Statement of the Controller About the«Protection of Personal Data »

Growing economic and scientific collaborations as well as mutual provision for data processing services have resulted in the exchange of personal data, a trend that is reinforced by the ever-increasing use of modern telecommunications media.

For the above reasons, it is necessary to process the data with care.

The Processing Manager declares that compliance with the principles governing the protection of data for the processing thereof is its purpose as it is committed to respecting the individual rights and privacy of individuals. The Data Controller handles personal data with special care and always in accordance with EU Regulation 2016/679, the applicable National Law and applicable legislation

 

For the purposes of this directive, the following definitions will apply:

Data Subject: any person whose personal data is processed by or on behalf of the Company

Personal Data: any information in relation to an identified or identifiable person which concerns his physical, physiological, psychological, emotional or financial situation, cultural or social identity.

Processing: personal processing (“processing”), any operation or series of operations that takes place on personal data, including but not limited to collection, recording, storage, modification, analysis, use, association, retention (locking), deletion or destruction.

 

1. Responsible for data processing and DPO

The data controller is the company “SAVVIDIS KYRIAKOS MONOPROSSOPI EPE”, with d.o. KIROSAV, based in Thessaloniki, St. Agiou Petrou 21 – N. Eukarpia 56429, VAT 997513351, D.O.Y. E Thessaloniki, E-mail kirosav@otenet.gr (“Processor”).

2. The Data we process

With your consent, we process the following routine and sensitive personal data that you provide when you interact with the Website (https://www.kirosav.gr/), and use the services and functions it provides. This data includes in particular your first and last name, contact details, address and the content of your specific requests, updates or reports as well as the additional data that the Data Controller may obtain, including from third parties, in the context of conducting of its business activity (“Data”). In order for us to be able to fulfill the requests you make through the contact form and/or to provide updates on adverse reactions, it is necessary that you consent to the processing of the data marked with an asterisk (*).

 

Without this mandatory data or your consent we cannot proceed further. Instead, the information requested in fields not marked with an asterisk and your consent to receive informational materials are optional and failure to provide them is of no consequence.

In any case, even without your prior consent, the Processor may process your data to comply with legal obligations arising from laws, regulations and EU law, exercise rights in judicial proceedings, exercise its own legitimate interests and in all cases provided for, as the case may be, in articles 6 and 9 of the GDPR regulation.

The processing is carried out both using computers and in paper form and always implies the application of the security measures provided for by the applicable legislation.

 

  1. Why and how we process your personal data.

The data is processed for the following purposes:

  • To handle the requests you make through the “Form”, to contact you subsequently or to provide information through it. The legal basis for the processing of personal data for this purpose is your consent (Article 6(1)(a) and Article 9(2)(a) of the GDPR) and the performance of the contract to which you are a party as the data subject ·
  • To manage adverse event reports submitted through the Website or Forms. The legal basis of processing for these purposes is your consent (Article 6(1)(a) and Article 9(2)(a) of the GDPR), as well as the pursuit of any public interest (Article 9(2)(i) of GDPR regulation) and legal obligations.

In addition, only with your optional consent which is the legal basis for the processing in accordance with Article 6(1)(a) of the GDPR:

  • to receive promotional material (direct marketing) from us.

By selecting the appropriate boxes you agree to the processing of your data for these purposes.

 

Your data may in any case be processed, even without your consent, for the purpose of compliance with laws, regulations, EU law (Article 6(1)(c) GDPR), to obtain statistical data regarding the use of the Website and its proper operation (Article 6 paragraph 1 point f) of the Regulation).

Personal data is entered into the Controller’s IT system in full compliance with data protection legislation, including security and confidentiality profiles and based on principles of good practice, legality and transparency regarding processing.

The data is stored for as long as is absolutely necessary to achieve the purposes for which it was collected. In any case, the criterion used to determine this period is based on compliance with the deadlines set by law and the principles of data minimization, storage limitation and rational file management.

All your data will be processed in paper or automated means, ensuring in each case the appropriate level of security and confidentiality.

 

  1. Principles applied during processing.

We are allowed to process your personal data in order to provide personalized services, based on the law (Article 6(1b) of Regulation (EU) 2016/679) and the relevant National Implementing Law . Your personal data is not used for purposes other than those described in the Statement, unless we obtain your prior permission, or unless this is required or permitted by law.

Personal data is processed in a manner compatible with the purpose for which it was collected.

The principle of proportionality applies when processing personal data. Among other things, it creates the obligation not to collect personal data without reason.

The personal data used should be accurate and up-to-date.

Personal data used that is no longer accurate and complete should be corrected or deleted.

With the exception of cases where by law there is an obligation to retain them for a longer period of time, personal data is not kept for a longer period of time than is necessary for the purposes for which it was collected or processed.

Personal data is processed in accordance with the principles of good faith. This means that data subjects can rely on processors to exercise due care in all matters of data processing.

Subjects whose personal data have been processed will be informed accordingly, if they request it. Specifically, they have the right to be informed of the purposes for which their data is being processed, the type of data they concern, as well as the identity of the recipients of the data. Where deemed necessary, data subjects also have the right to request the correction, non-transmission or deletion of their data.

The above rights may be limited only if this limitation is provided for by law. This applies, in particular, when conducting scientific research.

In particular, personal data is protected against unauthorized disclosure and against any illegal processing. The measures put in place ensure a level of security commensurate with the nature of the data to be protected and the risks that may arise from its processing.

The data controller is responsible for the compliance and application of EU Regulation 2016/679 and the National Implementing Law.

Our employees who deal with the processing of personal data are accordingly informed and trained. The procedures for the processing of personal data of third parties upon agreement shall be defined in writing, having ensured that the contracting third party processes personal data in a secure manner and that it is in compliance with the principles set forth in this Statement and GDPR EU. In the event that the third party is deemed unable to ensure a satisfactory level of security of personal data, we will terminate the cooperation.

 

  1. People who have access to the data

Τhe Data are processed by electronic and manual means in accordance with the procedures and practices related to the aforementioned purposes and are accessible by the personnel of the Controller authorized to process the Personal Data and the supervisors and in particular the employees belonging to the following categories: technical staff, Information and Network Security staff and administrative staff as well as other staff members who need to process the data for the performance of their duties.

The Data may be disclosed, also to countries outside the European Union (“Third Countries”): i) to institutions, authorities, public bodies for institutional purposes; ii) to professionals, independent consultants – whether working individually or collectively – and others third parties and providers who provide the Data Controller with commercial, professional or technical services required for the operation of the Website (e.g. provision of IT and Cloud Computing services) for the purposes mentioned above and to support the Data Controller to provide the services you have requested; iii) to third parties in the event of mergers, acquisitions, transfers of businesses or their subsidiaries, audits or other extraordinary actions;

The mentioned recipients receive only the data necessary for their respective functions and duly undertake their processing only for the purposes stated above and in accordance with data protection laws. The Data may also be shared with the other legal recipients identified from time to time by applicable laws.

With the exception of the above, the Data will not be communicated to third parties, natural or legal persons, who do not perform tasks of a commercial, professional or technical nature for the Controller and will not be disseminated. The persons who receive the data will process it, as the case may be, as Data Controllers, Processors or persons authorized to process the personal data for the purposes mentioned above and in accordance with the applicable data protection legislation.

Regarding the transfer of data outside the EU, even in countries whose laws do not guarantee the same level of protection of the privacy of personal data as that provided by EU law, the Controller informs that the transfer will in any case take place in accordance with with the methods permitted by the GDPR, such as for example based on the user’s consent, based on the standard contractual clauses approved by the European Commission, selecting parties participating in international programs for the free movement of data (e.g. .EU-US Privacy Shield) or implemented in countries considered safe by the European Commission.

 

  1. Your rights.

If you wish, you can request at any time to exercise the rights of articles 15-22 of the GDPR Regulation, to be informed about your personal data held by us, their recipients, the purpose of their retention and processing as well as the modification , correcting or deleting them, by sending a relevant electronic message to the addresses shown above, from the electronic contact address that you have declared, by completing the application that by completing the corresponding application that can be granted to you.The Controller with an attached copy of your ID. You also have the right to review the personal data we hold and generally to exercise any right provided by the legislation for the protection of personal data.

The personal data that you disclose to the Data Controller through https://www.kirosav.gr, either during your registration or at a later stage, are collected and used and processed in accordance with the applicable provisions on personal data protection of the new European General Data Protection Regulation (EU) 2016/679.

 

You retain the following rights in detail:

  • Right to information about your personal data: Upon your request, we will provide you with information about the personal data we hold about you.
  • Right to correct and complete your personal data: Once you notify us, we will correct any inaccurate personal data concerning you.We will fill in incomplete data if you notify us, provided that this data is necessary for the purposes of processing your data.
  • Right to delete your personal data: Upon your request, we will delete the personal data we hold about you.However, some data will only be deleted after a specified retention period, for example because in some cases we are required by law to retain the data, or because the data is required to fulfill our contractual obligations to you.
  • Right to freeze your personal data: In certain cases provided by law, we will freeze your data if you ask us to do so. Further processing of retained data takes place only to a very limited extent.
  • Right to withdraw your consent: You can at any time withdraw your consent to the processing of your personal data in the future.The lawfulness of the processing of your data remains unaffected by this action, until the point of withdrawal of your consent.
  • Your right to object to the processing of your data: You can at any time object to the processing of your personal data in the future if we process your data on the basis of one of the legal justifications provided for in Article 6 (1e or 1f ) of Regulation (EU) 2016/679. If you object, we will stop processing your data, provided there are no legitimate grounds for further processing. Processing your data for advertising purposes does not constitute a lawful reason.
  1. Security of Personal Data

The Processor implements specific technical and organizational security procedures in order to protect personal data and information from loss, misuse, alteration or destruction. Our partners who support us in the operation of this website also comply with these provisions.

The Controller makes every reasonable effort to keep the personal data collected only for the period for which the data is needed for the purpose for which it was collected or until its deletion is requested (if this occurs earlier), unless it continues to observe them according to the provisions of the current legislation.

 

  1. Statement Revisions.

We reserve the right to modify or revise this Statement from time to time, at its sole discretion. If changes are made, the Controller will record the date of amendment or revision to this Statement and the updated Statement will apply to you from that date. We encourage you to periodically review this Statement to review any changes to the way we manage your personal data.

 

This is a Declaration of Compliance with the provisions of EU Regulation 2016/679 and the National Implementing Law.

17.11.2021