Personal Data Protection Policy
The protection of natural persons with regard to the processing of personal data is of the utmost importance for the Company; consequently, the Company collects and processes personal data strictly in conformance with the General Regulation and the applicable legislation in general and to the extent necessary in connection with some aspect of labor relationships and the business of the Company.
The protection of natural persons in relation to the processing of personal data is a fundamental right according to article 8 para. 1 of the Charter of Fundamental Rights of the European Union (the “Charter”) and to article 16 para. 1 of the Treaty on the Functioning of the European Union (TFEU).
We inform you that the Company limits the access to such data to authorized persons only, and takes enhanced data security measures to secure data against -among others- loss, mishandling, unauthorized access, alteration or disclosure, complying to General Data Protection Regulation (GDPR) No. 2016/679 of the European Parliament and the Council (from now on “General Regulation”) which came into effect on 25.05.2018, introducing a stricter framework for the protection of individuals with regard to the processing of their personal data and for the free movement of such data.
Processing of personal data in the Company website
1. Categories of personal data
When you visit the Company websites, the Company may process:
a. The data that you have entered for your registration to the website and for using the services offered (user name, password, full name, contact phone, e-mail address, Connection Number, Tax Identification Number, communication content),
b. Personal data automatically collected while you browse (IP address, device type, browser, redirection website, company web pages that you visited, visit date and time).
2. Purpose of processing
Personal data are processed for the following purposes:
a. To properly serve a pre-contractual or contractual relationship, so that you will be able to obtain personalized information and access to your personal documents and we will be able to respond to your requests or contact you when you have requested so.
b. To be able and prove by document a legitimate legal claim or defense of the Company against an attempt at fraud, cyber-attack or other illegal activity.
c. To create anonymized statistics regarding multiple factors, such as the number of visits and accessibility of the homepage and the individual pages; all the above for the purpose of proceeding with necessary action, aiming to improve your browsing experience.
3. Legal basis for data processing
The legal basis for collecting and processing your personal data, in order to fulfill the above purposes, are the following:
a. According to Article 6(1)(a) of the General Regulation, it is required that you have given your explicit consent to the processing of your personal data (Article 6 (1) (a) of the General Regulation).
b. According to Article 6(1)(b) of the General Regulation, it is required that processing is necessary for the fulfillment of our contractual relationship with you.
c. According to Article 6(1)(f) of the General Regulation, it is required that processing is necessary for the purposes of the legitimate interests pursued by the Company.
4. Transfer of personal data to third parties
The company allows access to your personal data to members of its personnel (to the extent that this is necessary for the performance of their duties) and to collaborating companies that are providing systems and operations essential for the Company to provide its Services to you and to other customers, such as the collaborating Banks. Such collaborating companies provide to the Company (indicating) systems for the processing of transactions, call centers for customer service, software development services relating to its Services, services for the installation and management of POS terminals, marketing services as well as other administrative services that may include customer-supplier management systems, courier and cloud services.
Third parties, recipient of your data, may also be located outside the EU. Under any circumstances, we shall take all the appropriate precautions to ensure that processing is carried out in accordance with the applicable legal framework and that the level of protection is accorded by the EU data protection legislation.
5. Third Party websites
6. Policy on Cookies
7. Personal Data of Minors
The Company and this website are addressed to persons aged over eighteen (18) years. The Company has no liability if minors visit this website. In any case, if during the data collection process, it becomes evident that the user is minor, the Company will not process the minor’s personal data.
8. Data Retention Period
The Company shall store your personal data for as long as necessary to achieve the purposes described in the present policy, unless the applicable legislation stipulates or allows a longer time period.
9. Technical and organizational measures
The Company effectively implements, both at the time of determination of the means of processing and at the time of processing, appropriate technical and organizational measures such as anonymization, designed for the application of data protection principles, such as data minimization, and the integration of the necessary safeguards into the stated processing in such manner that the requirements of the applicable legislation and protecting the rights of natural persons are fulfilled.
10. Right to withdraw your consent
In case you have given us your consent to process specific personal data, you have the right to withdraw at any time your previous consent, with prospective effect. Such withdrawal of consent shall not affect the data process that was based on consent before its withdrawal. In case of such withdrawal, the Company may further process your personal data only in cases where there is some other legal ground for such processing (e.g., Defense of legal claims in a trial).
11. Rights of the data subject
Under the applicable legislation on personal data protection and under the provision that the relevant legal conditions are met, you have the following rights:
- Right of access
You have the right to be informed as to whether or not the Company processes your data, to have access to such data and obtain supplementary information in connection with such processing.
- Right to rectification
You have the right to request your personal data to be updated, rectified or completed.
- Right to erasure
You have the right to submit a request for the erasure of your personal data, and such request shall be granted provided no other legal grounds for processing are in place (e.g., compliance with a legal obligation to process personal data).
- Right to restriction of the processing
You have the right to request the restriction of the processing of your personal data in the following cases:
a. When you contest the accuracy of your personal data, and pending verification of the accuracy of your data.
b. When you oppose the erasure of your personal data and you request the restriction of their use instead.
c. When your personal data are no longer needed for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims.
d. When you have objected to the processing and pending verification that our legitimate grounds for processing override those for which you object to the processing.
- Right to data portability
You have the right to receive, at no cost, your personal data in a structured, commonly used and machine-readable format or to request, if technically feasible, that we transmit such data directly to another controller.
- Right to oppose automated decision-making
You have the right to request that you be excluded from decision-making which is based on automated processing, including profiling.
12. Data Controller
The Data Controller is «Upiria P.C.», located at Egnatia 154, Thessaloniki, Greece. The Company provides support for all questions, comments, concerns or complaints relating to personal data protection or should you wish to exercise any right in connection with the protection of your data. You may contact our Data Protection Officer by email at email@example.com or by post at the following mailing address: Egnatia 154, 54636, Thessaloniki, Greece.
13. Right to lodge a complaint with the Data Protection Authority
If you wish to lodge a complaint with the competent authority, the competent authority for these matters is Hellenic Data Protection Authority (HDPA). You are kindly asked to first make an effort to express your complaints to the Data Controller. For the Authority's responsibilities and how to file a complaint, you can visit its website (www.dpa.gr> My Rights> Submitting a Complaint) where detailed information is available