Notification on the processing of personal data

Introduction

We would like to assure you that for us, Sofia Tsiotsiou & Sia EE the protection of the users’ personal data is of paramount importance. Therefore, we implement all the appropriate measures in order to protect the personal data that we process and ensure that the processing of the personal data not only by the company but by third parties as well that are likely to process the personal data on behalf of the company, always takes place in accordance with the obligations set out by the legal framework.

Data Controller –  Personal Data Officer (DPO)

The company Sofia Tsiotsiou & Sia EE located in Afytos, Halkidiki email: [email protected] Tel: +30 (2374) 091500, website: www.aegeanblueafitos.gr states that for the purpose of implementing the project, it shall process personal data of its employees, customers, suppliers according to the applicable national legislation and the European Regulation 2016/679 on the protection of natural persons against the processing of personal data and the free movement thereof (General Data Protection Regulation, hereinafter the “Regulation”), as applicable.

You shall directly contact the Data Protection Office (DPO) on any matter that relates to the data protection processing as follows:

Postal address: Fragkon 3, Thessaloniki, email: [email protected] telephone: 2310554145, fax: 23210 20269.

What is the purpose of the processing and how are your personal data used

The personal data that you provide to the company in any way (e.g. full name/name of the sole entrepreneurship/partnership, father’s name, ID card number or passport, capacity/profession, email, mobile number/fixed line number, full address for sending monthly statements, credit card number, vehicle’s registration plate, CCTV footage, curriculum vitae, etc.), will be processed by the company only when there are legal grounds for the said process.

The legal grounds for the processing of your personal data are but not limited to:

  • The safeguard and protection of the legal interest not only yours but the company’s as well. So we use close circuit television systems (CCTV) and security cameras in order to be able to ensure the smooth operation and protect the safety of the natural persons, goods, materials, facilities
  • The compliance with any obligations that are imposed by law, the determination of any criminal behavior in general that might endanger public safety or /and health or the smooth operation
  • The safeguard of our vital interests such as the provision of emergency care and in general any assistance in case of an accident
  • The consent you provide us with in order to receive notifications on products, services, offers of the company that you may withdraw at any time you wish by contacting the Data Protection Officer of the company.

Recipients of personal data outside the company

Our company (information on the company Sofia Tsiotsiou & Sia EE) transfers your personal data to third parties to whom it has assigned the processing of the personal data on its behalf. Moreover, our company stores the personal data that arise from the execution of the contract. Finally, the company works with informatics companies that provide relevant services such as maintenance of information systems services and security system services. In the course of the provision of said services, the informatics companies are likely to have access to the personal data and in certain cases carry out processing activities that are necessary for the provision of the relevant services.

In such cases our company (information on the company Sofia Tsiotsiou & Sia EE) remains responsible for the processing of your personal data and determines the respective specifications of the processing, signs the special contract with third parties to whom it assigns the performance of the processing activities in order to ensure that the processing takes place according to the applicable legal framework and that any natural person may freely and unconditionally exercise his rights arising from the legal framework.

Furthermore, the company transfers the personal data to the competent government authorities when it is provided by the applicable legal framework and the performance of their duties that are carried out in order to serve the public interest or in the course of exercising public authority assigned to them.

Storage time limit

The storage time limit for the data is decided based on the following special criteria on a case-by-case basis:

When the processing is provided by an obligation set out in the applicable legal framework, your personal data are stored for as long as the relevant provisions determine.

When the processing is carried out based on a contract, your personal data are stored for as long as it is necessary for the performance of the contract and the substantiation, exercise or/and defense of legal claims arising from the contract.

In the course of marketing activities, your personal data are stored until your consent is withdrawn. You may withdraw it at any time. The withdrawal of your consent does not affect the validity of the processing that had been carried out based on your consent during the time period prior your withdrawal.

In order to withdraw your consent, you shall contact the Data Protection Officer (DPO) of the company, PKG Law Firm K. Parigoris & Partners at: Postal address: Fragkon 3, Thessaloniki, email: [email protected] telephone: 2310554145, fax: 23210 20269. You may also use the deregistration option by clicking the respective link on our electronic communications.

Your rights in relation to your personal data

Each natural person whose personal data are being processed by the company (information on the company Sofia Tsiotsiou & Sia EE) enjoys the following rights:

Right to access

You have the right to be aware and verify the validity of the processing. So you have the right to access your data and ask for supplementary information on their processing.

Right of rectification

You have the right to study, rectify, update or amend your personal data by contacting the Data Protection Officer (DPO) at the following contact details.

Right to erasure

You have the right to file an erasure request on your personal data if and under the condition that the company processed them based on your consent or in order to safeguard its legal interests. In any other case (such as when the processing takes place in the course of the performance of a contract, when there is an obligation to process personal data as provided by law, when the processing takes place in order to serve the public interest), the said right is subject to certain restrictions or does not exist at all depending on the circumstances.

Right to restriction of processing

You have the right to ask for the restriction of processing of your personal data under the following circumstances: a) when you question the accuracy of your personal data and until they are verified, b) when you object to the erasure of your personal data and instead of the erasure, you ask for the restriction of the use thereof, c) when your personal data are not necessary for the purposes of the processing, however they are necessary for the substantiation, exercise, defense of your legal claims and d) when you object to the processing and until it is verified that there are legal grounds that relate to the company that supersede the grounds based on which you object to the processing.

Right to object

You have the right at any time to object to the processing of your personal data in case that as described above it is necessary for legal interest purposes that the company may pursue as Data Controller.

Right to portability

You have the right to receive your personal data without charge in the form that it would be convenient for you to access them, use them and process them using the commonly used processing methods. Moreover, you have the right to ask of the company, if it is technically feasible, to transfer your personal data directly to another data controller as well. This right of yours concerns the data that you have willingly provided to the company and the processing thereof takes place though automated means based on your consent or the performance of the relevant contract.

In order to exercise any of the abovementioned rights and for any question that you might have, you may address the Data Protection Officer (DPO):

PKG Law Firm K. Parigoris & Partners at:

Postal address: Fragkon 3, Thessaloniki,

email: [email protected] telephone: 2310554145, fax: 23210

Right to file a complaint with the Hellenic Data Protection Authority

You have the right to file a complaint with the Hellenic Data Protection Authority (Call center: +30 210 6475600, Fax: +30 210 6475628, email: [email protected])

Personal Data Security

The company (information on the company Sofia Tsiotsiou & Sia OE) implements the appropriate technical and organizational measures for the secure processing of your personal data and the prevention of any incidental loss or destruction and the unauthorized and/or illegal access thereto, use, modification or disclosure thereof. In order to ensure the appropriate level of security against any risk and the selection of the appropriate technical and organizational measures, the company takes into consideration the latest technological and other developments, the implementation cots, the nature, the framework and the purposes of the processing, as well as on on hand how likely it is and how big the risk is for any incident to occur regarding the loss or destruction and the unauthorized and/or illegal access to the personal data, use, modification or disclosure thereof and on the other hand how serious the consequences will be on the rights and the freedoms of the natural persons.