UPDATE – REGULATION
FOR THE PROCESSING AND PROTECTION OF PERSONAL DATA
The Company in the context of the General Data Protection Regulation (EU) 2016/679 which comes into force from 25/05/2018, hereinafter the “GDPR”, as applicable from time to time, hereby informs about the processing of personal data and the rights of the data subject. The new Regulation replaces the existing legal framework for the protection of the individual from the processing of personal data.
This information is addressed to natural persons who carry out any transaction or have any contractual relationship with the Company, such as indicatively to Customers who maintain a permanent relationship of cooperation, to representatives of legal entities and in general to any natural person who in any capacity has relations with the Company.
The processing of personal data consists of the collection, registration, organization, structure, storage, alteration, recovery, search for information, use, transmission, limitation or deletion of personal data that have come or will come to the knowledge of the Company, either in the context of the transactional relations with it or in the context of information received by the Company from a third natural or legal person or public sector body when exercising a legal right of that or the Company itself.
The Company, in compliance with the current legislative framework, has taken all the necessary actions, applying the appropriate technical and organizational measures for the legal observance, processing and safe keeping of the personal data file, committing to ensure and protect in every way the processing of personal data from loss or leakage, alteration, transmission or in any other way unfair processing thereof.
1. Personal Data – Controller & Subject of Processing
Personal data is any information that refers to and describes a person, such as identification data (name, age, residence, occupation, marital status, etc.), physical characteristics, education, work (previous experience, work behavior, etc.), financial situation (income , assets, financial behavior), interests, activities, habits. called the data subject.
The person in charge of Personal Data Processing for the company is Nikolaos Salmatanis, henceforth for brevity it will be called “Company”
Subject of Personal Data Processing is the natural person to whom the personal data refer
2. Processing of Personal Data
The Company processes personal data, which have been submitted or provided, after consent, either due to any contractual relationship or when the Company’s Website is used and which are necessary for the initiation, maintenance and execution of transactional – contractual relationships with the Company, existing or future and its applicable procedures and policies.
The personal data provided to the Company must be complete and accurate and updated with care by the provider immediately, in any case of change or whenever deemed necessary by the Company to maintain the transactional-contractual relations or to fulfill an obligation of the Company arising from the law.
The Company also processes personal data that it receives or becomes aware of from a third natural or legal person or public body and which is necessary either for the achievement of the legitimate interests of itself or a third party, or for the fulfillment of its duties performed in the public interest (e.g. tax and insurance bodies).
The personal data processed by the Company are:
- Personal contact information, such as name, address, email address, phone number (mobile and/or landline), social media or any other means
- Bank account information, debit/credit card information, payment information, VAT number, DOU.
- Information that may be automatically collected by the user/customer’s computer system, such as IP address and other technical information.
Additional information may be requested on a case-by-case basis, as long as this information is a prerequisite for starting or maintaining a specific business relationship
The collection and processing of the above personal data by the Company is necessary for the initiation, execution and maintenance of business-contractual relationships. Any objection to the provision or processing of personal data may lead to the impossibility of starting or continuing cooperation with the Company (e.g. refusal to process and use the TIN makes it impossible to issue an invoice for the sale of a product or the provision of a service service)
Also in order for the Company to be able to respond to requests made through the website contact form and/or provide updates on any matter, it is necessary to complete the personal data marked with an asterisk (*). Completion indicates consent to processing. Without this consent the Company cannot proceed further. Information requested in fields not marked with an asterisk and consent to receive informational material are optional and failure to provide them shall have no consequences.
The Company may also process personal data, without the consent of the subject, for the service, support and monitoring of the transactional – contractual relations with the Company, the proper execution of the contracts and to comply with legal obligations arising from the laws, the regulations and EU law, to exercise rights in judicial proceedings, to exercise its own legitimate interests and in all cases provided for, as the case may be, in Articles 6 and 9 of the GDPR Regulation.
3. Why and how personal data is processed
The processing is carried out both with the use of computers and in paper form and always entails the application of the security measures provided for by the applicable legislation.
Personal data is kept in a file created due to the transactional – contractual relationship. The file was created and maintained by the Company, in accordance with the applicable Greek and Community legislation
The data is processed for the following purposes:
For the service, support and monitoring of the transactional – contractual relations with the Company, the correct execution of contracts and any transaction, the examination of requests for the provision of products / services of the Company, the fulfillment of the obligations of the Company as responsible or performing the processing and the exercise of its legal and contractual rights.
For the registration, recording and archiving of all your orders to the company which are granted either in writing, electronically or by telephone, as a consequence of the contractual-transactional relationship.
To upgrade the products and services provided by the Company and to inform about its products and services, subject to the prior consent of the subject. In any case, the subject has the right by law to object to the processing of his personal data for the purpose of informing about the Company’s products/services, by submitting the relevant request to the Company.
To comply with legal obligations arising from laws, regulations and EU law, to exercise rights in legal proceedings, to defend its legitimate interests in all cases provided for, as the case may be, in articles 6 and 9 of GDPR regulation. Indicative assertion of its legal claims before the competent judicial authorities or other out-of-court/alternative dispute resolution bodies, evaluation and optimization of security procedures and information systems, physical security and protection of persons and property (e.g. video surveillance).
To handle the requests submitted for the provision of information and the satisfaction of all kinds of requests addressed to the Company or the examination of complaints regarding products and services offered by the Company. The legal basis for the processing of personal data for this purpose is the consent of the user-client (Article 6(1)(a) and Article 9(2)(a) GDPR);
The processing is carried out by electronic means by the Company and third parties acting on its instructions and on its behalf. All personal data is processed in paper or automated means, ensuring in each case the appropriate level of security and confidentiality.
Personal data is entered into the Company’s IT system in full compliance with data protection legislation, including security and confidentiality profiles and based on the principles of good practice, lawfulness and transparency in processing.
The data is stored for as long as is absolutely necessary to achieve the purposes for which it was collected. In any case, the criterion used to determine this period is based on meeting deadlines for compliance with Greek laws, regulations and EU law and the principles of data minimization, storage limitation, and rational management of files.
The programs used by the Company (in accordance with Article 5 paragraph 1 point c) of the GDPR regulation) are created in such a way as to limit the use of personal and identification information to a minimum. These data are processed only to the extent necessary to achieve the purposes stated in this information and are stored for as long as is absolutely necessary to achieve the specific intended purposes.
In the event that the subject visits the Company’s Website, without sending any message or using any of the available services/functions, the processing of personal data is limited to browsing data, i.e. the data, which is necessary to send to the Website for the operation of the computers on which the Website operates and the Internet communication protocols. This category includes, for example, IP addresses or computer domains used to visit the Website and other parameters related to the operating system used to connect to the Website.
The Company collects this and other data (such as the number of visits and the time spent on the Website) only for statistical purposes and in anonymous form, in order to monitor the operation of the Website and improve its performance. This data is not collected to be linked to other information about users or to identify users.
4. Provisions (Cookies)
The Company may use provisions (cookies), in order to carry out or facilitate the transmission of a communication between the Company and the user, through the electronic communications network. The provisions in question (cookies), if they have been chosen to be accepted, based on relevant settings of the user’s computer, are small text files that are stored locally in the temporary memory of the internet browser of the user visiting the page. The provisions (cookies) make it possible to recognize the internet browser, without, however, taking notice of any document or file from the user’s computer. From this data, profiles for use are created with a pseudonym.
Cookies or pixel tags may be used. This data is collected anonymously to be used for marketing and optimization purposes. All visitor data is stored using an anonymous user ID and can be aggregated into a usage profile. Cookies may be used to collect and store this data, but the data remains strictly anonymous. The data will not be used to personally identify a visitor and will not be aggregated with personal data. The collection and storage of data can be rejected at any time for subsequent services.
Pixel tags, web beacons, GIFs or similar tools (all hereinafter referred to as “pixel tags”) are used to measure the volume of use of a website and statistically increase response rates.
The data collected with etracker technologies is not used to personally identify the visitor to the website and is not consolidated with personal data about the bearer of the pseudonym without the express and clear consent of the person in question.
5. Links to Other Sites
All of the above applies only to the Company’s Website. Although the Website may contain links to other websites (known as third-party websites), please be advised that the Company does not have access to or use cookie tracking systems, web beacons or other user tracking technologies that may be active on third-party websites. , the content and material published on them or the methods of processing your personal data. For this reason, the Company expressly disclaims any responsibility for such matters. Therefore, the user-visitor should verify the privacy policies of such third-party websites and gather information about their terms and conditions and how they process their personal data.
Πρόσβαση στα δεδομένα –Διαβίβαση Δεδομένων – Ασφάλεια Δεδομένων
Τα προσωπικά δεδομένα είναι προσβάσιμα από το προσωπικό της Εταιρείας που είναι εξουσιοδοτημένο να επεξεργάζεται τα Προσωπικά Δεδομένα και ανήκει στις ακόλουθες κατηγορίες: τεχνικό προσωπικό, διοικητικό προσωπικό, υπεύθυνοι προϊόντων, καθώς και άλλα μέλη του προσωπικού που πρέπει να επεξεργαστούν τα δεδομένα για την εκτέλεση των καθηκόντων τους. Επίσης από τους Ορκωτούς Ελεγκτές της Εταιρείας.
The Company does not transmit or disclose personal data to third parties, unless it is for:
Businesses to which it has delegated, partially or fully, on behalf of the execution of the processing of personal data and which have undertaken vis-à-vis the Company an obligation to observe confidentiality either a) in the context of a contractual relationship between them which defines the object, the purpose , the duration of the processing, the type of personal data processed and the rights of the Company, or b) in the context of their regulatory obligation to maintain confidentiality. Indicative: Companies/organizations providing payment services and processing payments (e.g. DIAS, VISA, Mastercard), Credit Institutions, Transmission required for the initiation of a transactional relationship or the execution of a contract, or for the collection of the Company’s claims in the event non-fulfillment of contractual obligations (e.g. transmission to cooperating lawyers, law firms and bailiffs), Digitization and management companies (storage, destruction) of physical records), Companies issuing and sending invoices, Judicial Authorities and State bodies in the context of exercising their responsibilities.
The Company does not directly transmit personal data to third countries or international organizations unless the transmission is required by the applicable regulatory or legislative framework.
The Company ensures the security of personal data and complies with the security provisions provided by law to avoid data loss, illegal or irregular use of data or unauthorized access to data, with particular but not exclusive reference to articles 25-32 of GDPR. The Company uses many types of advanced technologies and security procedures to protect personal data.
The Company has legally ensured that those performing the processing on its behalf meet the conditions and provide sufficient assurances for the implementation of the appropriate technical and organizational measures, so that the processing of personal data ensures the protection of the rights of the subjects.
6. Rights of the subject – How to exercise them – Filing a complaint
6.1. Το υποκείμενο επεξεργασίας προσωπικών δεδομένων έχει τα ακόλουθα δικαιώματα:
Right of access to the personal data concerning him and if these are being processed by the Company, as controller, its purposes, the categories of the data and the recipients or categories of recipients thereof (Article 15 GDPR).
Right to correct inaccurate data as well as complete incomplete data (Article 16 GDPR).
Right to delete personal data subject to the obligations and legal rights of the Company for their retention based on the applicable legislative and regulatory provisions (Article 17 GDPR).
Right to restrict the processing of personal data if, either the accuracy of the data is disputed, or the processing is illegal, or the purpose of the processing has been eliminated and provided that there is no legitimate reason for their retention (Article 18 GDPR).
Right to portability of personal data to another controller, provided that the processing is based on consent and carried out by automated means. The satisfaction of this right is subject to the legal rights and obligations of the Bank for the retention of the data and the fulfillment of its duty in the public interest (Article 20 GDPR).
Right to object for reasons related to the particular situation of the subject in the event that your personal data is processed for the fulfillment of a task performed in the public interest or for the purposes of the legitimate interests pursued by the Company or a third party.
6.2. Κάθε αίτημά αναφορικά με τα προσωπικά δεδομένα και την άσκηση των δικαιωμάτων απευθύνεται προς την Εταιρεία
α) στην ηλεκτρονική διεύθυνση : [email protected]
β) στην διεύθυνση της Εταιρείας – Υπόψη Τμήματος Προσωπικών Δεδομένων.
6.3. Άρνηση της Εταιρείας ή αναιτιολόγητη καθυστέρηση ως προς την ικανοποίηση των αιτημάτων του υποκειμένου κατά την άσκηση των δικαιωμάτων του, παρέχει το δικαίωμα να προσφύγει στην Αρχή Προστασίας Δεδομένων Προσωπικού Χαρακτήρα ως καθ’ ύλην αρμόδια εποπτική αρχή για την εφαρμογή ΓΚΠΔ.,
Σε κάθε περίπτωση το υποκείμενο διατηρεί το δικαίωμα να υποβάλλει καταγγελία στην αρμόδια εποπτική αρχή εφόσον θεωρεί ότι η επεξεργασία των δεδομένων προσωπικού χαρακτήρα γίνεται κατά παράβαση της εκάστοτε ισχύουσας νομοθεσίας. Για περισσότερες πληροφορίες μπορεί να επισκεφθεί την ιστοσελίδα της αρχής προστασίας προσωπικών δεδομένων http://www.dpa.gr/
There is no fee or consideration to exercise the rights. Nevertheless, if during the processing of the request it is established that in order to complete the request, the Company may suffer a disproportionate burden or that the request is completely unfounded or excessive then a reasonable amount may be sought as processing costs of the request.
The Company, based on its current policy for the protection of personal data and within the framework of the current legislative and regulatory framework, may revise or modify this information, which will always be available on the Company’s website in the General Data Protection Regulation section. (GDPR)-Privacy Protection Policy