Statement of the Data Protection Officer “On the Protection of Personal Data”
Increasing economic and scientific collaborations as well as mutual provision for data processing services result in the exchange of personal data, a trend reinforced by the increasing use of modern telecommunications media.
For these reasons, it is necessary to process the data carefully.
The Data Protection Officer states that compliance with the principles governing data protection for their processing is their purpose as it is committed to respecting the individual rights and privacy of individuals. The Data Protection Officer handles personal data with special care and always in accordance with EU Regulation 2016/679, and the applicable National Law.
For the purposes of this Directive, the following definitions shall apply:
Data Subject: any person whose personal data are processed by or on behalf of the Company
Personal Data: any information relating to an identified or identifiable person relating to his or her physical, physiological, psychological, emotional, or economic status as well as their cultural or social identity.
Processing: processing of personal data (“processing”), any work or series of tasks performed on personal data, such as the collection, registration, storage, modification, analysis, use, association, binding (locking), deletion, or destruction.
1.Data Protection Officer and DPO
The Data Processing Officer is KATSIORAS POLYMEROS with SANDRA FELLINI based in Chortiatis, 15th km Chortiatis – Agios Vassilios, 57010 Chortiatis, with Tax Code 029672125, and email firstname.lastname@example.org (“Processor”).
2.The Data we Process
With your consent, we process the following common and sensitive personal data that you provide when you interact with the Website (https://www.sandrafellini.gr/) and use the services and functions it provides. This data includes, in particular, the name and surname, contact details, address and content of your specific requests, updates, or reports as well as additional data that may be obtained by the Data Processing Officer, among others from third parties, in the context of conducting of its business activity (“Data”).
To be able to fulfill the requests you submit through the contact form and/or to provide updates on the unwanted actions, it is necessary to consent to the processing of data marked with an asterisk (*).
Without these mandatory data or your consent, we can not proceed further. Instead, the information requested in fields not marked with an asterisk, and your consent to download information material is optional, and not providing them has no consequence.
In any case, even without your prior consent, the Data Processing Officer may process your data to comply with legal obligations under EU law, regulations and common law, to exercise legal rights, to exercise its own legitimate interests and in all cases provided, where applicable, in Articles 6 and 9 of the GDPR.
The processing is carried out both with the use of computers and in printed format and always includes the application of security measures provided by the current legislation.
- Why and how we process your data
The data are processed for the following purposes:
- to handle the requests you submit with the “Form”, to then contact you, or to provide information through it. The legal basis for the processing of personal data for this purpose is your consent (Article 6 (1)(a) and Article 9 (2)(a) of the GDPR Regulation) and contract to which you are a part of as a data subject·
- to manage adverse reaction reports submitted through the website or forms. The legal basis for processing for the above purposes is your consent (Article 6 (1)(a) and Article 9 (2)(a) of the GDPR Regulation) as well as the pursuit of any public interest (Article 9 (2)(i) of the GDPR Regulation) and legal obligations·
additionally, but only with your voluntary consent which is the legal basis for processing per Article 6 (1) (a) of the GDPR:
- to receive promotional material (direct marketing) from us.
By selecting the appropriate boxes you agree to the processing of your data for these purposes.
Your data may, in any case, be processed, even without your consent, for compliance with laws, regulations, EU law (Article 6 (1) (c) of the GDPR), for obtaining statistics on the use of the website and its proper functioning (Rule 6 (1) (f)) of the Rules of Procedure).
Personal data is entered into the Information System of the Data Processing Officer in full compliance with data protection legislation, including security and confidentiality profiles, and is based on principles of good practice, legality, and transparency regarding processing.
The data are stored for as long as is necessary to achieve the purposes for which they were collected. In any case, the criteria used to determine this time is based on compliance with the deadlines set by the law and the principles of data minimization, storage limitation, and rational file management.
All your data will be processed in printed or automated media, ensuring in each case the appropriate level of security and confidentiality.
- Principles applied during data processing
We are allowed to process your data to provide personalized services, based on the law (Article 6 (1b) of Regulation (EU) 2016/679) and the relevant National Implementing Law. Your data is not used for purposes other than those described in the Declaration unless we obtain your prior permission, or otherwise required or permitted by law.
Personal data is processed according to the purpose for which it was collected.
The principle of proportionality applies to the processing of personal data. Among other things, it creates an obligation not to collect personal data for no reason.
The personal data used should be accurate and up to date.
Personal data used that are no longer accurate and complete should be corrected or deleted.
Except in cases where there is a legal obligation to keep them for a longer period of time, personal data are not stored for a longer than is necessary for the purposes for which they were collected or processed.
The processing of personal data is done per the principles of good faith. This means that data subjects can rely on the fact that processing officers will show due diligence in all data processing matters.
Subjects whose personal data have been processed will be informed accordingly, upon request. In particular, they have the right to be informed of the purposes for which their data are processed, the type of data to which they relate, as well as the identity of the recipients of the data. Where necessary, data subjects also have the right to request the correction, non-transmission, or deletion of their data.
The above rights can be restricted only if this restriction is provided by law. This is especially true when conducting scientific research.
In particular, personal data is protected against unauthorized disclosure and any unlawful processing. The measures implemented ensure a level of security equivalent to the nature of the data protected and the risks that may arise from its processing.
The Data Protection Officer is responsible for the compliance and implementation of EU Regulation 2016/679 and the National Implementing Law.
Our employees who deal with the processing of personal data are accordingly informed and trained. Procedures for the processing of personal data of third parties upon agreement will be set out in writing, ensuring that the contracting third party processes the personal data securely and that it complies with the principles set out in this Declaration and the GDPR EU. In the event that the third party is deemed unable to ensure a satisfactory level of security of personal data, we will terminate the cooperation.
- People who have access to the data
The data are processed electronically and manually per the procedures and practices related to the aforementioned purposes and are accessible by the staff of the Processing Officer who is authorized to process the Personal Data and the supervisors, in particular the employees who belong to the following categories: technical staff, Information and Network Security staff, and administrative staff as well as other staff members who have to process the data to perform their duties.
The data may also be disclosed to countries outside the European Union (“Third Countries”): (i) institutions, authorities, public bodies for institutional purposes; (ii) professionals, independent consultants – whether working individually or collectively – and others third parties and providers that provide the Data Protection Officer with commercial, professional or technical services required for the operation of the website (eg provision of IT services and Cloud Computing) for the purposes mentioned above and for the support of the Data Protection Officers in the provision of the services you have requested; (iii) third parties in the event of mergers, acquisitions, transfers of undertakings or their branches, inspections or other necessary operations·
The mentioned recipients receive only the necessary data for their respective functions and undertake their processing only for the purposes mentioned above and in accordance with the data protection laws. The data may also be disclosed to other legal recipients specified from time to time by applicable laws.
With the exception of the above, the data will not be disclosed to third parties, natural or legal persons, who do not perform commercial, professional, or technical duties for the Protection Officer and will not be shared. The recipients of the data will process them, as the case may be, as Data Protection Officers, Processing Officers, or people authorized to process the personal data for the purposes stated above and per applicable data protection law.
Concerning data transfers outside the EU, even in countries whose laws do not guarantee the same level of protection of personal data privacy as provided by EU law, the Data Protection Officer informs that the transfer will, in any case, take place in accordance with the methods permitted by the GDPR, such as user consent, standard contractual clauses approved by the European Commission, selecting parties participating in international programs for the free movement of data (e.g. EU-US Privacy Shield) or implemented in countries considered safe by the European Commission.
- Your rights
If you wish, you can request at any time to exercise the rights of Articles 15-22 of the GDPR Regulation, to be informed about your data held by us, their recipients, the purpose of keeping and processing them as well as the modification, correction or deletion of them, by sending a relevant email to the addresses shown above, from the email address you have stated, filling in the application that the Protection Officer has provided you with an attached copy of your police ID. You also have the right to review your data and generally to exercise any rights provided by personal data protection legislation.
The personal data that you disclose to the Protection Officer through https://www.sandrafellini.gr/ either during your registration or at a later stage, are collected, used, and processed in accordance with the applicable provisions for the protection of personal data of the new European General Data Protection Regulations (EU) 2016/679.
You reserve the following rights in detail:
- The right to be informed about your data; Upon your request, we will provide you with information about the personal data we store.
- The right to correct and complete your data; If you notify us, we will correct and inaccuracies concerning you. We will fill in incomplete data if you notify us, provided that they are necessary for processing the data.
- The right to delete your data; Upon request, we will delete your data we have stored. However certain data will only be deleted after a specific amount of time, because in certain cases we are required by law to retain the data, or because the data is required to meet our contractual obligations to you.
- The right to freeze your data; In certain cases provided by law, we will freeze your data upon your request. Further processing of frozen data is only done to a limited extend.
- The right to revoke your consent; You can revoke your consent to the processing of your data at any time. The legality of processing your data remains unaffected by this action up to the point when you revoked your consent.
- The right to object to the processing of your data; You may at any time object to the processing of your data based on one of the legal reasons provided in Article 6 (1e or 1f) of the Regulation (EU) 2016/679. If you object, we will stop processing your data, provided there are no legitimate grounds for further processing. The processing of your data for advertising purposes is not a legitimate reason.
- Safety of your data
The Data Protection Officer implements specific technical and organizational security procedures to protect your data and information from loss, misuse, alteration, or destruction. Our partners who support us in the operation of this website also comply with these provisions.
The Protection Officer shall make every reasonable effort to keep the personal data collected only for the period for which it is needed for the purpose for which it was collected or until their deletion is requested (if this occurs earlier), unless it continues to comply with the provisions of the current legislation.
- Revisions of the Declaration
We reserve the right to modify or revise this Declaration periodically. In the event of any changes, the Protection Officer will record the date of modification or revision in this Declaration and the updated Declaration will be valid for you from that date. We encourage you to periodically review this Declaration to determine if there are any changes to the way we handle your data.
This is a Declaration of Conformity with the provision of EU Regulation 2016/679 and the National Implementing Law.