Privacy Policy

Effective Date: December 20, 2018

Our company has fully complied with the General Data Protection Regulation (GKPD) 2016/679 (General data Protection Regulation 2016/679 GDPR), which is directly applicable from 25 May 2018 in all Member States of the European Union. With this protection policy, we would like to inform you about what personal data we collect, how, the scope and purpose of processing, and your rights as the subject of such data. For this reason, we would like to ask you to take a moment to read carefully the following text.

General Information

▪ personal data is any information concerning a natural person whose identity is already known or can be ascertained ("data subject").

▪ Controller is the provider of the website

Chatzistoygiannis Haris

3 km. Serres Thessalonikis, Serres 62100, Greece

Email: [email protected]

Telephone: 0030 2321050838

▪ The regulation obliges the controller to inform the data subject of the existence and purposes of the processing in a clear and comprehensible manner. Information must be made in an easily accessible form (articles 12 and 13 of the general Privacy Regulation)

▪ The website has the Security sockets Layer (SSL) certificate, which ensures the secure exchange of data between the user's browser and the server (server) of the provider, creating an encrypted connection and preventing Intercepting data from malicious users. You can see it from the HTTPS prefix (instead of the usual HTTP) that is located in the Web page address.

▪ Minors may have access to the website and its services only if they have the consent of their parents or their parental responsibility. A minor under the general Data Protection regulation is considered to be anyone under 16 years of age (article 8 (1) of the General Privacy Regulation). If it has not previously received the consent of the persons mentioned, the minor should refrain from using the services, the website and generally its content.

Login to our website

▪ when you sign in to the site without using any of the services (e.g. Contact form), data is exchanged automatically-information between your computer and the provider's server. These data are:

  1. Date and time of your entry to the website
  2. The Internet Protocol address (IP) of your device from which you connected
  3. The browser you are using, your computer's operating system and the name of the access provider
  4. The name and address (URL) of the file
  5. The amount of data sent in bytes

▪ The purpose of the data processing is:

  1. Ensuring a smooth connection
  2. Ensuring a comfortable use of our website
  3. The continuous improvement of the website
  4. Controlling the security of our system and identifying and addressing any threat

▪ legal basis for processing is Article 6 (1) (f) of the General Data Protection Regulation (GKPD). The justified interest of the provider shall be analysed in particular in the above mentioned purposes of the processing

▪ storage time: This data is cached (as long as you visit the website) in a log file.

▪ recipient/Categories of recipients: we do not enclosed your personal data to third parties.

Contact Form

▪ The website has a contact form so that we can serve you directly in any questions you may have. The personal data we collect is only those that you entrust to us by filling in the corresponding fields of the form, such as

  1. Your first and last name
  2. Contact telephone Number
  3. E-mail

▪ The purpose of the processing is the immediate response to your request and the direct contact with you in order to answer your questions.

▪ legal basis for the processing of your personal data is your consent (article 6 (1) (a) of the General Data Protection Regulation (GKPD).

▪ you have the right to revoke your consent at any time and at no cost. The withdrawal of consent is valid for future (article 7 of the general Regulation on the protection of personal data). The processing based on your consent is legal for the period until the consent is revoked.

▪ storage time: We keep the above personal data for as long as the communication between us lasts, as well as 24 months after our last communication. But if you ask us, we can delete them sooner.

▪ recipient/Categories of recipients: we do not enclosed your personal data to third parties.

Cookies

▪ The website uses cookies, which are small files stored on the user's device and collect information about the browsing and activity of use on the Internet.

▪ in the cookie policy, we inform you in detail about the cookies we use, their usefulness and the duration of storage on your device.

Recipients outside the European Union

▪ except in the case mentioned in the cookie policy and the Google Analytics service we use, we do not provide your data to recipients based outside the European Union.

▪ the processing performed by this service leads to the transfer of data to the Google server in the United States. But because it becomes anonymisation of your IP address, the data collected can in no way be linked to you. Data collected for statistical purposes is retained on Google's server for 24 months and then deleted.

Data subject Rights

▪ as an underlying processing of personal data you have the following rights:

  1. Right to revoke consent. As long as the processing of your data is based on your prior consent, you have the right to revoke it at any time. The withdrawal is valid for the future and does not affect the legality of the processing that was based on it until the withdrawal (article 7 (3) of the General Privacy Regulation).
  2. Right of access. You have the right to receive information at any time about your data processed by the controller, the categories of data, the purposes of the processing, the recipients, and the time (Article 15 general regulation for the protection of personal data).
  3. Right to correct incorrect data and to fill incomplete data. You have the right to require the controller without undue delay to correct or supplement your data processing (article 16 of the General Privacy Regulation).
  4. Right to delete your data from our files in case the data is no longer necessary for the purposes collected or revoke your consent on which the collection was based or if your data was processed Illegally (article 17 of the General Privacy Regulation).
  5. Right to restrict the processing of your personal data either when you question the accuracy of these or when the processing is illegal or when the purpose of the processing is no longer (article 18 general regulation of personal protection Data).
  6. Right to data portability. You have the right to receive the data you trusted to us and to transmit it to another controller without objection to us if the processing is done by electronic means and based on your consent or in a contractual relationship With you (article 20 general privacy Regulation).
  7. Right of objection. Where the processing of your data is legitimately based on the fulfilment of the public interest (article 6 para. 1 ed. GKPD) or the satisfaction of a legitimate interest of the Controller (art. 6 para. 1 ed. St΄ GKPD), you have the right to object at any time in the processing of your data relating to your particular situation. The Controller shall not submit the data processed unless it proves the assistance of compelling and legitimate reasons for the processing, which supersede the interests, rights and freedoms of the data subject

Exercising Your rights

▪ Any request regarding your personal data and the exercise of your rights may be submitted in writing and sent to the email address [email protected]

Right to complain to a supervisory authority

▪ The supervisory authority in Greece is the Personal Data Protection Authority (www.dpa.gr)

▪ If you consider that the processing of your data is in violation of the general privacy regulations, you may submit a complaint to a supervisory authority. According to the GKPD, the competent supervisory authority may be indicative (not restrictive) of the authority of the Member State in which you have your habitual residence or place of work or the authority of the site of the alleged infringement (article 77 general regulation for the protection of personal Data).