Our company named "DIGALAKI KORINA S.A & DIEM S.A" (Hereinafter referred to as the "Company"), as Process Manager shall take all appropriate technical and organizational measures to comply with the national and European legislation relating to the protection of individuals with regard to the processing of personal data concerning them, particularly with the Regulation (EU) No 2016/679 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and the abolition of the Directive 95/46 / EC (General Data Protection Regulation), hereinafter the "Regulation".
The following constitute the policy we follow in the context of our above compliance, and in particular:
- The general principles we apply when processing personal data.
- Which data may be processed by our company.
- What the purposes of processing are.
- To which recipients the data may be disclosed.
- Delivery of data to third countries.
- What the time period is for which data is kept, and what happens when it passes.
- What the rights of data subjects are.
- What the Company's obligations are when processing the data.
- Installation of Closed TV Circuits for Safety - Communications Monitoring.
- Access via internet
- Updating - Modifying our Policy
1. General Principles in the Processing of Personal Data
The Company shall ensure that the processing of the data is carried out in accordance with the general principles laid down by law and, in particular, by ensuring that:
-The collection always takes place in a fair and legitimate manner, for a definite, clear and legitimate purpose. Whenever it is done with the consent of the subject, each time he/she has been thoroughly informed about everything he/she is entitled to know about, as well as about his/her rights, most importantly his/her right to withdraw freely, at any time, except in cases where the law otherwise provides.
-Any processing of the data is done in a manner that is lawful, in conformity with, or with the prior consent of the subject, whether it is for process on the basis of it or by the individual legal case basis allowing the processing.
-The data we process is designed to be relevant to the purpose of the processing, appropriate, accurate, and minimally necessary in relation to the purpose in question.
-The data must be regularly updated, revised or completed so that it always meets the above.
-The data is kept for the minimum required time, always based on the purpose of processing.
-At all times should appropriate security measures be in place to protect the security and integrity of data against any risk, unauthorized access, loss, destruction, misuse, etc.
Specifically as to the consent of the subject, we inform that according to the law, it is not required:
(a) in the case of processing carried out for the performance of a contract which the subject has concluded with us or in order to satisfy his/her own request, prior to the conclusion of the contract,
(b) when made to comply with the Company's statutory obligations,
(c) when they are done to protect the vital interests of the subject,
(d) when performed for the performance of a duty carried out in the public interest; and
(e) where processing is necessary for the purposes of the legitimate interests pursued by our Company, unless the interests or fundamental rights and freedoms of the subjects prevail over those interests.
Data of minors are held by the Company only if they have been provided by those who exercise parental responsibility and only for the purpose of fulfilling a relevant contractual relationship for the benefit of minors. The Company does not deal directly with minors under any circumstances.
2. What data may be processed
The Company processes the personal data, which is absolutely necessary for each purpose of the processing. We have put procedures in place to check its accuracy, while at the same time requiring subjects to inform the Company in good time of any change.
In particular, the processing of data by the Company includes mainly the following categories:
a. Identification data e.g. name, surname, date of birth, identity card/passport number, SICAV/NIN, VAT number
b. Communication data e.g. e-mail/mailing address, telephone/fax numbers
c. Payment data e.g. bank accounts, debit/credit and other bank cards
The personal data processed by the Company is kept in written form and/or by electronic and magnetic means.
3. What the purposes of processing are
The Company may process personal data for the following purposes:
a. Conclusion of a service contract on behalf of the Company, definition of the general and special terms of this contract
b. Conclusion of a contract for the provision of services to the Company
c. Compliance of the Company with obligations imposed by the applicable legal and regulatory framework
In addition to the above, the Company may process data in the subject information for its services as well as for third-party products or services that may match the interests and preferences of the subjects if they have given their consent to the purpose.
It can also process data:
-To identify yourself when you ask questions,
-To improve the management of services and products provided by the Company in the past, now or in the future,
-For the prevention and detection of fraud or deliberate or non-loss of data.
4. To which recipients the data may be disclosed
The data may be transmitted:
a. To associates of the Company, in the course of its lawful operation, for the execution of the treatments on its behalf, provided the subject has consented to them or falls under other cases of lawful processing provided by the law.
b. To public / judicial authorities,
In no event does our Company process your personal information to third parties except in cases where such portability is considered lawful by applicable law. Under no circumstances does our Company sell or rent your personal data to third parties. These items are solely used by our Company or specifically authorized by us to continuously improve your service or for the other reasons mentioned herein.
5. Transmission of data to third countries.
The Company does not transmit personal data to countries outside the European Economic Area (EEA). Such portability may only take place if the country provides an adequate level of protection of personal data. If the third country outside the European Economic Area (EEA) does not provide an adequate level of protection of personal data, personal data may be transmitted to that country only if the data protection is provided by a data portability agreement which ensures an adequate level of protection or if the conditions explicitly provided for by European and national law (e.g. if the relevant binding Corporate Rules exist or if the data subject has expressly consented to the portability).
6. What the time period is for which data is kept and what happens when it passes.
The Company will collect, store and generally process data for up to twenty (20) years from the termination of the contract in any way.
If a litigation is pending, the retention may extend beyond the above time, until it is concluded by irrevocable court order.
In other cases, the retention time of the data will be that provided by law, any other existing contract, any consent given by the subject and the legitimate interests of the Company if they do not outweigh the rights of the subjects.
In the event that the time period of retaining your data is past, the Company pays special attention to how they are destroyed. In particular, it has established and implemented a safe disaster procedure. The Company ensures that that destruction process of files containing personal data binds third parties who provide services in the name and on its behalf and of any other people's with whom it is collaborating under outsourcing contracts or other agreements.
7. What the rights of data subjects are.
Each subject is entitled to exercise the rights under the conditions laid down in the General Regulations (EU 679/2016) and the current applicable national law, rights under the conditions which are relevantly defined. More specifically the subject:
- Has the right to have access to his/her personal data.
- Has the right to request the correction of inaccurate or incomplete data concerning him/her or the completion of incomplete data.
- Is entitled to request the deletion of his/her data from the records of the Company if their processing is not necessary for the purposes for which they have been collected and is not justified by any other legitimate cause.
- Is entitled to request the limitation of his/her use of data in case of doubt of their accuracy.
-Is entitled to receive the data he/she has provided in a structured, commonly used format.
The exercise of these rights presupposes the submission, at no cost, of a written application to the Company, the Data Protection Officer , Digalaki Katerina .
In the event that one of the above rights is exercised, the Company will take all possible measures to satisfy the subject within thirty (30) calendar days of receipt of the relevant application, informing in writing of its satisfaction or the reasons for obstructing the exercise.
8. What the Company's obligations are when processing the data.
The Company is required to implement and implements all the requirements of the data protection legislative framework. Particular emphasis is placed, amongst others, on the following:
Ensuring Privacy and Security of Processing: The processing of personal data is confidential and is carried out exclusively by people under the control of the Company. These people are selected on the basis of strict criteria, which are designed to provide sufficient guarantees in terms of knowledge and personal confidentiality commitments. In addition, audits are carried out on a regular basis in order to strictly apply the criteria and procedures established by the Company for this purpose. The Company takes all appropriate organizational and technical measures for data security and its protection against incidents of infringement such as accidental or unlawful destruction, accidental loss, alteration, unauthorized disclosure or access and any other form of unfair processing. The measures taken are always intended to ensure a level of safety commensurate with the risks involved in the processing and the nature of the data being processed.
Information Systems Security: In order to ensure the confidentiality of all information entered in its information systems, the Company has adopted the appropriate measures for the security of information systems, which achieve the protection of the data being transmitted through the data networks and of the voice used by the Company, effectively controls user access to its information systems, and safeguards the protection of information that these systems manage; also cases of breaches to the security of the Company's information systems are early detected and prevented as much as possible.
9. Installation of Closed TV Circuits for Security - Communications Monitoring
In order to prevent theft of goods, deter crime, and security of personnel, the Company places closed television circuits at its premises, where this is deemed necessary. The installation and operation of these systems is in line with the requirements of the current regulatory framework.
It is possible that the Company's communications with you (including telephone conversations) will be monitored and recorded by the Company for security, quality assurance, as well as legal, regulatory and training purposes. Always in these cases there is prior notice, unless the law specifies otherwise.
10. Access via internet
Internet communications, such as e-mails, etc., are not secure unless they are encrypted.
The Company is not responsible for any unauthorized access or loss of personal data beyond its control.
The Company may use "cookies" to provide better services according to the interests and needs of the user. In such cases, consent is always sought. However, non-acceptance of cookies may affect the ability to use the site and download any of the Company's services.
11. Updating - Modifying our Policy
The Company may update, supplement and/or modify this Policy in accordance with the applicable legal framework. In this case, the updated Policy will be posted on our Company's website, to which we refer each and every businessman to us, so that they can always be informed.