KALLAS INCORPORATION S.A.
Date of Implementation: Valid from 25/5/2018
Thank you for visiting the website of "KALLAS INCORPORATION S.A." (hereinafter referred to as "Website") located at Damianou 13, 136 71, Axarnes (hereinafter referred to as "the Company").
The Company is committed to collecting and processing your personal data in accordance with the provisions of Regulation (EU) 2016/679 (hereinafter referred to as "GDPR") and law 4624/2019. The Company as Data Controller informs you on the way it collects and processes information about you in accordance with all applicable European and national laws concerning personal data.
Personal Data is any information relating to natural persons whose identity is known or can be identified (hereinafter referred to as "Personal Data"). Protecting your Personal Data is very important for the Company, which takes steps to this end.
This Policy sets out the kind of information that our Company may collect from you and informs you on how we use this information. When you voluntarily provide us with personal information, such as your name, address, or email address, we use this information in strict confidence. Subject to the specific provisions of this Policy, no Personal Data is rented, sold, publicly posted or disclosed to other companies, organizations or websites.
This Policy applies to the collection and use of your Personal Data by the Company (eg information that identifies a specific person such as full name or email address).
2. What Information We Collect From you
During our business, we collect, as appropriate, the following Personal Data when you provide it to us:
- your Personal Information & Contact Information or information about persons proposed by you, from whom you have obtained explicit consent (full name, telephone numbers, contact address, Email, activity / profession)
- Electronic identification data (when Company is providing services to you)
- Financial information (bank account numbers, credit card details and payment methods, VAT, Tax Office)
- Health Data (if you choose to address in any way of those listed in Section 3 , a question to the Company in relation to a product and in this context, reference is made to health concerns associated with the use of our products or if required by special conditions relevant to shipping of products)
- Academic data, job history / training information when you submit your CV
- When you visit the Company's Website, we may collect personal information from you. This data may include your search history, IP address, screen resolution, the browser you used, your operating system and settings, access times, and your URL. If you use a mobile device, we may also collect data that identifies your device, settings, and location.
- The Company reserves the right to collect anonymous data for Users (browser type, type of computer, operating system, internet providers, etc.) and / or to monitor Internet (IP) addresses using appropriate technologies (cookies). Cookies are small text files that are stored on each User's hard drive without being possible to access to documents or files stored in User's computer. They are used to facilitate User access when using certain services and / or pages of the Website, and for statistical purposes. For more information about cookies used by the Website, Users are kindly requested to visit the page Cookies Policy.
3. How We Collect your Personal Data
We collect your Personal Data directly from you in the following ways:
- Through contact forms
- By E-mail
- Through phone calls
- Through Fax
- In the course of our contractual relationship (Purchase of products /Service Provider/Supplier)
- When you express interest in purchasing our products and for our offers/special deals/services
- Through our authorized Employees / Partners
- Electronically, when we receive job applications
- When you are contacting us via the Website contact form or via messages on our social media accounts (instagram, facebook) in order to submit questions/requests
- If you choose to subscribe to the Company's newsletter.
We also collect Personal Data from other sources, such as:
- Public Databases, judicial and private bodies (indicatively GEMI, Judicial and Prosecution Authorities, Ministry registries and Independent Authorities, Diavgeia, Tiresias, ICAP etc.).
By submitting your Personal Data to the Company, you consent to the use of this data in accordance with this Policy. Your Personal Data is not used for any other purpose unless we obtain your permission, or unless required by law or professional standards.
4. Use - Disclosure of Personal Data
We use your Personal Data to respond to your requests for provision of services or orders of our products, to give you update and communicate with you for matters that may be of interest to you, such as offers, product catalogs e.t.c.
We do not disclose your Personal Data to third parties not affiliated with us, unless required to do so by our legitimate professional and business needs, in order to respond to your requests and / or if required or permitted by law or business standards provided we have your express consent to this.
Furthermore, we may transfer your Personal Data to our affiliates, banking institutions, or to business partners of our Company’s providers, such as insurance companies, cooperating dept collection companies, consulting and auditing companies, any cooperating file storage and management companies, IT companies, printing, and document management companies, transport companies, to shipping companies and finally to independent quality control laboratories to the extent this is necessary for the fulfillment of our contractual obligations, and to better respond to your requests.
In addition, the Company may provide suppliers with access to customer data in order to identify specific volume and sales quality needs.
In all the above cases, Company only transfers Personal Data to third parties that meet our strict data processing and security standards and act only as specifically authorized by us. We also ensure that such third parties are fully bound by terms of privacy and confidentiality as provided in the applicable data protection and privacy regulation.
In addition, as provided by law, the Company may disclose your data to public authorities of all kinds (i.e public services, insurance funds, tax authorities, etc.) to judicial, public and independent authorities, such as the " Consumer General Secretariat " of the Ministry of Development and Investments, the Independent Authority, "Ηellenic Consumer’s Ombudsman", competent Ministries, Prefectures, Regional Health Directorate, Customs Οffice, EFET (Hellenic Food Authority), Regional Directorate-General of Agricultural Economy and Veterinary, Tax Office, Economic Crimes Enforcement Agency, police departments, prosecutors, independent auditing companies upon lawful request, if this is absolutely necessary to defend legal rights or fulfill Company’s obligations.
In the event of reorganization or sale of our Company to another organization, the Company may also disclose Personal Data relating to the sale, assignment or other transfer of business.
In addition, the Company may disclose Personal Data, if necessary, during the conduct of audits concerning the protection of Personal Data and system’s security and / or for investigation or response to a complaint or security threat.
5. Transfers of Personal Data to Countries outside the EU and EEA
We may transfer the Personal Data we collect from you to countries outside the country in which the Personal Data were originally collected. These countries may not ensure the same level of protection as the country in which the Personal Data were originally collected. When we transfer your Personal Data to third countries, we take the appropriate measures to protect the Personal Data in accordance with this Policy and all applicable privacy laws and regulations.
6. Legal Basis and Purpose of Use and Processing of your Personal Data
The Company only collects the necessary Personal Data to address your requests in the course of its commercial activity and operations. In cases where additional, optional information is required, you will be informed at the time of the collection of the Personal Data. As required by the national and European law (including GDPR), we process Personal Data, only for as long as we have the legal basis to do so. Therefore, when we process your Personal Data, we rely on one of the following legal bases:
- To perform a contract: When the processing of your Personal Data is necessary for us to fulfill and comply with our contractual obligations.
- When we have a legitimate interest: We may process data about you when we have a legitimate interest in performing a lawful activity and to ensure continuity of the said activity, as long as it does not override your interests. This may be the case, for example when you ask for information about our products/new products.
- Where there is a legal obligation: We are required to process your Personal Data to comply with a legal obligation, such as keeping records for tax purposes or providing information to a public entity or authority or complying with other insurance, accounting or tax provisions.
- When We Have your Consent: Occasionally, we may ask you for special permission to process some of your Personal Data, and your Personal Data will only be processed if you agree to this. you may withdraw your consent at any time by contacting the Company at firstname.lastname@example.org.
The Company collects "sensitive" Personal Data only when data subjects voluntarily provide these data and have given explicit consent to their processing or when the collection of such data is required by employment or social security laws. The concept of 'sensitive' data includes Personal Data relating to a person's racial origin, nationality, political beliefs, trade union membership, religious or similar beliefs, his or her physical or mental health, his or her sexual health.
7. Information Security
The Company uses commercially reasonable administrative, technical, personnel-related, and physical security measures designed to safeguard the Personal Data in our possession against loss, theft and unauthorized use, disclosure, or modification. Such measures include, where appropriate, the use of firewalls, secure server installations, encryption, implementation of appropriate access rights systems and procedures, implementation of access control policies, careful selection of vendors to process and check compliance with the GDPR and other reasonable organizational and technical measures for providing appropriate protection for your Personal Data, which are updated taking into account the technology developments and the cost of implementing them.
All employees are bound by terms of privacy and confidentiality and your Personal Data is processed only by Company’s specifically authorized personnel.
8. Storage - Protection of Personal Data
The Company has taken appropriate technical and organizational measures to ensure the security and protection of Personal Data by achieving safe storage of the Personal Data and prevention of any accidental loss or destruction and any unauthorized and / or illegal access, use, modification or disclosure. Examples of such measures include:
1. physical security measures such as access control and logging, security policies, implementation of document destruction measures, installation of security locks, etc.
2. electronic security measures such as encryption, pseudonymization, control of user access to information systems, installation of security hardware and software, etc.
3. regular training and updating of authorized users
4. regular checks on the adequacy of security systems.
your Personal Data is stored in data centers which are located mainly in Greece, where the Company's data center is located, while the Company’s (primary) backup site is located in the Company in a secure area fulfilling all necessary precautions.
Also some of the stored data may be located in cloud service providers whose datacenters are located in Europe. If you need more information, please can contact the Company at email@example.com.
9. Retention Period
We retain your Personal Data both in physical and electronic form, for the period required to perform and complete the purposes stated above, including complying with legal, accounting or information requirements, and fulfilling, to the extent possible, your needs. It is specified that we will keep and process your Personal Data for the duration of our contractual / customer relationship. In the event that the relationship is terminated or interrupted in any way, we will keep your data for as long as the limitation period for the claims runs and in any event for as long as required by tax law, the applicable legal and regulatory framework, and the approved codes of conduct. We will also keep your Personal Data:
a. If you complete the Website’s contact form or make a request, your Personal Data is retained for as long as it is required to address you request.
b. If you sign up for the newsletter, your Personal Data will be kept for the period you wish to receive the newsletter. you can tell us at any time that you no longer wish receive a newsletter by sending us e-mail to firstname.lastname@example.org and you will be removed from the list of recipients. When you have provided your consent to direct marketing notifications, we retain your Personal Data until you cancel your registration or request its deletion or after a period of inactivity determined in accordance with national regulations and guidelines.
c. If you send us a resume, for as long as it takes for the Company to evaluate your qualifications and abilities and to consider opportunities for collaboration. If you are not finally selected for the post, your CV will be retained in file for future use, for 1 year.
However, any necessary Personal Data relating to your transactions with the Company as well as notices provided to you about the processing of your data, may remain as client information to ensure that the Company is legally processing your Data, and to secure both parties' legal claims. Please note that if there is a pending legal dispute between us that go beyond the aforementioned retention periods, we will keep your data until issuance of a final court decision. After the retention period expires, your Personal Data is permanently removed from the Company's records and information systems or we anonymise them so you can no longer be identified.
10. Your rights regarding the processing of your Personal Data
Whenever we process Personal Data concerning you, we take reasonable steps to ensure that your Personal data is kept accurate and up-to date for the purposes for which it was collected.
Under GDPR (Articles 12 to 22), you have the following rights:
- Request a copy of your Personal Data.
- Withdraw your consent when this is the legal basis for the processing of your Personal Data.
- Request the deletion of the Personal Data you have provided, subject to any restrictions provided by applicable law.
- subject to applicable law, ask for restriction of processing,
- Request the portability of your Personal Data, as long as you have provided the data to us, the processing is based on consent or contract and the processing is carried out by automated means.
- Object to the processing of your Personal Data.
To exercise the above rights, you may contact us at the following e-mail: email@example.com or by post or in person at KALLAS INCORPORATION S.A , 13 Filippou Damianou, 136 71, Acharnes Attica. In case where you exercise one or more of the above rights, we will take all reasonable steps to satisfy your request within a reasonable time, but not later than one (1) month of receipt of the request. The above timeline may be extended by two (2) further months, taking into account the complexity and number of the requests. The Company may retain the minimum Personal Data necessary to safeguard its legitimate interests.
Taking into account the circumstances and the nature of your request, we may not be allowed to give you access to Personal Data or otherwise fully comply with your request, for example, when the exercise of your request may reveal the identity of another person. We reserve the right to charge the appropriate administrative fee to fulfill your request, where permitted by applicable law, and / or to refuse your request in cases where such request is unfounded, excessive or otherwise unacceptable in accordance with applicable legislation.
Finally, each User has the right to ask the Company about the way his / her Personal Data is processed and protected, and if he / she considers that any of his / her rights have been infringed, he / she has the right to file a complaint with the Personal Data Protection Authority ( http://www.dpa.gr/, Kifissias 1-3, PC 115 23, Athens, 210 6475600).
11. Our Children’s Policy
We are committed to protecting the privacy of children. you should be aware that this website content and services are not intended for, or designed to attract, children under the age of 16. No Personal Data should be submitted to the Company through the website by visitors who are younger than 16 years old. If it comes to our attention that an under 16 years old User of this website has volunteered Personal Data and/or health-related Personal Data, without the given or authorized consent of the holder of parental responsibility over such child, we will promptly, upon relevant notification or request, delete such Personal Data in accordance with our deletion policy.
12. CalOPPA Do-Not-Track Notice
Company does not track its users over time and across third party websites and therefore does not respond to Do Not Track (DNT) signals. Company does not authorize third parties to collect Personal Data directly from our users on our web site, such as through the use of third party advertisements.
If we make substantive changes to this Policy that broaden our rights to use the Personal Data that we have already collected from you, we will inform you and provide you with a choice for the future use of these data.