Privacy Policy

The controller is:

Company: Takis Foustanos & Co E.E.

Address: 30 Davaki Str., 174 55, Alimos, Greece

represented by Vasilis Foustanos

CONTACT THE DATA PROTECTION OFFICER

You can contact our Data Protection Officer under: Data.Protection[at]foustanos.gr

We process personal data that we receive from our customers, suppliers, or other affected parties in the course of our business relationships. We also process – inasmuch as it is necessary for our business relationships – personal data that we receive from publicly available sources in a permissible manner or that is legitimately disclosed to us by other companies or by other third parties. We also process your personal data for reasons including the fulfillment of legal obligations, to protect a legitimate interest, or on the basis of consent that you have given.

According to the legal basis, this concerns the following categories of personal data:

• First name, last name
• Address
• Communication data (telephone number, email address)
• Date of birth
• Citizenship
• Master data of the contract, in particular the contract number, term, notice period for termination, type of contract
• Invoice information/sales information
• Information about creditworthiness
• Payment information/contact information
• Account information, in particular the registration and log-ins
• Videos or images
• Applications, resume, certificates and evidences of formal qualifications

In the course of contract initiation, we also use data that has been provided to us by third parties. According to the type of contract, this concerns the following categories of personal data:

• Information about creditworthiness (via credit agencies/credit insurers)

We process personal data that we receive from our customers, suppliers, or applicants in the course of our business relationships.

We also receive personal data from the following sources:

• Credit agencies
• Internet and media
• Publicly available sources: commercial registers or registers of associations, records of debtors, land registers
• Other Group companies
• Job portals

Our websites may contain links to other websites or services that do not belong to us and are not controlled by us. This Data Protection and Privacy Statement only applies to information that is collected from our website.

We process your personal data particularly under observation of the EU General Data Protection Regulation (GDPR), as well as of all other relevant laws.

4.1 ON THE BASIS OF CONSENT THAT YOU HAVE GIVEN (ART. 6 PARA. 1 A GDPR)

If you have given us your free consent to collect, process, or transfer certain personal data, this consent remains the legal basis for the processing of this data.

In the following cases, we process your personal data on the basis of your consent:

• Contact forms: Personal data is recorded by us if you voluntarily share it with us , such as if you contact us. When we ask for entries that are not necessary to contact you on our contact form, we have marked them as optional. This information helps us to add detail to your inquiry and improves our ability to carry out your request. A communication of this information explicitly occurs on a voluntary basis and with your consent. If this concerns information about communication channels (such as email address, telephone number), you also consent to having us contact you using these communication channels to answer your request.
• Sending an email newsletter
• Personalized newsletter tracking
• Market research (e.g. customer satisfaction surveys)
• Marketing and advertisement development using customer profiles
• Publication of a customer reference (name and image)
• Storage of your application data beyond 6 months
• Use of cookies to measure reach (Google Analytics)

4.2 TO PERFORM A CONTRACT (ART. 6 PARA. 1 B GDPR)

We use your personal data to process customer and supplier orders. Within the contractual relationship, we particularly process your data to perform the following activities:

• Contract related contact
• Order management
• Purchasing
• Delivery and billing
• Ongoing customer service and supplier relations
• Fulfillment of warranty claims 
• Claims management

You can find more detailed information about the purposes for data processing in the respective contractual documents and General Terms and Conditions.

4.3 TO COMPLY WITH LEGAL OBLIGATIONS (ART. 6 PARA. 1 C GDPR) OR IN THE PUBLIC INTEREST (ART. 6 PARA. 1 E GDPR)

As a company, we are subject to various legal obligations. To fulfill these obligations, it may be necessary to process personal data:

• Monitoring and reporting obligations
• Creditworthiness, age, and identity checks
• Prevention of/defense against criminal actions

4.4 ON THE BASIS OF A LEGITIMATE INTEREST (ART. 6 PARA 1 F GDPR)

In certain cases, we process your data to protect a legitimate interest of ourselves or of a third party.

• Consultation of and data exchange with credit agencies
• To determine creditworthiness or default risks
• To ensure IT security and IT operations
• Sending an email newsletter to existing customers
• The use of cookies that are necessary to provide our services on our homepage.

Countries outside of the European Union (and the European Economic Area "EEA") handle the protection of personal data differently than countries in the European Union. To process your data, we also use service providers that are located in third party countries outside of the European Union. At the present time, the EU Commission has not issued a resolution that these third party countries generally offer an appropriate level of protection.

For this reason, we have taken special measures to ensure that your data is processed exactly as securely in these third party countries as it is within the European Union. With service providers in third party countries, we conclude the standard data protection clauses provided by the Commission of the European Union. These clauses stipulate appropriate guarantees for the protection of your data with service providers in third party countries.

We store your data for as long as is necessary for the fulfillment of our statutory and contractual obligations.

If it is no longer necessary to store the data for the fulfillment of contractual or legal obligations, your data will be deleted unless its continued processing is necessary for the following purposes:

• Fulfillment of corporate and tax law retention obligations. This includes retention periods pursuant to the Greek Commercial Code  or the Greek Tax Code. The retention periods extend for up to 10 years.
• Retention of evidence in the context of legal statutes of limitations. According to the statutes of limitations of the Greek Civil Code, these periods of limitation may be up to 30 years in some cases, while the standard period of limitation is three years.
• Your application data will be deleted 6 months after the application procedure is concluded. If it is necessary to store it for a longer period, we will ask you for written consent.
• Anonymized user data that is collected by Google Analytics is deleted after 14 months.

To enter into a business relationship, you must give us some of your personal data that is necessary for the performance of the contractual relationship or that we must collect due to legal regulations. If you do not provide this data to us, it is not possible for us to perform and process the contractual relationship.

If the purpose or type and manner of processing your personal data changes significantly, we will update this information promptly and promptly inform you of the changes.