Privacy Policy

The protection of natural persons with regard to the processing of personal data is a fundamental right. Article 8(1) of the Charter of Fundamental Rights of the European Union (‘the Charter‘) and Article 16(1) of the Treaty on the Functioning of the European Union (TFEU) provide that everyone has the right to the protection of personal data concerning him or her.

Furthermore, as of 25.05.2018, no. 2016/679 General Data Protection Regulation (GDPR) of the European Parliament and of the Council, which introduces a stricter framework for the protection of natural persons with regard to the processing of personal data and for the free movement of such data (hereinafter the “General Regulation“).

The protection of natural persons with regard to the processing of personal data is of the utmost importance for “KARNEL S.A.”  (Hereinafter the “Company“). Therefore, the collection and processing of personal data by the Company is carried out only in accordance with the General Regulation and the generally applicable legislation and where this is required regarding the operation of labor relations and the business activity of the Company. The Company allows access only to authorized persons to them and takes increased data security measures, including through loss, mishandling, unauthorized access, modification or disclosure.

1. Processing of personal data on the Company’s websites

1.1. Categories of personal data

During your visit to the Company’s websites, the Company may process personal data that are automatically collected during your browsing (IP address, device type, browser, redirection website, company websites you visited, the date and time of the visit).

1.2 Processing purposes

The processing of personal data is carried out for the following purposes:

(a) The service of a pre-contractual or contractual relationship in order to receive the personalized information about you, as well as to respond to your requests or to contact you at your request.

(b) The establishment of any legal legal claim or defense of the Company against attempted fraud, possible cyberattack or other illegal activity.

(c) The creation of anonymized statistics on the traffic and accessibility of the main website as well as the subsequent pages, so that we can take the necessary actions to improve them in order to improve your browsing experience.

1.3 Legal bases of processing

The processing of your personal data is necessary for the fulfilment of the aforementioned purposes. Unless otherwise specified when collecting the personal data, the legal basis for their processing is one of the following:

(a) the processing is necessary for the performance of the contractual relationship with you (Article 6(1)(b) of the General Regulation);

(b) the processing is necessary for the purposes of the legitimate interests pursued by the Company (Article 6 (1)(f) of the General Regulation),

(c) your explicit consent to the processing of personal data has been given (Article 6(1)(a) of the General Regulation).

1.4 Recipients and transfers

External partners of the Company, in the field of information technology (processors) may manage our website. In this case we ensure through contractual terms and regular checks that if and when they have access to personal data, the legislation for their protection is adequately complied with.

1.5 Cookie Policy

Cookies are small text files that are stored on your computer or mobile device when you visit a website. We use the term “cookies” as an aggregated term to describe techniques such as cookies, Flashcookies and webbeacons.

Cookies are primarily used to ensure that your visit to our websites is as easy to use as possible, as well as for any advertising purposes during your future visits to other websites. The terms of use and cookie policy further details of the types of cookies we use, their use, as well as ways to delete or prevent the storage of certain cookies on your computer or mobile device.

1.6 Personal data of minors

The Company and its websites are addressed to persons who have reached the eighteenth (18th) year of age. If underage users voluntarily visit our websites, the Company bears no responsibility. In the event that during the collection of the data it is perceived that the user is of a younger age, the Company will not process his/her personal data.

2. Processing of personal data related to your business relationship with the Company

2.1 Categories of personal data and sources

In the context of an upcoming or existing business relationship with the Company, the Company may process the following categories of personal data:

(a) Data processed in the context of a project, a market sale of a product or service, such as personal data regarding orders, payments made, requests and reports in the context of the implementation of purchases and sales or partnerships in general.

(b) Data processed in the context of an employment contract or a relationship or external cooperation of persons with the company, such as identification and communication data, such as name, VAT number, Tax Office, address, telephone number, mobile phone number, fax number, e-mail address, date of birth, marital status, Social Security Number, identity card number, bank account number.

2.2 Processing purposes

Management of the contractual relationship with the business partners such as receipts, deliveries of products, provision of services, execution of works, receipts, payments, operational and it service, execution, support and monitoring of the contract, fulfillment of contractual obligations, etc.

Ensure the Company’s compliance with legal obligations (tax, financial, insurance, customs, accounting, etc.) for the purposes of compliance audits of business partners, for the prevention of financial crimes, as well as the safeguarding of its overriding legitimate interests, such as the transfer of data to law firms or competent authorities.

Compliance of the company with its legal obligations and the fulfillment thereof in the context of the exercise of its activities.

2.3 Legal bases for processing

Unless otherwise specified when collecting the personal data, the legal basis for their processing is one of the following:

(a) the processing is necessary for the performance of the contractual relationship with you (Article 6(1)(b) of the General Regulation);

(b) your explicit consent to the processing of personal data has been given (Article 6(1)(a) of the General Regulation),

(c) processing is necessary for compliance with a legal obligation of the Company or for the purposes of the legitimate interests pursued by the Company (Article 6(1)(c) or (f) of the General Regulation, respectively).

2.4 Recipients and transfers

The Company may transmit personal data to other companies, but only if and to the extent that such transfer is strictly required for the above-mentioned purposes.

The Company may transfer personal data to judicial, administrative, tax, customs, arbitral authorities and insurance funds or other public authorities, as well as lawyers if this is necessary for compliance with the legislation or for the establishment, exercise or defense of its legal claims.

Furthermore, the Company may outsource part or all of the above processing to third parties (processors) including their directors and employees:

to parties that have contracted with the Company for the promotion of the company’s services, for the provision of postal services, computerized support services, record keeping services, research services, IT services, advertising services, banking and credit institutions, chartered accountants’ companies.

lawyers and law firms.

In these cases, we ensure through contractual terms and regular checks that, if and when they have access to personal data, the legislation to protect them is adequately complied with.

In cases   where the recipients of the personal data may be established outside the European Economic Area, the Company takes measures to implement and ensure adequate and appropriate safeguards for the protection of personal data by other means, notably through the use of the standard binding clauses by the EU.

3. Data Retention Time

The Company will keep your personal data for as long as necessary to fulfill the purposes described in this policy, unless the applicable legislation requires or allows a longer period of time. The criteria governing the determination of the data retention time include the following: (a) for the duration of the contractual relationship between us, (b) as long as it is required in order for the Company to be in compliance with a legal obligation incumbent on it, (c) as long as it is required in view of the legal position of the Company (such as the defence of rights before the courts, regulatory controls, etc.).

In any case, after twenty years (20 years) from the expiration of the employment contract or employment relationship with the company, the data will be destroyed.

4. Technical and organisational measures

The Company effectively implements, both at the time of determination of the means of processing and at the time of processing, appropriate technical and organizational measures, designed for the application of data protection principles, such as data minimization and security codes, and the incorporation of the necessary guarantees in this processing in such a way as to meet the requirements of the applicable legislation and to protect the rights of natural persons.

5. Rights of the subject of personal data

The Company ensures, as far as possible, that the data kept are up-to-date and accurate and are limited to the extent necessary for the purposes for which they are submitted.

Under the applicable legislation on the protection of personal data and provided that the relevant legal requirements are met, you have the following rights:

5.1 Right to withdraw consent

In the event that you have given your consent to the processing of certain personal data by the Company, you have the right to withdraw the consent at any time, with future effect. The withdrawal of consent does not affect the lawfulness of processing based on consent before it was withdrawn. In case of withdrawal of consent, the Company may further process the personal data only in cases where there is another legal reason for the processing.

5.2 Right of access

You have the right to be informed if the Company processes your data, to have access to the data and to receive additional information about their processing.

5.3 Right to rectification

You have the right to request the updating, correction, completion of your personal data.

5.4 Right to erasure (right to “be forgotten”)

You have the right to submit a request for the erasure of your personal data, which will be satisfied provided that there is no other legal basis for processing (such as, but not limited to, the obligation to process personal data imposed by law).

5.5 Right to restriction of processing

You have the right to request restriction of the processing of your personal data in the following cases: (a) when you question the accuracy of the personal data and until it is verified, (b) when you object to the deletion of personal data and request instead of deletion the restriction of their use, (c) when the personal data are not needed for your processing purposes ;  they are however necessary for the establishment, exercise, support of legal claims, and (d) when you object to the processing and until it is verified that there are legitimate grounds that concern us and prevail over the reasons for which you object to the processing.

5.6 Right to object to processing

You have the right to object at any time to the processing of your personal data when it is based on the legal basis (Article 6 (1) (e) or (f) of the General Regulation), which will be satisfied unless the Company demonstrates compelling and legitimate reasons for their processing.

5.7 Right to portability

You have the right to receive your personal data free of charge in a structured, commonly used and machine-readable format or to request, where technically feasible, that we transmit the data directly to another controller.

6. Right of appeal to the Authority

The competent authority is the Hellenic Data Protection Authority. You have the right to appeal to the Hellenic Data Protection Authority for matters relating to the processing of your personal data. There must have been a prior effort on your part to exercise your rights in the Company before appealing to the competent Authority. For the authority’s competence and how to submit a complaint, you can visit its website (www.dpa.gr > My rights > Submit a complaint), where there is detailed information.

7. Data Controller

The Controller is the “INDUSTRIAL IMPORT AND INVESTMENT SOCIETE ANONYME” with the d.t. “KARNEL S.A.”, based in Peristeri, Attica, 54 Agiou Pavlou Street and Ikaria Street.

The Company provides support to all questions, comments, concerns or complaints related to the protection of personal data or in case you wish to exercise any right regarding the protection of your data.

Communication with the Data Protection Officer may be made at any time via email at info@pilavioslaw.gr or by post to:

 

Law Office of Sofoklis Pilavios
Correspondence: Psomas Konstantinos
Irodotou 29, Athens
P.C. 106 73
Tel: 210 7299750