Privacy and Personal Data Protection Policy

As approved by Minutes of the Board of Directors No. 17 of “ETAIREIA AXIOPOIISIS AKINITIS PERIOUSIAS ILEKTRONIKOU ETHNIKOU FOREA KOINONIKIS

ASFALISIS (e-EFKA) MONOPROSOPI A.E.” dated 22/02/2024

 

In compliance with the provisions of Regulation (EU) 2016/679 [on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and the repealing Directive 95/46/EC – GDPR] and Law 4624/2019 (A’ 137)

 

The protection of natural persons regarding the processing of personal data is a fundamental right. The Article 8 para. 1 of the Charter of Fundamental Rights of the European Union stipulates that everyone has the right to the protection of personal data concerning him or her. According to para. 2 of the same article, data must be processed lawfully, for specified purposes and on the basis of the consent of the person concerned or for other legitimate reasons provided for by law. Every person has the right to have access to the collected data concerning them and to obtain their rectification. Furthermore, since 25.5.2018, Regulation (EU) 2016/679 – General Data Protection Regulation (GDPR) of the European Parliament and of the Council has been in force, which introduces a stricter framework for the protection of natural persons regarding the processing of personal data and the free movement of such data (hereinafter the “General Regulation”). Moreover, already since August 2019, Law no. 4624/2019 entered into force, which, inter alia, updated the implementation measures of the General Regulation and incorporated into national legislation Directive (EU) 2016/680 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons regarding the processing of personal data.

The present website www.efkacompany.gr (hereinafter referred to as the “Website”) has been created by the company “ETAIREIA AXIOPOIISIS AKINITIS PERIOUSIAS ILEKTRONIKOU ETHNIKOU FOREA KOINONIKIS ASFALISIS (e-EFKA) MONOPROSOPI A.E.” under No. GEMI 168205601000 and with the distinctive title “ETAIREIA AKINITON e-EFKA” (hereinafter referred to as the “Company”).

The protection of natural persons against the processing of personal data is of paramount importance to the Company. Therefore, the collection and processing of personal data by the Company is carried out only pursuant to the General Regulation and the generally applicable legislation and where it is required in relation to the operation of labor relations and the Company’s business activity. The Company allows the access to it only to authorized persons and takes increased measures to secure the data from, among others, loss, mishandling, unauthorized access, modification or disclosure.

 

Type of personal data and purpose of processing

 

Personal data is any information related to a person whose identity is or may be known. The Company does not collect personal data directly from the Website, unless you contact the Company and use the contact details and individual email addresses listed therein. The Company and its Website are directed to persons who are eighteen (18) years of age or older. If underage users voluntarily visit the Company’s Website, the Company shall not be held liable.

The Company processes the data of the Website users’ in order to respond to requests, comments and questions for further information or to access any job application.

The Company processes the data of the Website users’ in order to conduct customer satisfaction surveys, advertising campaigns, market analysis and stratification, or other promotional activities or events.

The Company processes the data of the Website users’ in order to ensure the Company’s compliance with its legal obligations (indicatively tax, insurance, customs, accounting, etc.), to monitor compliance, to prevent financial crimes and to safeguard its overriding legal interests, such as the transmission of data to law firms or competent authorities.

 

Transmission of your personal data

 

The Company may transfer personal data to other subsidiaries or third-party partners, but only if and to the extent that such transfer is strictly required for the above mentioned purposes. Furthermore, third party IT companies (processors) may administer the Company’s Website. In this case, pursuant to GDPR rules, the partners and the affiliated companies are committed to the lawful processing of your personal data under a confidentiality agreement.

The Company may transmit personal data to judicial, administrative, tax, customs, arbitration authorities or other public authorities, regulatory bodies and lawyers if this is necessary to comply with the law or to establish, exercise or defend its legal claims. In such cases, contractual terms and regular checks shall ensure that if and when third parties have access to personal data, the legislation on the protection of personal data is adequately complied with.

 

Legal bases for processing personal data

 

The processing of your personal data is necessary for the fulfilment of the aforementioned purposes. Unless otherwise specified, by the time of collection of the personal data, the legal basis for processing is one of the following:

 

  • the processing is necessary for the performance of the contractual relationship with you (Article 6 (1) (b) of the General Regulation),
  • the processing is necessary for the purposes of the legitimate interests pursued by the Company (Article 6 (1) (f) of the General Regulation),
  • you have given your explicit consent to the processing of personal data (Article 6 (1)

(a) of the General Regulation).

 

Technical and organizational measures

 

The Company shall effectively implement, both at the time of determining the means of processing and the time of processing, appropriate technical and organizational measures, such as pseudonymisation, designed to implement data protection principles, such as data minimization, and the incorporation of the necessary safeguards in such processing in such a way as to meet the requirements of applicable legislation and to protect the rights of natural persons.

The Company does not process the above data for other purposes, as it processes only the personal data that are necessary for the purpose of processing, which is always carried out lawfully and in accordance with the spirit and terms of the General Data Protection Regulation (GDPR) of the European Parliament and the Council.

The personal data processed by the Company are legally retained for as long as it is necessary for the purposes of processing. At the end of this period, the data is deleted unless otherwise provided for by the applicable legal and regulatory framework or as required to defend the Company’s rights before a Court or other competent authority. As a data subject, you have, under certain conditions, the right of access to your recorded data, as well as the right to receive the aforementioned data in a structured, commonly used and machine- readable format (right to portability), the right to correct your data if they are inaccurate, the right to erase your personal data, unless their retention is mandatory by law, the right to restriction of processing, the right to object at any time to the processing of your personal data, including the profile processing and, generally, all the rights provided for by Chapter 11 of the general regulation.

The    Data    Protection    Officer    (DPO)    is    “ETAIREIA AXIOPOIISIS AKINITIS PERIOUSIAS ILEKTRONIKOU ETHNIKOU FOREA KOINONIKIS ASFALISIS (e- EFKA) MONOPROSOPI A.E.”, which is located in Athens, at 12, Americas Street.

The Company provides support for all questions, comments, concerns or complaints related to the protection of personal data or in case you wish to exercise any of your data protection rights. Contact with the Data Protection Officer can be made by email to p.laskos@laskoslaw.gr or by post to:

 

ETAIREIA AKINITON e-EFKA Amerikis 12,  Athens PC 106 71 Care of Mr. Pelops Laskos

 
Under the applicable legislation for personal data protection and provided that the relevant legal requirements are met, you have the following rights:

 

Right to access

 

You have the right to be informed whether the Company is processing your data, to have access to the data and to receive additional information on the processing of your data.

 

Right to rectification

 

You have the right to request the updating, correction, completion of your personal data.

 

Right to erasure

 

You have the right to submit a request for erasure of your personal data, which will be granted provided that there is no other legal basis for processing (such as, but not limited to, a legal obligation to process personal data).

 

Right of restriction of your personal data processing

 

You have the right to request restriction of your personal data processing in the following cases: (a) when you dispute the accuracy of the personal data and until verification, (b) when you oppose to the erasure of personal data and request the restriction of their use instead of erasure, (c) when the personal data are not necessary for the purposes of processing, but are necessary for the establishment, exercise, support of legal claims, and

(d) when you object to the processing and until verification that there are legitime reasons that concern us and prevail over the reasons for which toy object to the processing.

 
Right to object to personal data processing

 

You have the right to object at any time to the processing of your personal data when it is based on a legal basis (Article 6 (1) (e) or (f) of the General Regulation) which will be met unless the Company demonstrates compelling and legitimate grounds for the processing.

 

Right to data portability

 

You have the right to receive your personal data free of charge in a structured, commonly used and machine-readable format or to request, where technically feasible, that we transfer the data directly to another DPO.

 

Right to object to a decision based on automated processing

 

You have the right to request to opt-out of decisions based on automated processing, including profiling.

 

If you exercise any of the above rights, the Company will take every possible action to satisfy your request within thirty (30) days from receipt and you will be informed accordingly. It is stated that this period may be extended for two (2) additional months, taking into account the complexity of your request and the number of requests in general. These rights are exercised at no cost to you, unless they are frequently repeated and due to their number have administrative costs for us, therefore you will bear the cost. Furthermore, our Company will notify you of any breach of your personal data if such breach may put your rights and freedom at high risk and provided that it does not fall within one of the exceptions expressly provided by law.

 

Right of Αppeal to the Authority

 

The competent authority is the Hellenic Data Protection Authority. You have the right to appeal to the Hellenic Data Protection Authority on issues related to the processing of your personal data. An attempt must have been made by you to exercise your rights with the Company before appealing to the competent authority. For the competence of the Authority

and how to lodge a complaint, you can visit its website (www.dpa.gr > My rights > File a complaint), where detailed information is available.