processed and transmitted through the WRAPP platform and services are encrypted in the Amazon Web Services data center in Frankfurt, Germany.
Heroku Inc. USA Standard Contractual Clauses & EU-U.S. Certification Privacy Shield Creation and operation of the WRAPP platform and services, in the cloud.
Functional Software Inc. (Sentry.io) USA Standard Contractual Clauses & EU-U.S. Certification Privacy Shield Improving the WRAPP platform and services by monitoring errors in real time in order to fix them.