DATA PROTECTION POLICY
This describes our policy regarding the personal data we collect from visitors to our pages (hereinafter “Users”).
The Data Protection Officer is KATSIORAS POLYMEROS with d.t. SANDRA FELLINI based in Chortiatis, 15th km Chortiatis – Agios Vassilios, 57010 Chortiatis, with Tax Code 029672125. A Thessaloniki, and email firstname.lastname@example.org. (“DPO”).
In the daily activities of our business and our website, we process data concerning people, including:
- Visitors to our website
- Other interested parties (employees, suppliers)
Our company complies with the General Data Protection Regulation (2016/679 EU GDPR) and any other European and national legislation concerning the protection of personal data, electronic communications, etc. and is committed to ensuring the protection of your data at all times:
- The data is collected for specific, clear, and legitimate purposes and is not further processed for any other purposes.
- We collect the necessary, for each purpose of processing, personal data, and process them legally, fairly, and transparently concerning the data subjects.
- We ensure that they are as accurate and up-to-date as possible and that we maintain them only for the period of time necessary for the purposes for which they are processed.
- In any case, the criteria we use to determine the storage time is based on the takes into account the need to comply with any relevant legal requirements as well as the principle of data minimization.
- We process the data electronically and manually and take all the appropriate measures to protect personal data, including protection against unauthorized or unlawful processing and accidental loss, destruction, or damage, using appropriate technical or organizational measures.
Collection, purpose, legal basis of the processing and retention time of your data
- Data that we collect on our website
The website https: //email@example.com/ uses the SSL (Secure Sockets Layer) protocol which uses methods to encrypt the data exchanged between two devices (usually computers), establishing a secure connection between them via the Internet, which results in the protection of your data.
When you visit our website, our server collects the so-called server log files, and in particular:
- Date and time of entry to the website.
- The volume of data is sent in bytes.
- The browser and operating system used to access the website.
- Your Internet Protocol address (IP address) when you log in to the website. The IP address is personal data along with the date and time of your visit, although we cannot identify you with this data alone.
The legal basis on which we collect your IP address and keep it in special files (log files) is our legitimate interest in processing this data to ensure the security of networks, information, and services from accidental events, illegal, or malicious actions compromising the availability, authenticity, integrity, and confidentiality of stored or transmitted data (eg DDoS ”denial of service” attacks), and our legal obligation to provide a more secure environment for processing your personal information (GDPR Article 6 (1) indents f and c). The data will not be transferred or used in any other way. However, we reserve the right to check the server logs (server logs) if specific indications of unauthorized use are detected.
- Customer Data.
When you visit our business, we collect data such as your name, patronymic, email, postal address, gender, age, occupation, and any other information related to the services we provide you.
The purpose of the processing of your data is to provide you with the requested services. The legal basis of the processing is the execution of the contract between us (Article 6 par. 1b and Article 9 par. 2d GDPR), as well as our compliance with legal obligations. The retention time of your data is the required and possibly longer if legal claims arise.
It is clarified that we do not have a publicly accessible list of email addresses of our subscribers/users. Therefore, any personal data (eg usernames, etc.) that appear anywhere on the website and services of the Protection Officer’s website are intended solely to ensure the operation of the respective service and may not be used by any third party, without complying with the provisions of the legislation on the protection of personal data processing, as it applies at any time. The Protection Officer acts according to the law and aims at the best possible practice regarding the Internet. Your personal information is kept secure for as long as you are registered in one of the services of the Protection Officer and is deleted after the termination of your business relationship with the Protection Officer in any way.
- Data we collect via email and the Contact Form
As part of the communication between us via email and the Contact Form, we collect your name, email address, and any other information you provide us. This data is stored and used solely to meet your request. The legal basis for the processing of your data is your consent (GDPR, article 6 par. 1a). Your data will be deleted after the final processing of our communication. This will happen after the completion of the purpose and scope of our communication, provided that there are no legal requirements for the storage of such data.
With your consent we will collect your email address to send you a newsletter of our Company and articles that you may find interesting. The legal basis is your consent (GDPR, article 6 par. 1a) and you have the right to revoke it at any time.
- Supplier Data
For the execution of the contract between us, we collect the data of our suppliers such as name, address, contact details, shipping details, financial data, which they provide to us. The legal basis for the processing of your data is the execution of the contract and our compliance with legal obligations (GDPR Article 6 par. 1b and c), and we maintain them for a period of up to twelve years from the last provision of services, or as required by the tax and any other relevant legislation.
Who has access to your data. Data transfers.
Your data is accessible by our employees as well as by any other person authorized to process your data during his duties. In addition, we work with third parties, professionals, independent consultants, etc. who provide us with commercial, professional, or technical services (eg web hosting, accounting services, transport services) for the purposes mentioned above, and support our business in whole or in part, concerning our activities. Where applicable, such people will act as Joint or Independent Protection Officers, Processing Officers, or people authorized to process personal data for the same purposes mentioned above, with the same security measures and in accordance with applicable legal liabilities.
Before the third party receives the data, we must: (1) complete the privacy review to assess the privacy practices and risks associated with these third parties (2) obtain contractual guarantees from these third parties that the data will be processed following our instructions and in accordance with this Policy and applicable law, that they will promptly notify our Company of any Personal Data Protection or Security events. In case of failure to comply with the standards set out in this Policy and existing legislation, that they will work together with us to remedy any such incident, they will help us meet the rights of the individuals defined below, and they will allow the Protection Officer to control their processing when it comes to the compliance with these requirements.
Finally, the data can be passed on to public authorities and institutions, as well as to our legal assistants (legal and insurance companies), for legal purposes.
Apart from the above, your data will not be disclosed to third parties, individuals, or legal entities and will not be disseminated.
Our company does not transfer personal data outside the EU, and if necessary (for example, to use Cloud services) this will be done under the terms and conditions set out in Articles 44 of the GDPR, as with your consent, the application standard contractual clauses approved by the European Commission or in countries considered safe by the European Commission.
You can control and/or delete cookies as you please. Details can be found at aboutcookies.org. In case you choose to disable cookies on the website https: //firstname.lastname@example.org/ the functionality of some pages may be lost or reduced.
More information on the use and management of cookies on the website can be found on the websites:
About cookies and their management:
About Google’s policy:
Data Security and Integrity
The Data Protection Officer implements reasonable technical and organizational security policies and procedures to protect personal data and information from loss, misuse, alteration, or destruction.
Furthermore, we strive to ensure that access to your personal data is restricted to those who need to be aware of it. People who have access to the data are obliged to maintain the confidentiality of this data.
Please note that the sharing of information over the Internet is not completely secure. Although we make every effort to protect your data, we cannot guarantee the security of the data shared on our website. After receiving your information we will apply strict security procedures and functions to try to prevent unauthorized access.
We make every reasonable effort to keep the personal data we collect from you only for the period for which we need this data for the purpose for which it was collected or until its deletion is requested (if this happens earlier), unless we continue to store them due to the current legislation.
Links to other websites
When we need to process data of minors (eg data of minor patients), ie, according to the GDPR, those who have not completed their 15th year of age, the processing is done only with the written and explicit consent of that person’s guardians. In any case, we make reasonable efforts to verify that the consent is given or approved by the person who has the parental responsibility of the child, ie by authentication and any other available information.
You may contact us by mail or email at the addresses referred to in paragraph (1) above, to exercise your rights per Articles 15 et seq. You can, for example, request an up-to-date list of people who have access to your data, receive confirmation of whether or not we process personal data relating to you, check their content, source, accuracy, and location (also concerning any third country), request a copy, request their correction and restrict their processing, and even delete them, if applicable. Similarly, you can always comment and submit complaints to the Hellenic Data Protection Authority, 1-3 Kifissias Ave., GR 115 23, Athens, Call Center: + 30-210 6475600 or at http://www.dpa.gr/
Changes to this Policy
The Data Protection Officer frequently reviews this Policy and may modify or revise it periodically at our discretion. When we make any changes, we will record the date of modification or revision in the Policy. The updated Policy will apply to you and your details from this date. We encourage you to review this Policy from time to time to see if there are any changes in the way we handle your data. This Declaration was last updated in July 2020.
If you have any questions, comments, or complaints regarding the management or protection of your data or if you wish to modify your data or exercise any of your rights as a data subject, please contact us at email@example.com.