Company Policy on General Data Protection Regulations
The company "P. Zafiropoulos S.A." (hereafter referred to as "The Company") hereby informs you that the processing of your personal data is effected in accordance to existing laws and statutes. According to the present Data Protection Policy (hereafter referred to as "Policy") we provide information regarding collection, storage, processing and use of your personal data. This Policy may be modified / complemented / updated at any time by The Company, to the effect of harmonization with existing legislation each time; it is recommended that you be regularly informed in this context.
What is GDPR?
It is the Regulation issued by the Parliament of the European Union (EU 2016/679) and the European Council (27/04/2016) regarding the protection of physical persons against processing of data of personal nature and the free circulation of such data, in accordance with the laws in power each time, including regulations, statutes and amendments through which they are embodied in the Greek Legislative body.
What are personal data?
They are information and data that refer to you and render you an identified or identifiable person, such as, indicatively, first name, family name, address, contact information, etc. (hereafter refer to as "Data").
What are sensitive personal Data?
They are about information and data revealing racial or ethnic origin, religious or philosophical beliefs, participation in trade union, as well as general genetic or biometric data and such pertaining to health issues (hereafter referred to as "Special Categories of Data).
What is data processing?
By "processing" is meant any act, or series of acts, executed with or without the use of automated media, on Data and/or Special Categories of Data, such as collection, saving, organization, sorting, storage, modification, retrieval, searching, use, announcement through transmission, dissemination and making available, co-relation, combination, limitation, erasure, or elimination (hereafter referred to as "Processing").
What data do we collect?
The company collects and processes only Data that are absolutely necessary for each purpose. The collected data are limited to those that you have provided the Company, either in the context of a respective contractual relationship (hereafter referred to as "Contract"), or during your communication with the Company (registration, electronic or telephonic), or during the use of the present web site, including data that are contained in forms, applications, reports, etc., specifically:
- Identity data (e.g. first name, family name, father's name, mother's name, birth date, ID Nr.)
- Contact Data (e.g. residence or work address, postal address, electronic address (email), fax number, telephone number(s), etc.)
- Identification data (e.g. IP address)
- Other data (online dataset identifiers, position or location data, other voluntarily disclosed data).
How do we use Data?
The Company will be processing the Data only for the absolutely necessary time period, on the basis of observing legal time limits, and the principles of minimization of data used, limitation of storage and rational handling of data. The Data will be processed by electronic and/or manual means, depending on circumstances and practices relevant to specific intents and will be accessible by "ad hoc" authorized Company staff and the personnel in charge of specific tasks (e.g. processing operator, protection supervisor, technical staff, etc.) who are also bound by respective confidentiality agreements, in accordance with legal existing requirements.
The Company will take all necessary measures, by using advanced technology methods, processes and equipment, to ensure the security of Data in its possession, prevention of unauthorized access, loss, illegal or unconventional use and their overall handling in accordance with existing regulatory provisions.
For what purposes do we process Data?
The company will be processing Data, in relation to- or to the effect of:
- Compliance with existing laws and regulations, court decisions, Decrees of competent Authorities, International directives and other legal obligations.
- The pursuit and safeguarding of particular legal claims and rights.
- Our communication with regard to improving our products and services and the adjustment of our web site content and form to your particular interests and wishes and the facilitation of communication and supply of information, by means of sending email, telephone, etc, messages and reports in connection with new products, special offers, or other pertinent information that may prove useful to you.
- Handling your requests or reports on undesired actions.
By accepting the Company's policy, you grant the Company your explicit consent for the processing of your personal Data for the aforementioned intent and purposes. For processing of your Data beyond the intents and purposes detailed above (or below) the Company must first obtain your written consent and provide every required detail as to the purposes of the intended processing.
What is the Legal basis of the Processing?
As legal basis for the Processing we can define (depending on individual cases) as:
- Your explicit consent for the intended purposes
- Execution of a contract
- Compliance of The Company with its legal obligation
- Pursuance of legal interest of The Company, based on the Regulation.
Who are the Recipients of Data?
In the spirit of the Regulation, Recipients are physical or legal persons, public authorities or services, or other organizations to which Data become known (hereafter referred to as "Recipients"). As "Recipients" are defined: (a) Public Authorities and Services as well as third parties (physical or legal persons), to which Data will become known, on the basis of the legislation in force. (b) Subsidiary- or associated companies- or enterprises to The Company (c) Cooperating companies, third parties, and professional and/or technical service providers contributing towards the intended purposes. Recipients of Data will be processing these -depending on the case - as Controllers, Processors or authorized persons, according to the legislation in force, each time.
The Company will not forward, transmit or concede Data to any third parties beyond those stated in the Policy, unless this becomes mandatory by Law or is required by judicial/public authorities or organizations. By accepting this policy you are granting your express consent to the Company for such transfer.
How do we secure Data?
The Company declares that the Data:
- Will be processed according to Law in a transparent and legal way.
- Will be collected for specific, express and legal purposes and will not be processed any further.
- Will be suitable, relevant and limited to the necessary measure, in relation to the intended scope.
- Will be accurate and will be updated by informing you accordingly.
- They will be stored in such a form that allows identification only for the required time period.
- They will be subjected to processing in such a way that will guarantee the indicated degree of security, among other things, their protection from unauthorized or illegal processing or accidental loss, elimination or deterioration by using suitable technical or organizational means.
Transmission of Data to third countries:
Your Data can only be transmitted to organizations within the European Economic Area (E.E.A.); for that reason, they are subjected to the strict legislature of the European Union regarding protection of Data of personal nature, or to organizations outside of the E.E.A. provided that these are certified and committed for their compliance to respective European standards or are subjected to the conditions of the Regulation.
What your rights are:
Based on legislation currently in force, you maintain the following rights:
- Accessing the Data, intended for confirmation of processing by The Company, to assess Data categories the intents of processing, the Recipients, the time period of processing, receiving copy of Data and updated Recipients' list.
- Editing inaccurate Data, by updating such, through informing The Company accordingly.
- Complementing missing or incomplete Data, among other things, by submitting a complementary report.
- Deleting the Data by revoking your consent to The Company, on condition that the Data are no longer required for meeting an obligation that commands the processing, based on legal order and/or execution of a contract and/or grounding, exercising or supporting of legal claims.
- Restricting of the processing when you are in doubt of the accuracy of the Data, and for a time period that would allow The Company to verify their accuracy or when the processing is illegal and you object to their elimination, demanding the restriction of their use instead, when The Company no longer needs the Data for the purposes of processing, but the Data are required for grounding and supporting legal claims.
The Company will announce every correction, addition, elimination of Data or restrictions in their processing, to all Recipients to whom the Data were communicated, unless this proves impossible or requires an extraordinary amount of effort.
- Portability of Data, in the sense of transference to another person in charge of processing (Controller), under the preconditions of the Regulation.
- Objection to processing (including objection to specific forms of communication), under the conditions of the Regulation, unless legal reasons for the processing or the founding of- or exercising or supporting legal claims concur.
- Revocation of your consent at any time, without this affecting the legality of the Processing that was based on your consent granted prior to the revocation.
- Submission of a report to a competent regulatory authority.
You can exercise your aforementioned rights through writing to The Company, at the addresses stated above or to the competent Personal Data Protection Authority.
Use of automated decision making - Setting up a profile:
The company does not make decisions neither set up profiles based on automated processes, during the processing of your Data, except in the case of using "cookies" in their web site.
In case of your contractual relations with The Company (e.g. customers / suppliers / associates), beyond the above provisions, the following are also applicable:
In the context of Data, the following are also included:
- Data of individual or single-person enterprises (such as firm title, seat, registration number, data of legal representative)
- Financial transaction data (e.g. Bank account number(s),
- Tax data (e.g. VAT Nr. Regional Tax Office)
- Data required for the execution of the contract or the exercising of legal rights or obligations emanating from the contract.
By accepting the present, you grant The Company your express consent for processing your data with extra intents of:
- Communication in the context of the contract.
- The compliance of The Company with the specific legislation that governs the contract. In this case the processing of Data is effected in the purpose of executing the contract, the harmonization of legislative mandates and the exercising of individual rights and obligations.
As "Recipients" are also defined public services or authorities, as well as third parties (physical and legal persons) to whom Data are communicated to the effect of execution of the contract or the exercising of special rights and obligations (e.g. software companies, crm, etc.).
The Company will be processing Data for as long as the contract lasts and/or a period following its termination, notwithstanding the mode in which termination occurred, if required for the execution/exercise partial contracts/rights and their harmonization with obligations emanating from existing legislation.
The revocation of consent, elimination, portability of Data and the objection to processing, may, possibly, bring about consequences if The Company can no longer abide by its legal or contractual obligations.
In case you send your CV to The Company or one of its legal representatives, further to the above stated, the following are also applicable:
As Data is also considered the information that you voluntarily include in your curriculum vitae (e.g. employment record, -including job titles, former employer(s) information, training, work experience, financial information, special categories of data, work preferences, etc.).
As subject of processing is also defined the communication intended for the exploration of prerequisites for possible hiring/employment in The Company, its subsidiaries or associate companies, in the near- or distant- future, following possible evaluation for employment.
The above Data can be processed by The Company till your consent for processing is revoked.
By accepting the present, you agree to: (a) Confidentiality regarding information that may come to your knowledge in the context or because of the contract or your communication with The Company. Any piece of information regarding third- party Data [i.e. Data of personal nature and Data of special categories, in the sense of the aforementioned, which refer to any third-person (including company employees, associates, members of the board, shareholders, legal representatives, etc.)], and/or financial, commercial, business etc. practices of The Company is considered absolutely confidential and their processing, disclosure or publication towards any party and in any way, is absolutely prohibited. (b) Refrain from keeping any files of documents that contain third-party data, including photographic or electronic materials (c) Informing the Company about any cases of unauthorized or illegal processing of Third-party Data and/or accidental loss, file elimination or corruption, (d) Your strict adherence to the Data Protection Regulation.
In the case of a simple visit of the web site without your sending any messages/requests/reports etc., Data processing will be limited to browsing data, i.e. data that are automatically collected for technical reasons, such as IP address, which is provided by the Internet Service Provider to your computer, for your connection with the Internet, or in relation with the browsing software you are using, as well as other technical parameters related to your connection with the Internet. Such information, may, in rare cases, constitute data of personal nature. As a general rule The Company is using the derived information only to the degree that is technically necessary, in general, as regards the operation of the web site and its protection against abuse, attacks or illegal actions.
The web site may contain links to web sites of third parties. Considering that The Company has no control over- or responsibility for the measures of protection regarding linked sites, The Company disclaims any liability and urges you to inform yourselves regarding Data Protection Policy of linked websites before visiting.
Cookies are small files that ask for permission before they are installed on the hard disk of your computer. If permission is granted the files are installed and help in receiving analytics of the web site, or provide information to you when you visit a web site. The cookies allow site applications to respond to your personalized preferences. The site application may adapt its operation to your needs and specific interests, though collecting relevant information.
This web site is using traffic monitoring cookies to determine which pages are visited, targeting data analysis concerning page visits, improvements of the web site and its adaptation to the need of visitors / customers. The Company is using the information only for reasons of statistical analysis and then the Data are discarded from the system.
Overall, cookies are used to assist The Company provide better services through this web site. Cookies do not allow The Company access to your computer or to any information concerning you, except the data you choose to share or publish.
You can choose to accept or to reject cookies. Most browsing software accept cookies automatically but you may choose to adjust your browser settings so as to reject cookies, if you prefer. However, this may prevent you from taking full advantage of the web site.