Personal Data Protection Policy
The company under the name «KAINOTOMIA & SIA EE» based at 111 Socratous Street in Larissa, with TIN 800527186, in the context of its compliance with Regulation 2016/679 of the European Parliament and of the Council, “for the protection of personal data of natural persons ” , informs, in its capacity as controller, the natural person who signs this document, that the company or third parties, on its behalf, will collect, keep and process the following data with confidentiality and respect for his/her privacy, taking technical and organizational measures for their further protection.
In particular, the following will be processed:
- The personal data contained in the invoice for the purchase and sale of goods and services, the personal data contained in the offer form, as well as those that the company has already legally collected or will collect from publicly accessible sources and/or records, as well as those that will result from the operation of the purchase and sale contract. These data are directly related to the purchase and sale relationship and are necessary for the fulfilment of obligations arising from the aforementioned relationship, imposed by law and in particular by the administrative and tax authorities.
- The contact email address, for sending personalized offers, newsletters on new training programs, promotional activities.
Recipients of the above data may be:
- Administrative, Insurance and Tax Authorities.
- Providers of maintenance services for IT applications, subject to the condition of confidentiality in each case. These providers also take, themselves, measures to protect personal data, and process your data only in the context of our explicit and written instructions.
- Entities to which the company entrusts the performance of specific actions on its behalf or are the recipients of its commercial purposes and actions. These providers also take, themselves, measures to protect personal data, and process your data only in the context of our explicit and written instructions.
Ι. TIME OF OBLIGATION
The above data will be kept for as long as required by Greek and European Legislation and the service contract, in printed or electronic form and for as many years as required after its expiry, until the expiry of the limitation period of the right of the Greek State to carry out regular inspections and impose fines on relevant infringements.
(According to the IAS (Law 4308/2014, effective from 1/1/15), “All accounting records kept by the entity, … are preserved for the longer period of: a) Five (5) years from the end of the period. b) The time specified by other legislation N. 3299/2004” (article 7, paragraph 1)).
In particular, in the case of a tender submission that does not ultimately result in the award of a contract, the data will be kept for a period not exceeding 50 days.
In the event of any legal proceedings of any kind relating directly or indirectly to the signatory herein, the above mentioned data retention period will be suspended for the entire duration of such proceedings and until the issuance of an irrevocable court decision.
II.EXERCISE OF RIGHTS
The customer/supplier has the right to know which personal data concerning him/her are or have been processed (right of access), to object at any time and to oppose the processing of data concerning him/her (right of opposition), to request the rectification or erasure of his/her data (right to be forgotten), provided that this does not harm the company in accordance with the above, as well as to transmit his/her data to another data controller, without objection from the company or to request the transfer of his/her data to another data controller without the company’s consent (portability right).
To exercise the above rights, the customer/supplier may contact the company in writing (e-mail: email@example.com)
In case of exercise of one of the above mentioned rights, the company will take all possible measures to satisfy the request within 15 days from its submission and identification, informing the applicant in writing about the satisfaction of his/her request, or the reasons that prevent the exercise of the relevant right, or the satisfaction of one or more of the above mentioned rights in accordance with the General Data Protection Regulation.
The company has the right to refuse the request for the deletion of the customer/supplier’s data if the retention of the data is necessary for the establishment, exercise or support of its legal rights deriving in principle from compliance with tax and insurance legislation.
If the customer/supplier believes that any of his/her rights regarding the protection of Personal Data are violated, he/she may submit a complaint to the competent supervisory authority (Data Protection Authority (DPA).
III. LIABILITIES OF THE COMPANY
The company is obliged, in accordance with the applicable legal framework, to take all reasonable measures to ensure the confidentiality and security of the processing of data and their protection from accidental or unlawful destruction, accidental loss, alteration, unauthorized dissemination or access and any other form of unlawful processing
Having been informed and fully understood the above, I accept and provide the company with my unconditional consent for all the purposes mentioned above and for the processing of my personal data noted below:
- collection, processing and transmission of my personal data for the purposes of submitting an offer and/or concluding a contract.
- the collection, processing and transmission of my personal data for the purposes of compliance with tax and administrative legislation.
- the transmission of my personal data to entities to which the company entrusts the execution of specific actions on its behalf or which are the recipients of its commercial purposes and actions (buyers, partners, etc.).
- the transmission of my personal data to providers of IT application maintenance services, subject to the condition of confidentiality in each case.
- sending personalized offers for products of the company, or informing me about any new products and offers, promotions, participation in exhibitions, etc.
Each of the above consents is valid towards the company, for as long as the contract lasts and for as long as required by law after its expiration.
Revocation of any of the above consents can be done by a declaration statement to the company and is valid for the future, and provided that such revocation does not entail a breach of the company’s obligations under insurance and tax legislation.