Personal Data Protection Statement
The limited liability company with the name “S.D. THEOFYLAKTOS S.A. – GIFT ITEMS” and the DIVISION TITLE “S.T.L.”, located in the Municipality of Athens and legally represented (hereinafter, the “Company”), declares with this policy that it respects your privacy and its primary concern is the effective protection and security of your personal data.
In this context, the Company undertakes to maintain and process personal data in compliance with the provisions and provisions of the applicable national and EU legislation, in particular, it undertakes to safeguard the security, confidentiality and secrecy of personal data and to fulfil the security requirements in order to prevent, as far as possible, the loss of data in any way, their illegal or unlawful use, as well as unauthorised access to them.
1.
Purpose and procedure for processing personal data
The personal data you provide us with will be processed for the following purposes.
(b) For the purpose of preparing for the preparation of sales or the provision of services to prospective customers (submission of technical and financial offers, drafting of agreements and commercial contracts, etc.).
(c) For the purpose of conducting sales (indicatively the receipt of orders, production, distribution – delivery of products or completion of the provision of services to customers and their invoicing).
(d) For the purpose of making purchases of raw materials, materials & other services from suppliers (including but not limited to placing orders, executing orders, receiving raw materials, goods and finished goods and/or services, making payments).
(e) For the purpose of statistical processing and analysis of customer-supplier activity in order to draw conclusions and prepare reports for the purpose of planning and implementing the company’s commercial and credit policy.
(f) For the purpose of hiring employees, managing leaves and departures, executing the payroll of the Company’s employees and associates, posting on the internet photographs and other data of the Company’s employees and associates, as well as for the purpose of providing them with private insurance, if any, and transmitting their data to the Company’s physician.
In view of the above processing purposes, the Company declares that it will collect, keep and process only those personal data that are the minimum and strictly necessary for the achievement of the respective processing purpose.
The processing of personal data will be both automated and non-automated with the maintenance of a physical record.
2. What Personal Data we collect
Personal Data means any information about a person from which that person can be identified. The concept of Personal Data does not include any anonymised data from which it is not possible to identify the natural person.
Pursuant to the above processing purposes, as described under -1, we may collect and process personal data which we have categorized as follows:
(a) For the purpose of presenting the company, its products & services to prospective customers and/or partners, identifying & meeting with suppliers for the supply of raw materials, goods and/or services: business card details (name, professional status and/or position in the company, telephone, mobile phone, email).
(b) For the purpose of preparing for the preparation of sales or the provision of services to prospective customers (submission of technical and financial offers, drafting of agreements and commercial contracts, etc.): Contact details & tax data, which in the case of natural persons in the form of sole proprietorships and/or freelance professionals coincide with their data, namely: name, activity, address – headquarters, tax office, VAT number, telephone number, telephone number, email address.
(c) For the purpose of conducting sales (indicatively the receipt of orders, production, production, distribution – delivery of products or completion of services to customers and invoicing of these): full tax data of customers, which coincide with the data of natural persons in the case of sole proprietorships and freelancers (name, activity, address – headquarters, tax office, VAT, VAT number, telephone number, email). Customer bank account details.
(d) For the purpose of making purchases of raw materials, materials & other services from suppliers (indicatively placing orders, executing orders, receiving raw materials, goods and finished products and/or services, making payments): full tax data of suppliers, which coincide with the data of natural persons in the case of sole proprietorships & freelancers (name, activity, address – headquarters, tax office, VAT, VAT number, telephone number, email). Supplier bank account details.
(e) For the purpose of statistical processing and analysis of customer-supplier activity for the purpose of drawing conclusions and preparing reports for the purpose of planning and implementing the company’s commercial and credit policy: data on the volume of sales – purchases per type of product or service are obtained and used for processing and drawing conclusions.
(f) for the purpose of recruiting employees, managing leaves, dismissals and voluntary departures, executing payroll of the Company’s employees and associates, posting photos and other identifying information of employees and associates on the Company’s website, as well as for the provision of private insurance to them, and the transmission of their (medical) data to the Company’s physician, we collect the data required by the applicable legislation (where this requires the collection of personal data).
In each case of collection of Personal Data, we will keep it transparently and accurately and in accordance with the principle of minimization. To this end, we ask you to inform us of any change in your personal data, so that they always correspond to reality.
3. Consequences of non-consent to the provision of personal data
If the consent of the personal data subject has been defined as the legitimate basis for the purpose of processing, the provision of personal data is in no way mandatory. In any case, the failure to provide the personal data which has been designated as “obligatory” may prevent us from fulfilling the aforementioned processing purposes or from fulfilling any contractual relationship. Failure to provide the other, non-mandatory, personal data may in no case affect our provision of the services.
4. Recipients of personal data
Personal data may be processed by natural and/or legal persons, established within and/or outside the European Union, acting in the name and on behalf of the Company on the basis of specific contractual obligations.
In order to facilitate the achievement of our purposes stated above we may transfer, disclose, grant access to your personal data or share it with third parties. In this case, third parties may be:
– Any third party that provides management, marketing and research, distribution, data processing, telemarketing, telecommunications, payment or other services or supports the operation of our business
– Any third party that provides customer service or satisfaction of customer requests
– Other partners that provide our company with data centers or servers or software products
– Lawyers, law firms and legally operating debtors’ information companies, according to what is specifically defined by the applicable legislation
– TEIRESIA S.A.E. in accordance with what is specifically defined by the legislation in force
– Public services, NPAs, NPIs, judicial authorities, regulatory bodies and organizations, regardless of jurisdiction or rank, if required by law, court decision, regulation, directive, order, opinion, circular, etc.
– Auditors, accountants, notaries, lawyers, bailiffs or other financial or professional advisors in accordance with what is specifically defined by the applicable legislation
– Our special or universal successors, in case of sale, disposal, merger, liquidation of our business.
5. Transfer of personal data outside the European Union
Within the framework of our contractual obligations, the Company may transfer and disclose personal data to countries outside the European Union, including explicitly the storage of such data in databases managed by entities acting on behalf of the Company. The management of the databases and the processing of personal data shall always be carried out in the context of the purposes of the processing and in accordance with the applicable law on the protection of personal data and ensuring a high level of protection of personal data. In particular, for the transfer of personal data, the Company undertakes that the legal requirements for transfers will be fully complied with, subject to appropriate safeguards, including binding corporate rules, and derogations for specific situations under the terms of applicable law.
6. The Data Controller and the Data Protection Officer
The Data Controller is the Company.
The Data Protection Officer is Theophylactos Dimitrios and the contact details(contact@theofylaktos.com.gr / tel. 2102409000).
7. Retention period of Personal Data
Personal Data submitted for the above processing purposes will be kept by the Company for the period deemed absolutely necessary for the fulfilment of these purposes, including for the satisfaction of any legal, accounting or information requirements and obligations, as well as for the fulfilment of any tasks performed in the public interest.
With regard to the Personal Data processed for the provision of the contractual service, the Company may continue to store such Data for a longer period of time, as may be necessary to protect and safeguard the Company’s legitimate interests in relation to possible liability related to the provision of the Service.
In some cases we may anonymise your personal data so that it can no longer be associated with you and it is not possible to identify you, for statistical and research purposes, in which case we may use this information for an indefinite period of time without further notice to you.
8. The rights of the Data Subject
You may exercise the following rights in accordance with and within the limits set by the specific provisions of Regulation (EU) 2016/679 and in particular:
(1) The right of access to your Personal Data, which means your right to be informed by the Company whether your Data are being processed and to have access to them (Article 15 of Regulation 679/2016).
(2) The right to rectification and erasure (the right to be forgotten) means the right to rectify any inaccurate data and the right to erasure of your data in case there is a legitimate interest for such erasure (Articles 16-17 of Regulation 679/2016), without prejudice to any overriding interest of the Company or a legal obligation to retain the personal data.
(3) The right to restriction of processing means your right to request the suspension of processing when you have a legitimate interest in doing so (Article 18 of Regulation 679/2016).
(4) The right to portability means your right to receive your Data in a structured, commonly used and machine-readable format, as well as your right to request that such data be transmitted to other controllers (Article 20 of Regulation 679/2016).
(5) The right to object means your right to object to the processing of your Data where there is a legitimate interest in accordance with the terms and provisions of Article 21 of Regulation 679/2016, including your right to object to any automated processing of your Data and to the processing of your Data for any marketing purposes.
(6) The right to withdraw your consent within the limits and provisions of the law.
(7) The right to lodge a complaint with the competent supervisory authority in case of unlawful processing of your Data.
You can exercise these rights by sending a letter to Philadelfeias 117 Acharnai or an email to the Data Protection Officer dimitris@theofylaktos.com.gr.
You will not have to pay any fees to access your personal data or to exercise your rights. However, we may charge you a reasonable fee where your request is manifestly unfounded or excessive, in particular because of its repetitive nature. We may also refuse to respond to your request in such a case.
The Company will make every effort to respond to your above requests within one (1) month of their submission. In any case, if due to the complexity or volume of your requests a longer period is required, we will inform you accordingly.
9. Protection of Personal Data
We have taken appropriate technical and organisational measures to protect the personal data you provide to us. In this context, we regularly check our security systems and restrict access to your personal data to only those qualified and authorised persons who need to know such data and who are expressly committed to keeping such data strictly confidential.
10. Stating the purposes of processing and conducting a privacy impact assessment
The Company has reflected the purposes of processing Personal Data in the Company’s Activity File. The Activity File reflects at least the following information:
– The purposes of processing
– Description of the categories of data subjects and categories of Personal Data
– The categories of recipients to whom the Personal Data are disclosed or will be disclosed
– Where possible, the time limits for keeping and deleting the Personal Data
– To the extent possible, a description of the technical and organisational security measures in accordance with the terms of Article 32 of Regulation 679/2019.
On the basis of the said Register, as it will be periodically updated, the Company undertakes to carry out periodic impact assessments of the aforementioned processing operations and any incidents of breach to the subjects of Personal Data.
11. Processors
The Company uses Processors who provide adequate assurances for the protection of personal data and the subjects of such data. They contract with the Company and are expressly committed to the protection of your Personal Data through a contract or other legal act that defines the scope and duration of the processing, the nature and purpose of the processing, as well as the rights and obligations of the Processor.
12. Modifications
This Privacy Statement may be modified from time to time. We reserve the right to change or modify this Privacy Statement at any time. Please check our Company’s Privacy Statement periodically and especially before providing any new personal data.
13. Contact
If you have any questions or concerns about our use of your personal data, please contact us at 210-2409000, or online at contact@theofylaktos.com.gr and we will make every effort to answer your questions.
Date of last modification: 28/8/2020
