DATA PROTECTION POLICY
This describes our policy regarding the personal data we collect from visitors to our pages (hereinafter “users”).
Responsible for Processing is the Company “SAVVIDIS KYRIAKOS MONOPROSSOPI EPE”, with d.o.d. KIROSAV, based in Thessaloniki, St. Agiou Petrou 21 – N. Eukarpia 56429, VAT 997513351, D.O.Y. E Thessaloniki, E-mail kirosav@otenet.gr (“Processor”).
In the daily activities of our business and our website, we process data concerning natural persons, including:
- Customers
- Partners, processing on our behalf.
- Website visitors
- Other stakeholders (employees, suppliers)
Our company complies with the General Data Protection Regulation (2016/679 EU GDPR) and any other European and national legislation regarding the protection of personal data, electronic communications, etc. and undertakes to ensure at all times the protection of your Data:
- The data is collected for specific, clear and legitimate purposes and is not further processed in a manner incompatible with these purposes.
- We collect the necessary personal data for each processing purpose and process them legally, fairly and in a transparent manner in relation to the data subjects.
- We ensure that they are as accurate and up-to-date as possible and we only keep them for as long as necessary for the purposes for which they are processed.
- In any case, the criterion we use to determine the storage period is based on and takes due account of the need to comply with any relevant legal requirements as well as the data minimization principle.
- We process Data electronically and manually and take all appropriate measures to protect personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures.
Collection, purpose, legal basis of processing and retention time of your data
- Data we collect automatically through our website
The website https://www.kirosav.gr/ uses the SSL protocol (Secure Sockets Layer) which uses encryption methods for the data exchanged between two devices (usually Computers), establishing a secure connection between them via the internet, which results in the protection of your personal data.
When you visit our website https://www.kirosav.gr/ our server collects so-called server log files, namely:
- Date and time of website visit.
- The amount of data sent in bytes.
- The browser and operating system you used to access the website.
- Internet protocol address (IP address), when you enter the website. The IP address is personal data along with the date and time of your visit, although we cannot identify you with this data alone.
The legal basis for which we collect your IP address and keep it in special files (log files) is our legitimate interest in processing this data in order to ensure the security of networks, information and services against accidental events or illegal or malicious actions that compromise the availability, authenticity, integrity and confidentiality of stored or transmitted data (eg control of ddos ”denial of service” attacks), as well as our legal obligation to provide a more secure environment for processing your personal data (GDPR article 6 paragraph 1 letter f and c).The data will not be transferred or used in any other way. However, we reserve the right to review server logs (server logs) if specific indications of unauthorized use are detected.
- Customer data.
When you visit our business, we collect your personal data such as name, surname, e-mail, postal address, gender, age, profession, address, and any other information related to the provision of our services to you.
The purpose of processing your data is to provide you with the requested services and the legal basis of the processing is the execution of the contract between us (Article 6 para. 1b’ and 9 para. 2h GDPR), as well as our compliance with legal obligations. Your data retention time is as long as possible and longer if legal claims arise.
Its is clarified that we do not have a publicly accessible list of e-mail addresses of our subscribers/users. Therefore, any personal data (e.g. access names, etc.) that appear anywhere on the pages and services of the Controller’s website are intended solely for the purpose of ensuring the operation of the respective service and may not be used by any third party, without complying with the provisions of the legislation regarding the protection of personal data processing, as it applies from time to time.The Data Controller acts in accordance with current legislation and aims to better implement good practice on the Internet. Your personal information is kept securely for as long as you are registered with a service of the Processor and is deleted after the termination of your transactional relationship with the Processor in any way.
- Data we collect through email and contact form.
In the context of communication between us via e-mail and the contact form, we collect your name, e-mail address and any other information you provide us.This data is stored and used exclusively to respond to your request. The legal basis for the processing of your personal data is your consent (GDPR, Article 6 para. 1a). Your data will be deleted after the final processing of our communication. This will happen after the purpose and scope of our communication has been completed, provided there are no legal requirements to store such data.
- Newsletter
With your consent, we will collect your e-mail in order to send you a newsletter with news about our Company and articles that you may find interesting. The legal basis for the processing is your consent (GDPR, Article 6 para. 1a) and you have the right to withdraw it at any time.
- Supplier data.
For the contract between us, we collect the data of our suppliers such as name, address, contact information, shipping information, financial data, which you provide us yourself. The legal basis for the processing of your data is the implementation of a contract and our compliance with legal obligations (GDPR article 6 par. 1b and c), and we keep them for a period of up to twelve years from the last provision of services, or as long as the tax and any other relevant legislation.
Who has access to your Data. Data transfers.
Your data can be accessed by our employees as well as by any other person authorized to process your data in the course of their duties. In addition, we cooperate with third parties, natural or legal, professionals, independent consultants, etc. who provide us with commercial, professional or technical services (e.g. website hosting, accounting services, transport services) for the purposes mentioned above, and support our business in whole or in part, in connection with our activities.As the case may be, the said natural/legal persons will act as Public or Independent Processors, Processors or persons authorized to process personal data for the same purposes mentioned above, with the same security measures and in accordance with the applicable legal liabilities.
Before the third party receives Personal Data, we must: (1) complete a privacy audit to assess the privacy practices and risks associated with those third parties (2) obtain contractual assurances from those third parties that will process Personal Data in accordance with our instructions and in accordance with this Policy and applicable law, that they will promptly notify .Our business for any Privacy or Security incidents, failure to comply with the standards set forth in this Policy and applicable law, that they will cooperate in remedying any such incident, that they will help us meet the rights of individuals set forth below and that they will allow the Controller to control their processing in terms of compliance with these requirements.
Finally, the data may be further transmitted to public authorities and institutions, as well as to our legal supporters (legal and insurance companies), for legitimate purposes.
Apart from the above, the Data will not be disclosed to third parties, individuals or legal entities and will not be disseminated.
Our business does not transfer Personal Data outside the EU, and if necessary (for example, in order to use Cloud services) this will be done under the terms and conditions provided for in Articles 44 et seq. of the GDPR, as with your consent, the application standard contractual clauses approved by the European Commission or in countries considered safe by the European Commission.
Use of cookies
For the correct operation of the website and your better navigation, as well as for the better provision of our services, we use cookies.Cookies are text-files with information, which the web server (web server of the Controller) stores on your computer when you visit this website. In this way, the website remembers your actions and your preferences for a period of time, in order to have, for example, personalization of online advertisements, traffic analysis or other statistical analysis, and provision of the services you have requested. In this way, you do not need to enter these preferences every time you visit the website or browse its pages. Only the Processing Manager and its specially authorized partners have access to any information regarding cookies.
You can control and/or delete cookies according to your wishes. Details can be found on the website: aboutcookies.org. If you choose to disable cookies on the website https://www.kirosav.gr/ the functionality of some pages may be lost or reduced.
See here what cookies we use:
More information on the use and management of cookies on the website can be found on the websites:
About cookies and their management:
http://www.aboutcookies.org/default.aspx
http://www.whatarecookies.com/
About Google’s policy:
https://www.google.com/about/company/user-consent-policy.html
https://www.google.com/policies/technologies/cookies/
http://www.google.com/intl/el/policies/privacy/partners/
Data security and integrity
The Controller applies reasonable technical and organizational security policies and procedures to protect personal data and information from loss, misuse, alteration or destruction.
In addition, we try to ensure that access to your personal data is limited to those who have a need to know it. The people who have access to the data are obligated to maintain the confidentiality of that data.
Please be aware that the transmission of information over the Internet is not completely secure. Although we make every effort to protect your personal data, we cannot guarantee the security of data transmitted to our website. After receiving your information we will implement strict security procedures and features to try to prevent unauthorized access.
We make every reasonable effort to keep the personal data we collect from you only for as long as we need the data for the purpose for which it was collected or until it is deleted (whichever is sooner), unless we continue to we observe them according to the provisions of the current legislation.
Links to other websites
Our website may contain links with other websites, governed by other privacy statements the content of which may differ from this Privacy Statement. Please read the privacy policy of each website you visit before submitting any personal data to that website. Although we strive to provide links only to sites that share our high standards and respect for privacy, we are not responsible for the content, security, or privacy practices of other sites.
Data of minors.
When we need to process data of minors (e.g. minor patient data), that is, according to the GDPR, of those who have not reached the age of 15, the processing takes place only with the written and expressly expressed consent of the persons who have parental care of the minor . In any case, we make reasonable efforts to verify that consent is given or approved by the person who actually has parental care of the child, i.e. by verifying identity and any other available evidence.
Rights of Subjects
You can contact us by post or email at the addresses listed in paragraph (1) above, to exercise your rights in accordance with Articles 15 et seq. of the GDPR. You can, for example, request an updated list of people who have access to your data, get confirmation as to whether or not we are processing personal data relating to you, check its content, source, correctness and location (also in relation to any third country), request a copy, request their correction and restrict their processing and even delete them, if applicable.Likewise, you can always report comments and submit complaints to the Hellenic Data Protection Authority, 1-3 Kifissias Ave., GR 115 23, Athens, Call Center: + 30-210 6475600 or at http://www.dpa.gr/
Changes to this Policy
The Controller keeps this Policy under frequent review and may modify or revise it periodically at our discretion. When we make any changes, we will record the date of modification or revision in the Policy. The updated Policy will apply to you and your information from that date.We encourage you to periodically review this Policy to review any changes to the way we manage your personal data. This Statement was last updated in November 2021.
Contact us
If you have any questions, comments or complaints about our handling or protection of your personal data, or if you wish to amend your personal data or exercise any of your rights as a data subject, please contact us at kirosav@ otenet.gr.