DETRA S. A. (hereinafter referred to as the “Company” for short) paying particular attention to privacy and the protection of your personal data, collects and processes your personal data by applying the General Data Protection Regulation 679/2016 (hereinafter referred to as GDPR) of the European Parliament and of the Council of April 27th 2016 on the protection of natural persons with regard to the processing of personal data and the free movement of personal data, as well as the implementing Regulation N 4624/2019. The Company is also committed to applying European and national legislation on personal data protection.
This policy is provided by the Company in order to define and make known the terms and conditions observed by the Company for the protection of personal data processed by the Company. In particular, it specifies the data subjects (natural persons), the categories of personal data collected, the purpose for which they are collected, the legal basis of the processing, the transfer of personal data to third countries, other recipients or processors and the period of storage and retention of the data.
In addition, the purpose of this policy is to inform data subjects of their rights regarding the processing of their personal data. The Company takes all technical and organizational measures for the security of personal data.
The Company has the right to modify or update this policy without prior notice, if this is required by applicable European or national legislation or deemed necessary as a consequence of our continuous effort to improve the protection of your personal data. It is therefore proposed that a periodic review of this policy is necessary to keep stakeholders informed.
1) “personal data” means any information relating to an identified or identifiable natural person (“data subject”), an identifiable natural person being one whose identity can be directly or indirectly identified.
2) “processing” means any operation or set of operations which is performed, whether or not by automated means, on personal data or on sets of personal data, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or any other form of making available, association or combination, restriction, deletion or destruction.
Collection of personal data
When placing an order, you may be asked to provide certain personal information, such as:
– Information about your identity (full name, nationality, date/place of birth, etc. , VAT number and competent tax office, ID card or passport, occupation),
-Contact details (home address, email address, mobile phone number, etc. ),
Information about the payment method (credit/debit card number, expiry date, cvv, card type, name of the cardholder, etc. )
The Company is committed to ensuring that your information is secure. In order to prevent unauthorized access or disclosure, the Company has established appropriate physical, electronic and managerial procedures to safeguard and secure the information it collects electronically.
The Company expressly declares that these data will not be disclosed to third parties, unless disclosure is provided for by law or is required by a court decision, prosecutor’s order or decision / order of another Public Authority, as well as after written authorization from the data subject himself/herself.
Purpose of collecting personal data
The processing of personal data in accordance with European and National Regulations is carried out for the following purposes:
1. For the performance of the existing contract: In order for the Company to fulfil its contractual obligations (issue of required tax documents and provision of related services, provision of additional services, processing of payments, etc. )
2. In order for the Company to serve its legitimate business interests. For example, to offer similar / related services, to provide better customer service for future orders, to inform customers about programs / offers / discounts and / or other promotional activities of the Company, to send messages / forms in the context of customer satisfaction surveys, etc.
3. In order for the Company to comply with its legal obligation.
4. If the Company has been given explicit consent for the processing of personal data.
Disclosure of personal data
In order to fulfil the Company’s contractual and legal obligations, personal data may be provided to various service providers and suppliers. These service providers and suppliers are bound by data processing agreements and are required to ensure data confidentiality and protection in accordance with the Data Protection Regulation.
The Company provides limited access only to those of its employees who need to have access to this data based on their responsibilities. It shall take all necessary measures to prevent any unauthorised access, use or modification of such data.
Retention time of personal data
Personal data will be processed and stored during the contractual relationship between the Company and the customer and if necessary for the fulfilment of contractual and legal obligations (tax law, labour law, etc. ). If the collection of data was based on explicit consent, it can be deleted at any time after the withdrawal of the consent given.
Personal data and minors
1) The processing of personal data of a minor when providing information society services directly to him or her is lawful if the minor has reached the age of 15 and gives his or her consent.
2) If the minor is under 15 years of age and up to 13 years of age, the processing referred to in paragraph 1 is lawful only after the minor’s legal representative has given his or her consent.
Rights of data subjects
Personal data are kept and processed exclusively for the purposes stated and/or agreed upon and to the extent necessary for their fulfilment. They will be kept for the time strictly necessary to serve the above purposes. As data subjects (natural persons) you have the following rights:
1) Right to Information/Transparency: it is the right to know who is processing your data, what they are and why.
2) Right of access: you have the right to request free access to your personal data held by the Company.
3Right to rectification: you have the right to request the correction of inaccurate personal data and the completion of incomplete data.
4Right to erasure (“right to be forgotten”): you have the right to request the erasure of your personal data under certain conditions, such as when the data is no longer necessary, you have withdrawn your consent, the data has been unlawfully processed and so on.
5) Right to restriction of processing: you have the right to request the restriction of the processing of your personal data where the accuracy of the data is contested, the processing is unlawful, the data is no longer needed by the controller or you object to automated processing.
6) Right to data portability: you have the right to request the transfer of your data to another controller.
7) Right to object: you have the right to object to the processing of your personal data by an organisation, provided that the public interest is not affected.
8) Right to human intervention: you have the right to object when a decision concerning you is based solely on automated processing, including profiling, and that decision produces legitimate effects or adversely affects you.
If you believe that the processing of your personal data violates the applicable European and national legal provisions, you have the right to lodge a complaint with the competent supervisory authority, i. e. the Data Protection Authority.
Policy on COOKIES
- Our website remembers your communication language and preferences
- We ensure that you receive all the information you requested
- We provide you with a secure environment for online transactions
- We measure how many people visit our site and how they use it, so that we can keep it fast and efficient
Management of Cookies and other technologies
If you want to remove or block Cookies from your device at any time, you can update your browser settings (consult your browser’s “help” menu to find out how to remove or block Cookies).
You can find good and simple instructions on how to manage cookies in different types of browsers at www. allaboutcookies. org.
Please note that rejecting Cookies may affect your ability to carry out certain transactions on the website and our ability to recognize your browser from one visit to the next.
If you subscribe to the newsletter offered on our website, the data provided during registration will only be used for sending the newsletter, unless you authorize more extensive use. You can terminate the subscription at any time via the unsubscribe feature provided in the newsletter.
Links to other websites
Our website may contain links to allow you to easily visit other websites of interest.
However, once you use these links to leave our site, you should be aware that we have no control over this other site you are visiting. Therefore, we cannot be responsible for the protection and privacy of the information you provide when visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and review the privacy statement applicable to that site.
Transfers of personal data to third countries
Transfers to third countries or international organizations are governed by the provisions of the GDPR, by the adequacy decisions of the importing country, as well as by binding corporate rules, standard contractual clauses, approved codes of conduct.
If you wish to withdraw your consent, to exercise your rights or if you have any questions regarding the protection of your personal data, you can address your request by contacting Mr. Rallis Kiranis at the following e-mail address: email@example.com.
The person responsible for the processing of personal data is Mr. Rallis Kiranis with contact details customercare@embrace. gr.