BARBA STATHIS Group S.A. Personal Data Protection Policy
The Company is committed to respecting and safeguarding personal data.
This Personal Data Protection Policy outlines the personal data the Company collects from natural persons, how we use and protect your personal data and the choices you have about how we use that data. Its purpose is to brief you about the Company’s policy relating to your personal data provided to us, to tell you about the purposes for which it is processed by us, the categories of recipients, and the procedures you can follow to exercise your lawful rights.
Personal Data: Every piece of information related to an identified or identifiable natural person whose identity can be verified directly or indirectly.
Processing: Any act or set of operations carried out with or without the use of automated means in personal data or in sets of personal data such as collection, registration, organization, structure, storage, adjustment or alteration, recovery, search for information, use, disclosure through the transfer of data, dissemination or any other form of disposal, association or combination, limitation, erasure or destruction.
Data subject: The identified or identifiable natural person referred to in the Personal Data and/or the Sensitive Personal Data
Controller: For the purposes of this policy, the Controller is taken to be the Companies of the Group which separately or jointly set out the purposes and means of processing of Personal Data.
Processor: The natural or legal person, public authority, service or other body, which processes the Personal Details on his account.
Special categories of Personal Data (‘Sensitive Personal Data’): Data of a personal nature which reveal the racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, and the processing of genetic data, biometric data, data concerning the health and sex life or sexual orientation of the natural person.
Consent: Any freely-given, specific, informed and unambiguous indication of the data-subject’s wishes, by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of Personal Data relating to him or her.
Personal Data Retention: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.
- What personal data do we collect from you?
When you visit our Website and the Company's accounts on social media networks, and in each contact with us, by telephone or electronically, the Company collects personal data in the following cases:
1.1 When you register to receive the newsletter or other promotional materials: You provide us with your email address, name and surname, thereby allowing us to personal, direct, non-transactional communication with you.
1.2 When you take part in competitions/contests and fill out questionnaires and surveys; when you fill out forms on questionnaires, surveys or participate in competitions/contests, you provide us with personal data such as: your name, address, email address and phone number.
1.3. When you contact us by email, phone or mail, for example, when you come into contact with our Customer Service Department, we will ask you to provide personal data: name, address, email address, etc. In addition, any calls to our switchboard may be recorded. You are not obliged in any way to provide the above personal data. However, not providing data marked mandatory will prevent you from visiting and navigating the website. Not providing other non-mandatory personal data will not affect how we provide services to you in any way, contact with you or your browsing the Website
1.4 The Company collects billing details of natural persons who provide products or some service to it, such as their home/work address, Tax Identity Number and Tax Office, for purposes of certification of the fee owed on the part of the Company, as well as for Company compliance with its tax obligations.
1.5 When your personal data are legally forwarded to us by other companies in the Group, or by commercial partners.
1.6 Through social networks, provided that you have granted the right to access your data to one or more social networks, such as Facebook.
1.7 When you visit our facilities
1.8 When submitting your CV either electronically, by email or by post
- Who else will receive your personal data?
Your personal data are not processed by third parties, except those we collaborate with and when necessary for browsing our Website and/or our communication, but always following your consent and under conditions that fully ensure that your personal data are not processed illegally in any way, namely for a purpose other than the one you sent it for in accordance with the above. As part of our operations, we use third parties to provide services on our behalf. By way of example, such access may be acquired by external partners of the Company, who provide us with consulting services in general, computer services, website services, particularly in the framework of a campaign through social media networks and/or advertising, provided that you have given your consent. Note that those categories of recipients of your personal data are data processors who process data on our behalf and therefore they do not process your data for purposes other than the ones the data was sent for. In all events, our Company will not make the personal data of visitors to/users of its website available for sale or otherwise transmit or disclose it to third parties, apart from the ones referred to above, without the consent of visitors/users, with the exception of cases in which we have a relevant legal obligation or when we are required to provide these data to the competent authorities only.
In all events, access to your personal data by unauthorised persons, including our employees, is prohibited.
- Why do we use (process) your personal data?
3.1 The Company collects, keeps and processes only the minimum, personal data absolutely necessary to achieve the purpose of processing.
We use your personal data for the following purposes:
3.2 For your full access to the services offered through our website (contact form/newsletters).
3.3 Provided you have already given your explicit consent, which can be withdrawn at any time, for direct marketing and/or promotional measures, such as participation in competitions/contests or emails sent to you periodically if you have subscribed to our newsletter. Every newsletter allows you to indicate that you no longer wish to receive other newsletters from us by clicking unsubscribe and either sending an email to email@example.com or by changing your account settings.
3.4 In cases where processing of your personal data is necessary for our legitimate interests or for the purpose of compliance with national and European legislation.
3.5 To keep in contact with you and to manage in general our transactional relations.
For example, communicating with you by phone or email or by other means, so as to keep you updated or to request further information about your request.
3.6 To protect our legal rights before the courts or other authorities.
3.7 To comply with our legal obligations. The Company makes every effort to minimise the risk to your rights and freedoms by not collecting personal data beyond that necessary to fulfil the aforementioned purposes. Your data are not subjected to further processing in a manner incompatible with the current purpose of processing.
3.8 For configuring your profile. Once you have given your explicit consent by completing and signing the declaration of consent or lifting of consent for processing personal data, we store and generally process the information you have provided as well as the information related to our products and proceed to process it. We do this so we can keep informed about your experience and thus configure your profile based on your interests and preferences, allowing us thus to recommend personalised products through contacting you with a relevant advertisement adapted and suited to your needs and preferences, which we have matched with your profile.
3.9Preventing and dealing with fraud We process your data in order to prevent and manage any likely cases of fraud. Furthermore, we may receive information related to criminal offences provided it is necessary to protect our legal interests, i.e. to protect our assets, employees/partners and facilities.
- Legal basis for the processing of your personal data
The conclusion and performance of a written or otherwise drafted contract between us.
The consent you have given us in the above cases under the specific conditions set out in law.
Our compliance with national and European legislation.
The protection of our legal rights before the courts or other authorities.
The safeguarding and protection of our and your legal interests.
The manifest disclosure of the subject of the data
- How long do we retain your personal data?
5.1 Personal data submitted for processing for the purposes below shall be kept by the Company for a time judged to be absolutely necessary to fulfil those purposes and in compliance with legal provisions.
5.2 For direct marketing / promotional purposes, we retain your personal data for 2 years, during which time you retain all your rights under the applicable personal data protection laws which are set out in section 8 of this Policy. If you have not reconfirmed your consent at the end of the above data retention period, the data are deleted.
5.3 Our Company may continue to store your personal data for a longer period if that is necessary to safeguard its legitimate interests in relation to potential liability associated with browsing the Website.
- On our Website ‘share’ buttons have been installed, which allow you to share contents with your friends through social networks and also ‘social plugins’, such as Facebook, Pinterest, YouTube and Instagram. We integrate these as shown below:
When you visit our Website, the social plugins are deactivated, that is to say, data are not forwarded to users of these sites. If you want to use some of these sites, click on the corresponding social plugin and get directly linked up with the browser of that site.
If you have a user account with a social site and you have logged in there when activating the social plugin, the site can register your visit to our website through your user account. If you want to avoid this, you can log off the site before activating the social plugin.
Once you have activated a social plugin, the social network transfers the available contents directly to your browser programme, which integrates it into our Website. In this case, data also coming from and controlled by a corresponding social network can be transferred. While you are connected with a social networking site, the transfer of data between the site and your system as well as your interactions on the platform in question are exclusively governed by the data protection terms of that social networking site. The social plugin will remain active until you deactivate it or delete the cookies files from your device (see term 10 below).
When you click on a social plugin link, the personal data are likely to be redirected to providers who are located in countries outside the European Economic Area, which do not ensure EU standards in terms of the corresponding ‘appropriate level of protection’ for the processing of personal data. Please take the above into serious consideration before clicking on a link or activating a social plugin and starting your data transfer through that.
- Safeguards we take to protect your data
When you provide us with personal data we take measures to ensure that the data is held and managed safely. To protect your personal data we take adequate physical, technical and organisational protection measures. We update and check the security technology we use on a continuous basis. We limit access to your personal data to those employees who need to know about the data so they can provide you with the services you want. In addition, we train all employees about the importance of confidentiality and keeping your personal data secret and secure. Among other things, we have put in place the following technical and organisational measures and procedures to protect your personal data from any loss, corruption, illegal processing or alteration:
- access to your personal data is limited only to a number of individuals authorised for specific purposes in the IT systems used to process data, and access is only granted to persons authorised for these purposes.
- access to those IT systems is monitored to identify and immediately prevent unauthorised access.
- IT systems and programs are used for the computers we have installed so as to minimise the use of personal data and/or data that could identify a user’s identity.
- specific personal data retention and safe deletion/destruction procedures have been adopted.
- periodic checks are carried out (every 2 years) and inactive accounts are deactivated.
Our Website may contain links to other websites. This personal data protection declaration is valid only for the Company. Therefore, each time you follow a link from this Website to another one, even a website from the BARBA STATHIS Group, we recommend that you read carefully the personal data protection declarations of the site. If you choose to connect with any third-party website via special links (links, hyperlinks, banners) which may be on the site, the Company and any other member of the Group shall bear no liability for the terms of personal data protection applied by the third party in question.
- Your rights
You can exercise the following rights under the conditions and specific provisions set out in national legislation (Law 4624/2019 and Law 3471/2002) and Regulation (EU) No 2016/67:
8.1.1 Right of access to your personal data which we process and to information relating to the processing thereof.
8.1.2 Right to correct personal data, namely the right to correct any inaccurate data.
8.1.3 Right to object to the processing of your personal data when there is a legitimate interest, including your right to object to the automated processing of your data and the processing thereof for commercial marketing purposes.
8.1.4 The right to limit the processing of your personal data, which means you can ask for processing to be suspended if you contest the accuracy of the data, you have objections to it being processed or there is another ground specified in the relevant Greek or European protection of personal data legislation.
8.1.5 The right to obtain your personal data, which you provided to us with consent, so that it can be used elsewhere.
8.1.6 The right of deletion of your personal data without undue delay at your request under the conditions laid down in the relevant Greek and European protection of personal data legislation.
8.1.7 The right to withdraw consent. In cases where we process your personal data based on your consent, you also have the right at any time to withdraw your consent or change the degree of consent you have given, without that affecting the legality of the processing in the period prior to the withdrawal of consent.
8.1.8 Right to information about data breaches.
8.1.9 The right to submit a complaint to the competent Greek independent authority, which is the Hellenic Data Protection Authority, if your data is illegally processed (http://www.dpa.gr/).
9 Transmission of personal data outside the EU
The personal data we collect from you is not transmitted or processed outside the European Union.
Cookies are small text files which are stored by a website on an internet browser when we navigate. The website recovers this information at each visit so that it can offer related services.
The Company does not seek and does not want to collect any personal data about children aged under 15 and urges all parents to inform their children about safe, responsible use of their personal data when they are using the internet. Children aged under 15 must visit the website under the supervision of a parent or person exercising parental responsibility, and information must not be sent to the website by anyone under 15 without the consent of their parent or person exercising parental responsibility. If the company is notified that online personal data of a person aged under 15 has been sent via the website without the consent of the parent or person exercising parental responsibility, the company will take appropriate measures to delete that data from its databases and not use that data for any reason (except, where necessary, to protect the child or others in accordance with the provisions of the law).
12, Version - Changes and updates
This policy was last updated on 30-06-2021.
We reserve the right to amend and update this policy in whole or in part at out unfettered discretion at any time. Any change hereto shall apply immediately once the amended policy is posted on the website. There will also be a notice on the homepage indicating the change. In any event, if you accept this Policy and continue to use the website after any amendments made in accordance with the above, you are deemed to have accepted those changes. If you do not agree with the terms of this Policy, as amended in whole or in part, you must stop using the website. We may send periodic emails to remind you of changes and updates to the Policy, but you should check the website frequently to learn about our current, valid personal data protection policy.
All changes to this Policy will be posted here immediately.
Copyright 2021 BARBA STATHIS ABEE