Privacy and Personal Data Protection Policy
The “enka.gr” website belongs to “………….” which trades under the name of “……….” and is based in …………, GR-….. It is the holder of General Commercial Registry number ………. and Tax ID Number …………, and hereinafter, for the sake of brevity, the “Company”. The Company is the data controller of any personal data processed, and therefore you must contact the Company with regard to any issue related to your personal data.
Acceptance of terms and conditions
The terms and conditions set out below concern the privacy and personal data protection policy applied by the Company in relation to the services and products it provides. These terms and conditions are mandatory for all users of the Company’s services and/or products, as well as for all visitors to the aforementioned website, all of whom shall hereinafter, for the sake of brevity, be referred to as “Clients”, regardless of whether they place an order for the Company’s services or products. The Company’s services and/or products cannot be provided unless the terms and conditions of use below are accepted.
The Company’s products and services are addressed to persons over the age of 16. If you are under the age of 16, you can only use the services and products provided by the Company with the prior, express, specific and written consent of your legal guardian. The Company shall endeavour to check the age of the minor, however it is not in a position to examine any false statement made by the Client regarding their age and it therefore bears no liability whatsoever in the case that a Client makes a false statement.
What you should know about personal data
The legal framework on the protection of personal data within the European Union has changed. On 25 March 2018 the General Data Protection Regulation (GDPR) (EU) 2016/679 entered into force, thus repealing the relevant national legislation of EU member states. Thus in Greece, Law 2472/1997 on the protection of personal data has been repealed and replaced by the provisions of the above Regulation. The Company has already set the procedure into motion for compliance with the new legislative framework currently being shaped, by taking all the necessary organisational and technical measures required by the above Regulation in order to best protect the interests and personal data of the data subjects.
The personal data we collect
Depending on the purpose and needs of each case (see details below), the Company collects the following personal data on the Client: full name, email landline number or mobile number and IP address (Internet Protocol address).
The purposes of processing your personal data
The above data are collected and processed in the framework of the provision of services by the Company.
The legal basis for collecting and processing data
– The Client’s consent provides the legal basis for processing their IP address (Internet Protocol address).
Why we need personal data
We need your personal data solely and exclusively for the purposes stated in detail above. Should there be a new purpose of processing, which is incompatible with the corresponding original purpose, you will be notified anew and your consent will once again be requested, if required.
Your personal data shall under no circumstances be used for any purposes other than the above. Furthermore, your personal data shall not be processed for purposes of commercial exploitation.
The impact of processing on the data subjects
The processing of personal data by the Company does not have any impact whatsoever on the data subjects, since the collected data are entirely necessary and required for the provision of services and/or products. Furthermore, the data we process come under the category of simple personal data and do not, as a rule, come under special data categories (sensitive personal data).
All personal data are considered and treated as private and confidential. We ensure that all the necessary organisational and technical measures are taken to protect these data and their confidentiality.
How we use personal data
We collect, enter, store and organise your personal data solely for the intended purpose, as the case may be. Your personal data shall be kept private and confidential and shall not be disclosed to third parties without your prior, express, specific and written consent. Data shall not be disclosed to any third parties other than the competent public agencies and services required by law, as well as the Company’s external accountants, insofar as this is required for the execution of the corresponding operations.
How to access your personal data
If you wish to gain access to your personal data, you can send us a relevant request by email to [email protected]
By contacting our Company, you can request the correction, completion or updating of your personal data in order to ensure that they are always updated, correct and accurate.
Who has access to personal data
Only authorised employees and associates of the Company have access to your personal data in the framework of the purposes specified above and insofar as this is required for the fulfilment of their duties. No third parties have access to your personal data, and especially not without your prior, express, specific and written consent.
Who we share your personal data with
Your personal data shall not be forwarded to third parties except in the following cases:
– In order to issue the legally required tax invoices/receipts, the necessary and required personal data are forwarded to an external accounting office, and only specially authorised employees of this accounting office have access to these data.
– Furthermore, the data subjects’ tax details are forwarded to the competent tax/financial authorities, as the Company is obliged to do so by law.
Third party companies collaborating with our Company may also be recipients of your personal data, whenever and to the degree that this may be required. These companies are listed here.
Personal data retention period
A Client’s personal data are retained for a period of twenty years from the time that a service is delivered, since this is required in order to protect the Company’s legal interests in case any civil or other claims are made against the Company.
A Client’s tax details are retained for as long as is required under tax legislation, and in any case for the maximum period of twenty years from the issuance of each invoice/receipt, due to the fact that they may be requested within this time period both by the competent financial authority and by the Client.
Once the above time period has elapsed, the Client’s personal data are deleted entirely.
Any personal data that may be included in the texts intended for translation shall be anonymised immediately after the delivery of the service provided, and the texts shall be retained without any personal data, as is required for the protection of the Company’s legal interests.
How we protect personal data
We apply all the necessary organisational and technical measures set out in Greek and European legislation in order to protect your personal data.
In respect of organisational measures, our Company:
– applies a classified access policy so that each employee can only access the information that is required and absolutely necessary in order for them to carry out their duties.
– keeps a processing activity file.
– applies privacy-friendly advertising and marketing policies.
– ensures the protection of personal data during the design of its services and products by applying the principles of privacy by design and privacy by default.
– notifies data subjects/Clients simply and comprehensibly, with the utmost transparency and by any possible means, of the processing of their personal data, the intended purposes, the legal basis for processing, their rights and how they can exercise these rights in the event that they choose to do so, and this is done simply, immediately and without any obstacles.
– trains its employees in matters of personal data protection so that they may all be equipped with the necessary knowledge that will contribute to the protection of Clients’ personal data and privacy on a daily basis.
– requires employees to protect privacy and personal data through binding non-disclosure, confidentiality and personal data protection agreements.
The technical safety measures we apply
– The Company’s services can be accessed exclusively by authorised users by entering a user name and password.
– We apply a secure password policy, which involves personal passwords that must be changed at regular intervals.
– The encryption method is applied to passwords and, in addition, they are saved in their encrypted form.
– Data are accessed/exchanged with the use of SSL certificates, so that the data may be encrypted.
– State-of-the-art antivirus software has been installed on all of the Company’s local computers. Furthermore, they are password protected and go into sleep mode within a short time of not being used by their users. In terms of software, the Company uses the latest stable versions of Microsoft Windows, which are regularly updated for security reasons.
– All Company servers are maintained in a private network that can only be accessed by the Company’s technical staff.
– All the servers in our establishment always use cutting-edge technology.
– All the servers in our establishment are protected by a firewall and anti-malware of the latest technology.
– The software programs we use have official and updated licences.
– All of our servers’ software programs constantly receive security updates.
– Backups are kept throughout our establishment on separate servers that protect data through the use of passwords and encryption. Backups are made on a daily basis.
– The anonymisation method is applied wherever possible.
The rights of data subjects
Data subjects have the following rights in relation to their personal data:
– Deletion (and the right to be forgotten)
– Restriction of processing
– Data portability
– Non-automated individual decision-making (preparation of a profile)
How to exercise your rights
You can exercise your rights (of access, correction, restriction of processing, information, data portability, objection, deletion) or file a complaint by sending a relevant request by email to [email protected]
We will see to it that your request is answered as soon as possible.
Right to appeal to the Hellenic Data Protection Authority
Should an issue arise with regard to the processing of your personal data and once you have contacted our Company in its capacity as the Data Controller, you may subsequently appeal to the Hellenic Data Protection Authority. For detailed information on the Authority’s competencies and on how to file a complaint, you can visit its website at www.dpa.gr.
The cookies we use and the purposes for which we use them
What are cookies
Cookies are small text files containing data, which a website asks your browser to store on your computer or mobile device (smart phone, tablet, etc.). Once stored on your device, cookies allow a website to “remember” your actions (e.g. user name, password, etc.) and preferences. Each cookie has a different function. Some are necessary in order for a website to function, while others, e.g. advertising cookies, are used for advertising purposes.
In particular, our Company uses basic cookies such as the login session cookie (otherwise known as the transient cookie), which is stored in a temporary memory while the User navigates our Company’s website and is deleted as soon as the User closer their browser. Session cookies do not collect information from the User’s computer.
Furthermore, our company uses third party cookies, such as Google Analytics, Google Tag Manager and Google AdWords cookies, always on condition that the User has provided their express consent. For more information on the above cookies, please click on the following link: https://policies.google.com/technologies/types.
The applicable law and competent courts
The User expressly agrees and accepts that any disputes that may arise with regard to this privacy and personal data protection policy shall be governed by Greek law and shall come under the jurisdiction of the Courts of Thessaloniki.