Privacy Policy and Personal Data Protection

of  Th. Kyriazakos S.A.

GENERAL PROVISIONS

1.0 Who is responsible for your Data?

The Data Controller for your personal data is the anonymous company with the name “T KYRIAZAKOS ANONYMOUS COMPANY MECHANICAL METAL INSTALLATIONS” and the distinctive title “T. KYRIAZAKOS S.A.” (“the Company”), which is headquartered in the Municipality of Pionia, at 48th km Thessaloniki – Euzonoi and is legally represented, with switchboard 23430 25425 and e-mail contact info@kyriazakos.gr.

2. General principles that the Company adheres to regarding transparent information provision.

Every information we provide you with this document as well as any information you may request from us in the future is provided to you free of charge with the proviso that the request is not repeated, exaggerated or manifestly unjustified (see more in section 3.) For each of the above rights you exercise the Company will respond to you within one (1) month from receipt of the request or in case of objective difficulty, complexity of the request or the number of requests, the Company will respond at most within a period of three (3) months in total regarding either the completion of your request or the justified refusal to execute what you requested for legitimate reasons that are explicitly specified in the General Regulation for Data Protection 2016/679, according to the provided relevant internal procedure.

In the event that the Company considers that any of the above rights of yours are exercised manifestly groundlessly or the request is excessive or (much more so) has a repetitive character, it is entitled on the one hand to impose on you a reasonable fee for the provision of further information (which is in principle free) and on the other hand to refuse to continue with the request.

In the event that the Company has reasonable doubts regarding your identity when you submit a request to exercise any of the above rights, it may request the provision of additional information necessary to confirm your identity before processing the request.

In the event that the Company delays beyond the justified period to respond to your request as well as in any case where you believe that your rights are being violated or the Company is not compliant with its obligations to protect your data, you are entitled to file a complaint with the competent supervisory authority. (Personal Data Protection Authority, Athens Kifisias 1-3, T.K. 115 23, Athens, contact@dpa.gr, +30-210 6475600).

You retain the right to revoke the consent given to you at any time by submitting a relevant written request as well as the right to address all your requests to exercise the following rights to the e-mail address privacy@kyriazakos.gr.

3.0 What are your rights in relation to the Personal Data you have provided us?

3.1 Right to Information

You retain the right to request information regarding the personal data we have received from you and maintain for any purpose or purposes as described below (under A – C). This document constitutes as a whole a manual for basic information and understanding of the philosophy of the regulatory framework governing the protection of your personal data. Updates, in-depth analysis and clarifications to this document can be provided to you upon submission of a relevant request to exercise the right to information.

3.2 Right of Access

You retain the right to request from our Company access to your details which we maintain and confirmation regarding whether they are being processed and more specifically information regarding the purposes of processing, the categories of personal data, the recipients or categories of recipients, the time period of retention and processing, the existence of the right to lodge a complaint with the Personal Data Protection Authority, any available information regarding the origin of the data when they have not been provided by you yourselves, the existence or absence of automated decision-making including profiling and the relevant methodology, guarantees regarding the policy we follow when the transfer is to third countries, a copy of the personal data that are maintained and are being processed.

3.3 Right to Rectification

You retain the right to request from our Company the correction of your data in case any element of them for which we have the right to process has changed or has been incorrectly recorded.

3.4 Right to Erasure

You retain the right to request from our Company complete or partial deletion of your data which we have the right to retain and process either because they are no longer necessary to fulfill the purposes for which they were collected, either because you withdraw your consent, or because the data was collected for a purpose you consider unlawful. Our Company, within a reasonable time (not exceeding one month and subject to conditions if there is difficulty not exceeding three months total) will respond to you confirming the complete or partial deletion of your data respectively or regarding the inability to delete certain data if any law or the fulfillment of any obligation on behalf of the public interest, or the right of freedom of expression and information or the exercise or support of any legal claim requires their retention. In this case you have on the one hand the possibility of complaint to the supervisory authority, and on the other hand the exercise of judicial recourse.

3.5 Right to Restriction

You retain the right to request from our Company the restriction of processing of your data, quantitatively, temporally or in relation to the purpose of their processing and more specifically (a) either because you dispute the accuracy of your data and for as long as it takes the Company to confirm their accuracy, (b) or because you consider the processing unlawful but instead of erasure you choose restriction (c) or because they are no longer necessary for use by the Company but you do not wish their deletion as their retention will serve you for some legal claim, (d) or in the event that you have objections regarding the processing of your data and until it is verified whether your rights as a Data Subject prevail over the legitimate reasons for processing of the Company.

3.6 Right to Data Portability

You retain the right to receive the personal data you have provided us in a structured, commonly used and machine-readable format as well as the right to transmit them further without objection, given that the processing of your data takes place on the basis of consent provision. Within the framework of exercising this particular right you additionally have the possibility to request direct transmission from the Company to the third party without your mediation. This right is exercised subject to the restrictions of the right to erasure (see above under 3.4) and its exercise cannot adversely affect the rights and freedoms of others.

3.7 Right to Object

You retain the right to object to the use of your Data being processed, unless the Company demonstrates compelling and legitimate reasons for their processing which outweigh your interests or are necessary for the establishment, exercise or support of legal claims.

SPECIAL PROVISIONS (which concern individual categories of Data Subjects)

(A) CUSTOMER – SUPPLIER – PARTNER & PROSPECTIVE CUSTOMER – SUPPLIER

A.1. Nature of Data – Purpose of processing – Legal Basis

  1. a) Your data (name, electronic address, telephone, home or business address, status, professional activity and/or products/services of ours that interest you etc.), which are collected pre-contractually, either through sending an electronic message – email, or in case of completing the electronic contact form on our website, or through telephone communication, are processed for the purpose of investigating the possibility of transaction with our Company in order to pursue our commercial purposes by responding to the requested communication.
  2. b) Your data [personal identification details (name, ID number, personal number, social security number), home or business address, contact details (telephone, e-mail address), bank account number, full billing details, product/service shipping address, payment method selection, payment execution information etc.] which you provide yourselves, by telephone, by electronic correspondence and/or in writing, within the framework of our transaction, are processed for the purpose of implementing the contract/commercial cooperation relationship between us and providing transportation, storage and goods management services as well as our obligation to comply with labor, insurance and tax legislation.
  3. c) The legal basis for processing of the above data (under A.1.a) is the pursuit of the Company’s legitimate interests for commercial promotion purposes, (art. 6 par. 1 point (f) of Regulation (EU) 2016/679 on Personal Data Protection), while the legal basis for processing data (under A.1.b) is the execution of the contract between us as well as our compliance with the legislation (art. 6 par.1 point (b) and par. 1 point (c) of the aforementioned Regulation).

A.2. Transmission – Transfer of Data

  1. a) Your data (provided to serve the purposes described above under A.1.a & b) are not planned (as not required for the purpose for which they are collected) to be the subject of transfer to any organization other than the Company. As Company – data controller we have taken all required security measures to ensure that access to your personal data is not permitted to anyone other than properly authorized persons for this purpose and only for the processing purposes provided for in this policy. Within the framework of our business activity, service and pursuit of our legitimate interests, we may disclose your data in a lawful and proper manner to external cooperators of the Company, such as legal advisors, accountants, tax professionals, technical advisors, mail service providers, IT service providers etc.

These persons receive only the data that are absolutely necessary for the execution of the work they undertake, process them only upon our explicit instruction and authorization and exclusively for the purposes referred to in this “Privacy and Personal Data Protection Policy”. We ensure that these persons are aware of this policy, as well as that they respect and apply the entire European and national legislation on Personal Data Protection, by signing relevant contractual terms with them.

  1. b) Your data (provided to serve the purposes described under A.1.a & b) apart from the above transmissions under A.2.a) may also be forwarded to public bodies and services, to competent tax authorities and/or insurance funds, to judicial and independent authorities, within the framework of our compliance with the relevant legislation.

A.3. Data Retention Period

The retention period of personal data depends primarily on the purpose of processing, as their mere retention constitutes an act of processing, which is permitted only if it is governed by the principles of processing. After the retention period, personal data is deleted. Specifically:

  1. a) The personal data of employees, twenty years after the employee’s departure, according to the Employee Code.
  2. b) The personal data of those transacting with our company to serve our commercial purposes are retained as a rule for twenty years (indicative period for limitation of any resulting legal claims), a period during which any legal case of processing these may arise, such as for example the case of civil matters or investigation of a criminal offense, case of tax audit etc.
  3. c) We will retain the above data you have provided that have economic, insurance and tax dimensions for as long as the tax and/or insurance legislation requires.
  4. d) All other data (under A.1.b) of yours (for which the legislation does not impose their retention for a specific time) are deleted within five (5) years from the end of the contract or cooperation relationship.
  5. e) After the expiration of the respective (legal) data retention period we will proceed to their deletion under our responsibility, following the relevant provided internal procedure of our Company.

(B) PROSPECTIVE EMPLOYEES

B.1. Purpose of processing – Legal Basis

The purpose of processing your data [personal identification details (name, ID number), home address, contact details (telephone, e-mail address), education and/or professional training and experience details, marital status etc.] is the evaluation of the possibility of your recruitment by our Company while the legal basis for this is your consent under art. 6 par.1 point (a) of Regulation (EU) on Data Protection.

B.2. Data Retention Period

For the fulfillment of the processing purpose concerning the investigation of occupation of a position in our Company we consider a reasonable and necessary retention period of your related data to be twenty-four (24) months. After the expiration of twenty-four (24) months from the time of receipt of your CV the relevant file with all your details will be deleted.

B.3. Notice

It is noted that before processing your Personal Data to evaluate the possibility of your recruitment by our Company you are called to complete and sign the Employee Candidate Consent Form while in the event of recruitment by the Company you can learn more about the processing of your data and the exercise of your legitimate rights in the “Employee Privacy and Personal Data Protection Policy”.

(C) VISITORS AND EMPLOYEES AT THE COMPANY’S FACILITIES

C.1. Purpose of processing – Legal Basis

Within the framework of safeguarding the security of individuals present at the Company’s facilities, as well as protecting and safeguarding the property interests of the Company, a closed-circuit television system (CCTV) operates which records (image) on a continuous basis the movement at the said facilities, collecting data concerning the determination of your identity. The retention of the above data (image of visitors – passersby) takes place for the safeguard of the Company’s legitimate interests, which are identified with the security of individuals and material objects (such as building facilities, technical equipment etc.) located at the Company’s facilities. The closed-circuit television system (CCTV) is installed following the posting of special information signs at the Company’s facilities and notification of all data subjects.

The legal basis for the collection, retention and general processing of the above data is the safeguard of the Company’s legitimate interests, which are identified with the security of individuals and material objects at the Company’s facilities, under article 6 par. 1 point (f) of Regulation (EU) 2016/679.

C.2. Data Retention Period

For the fulfillment of the above processing purpose we consider a reasonable and necessary retention period of your related data to be fifteen (15) days. After the expiration of fifteen (15) days from the time of your entry to the company’s facilities, the relevant file with all your details will be deleted, while in case of legally and/or criminally evaluable incident (e.g. theft, robbery) against the Company’s assets, we retain the images in which the specific incident has been recorded in a separate file for a period of thirty (30) days.

4.0 What happens in case of breach of the above Data?

We will report any unlawful and proven breach of the Company’s database to all directly interested parties as well as to the competent supervisory Authority, (“DPA”), within seventy-two (72) hours of the breach, if it is evident that the data of employees, partners, suppliers that are stored in recognizable form, have been subject to theft.

5.0 Cookies or other similar technologies

Our website uses “cookie” technologies, so that we can distinguish you from other visitors, to record your IP address and the way you use our website. This information is used to help us provide you with better services, improving the design of our website as well as our services. A cookie is a small data file which is placed on your computer’s hard disk when you visit a website and helps us improve our website by calculating which points are of greatest interest to users. You have the ability to disable cookies or other similar technologies at any time through your browser’s options, but if you do so you may not have access to certain features and services that make your experience on our website more efficient and pleasant.

6.0 Warranties

We assure you that our Company will exhaust every technical and organizational measure to protect your Data and will make the best, minimum and absolutely necessary only use and processing of the Data as the law requires and strictly and exclusively for the purpose for which you have provided it to us.