Loading...
 Start Page
Find us &

Personal Data Protection Policy (G.D.P.R.)

Our Company attributes specific emphasis to the protection of privacy and personal data. The security of your personal data is especially significant to us. We have accordingly drafted these Personal Data Protection Policy so you are fully aware about:

Who we are?

The Public Limited Company with the corporate name of Eftychios Spetseris S.A., which is based at 2 Agias Lavras Street in Patras, acts as the Data Controller in accordance with the definition under the General Data Protection Regulations, by defining the purpose and manner for processing your personal data.

All of the necessary information for processing your personal data is mentioned in these Personal Data Protection Policy (in compliance with the EU General Data Protection Regulations 2016/679 and the applicable national legislation).

How you can contact us about personal data issues?

For any questions or queries regarding the processing of personal data, as well as for exercising your rights listed herein below, please contact the Contact Persons on Personal Data matters on the telephone no: 2610-990734 Ms Sophia Kaimaka (extension # 200), Ms Barbara Poulakida (extension # 150) or at the Email: quality@e-spetseris.gr

 

     Which personal data we collect?

Eftychios Spetseris S.A., in its capacity as the Data Controller, processes the following data that is collected by the data subject or by third parties:

  1. Employee data (Given Name & Surname, father’s name, mother’s name, ID Card, TIN, Tax Office, IKA Registration Number, Social Security Number, address, telephone number, Email, ethnic origin, bank account number, educational level, years of service, family status, number of children, driving license only for employees with car allowances or related work objective, health certificate issued pursuant to a legal obligation for workers that handle food);
  2. Customer data (Corporate name, TIN, Tax Office, address, telephone number, Email, credit capacity information only for customers provided with credit, certificate or license to practice a profession only for customers whose objective is “nail care”, bank account number); and
  3. Supplier data (Corporate name, TIN, Tax Office, address, telephone number, bank account number, Email)

Eftychios Spetseris S.A. does not process personal data revealing racial or ethnic origin, political beliefs, religious or philosophical beliefs or membership of a trade union organisation, genetic data, biometric data, data relating to the sexual life of a natural person or sexual orientation, and data concerning health.

The only case for processing the hereinabove data and specifically data pertaining to ethnic origin, sexual orientation and health data is the implementation of labour law, social security and social protection law.

     How we process your personal data?

We take into account all the principles in accordance with the General Data Protection Regulations for all the processes that take place, as these are presented in detail below:

  • Legitimacy, objectivity and transparency: The processing is lawful where: (1) the data subject has consented to the processing of personal data for one or more purposes; (2) processing is necessary for the performance of the contract; (3) the processing is necessary for the data controller’s compliance with a legal obligation; (4) the processing is necessary for safeguarding the vital interest; (5) the processing is necessary for safeguarding the public interest; and (6) the processing is necessary for the purposes of the legitimate interests pursued by the data controller.
  • The personal data is collected for specified, explicit and legitimate purposes and is not subject to further processing. The main purposes of the processing are the contract’s performance with both human resources and customers.
  • Minimising the data: The personal data that we process is appropriate, relevant and limited to the extent that it is necessary in relation to the purposes for which it is subjected to processing
  • Accuracy: The personal data is accurate and updated, where necessary. We simultaneously take all reasonable steps to immediately delete or correct personal data that is inaccurate.
  • Restriction on the storage period: The personal data shall be retained in a format that permits the identification of the data subjects only for the time required for the purposes of processing the personal data. It is noted that there is personal data that is stored for longer than the processing period for archival purposes in the public interest. In that case, we implement the appropriate organisational and technical measures.
  • Integrity and Confidentiality: The processing is performed in such a manner so as to achieve the security of personal data. Details of the measures are presented below. It is however noted that there is provision for authorised access, monitoring the access to the personal data, proper destruction, and other technical measures.

     Purpose and legal basis for processing personal data

We lawfully process the personal data of our employees upon a legal basis for processing the performance of the contract and our compliance with legal obligations arising from the labour and tax legislation in Greece.

We lawfully process the personal data of our customers upon a legal basis for processing the performance of the contract, our compliance with legal obligations arising under the tax laws in Greece, our legitimate interests in case of sales upon credit and consent in cases of promotional activities.

     Categories of personal data recipients

The personal data is securely maintained and shall not be transmitted to third parties except within the context of: (a) the Company’s legitimate activities; and (b) compliance with a legal obligation.

More specifically, personal data is transmitted in the following cases to the following categories of recipients:

  1. In relation to the employees, private insurance may be provided and consequently their data has insurance companies as an additional recipient, further to their consent.
  2. According to the products purchased the Company-supplier (the parent company producer and / or representative with rights in the brands) may request sales data with specific identification data. The following may more specifically be transmitted, further to your consent: corporate name, TIN, Tax Office, address, telephone number, Fax, Email, sales turnover, quantities, values and discounts. The transmission of this data shall occur for the purpose of implementing the discount policy and benefits policy.
  3. In relation to the employees, private insurance may be provided and consequently their data has insurance companies as an additional recipient, further to their consent.
  4. In relation to the employees, a motor vehicle may be provided and consequently their data has a leasing company as an additional recipient, further to their consent.

The personal data is securely maintained and shall not be transmitted to third parties except within the context of: (a) the Company’s legitimate activities; (b) compliance with a legal obligation; and (c) following your consent after you have been fully briefed.

     Retention period

The retention period for your personal data is determined by the existence of relevant cooperation agreements and sales data. Your data shall not be retained longer than it is required to perform the contractual obligation, except to satisfy labour and tax law, or even in the case of express consent for an additional processing purpose.

In the case of prospective employees, the CVs shall only be received electronically at a specific e-mail address: hr@e-spetseris.gr, and are maintained for two years and then destroyed. This period of time is considered reasonable, since it meets the needs for finding human resources. Access relates to appropriately authorised staff.

Cash Customers
Subject Category Personal Data Source of Origin Processing Legal Basis
Employees Given Name & Surname, father’s name, mother’s name, ID Card, TIN, Tax Office, IKA Registration Number, Social Security Number, address, telephone number, Email, ethnic origin, account number, educational level, years of service, family status, number of children, driving license only for employees with car allowances or related work objective, health certificate issued pursuant to a legal obligation for workers that handle food By the subject itself Recruitment, Salary, Dismissal, Benefits Performance of the contract Legal obligation of the Processing Officer
Cash Customers Corporate name, TIN, Tax Office, address, telephone number, Email, bank account By the subject itself Sales of products further to an order Performance of the contract Legal obligation of the Processing Officer Legitimate interest of the Processing Officer
Customers on credit All of the hereinabove plus credit rating, bank account By the subject itself and by third parties (ICAP) Sales of products further to an order Performance of the contract Legal obligation of the Processing Officer Legitimate interest of the Processing Officer
Customers in the finger care sector All of the hereinabove plus certificate or license to practice a profession By the subject itself Sales of products further to an order Performance of the contract Legal obligation of the Processing Officer Legitimate interest of the Processing Officer
Customers Corporate name, TIN, Tax Office, address, telephone number, Fax, Email, sales turnover, quantities, values, discounts, product type   By us   Transmission of statistical data to companies – suppliers we represent –
Legal obligation of the Processing Officer on a contractual basis
Suppliers Corporate name, TIN, Tax Office, address, telephone number, Email, bank account By the subject itself Purchase of products further to an order Performance of the contract Legal obligation of the Processing Officer Legitimate interest of the Processing Officer

    What are your rights?

We respect all of your rights resulting from the processing of your personal data. Your rights in accordance with the provisions of General Data Protection Regulation (EU) 2016/679 are:

  • Right of access (Article 15): you can access your personal data at any time to confirm the categories of data we hold, the purposes of the processing, the legal processing, any transmission to third parties, the period of time for which it is stored or the criteria that determine this time period, your rights, the source of origin of the personal data where it has not been collected by you;
  • Right to Rectification (Article 16): you can contact Eutuxios Spetseris S.A. at any given time and rectify / update your personal data. We shall regularly update your information so that it is accurate;
  • Right to Erasure (Article 17): at any given time you can decide to erase your personal data. We shall erase the data we hold, where it is no longer necessary in relation to the purposes for which it was collected, there is no other legal basis for processing because of the revocation of the consent and where you no longer desire processing. It is noted that the personal data shall be retained for substantiating, exercising or supporting our legal claims and for archival purposes in the public interest or even a legal obligation that imposed by the tax and labour law;
  • Right to restriction of processing (Article 18). You have the right to request that we restrict the processing. In that case, this personal data, in addition to the storage, shall only be processed by us with your consent;
  • Right to revoke the consent in the cases where the processing of your personal data has consent as a legal basis;
  • Right to the portability of your data (Article 20): You have the right at any given time to request that we transfer your personal data in a readable form to another Processing Officer, where the processing is based upon consent or it is conducted by automated means;
  • Right to object (Article 21): you may at any given time object to the processing of your personal data, where the legal basis for processing is our legitimate interest or the public interest;
  • Right of complaint to the country’s supervising authority. You shall have the right of complaint to the supervising authority where we are unable to satisfy your request within the period of time specified by the General Data Protection Regulation. The supervising authority in Greece is the Hellenic Data Protection Authority, www.dpa.gr

During the exercise of your rights, we shall announce every rectification, erasure or restriction to the processing to every recipient to which the personal data has been notified, where it is proven to be feasible. You shall simultaneously be informed, should you desire, about these recipients (Article 19).

    Methods of exercising the rights

In relation to all your rights, we observe the requirements of the General Data Protection Regulation, as these are described in Article 12.

You may complete the attached form and send it

via Email to quality@e-spetseris.gr

or via fax to 2610-994519

or deliver it to our offices at the address: 2 Agias Lavras & Patras – Corinth Old National Road, 26504 Aktaion Patras..

You have the right of verbally exercising your rights, upon the condition that your identity is proven by other means. In relation to the security of your data, we may request certain information for the purpose of your identification.

    Cost and response period

We shall immediately and freely process your request and satisfy your right within one month. In exceptional circumstances, our response period may be extended for a further two months, by taking into account the complexity of the request and the number of requests. In that case, we shall inform you about this extension and the reasons for the delay within one month from the receipt of the request.

All of the information shall be freely provided. Manifestly unfounded or excessive requests are excluded, especially due to their repetitive nature. In that case, in accordance with paragraph 5 under Article 12 in the General Data Protection Regulation, we may impose the payment of a reasonable charge or refuse to further process the request.

Where we do not satisfy your request, we shall inform you without delay and at the latest within one month from the receipt of the request about the reasons why we did not proceed with the relevant action, the capacity to lodge a complaint with the Hellenic Data Protection Authority and the capacity for instituting judicial recourse.

     Closed circuit TV

Eftychios Spetseris S.A. has installed closed circuit TV (CCTV) for the purpose of protecting persons and property from damage and illegal actions.

The circuit operates in accordance with the applicable legislation and guidelines of the Hellenic Data Protection Authority. The cameras are located inside and outside the building facilities and focus on the entrances (doors), safes and server room. They do not record images from surrounding public space.

There are information signs prior to entering the surveillance areas.

The monitors are located in a guarded area and only authorised officers and the General Manager have access.

The cameras do not record sound.

The retention period of the recorded material is 7-8 days and it is then destroyed.

    Security of personal data

We ensure the security of the processing by adopting suitable technical and organisational measures, always according to the latest technological developments in order to protect your data from any whatsoever unauthorised access, misuse, alteration, unauthorised disclosure, disclosure, loss or accidental / unlawful destruction and any other form of illicit processing. We more specifically implement cryptography and while ensuring the confidentiality, integrity, availability and reliability of the processing systems. Additionally, it is possible to restore the availability of and access to personal data in a timely manner, in the event of a natural or technical event. We have adopted a process for assessing and evaluating the effectiveness of the technical and organisational manner to ensure all of the above.

 

General commitments

Every category of personal data shall be maintained for as long as it is necessary for the processing purpose.

The members of the Management, all of the employees and our external associates are bound by confidentiality obligations regarding personal data that they become aware of during the performance of their duties. They have all the obligations that are provided under the G.D.P.R.

Updating this Policy

We reserve the right to update this policy in the event where the personal data that we are processing is altered or the processes that occur are enriched or any whatsoever change is noted, which shall be evaluated as significant for the Protection of personal data. The update shall be posted on our web site and you will be notified by all possible means.

Date of Updating this protection policy: 25/5/2018

Find us

Headquarters:
2 Agias Lavras & Patras - Athens Old National Road, 35 Aktaion 26504 Rio Achaia

Branch (cold store):
29 Patras - Athens Old National Road & Voriou Ipirou Aktaion 26504 Rio Achaia

Zakynthos Warehouse:
Airport Region, Agioi Anargyroi location, 29092 Kalamaki Zakynthos

Spetseris Boutique de Beauté:
Patreos 29, 26221 Patra

Contact us

Telephone switchboard: 2610 990 734, 2610 910 927
Fax: 2610 994 519
Spetseris Boutique de Beauté: 2610 241 241

Email: info@e-spetseris.gr
Email (for a CV): hr@e-spetseris.gr

Follow us    

Login / Sitemap

© Copyright 2011 - 2024 Eftychios Spetseris S.A. - Representative Commercial and Industrial Enterprises, Patras