Last update, November 5, 2021
Acting as Data Controller the Company is bound to protect and process the personal data according to the General Data Protection Regulation/GDPR (EU) 2016/679, and the Greek legislation, especially the L. 4624/2019 for the Protection of Individuals regarding the Processing of Personal Data and the L. 3741/ 2006 for the Protection of Personal Data and the Protection of the Privacy of the Electronic Communications.
Type of Personal Data we collect
The Company shall collect and processes only the personal data which are adequate, relevant, and limited to what is necessary regarding the purposes for which they have been collected and processed. The personal information may include identification data (e.g., name, surname, date and place of birth, identity card/passport number), contact details (e.g., address, telephone numbers, email address), information about studies (degrees and vocational training data), work experience history, which you may provide voluntarily.
The Company shall not process personal data for any other purpose than the initial purpose of collection.
The website provides an online contact form for users/visitors of the Website. The users should submit only the personal information that they are asked to. In case they not fill the form properly, the Company may noy be able to process the request and respond to the query.
The Website and the online services are directed to individuals over 18 years old.
Purpose of Processing
The Company uses the personal data for the following purposes:
• For communicating with users, visitors, legal persons and individuals in general.
• For receiving and evaluating CVs for job vacancies.
• For the fulfilment of its legal obligations or in the context of Article 6 (1) GDPR (e.g., the processing is necessary for the performance of services, a contract, or an agreement to which the data subject is party or to take steps at the request of the data subject prior to entering a contract).
Retention Period of Personal Data
The storing and the processing of clients’, users’ and visitors’ personal data are conducted according with the law or is based in the specific consent provided by the persons only for as long as it is required to meet the purpose of processing (as set out above) or until the user objects to the processing of his/her personal data by the Company or withdraws his/her consent.
The Company may extend the data retention period if required by law, and for the establishment, exercise, or defense of legal claims.
The location of the processing is the main establishment of the Company in Greece (Parodos Sofokli Venizelou N. Lachanagora, P.C. 54628, Thessaloniki) where all processing activities take place.
Disclosure/Transfer of Personal Data to Third Parties/ Recipients
Further and if necessary, the Company may transfer personal data to third parties for the fulfilment of the specified purposes of processing. These third parties may include Company’s shareholder, consultants or/and collaborators; regulatory bodies; supervisory authorities; national institutions, etc.
In case the Company wishes to enter into agreements with third parties and these agreements require the processing of personal data, the third parties acting as Data Processors on behalf of the Company should be able to demonstrate their compliance with Union or Member State Law for the protection of personal data. The processing shall be governed by a contract (Data Processing Agreement) or other legal act under Union or Member State law, binding the processor to the controller and setting out the terms of the data processing activity and the appropriate content in accordance with the applicable provisions.
Handling of Data Access Requests
The data subject has the right to obtain information as to whether personal data concerning him or her are being processed, and to access the personal data; the right to obtain the rectification of inaccurate or out of date personal data; the right to request the deletion of personal data. The Company shall delete the personal data, unless the deletion is prohibited by law or the personal data are necessary for the exercise of a legal right.
The data subject must be aware that in the event of the erasure of his/her personal data, the Company may not be able to continue to provide its services.
The data subjects shall have the right to request the restriction of the processing of the personal data, in the following cases:
1. If the personal data are inaccurate
2. If the data subject objects to the processing
For exercising their legal rights or requesting clarifications, the data subjects should send their queries to the email found in the Company contact form. The requests must include all the appropriate information and the related data processing activities, as well as the format the users wish to receive the information. Each request will be thoroughly examined and will be answered appropriately in consultation with the data subject.
Cookies and Similar Technologies
The Data Controller is GREEFOS S.A. Representations, Imports - Exports of Raw & Auxiliary Materials for Food Industry, located in Greece, Parodos Sofokli Venizelou, Nea Menemeni, P.C. 54628, Thessaloniki, tel./fax +30 2310 567880, email: firstname.lastname@example.org.
The Company has appointed a Data Protection Officer (DPO). You may contact the DPO in the following email address: email@example.com
The Company reserves the right to amend this Privacy Police at any time in accordance with the latest applicable provisions. The latest version will be found on this webpage. At the top of the page, you will find the last date when this content was updated.
The Company is bound to protect your online personal data. Should you have any questions or comments regarding the processing, please contact us at the email address: firstname.lastname@example.org
Notification about the processing of personal data through a video surveillance system (CCTV).
Data Controller: GREEFOS S.A. Representations, Imports - Exports of Raw & Auxiliary Materials for Food Industry
Purpose of processing and legal basis
The Company has installed a video surveillance system for the safety and the protection of people and property. The legal basis for the processing is the legitimate interests pursued by the Company as Data Controller, according to Article 6 (1) (f) GDPR.
Legitimate Interest Assessment
The legitime interest consists of the need to protect the safety of the physical location and assets from unlawful actions, such as theft; to protect persons’ life, physical integrity, and health; to protect the property of our personnel and any third person who has the right to be present in the surveilled area. The Company collects video footage and images of persons, and restricts the monitoring to areas where there is an increased risk of illegal acts (e.g., theft) such as cash desks and entrance gates. The system monitors only specific areas to limit the possibility of excessive privacy invasion taking into consideration the rights and freedoms of the data subjects pursuant to the Regulation.
Recipients of the Personal Data
The video surveillance data can be accessible only by the Company authorized personnel that is responsible for management and operation of the video surveillance system and the security of the locations. The material will not be disclosed to any third parties with the following exceptions: a) to competent public authorities for the purposes of prevention, investigation, detection or prosecution of criminal offences which are related to people or assets of the Data Controller, b) to competent judiciary and prosecutorial authorities and law enforcement agencies upon their request if the processing is carried out in the performance of their tasks, c) to the individual affected or the offender if the personal data may be an evidence of the act.
Data Retention Period
The records are retained for ten (10) days, and after that period, are automatically deleted. In the event of an incident, the Company isolates the part of the footage, and stores it for one (1) month to investigate the incident and to commence legal procedures for defending its legitimate interests. If the incident involves a third person, the record may be stored for a three (3) month period.
Data subjects’ rights
The data subject shall have:
• The right to obtain confirmation as to whether personal data concerning him or her are being processed, and the right to request and receive a copy.
• The right to restrict the processing, as for example the right not to erase data that are necessary for the establishment, exercise, or defense of legal claims.
• The right to object to the processing of his/her personal data.
• The right to request the deletion of his/her personal data.
You may exercise your legal rights by sending an email to email@example.com, a letter to our postal address or by submitting your request in person to our offices.
You should provide also information about the time of the recording and a photo to identify you and your personal data, so as the Company be able to respond to your query. The identity and the personal data of irrelevant third persons who appear in the footage will be concealed.
Alternatively, you may visit our premises where we will present to you the images and the footage where you appear. Please keep in mind that the right to object to the processing or the right to erase your personal data may not result in the immediate deletion of the file or the alteration of the processing. In any case we will respond to your request as soon as possible within the time frame set by the GDPR.
Right to File a Complain
If you believe that your personal data have not been fairly processed, you have the right to lodge a complaint with the Hellenic Data Protection Authority, Kifissias 1-3, PC 115 23, Athens, Greece, , https://www.dpa.gr/, Telephone: +30-210 6475600