We, Takis Foustanos & Co E.E., 30 Davaki Str., 174 55, Alimos, Greece. Protecting your privacy is a high priority for us. We respect your privacy and are committed to protecting your personal data. This privacy notice aims to give you information on how we collect and process your personal data:
(a) through your use of this website, including any data you may provide through this website when you register, log-in, fill out contact form, sign up to our services [purchase a product or service or take part in any promotion or otherwise interact with us via this website;
(b) when you deal or interact or communicate with us through any other channel (via our systems, by email, post, phone, face to face meetings, other electronic communications or otherwise) as a customer, supplier or service provider (actual or potential), or in any other capacity, and also tells you about your privacy rights and how the law protects you. This privacy notice is provided in some layered format so you can click through to the specific areas set out below.
INFORMATION ABOUT THE COLLECTION AND PROCESSING OF YOUR PERSONAL DATA
Care and transparency is the foundation of trustful collaboration with our customers and suppliers. This is why we will inform you about how we process your data and how you can exercise the rights that are due to you pursuant to the EU General Data Protection Regulation (GDPR). What personal data we process and for what purpose depends on the respective contractual relationship.
The controller is:
Company: Takis Foustanos & Co E.E.
Address: 30 Davaki Str., 174 55, Alimos, Greece
represented by Vasilis Foustanos
CONTACT THE DATA PROTECTION OFFICER
You can contact our Data Protection Officer under: Data.Protection[at]foustanos.gr
We process personal data that we receive from our customers, suppliers, or other affected parties in the course of our business relationships. We also process – inasmuch as it is necessary for our business relationships – personal data that we receive from publicly available sources in a permissible manner or that is legitimately disclosed to us by other companies or by other third parties. We also process your personal data for reasons including the fulfillment of legal obligations, to protect a legitimate interest, or on the basis of consent that you have given.
According to the legal basis, this concerns the following categories of personal data:
- First name, last name
- Communication data (telephone number, email address)
- Date of birth
- Master data of the contract, in particular the contract number, term, notice period for termination, type of contract
- Invoice information/sales information
- Information about creditworthiness
- Payment information/contact information
- Account information, in particular the registration and log-ins
- Videos or images
- Applications, resume, certificates and evidences of formal qualifications
In the course of contract initiation, we also use data that has been provided to us by third parties. According to the type of contract, this concerns the following categories of personal data:
- Information about creditworthiness (via credit agencies/credit insurers)
We process personal data that we receive from our customers, suppliers, or applicants in the course of our business relationships.
We also receive personal data from the following sources:
- Credit agencies
- Internet and media
- Publicly available sources: commercial registers or registers of associations, records of debtors, land registers
- Other Group companies
- Job portals
Our websites may contain links to other websites or services that do not belong to us and are not controlled by us. This Data Protection and Privacy Statement only applies to information that is collected from our website.
We process your personal data particularly under observation of the EU General Data Protection Regulation (GDPR), as well as of all other relevant laws.
4.1 ON THE BASIS OF CONSENT THAT YOU HAVE GIVEN (ART. 6 PARA. 1 A GDPR)
If you have given us your free consent to collect, process, or transfer certain personal data, this consent remains the legal basis for the processing of this data.
In the following cases, we process your personal data on the basis of your consent:
- Contact forms: Personal data is recorded by us if you voluntarily share it with us , such as if you contact us. When we ask for entries that are not necessary to contact you on our contact form, we have marked them as optional. This information helps us to add detail to your inquiry and improves our ability to carry out your request. A communication of this information explicitly occurs on a voluntary basis and with your consent. If this concerns information about communication channels (such as email address, telephone number), you also consent to having us contact you using these communication channels to answer your request.
- Sending an email newsletter
- Personalized newsletter tracking
- Market research (e.g. customer satisfaction surveys)
- Marketing and advertisement development using customer profiles
- Publication of a customer reference (name and image)
- Storage of your application data beyond 6 months
4.2 TO PERFORM A CONTRACT (ART. 6 PARA. 1 B GDPR)
We use your personal data to process customer and supplier orders. Within the contractual relationship, we particularly process your data to perform the following activities:
- Contract related contact
- Order management
- Delivery and billing
- Ongoing customer service and supplier relations
- Fulfillment of warranty claims
- Claims management
You can find more detailed information about the purposes for data processing in the respective contractual documents and General Terms and Conditions.
4.3 TO COMPLY WITH LEGAL OBLIGATIONS (ART. 6 PARA. 1 C GDPR) OR IN THE PUBLIC INTEREST (ART. 6 PARA. 1 E GDPR)
As a company, we are subject to various legal obligations. To fulfill these obligations, it may be necessary to process personal data:
- Monitoring and reporting obligations
- Creditworthiness, age, and identity checks
- Prevention of/defense against criminal actions
4.4 ON THE BASIS OF A LEGITIMATE INTEREST (ART. 6 PARA 1 F GDPR)
In certain cases, we process your data to protect a legitimate interest of ourselves or of a third party.
- Consultation of and data exchange with credit agencies
- To determine creditworthiness or default risks
- To ensure IT security and IT operations
- Sending an email newsletter to existing customers
If necessary to fulfill our contractual and legal obligations, your personal data will be disclosed to the following public or internal bodies or external service providers.
External service providers:
- IT service providers (e.g. maintenance providers, hosting providers)
- Service providers for file and data destruction
- Printing service providers
- Payment service providers
- Service providers for marketing or sales
- Credit agencies
- Web hosting service providers
- Certified accountants
We may also be obligated to disclose your personal data to other recipients, such as to the authorities, to fulfill statutory reporting obligations.
- Fiscal authorities
- Customs authorities
- Social insurance agencies
Countries outside of the European Union (and the European Economic Area "EEA") handle the protection of personal data differently than countries in the European Union. To process your data, we also use service providers that are located in third party countries outside of the European Union. At the present time, the EU Commission has not issued a resolution that these third party countries generally offer an appropriate level of protection.
For this reason, we have taken special measures to ensure that your data is processed exactly as securely in these third party countries as it is within the European Union. With service providers in third party countries, we conclude the standard data protection clauses provided by the Commission of the European Union. These clauses stipulate appropriate guarantees for the protection of your data with service providers in third party countries.
We store your data for as long as is necessary for the fulfillment of our statutory and contractual obligations.
If it is no longer necessary to store the data for the fulfillment of contractual or legal obligations, your data will be deleted unless its continued processing is necessary for the following purposes:
- Fulfillment of corporate and tax law retention obligations. This includes retention periods pursuant to the Greek Commercial Code or the Greek Tax Code. The retention periods extend for up to 10 years.
- Retention of evidence in the context of legal statutes of limitations. According to the statutes of limitations of the Greek Civil Code, these periods of limitation may be up to 30 years in some cases, while the standard period of limitation is three years.
- Your application data will be deleted 6 months after the application procedure is concluded. If it is necessary to store it for a longer period, we will ask you for written consent.
- Anonymized user data that is collected by Google Analytics is deleted after 14 months.
Every affected person has the right of access pursuant to Art. 15 GDPR, the right to rectification pursuant to Art. 16 GDPR, the right to erasure pursuant to Art. 17 GDPR, the right to restriction of processing pursuant to Art. 18 GDPR, the right to object pursuant to Art. 21 GDPR, and the right to data portability pursuant to Art. 20 GDPR.
8.1 RIGHT TO OBJECT
You can object to the use of your data for advertising purposes at any time, and no costs may arise beyond the communication costs according to base rates. In particular, you can unsubscribe from the email newsletter by clicking the provided link at the end of the newsletter.
What rights do you have in cases when data is processed on the basis of a legitimate or public interest?
Pursuant to Art. 21 para. 1 GDPR, you have the right, for reasons resulting from your specific situation, to make an objection to the processing of your personal data that occurs on the basis of Art. 6 para. 1 e GDPR (Data processing in the public interest) or on the basis of Art. 6 para. 1 f GDPR (Data processing to protect a legitimate interest), which also applies to profiling based on one of these regulations.
In the event that you object, we will no longer process your personal data unless we can prove necessary legitimate reasons for processing that outweigh your interests, rights, and freedoms, or if processing serves the assertion, exercise, or defense of legal claims.
What rights do you have in cases of data processing to operate direct marketing?
Inasmuch as we process your personal data to operate direct marketing, you have the right pursuant to Art. 21 para. 2 GDPR to make an objection to the processing of your personal data for purposes of direct mail advertising at any time; this also applies to profiling in connection with such direct marketing.
In the event that you object to processing for purposes of direct marketing, we will no longer process your data for these purposes.
8.2 WITHDRAWING CONSENT
You may withdraw your consent to the processing of your personal data at any time. Please note that this withdrawal only affects the future. In particular, you can unsubscribe from the email newsletter by clicking the provided link at the end of the newsletter.
You can prevent the collection of data that relates to the use of the website (incl. your IP address) by Google Analytics and the processing of this data by Google by downloading and installing the browser plugin available under the following link: https://tools.google.com/dlpage/gaoptout
8.3 RIGHT TO ACCESS
You can request confirmation as to whether we have stored personal data about you. If you request it, we will tell you for what data this is the case, for what purposes the data was processed, to whom the data was disclosed, for how long the data will be saved, and what rights you have in connection with this data.
8.4 OTHER RIGHTS
You also have the right to rectification of incorrect data or deletion of your data if one of the prerequisites pursuant to Art. 17 para. 1 GDPR is present. If there is no reason for data to continue to be stored, we will delete your data; otherwise, we will restrict processing. You can also request that we provide all personal data that you have provided to us to yourself or to a person or company of your choice in a structured, comman, and machine readable format.
You also have a right to complain to the responsible data protection authorities (Art. 77 GDPR).
8.5 ASSERTING YOUR RIGHTS
To assert your rights, you can contact the controller or the Data Protection Officer under the indicated contact information, particularly at: Data.Protection[at]foustanos.gr We will process your inquiries immediately and in accordance with the statutory provisions and will tell you what measures we have taken.
To enter into a business relationship, you must give us some of your personal data that is necessary for the performance of the contractual relationship or that we must collect due to legal regulations. If you do not provide this data to us, it is not possible for us to perform and process the contractual relationship.
If the purpose or type and manner of processing your personal data changes significantly, we will update this information promptly and promptly inform you of the changes.