Our Company, in accordance to the conditions set out in Regulation (EU) 2016/679 of the European Parliament and of the Council of 27th of April 2016 on the protection of individuals with regard to the processing of personal data and on the free use of such data and having regard to the repeal of Directive 95/46 / EC (General Data Protection Regulation) (hereinafter referred to as “General Regulation”), wishes to inform you as follows, regarding the processing of your personal data.
Company name: FRIDAYS KIFISIAS S.A
Address: 35 Kolokotroni Str, Kifisia Athens 145 62
Telephone – Fax: 210 6233947
Email address: firstname.lastname@example.org
Full name: Eleni Papavasileiou
Address: Konitsis 13A
Telephone – Fax: 2106129933
Email address: email@example.com
“Personal data” are defined by the General Regulation as any information concerning an identified or identifiable individual (“data subject”); the identifiable individual is one whose identity can be verified, directly or indirectly, in particular by reference to ID, such as name, ID number, location data, online ID, or one or more factors that characterize the physical, physiological, genetic, psychological, economic, cultural, or social identity of that individual.
Further, “processing” means any operation or series of operations performed with or without the use of automated means, on personal data or on personal data sets, such as collection, registration, organization, structure, storage, adaptation or alteration, retrieval, retrieval of information, use, disclosure by transmission, dissemination or any other form of disposal, association or combination, restriction, deletion or destruction.
The General Regulation sets out certain fundamental principles, which govern the protection of personal data.
In particular, personal data must:
For our Company, respecting the above principles in the processing of personal data concerning you is a priority. Specifically, the Company as well as its Employees make every effort to ensure the optimal level of protection of your data, as well as full compliance with the requirements of the General Regulation.
Due to the field of our company’s activities, the Personal Data it collects mainly concerns the following categories of subjects:
We note that we do not collect personal data of specific categories, other than the health data referred to herein, such as personal data relating to race, ethnicity, religion, sexual orientation, or genetic biometric data, etc., which are categorized as specific data categories and receive additional protection in accordance with European data protection legislation.
Our company collects personal data given to our Organization directly by the subjects, for one of the following reasons:
Specifically, our Company processes the following categories of personal data that concern you for the following purposes.
Each of the above methods of processing your personal data is based on some legal basis. Specifically:
The time period that your personal data provided will be retained, depends primarily on the purpose of the processing, since even their mere storage constitutes an act of processing, which is permitted only if it is governed by the processing authorities. After the retention period the personal data are deleted. Particularly:
Our Company does not disclose the data to third parties, except in the following cases. Particularly:
We point out that the above partners have access to the personal data necessary to perform their functions, but are prohibited from using them for other purposes, in addition they have previously committed to our Organization for their relevant obligations regarding the non-use of data for purposes other than the execution of the processing, the observance of confidentiality and the general compliance with the Regulation.
The processing of your personal data is also linked to your respective rights, which, subject to provisions that may restrict the exercise of these, are:
In case of exercising of one of the above rights, we will take every possible measure to satisfy your request within a reasonable time and no later than (1) month since the identification of your submitted request, informing you in writing about the satisfaction of your request, or the reasons that may prevent the exercise of the relevant right, or the satisfaction of one or more of your rights, in accordance with the General Regulation of Personal Protection Data. Please note that in some cases the satisfaction of your relevant requests may not be possible, such as when the satisfaction of the right is contrary to a legal obligation or conflicts with a contractual legal basis for the processing of your data.
However, if you consider that any of your rights or legal obligations of our Organization regarding the protection of Personal Data are violated and after you have previously addressed the Data Protection Officer of the Organization (DPO) for the relevant issue, meaning that you have exercised your rights to the Organization and either you did not receive a response within a month (extension of the deadline to two months in case of a complex request), or you consider that the response you received from the Agency is unsatisfactory and your issue has not been resolved, you can file a complaint to the competent supervisory authority, i.e. to the Hellenic Data Protection Authority (DPA), 1-3 Kifissias Ave., PC 115 23 Athens, email: firstname.lastname@example.org, fax: +302106475628.
We have taken appropriate organizational and technical measures to protect your personal data from misuse, tampering, loss, unauthorized access, modification, or disclosure. The measures we take include the implementation of appropriate methods in access control, technical security of information as well as ensuring that personal data is encrypted, pseudonymized and made anonymous, where necessary and feasible.
Access to your personal data is allowed only to our competent employees and associates and only if it is necessary to support the activity of our Organization, and is subject to strict contractual obligations of confidentiality, when assigned and processed by third parties.