COMPANY STATEMENT FOR THE PROTECTION OF PERSONAL DATA GP HELLENIC SOIL LTD – GREEK BRANCH
GP Hellenic Soil ltd – Greek Branch with headquarters at Peristeri, 132, Kifissou Ave., as the Controller, with this section, wishes to inform users/visitors of the Website www.superfoods.eu of both its personal commitment as well as that of its partner companies, in relation to the protection of their personal data as well as the type of the data that it may collect and the way it uses them.
Through the Website www.superfoods.eu and the services it provides, our Company processes, namely collects, keeps and transfers personal data for the purposes mentioned below.
In order to protect the personal data of our Website users/visitors, clients, employees and other natural persons related to our Company, and which [data] we process as part of our activities, we have fully adjusted our policy to the requirements of Regulation (EU) 2016/679 (General Data Protection Regulation, henceforth the GDPR).
TYPE OF DATA COLLECTED & METHOD OF USE
The Website www.superfoods.eu can collect personal data that either identifies you directly or that could be used in combination with other data in order to identify you. Examples of personal data that identify you directly include your name, your contact data (e.g. phone number, postal address, etc.) and your email address.
Examples of personal data that identify you directly include your name, your contact data (e.g. phone number, postal address, etc.) and your email address.
An example of personal data that do not identify you directly, but in combination with other identifying data can lead to your identification, is the Internet Protocol Address (IP Address) of the device you have used in order to have access to our Website www.superfoods.eu.
There are sections on the Website www.superfoods.eu, where it is necessary to submit certain data so that you can make use of some services. Within this framework, and through the Website www.superfoods.eu, the following data can be collected:
Contact Data: They include data that you submit to us willingly, such as your full name, postal address, phone number, email address, and other relevant information. We collect this information so that we can contact you (e.g. by email). You can always refuse to provide us with your personal data, but then we might not be able to offer you some information, updates or services.
Additional information: Some sections on the Website www.superfoods.eu allow you to share additional information with us.
For example, you can register to our mass email lists so as to receive our newsletter. We may use the information you have provided us with in order to send you information that you have requested, to answer your questions, to improve the Website www.superfoods.eu or for other necessary activities in order to respond to your requests.
Sensitive Personal Data: These refer to information (e.g. medical data, medical treatments or illnesses) that you forward to us in order to be informed of our products.
Moreover, we can use your data so as to comply with our obligations which result from the applicable legal or regulatory framework, such as reporting undesirable actions or exercising our legal rights, as well as based on our Company policy on file keeping or for managing the Website, always in the legal interest of our Company.
COOKIES AND RELEVANT TECHNOLOGIES
Web beacon: The Website can use the technology known as web beacon that allows collecting information o the Internet (web log). A web beacon is a minimum size graphic file included on a webpage or in an email and it is designed so as to facilitate the recording of the webpages you visit or the emails you open. The information on your activity during your visit to one of our Websites is collected by the computer (called webserver) that hosts our Website.
On one of our Webpages or in some of the emails we are sending you, we may make use of the technology known as a web beacon (this technology is also called: “action tag” or “clear GIF technology”). We may make use of the web beacon technology in some cases, in order to find out if the messages we are sending you are being opened or read. The web beacon technology also helps assess the effectiveness of websites, by measuring the number of visitors or measuring the visitors who click on major elements of the website.
Cookies: The Website uses the technology called “cookies”. A cookie is a small text file that the Website can install on your computer’s hard disk, where the files of the program you use to enter the Internet (browser) are stored. The cookie saves you the trouble of re-entering some information in certain registration fields when you revisit a Website, because it helps the Website “remember” the information you had initially inserted. The cookie also helps us send personalized content to you and it records how you are using the Website sections.
The cookies can be stored on your computer both by us as well as by third parties related to us, such as companies providing web analytics services and network advertising services. In most browsers, you can change the relevant settings so that cookies are deleted from your computer’s hard disk, or all cookies are blocked or you receive a warning message before the installation of a cookie. To learn more about these functions, please check your browser’s instructions. If you reject cookies, the functionality of the Website may be limited and it is possible that you will not be able to enjoy the advantages of the various Website characteristics.
REASONS FOR TRANSFERRING YOUR DATA
The recipients of your date can be, in addition to our Company employees, third-party partners and/or providers of necessary services for the correct operation and maintenance of the Website, e-mail marketing services, etc.
The third-party partners and/or service providers are committed to complying with the applicable legislation on personal data protection.
Our Company does not transfer (except for the aforementioned cases) nor does it reveal or publish your personal data, unless it is obliged to do so by law, petition, court decision, or competent public or independent authority, or in order to act in urgent cases for the protection of national security or law enforcement, in order to protect safety on the Internet or when required by law.
In extremely rare cases, when corporate or public safety is at risk, we retain the right to proceed to the necessary data transfer to the competent state authorities.
LEGITIMATE GROUNDS FOR PROCESSING
The legitimate grounds for processing your data are as follows:
- Your consent to the processing of your data for one or more specific purposes (art. 6 par 1a of GDPR), e.g. when you provide us with your contact information for marketing reasons and/or promotion.
- The performance of a contract to which you are party or in order to take steps at the request prior to entering into a contract during negotiations (art. 6 par 1b of GDPR).
- Processing is necessary for compliance with a legal obligation to which we are subject, as this is derived from the European or National Law, e.g. in order to comply with our tax or insurance obligations derived by law (art. 6 par. 1c of GDPR).
- Processing is necessary for the purposes of the legitimate interests pursued by our Company, as long as such interests are not overridden by your interests or fundamental rights and freedoms as the data subject (art. 6 par 1f of GDPR). Specifically, our Company’s legitimate interest is its business interests, the protection of its facilities, the security of its assets (tangible and intangible), the employees’ safety, the control and exclusion of access to the facilities of persons unrelated to its activities. Particularly for safety purposes, the processing of these data is absolutely necessary and cannot be carried out in another, milder way.
We use this information to manage and update the Website; also, through this information, we will evaluate whether the Website visitors match the desired demographic characteristics of the Website’s common target, and we determine how visitors navigate the major common elements-targets of the Website content.
First–party cookies (such the Google Analytics Cookie) and third-party cookies (such as the DoubleClick Cookie) will be used to create reports relevant to the promotion (ad impression) and effectiveness of the online advertising services provided by the Website in relation to the number of respective visits.
Α. Opt-Out Possibility
Google Analytics offers the possibility to opt-out for the Website’s visitors who do not wish their data to be collected. Additional information on this possibility is included here:
B. The use of data by Google
Google and its subsidiaries can keep and use, subject to the Policy on Privacy (included in https://www.google.com/privacy.htlm or a similar URL that Google may provide at times), information collected from the use you make, on Google Analytics Information Disclosures and Sharing.
HOW LONG WE KEEP DATA FOR
Your date will be kept by our Company for as long as it is necessary, in order to serve its legitimate business purposes and for legal purposes, according to its procedures on data keeping and the applicable legal and regulatory framework.
As regards the personal data included in the Curriculum Vitae sent to us, we would like to inform you that they are kept in our files for one year.
As regards potentially sensitive personal data (e.g. health data, medical treatments, etc.) that you willingly forward to us in order to receive reliable answers on the use of our products and their compatibility with special treatments or illnesses, we would like to inform you that they are kept in our Company files for one month.
The Website www.superfoods.eu is not intended nor designed for use by minors. We do nor knowingly collect personal data from any minor. The Website is intended for use by people over 18 years old.
HOW WE SECURE YOUR DATA
We apply reasonable physical, electronic, technical and organizational security measures to protect the personal data collected through our Website.
For example, we limit access to these data to those of our employees, service providers and partners who need to be aware of these data, in order to provide benefits or services to you.
We update and control the security technology we use on a constant basis. Moreover, we train employees in the importance of confidentiality and of preserving the privacy and safety of your personal data. Among other things, we have foreseen the application of technical and organizational measures and procedures that protect your personal data from any loss, alteration, illegal processing or change, such as: detecting and managing security violation events, using a server located in a limited access area and subject to frequent controls, constantly receiving copies from the database, adopting individual procedures for keeping personal data and their safe deletion/destruction, etc.
Moreover, we share with third-party providers, who provide services on our behalf, only your personal data that are necessary so that they can provide the services we request from them, and we commit them with contracts so that they protect and process your data on our behalf and do not use them for other reasons.
Although we try to provide adequate and reasonable security for the information we process and keep, no security system can prevent every possible security violation.
YOUR RIGHTS AND CHOICES
You have the right of access to your personal data. This means that you have the right to know if we process your data, the purpose of processing, the type of your Data that we keep, to whom we give them, for how long we store them, if there is automatic decision-taking, as well as of your remaining rights.
You have the right of rectification of inaccurate personal data; if you find out that there are mistakes in your data, you can submit a request to us to have them corrected, such as, e.g. correction of name or updating of address change.
You have the right to erasure / right to be forgotten as regards the personal data that concern you, as long as you no longer wish for these data to be processed, and as long as there is no legitimate reason for the Company, as the Controller, to possess them Specifically, you can ask us to delete your data when they are no longer necessary for the aforementioned purposes or they are submitted in another way or if you object to their processing and there are no imperative and legitimate reasons for processing. When the legitimate grounds for the processing are your consent and you withdraw it, the data need to be deleted as long as there are no other legitimate grounds for processing. However, you need to know that the further processing of personal data by the Company is lawful, when it is necessary for the Company to comply with its legal obligations or in order to substantiate, exercise or support its legitimate claims.
You have the right to the portability of you data.
You can ask us to send you are party and the processing takes place, in readable form, the data you have provided to us, or to transfer them to another Controller, when the legitimate grounds for processing are either your consent or the performance of a contract to which you are party and the processing takes place with automated means.
You have the right to restriction of processing when: you dispute the accuracy of your data and the Company, as the Controller, examines the relevant request, the processing is illegal, your data are no longer necessary for the purpose of processing, but you ask that they are kept so that you can exercise and defend your legitimate claims, when you have exercised your right to object and the Company, as the Controller, examines the potential existence of its superior lawful interest.
You have the right to object to the processing of your data at any time and for reasons related to your particular status, including profiling, and we will stop the processing of your data, if there are no other imperative and legitimate reasons against your right.
In case we process your personal data based on your consent, you also have the right, at any time, to withdraw your consent, without this affecting the legitimacy of the processing for the time period before you withdraw your consent.
The Company, as the Controller of processing, does not proceed to automated individual decision-making, including profiling. However, if the Company intends to proceed to automated data processing, including profiling, it will inform you of this during data reception, as well as of your right to object, which will be described clearly and separately from any other information.
Finally, you have the right to lodge a complaint to the competent Greek independent authority, which is the Hellenic Data Protection Authority (http://www.dpa.gr/), if you ascertain the illegal processing of your personal data or that your rights on your personal data have been violated, or you believe that your issue has not been resolved and that the answer you have received by the Company is not satisfactory.
TRANSFERRING PERSONAL DATA OUTSIDE EU
The personal data we collect from you are not transferred, nor are they subject to processing outside the European Union. In case they are transferred to third countries or international organizations, the transmission is governed by the relevant rules and conditions set in the Regulation, on the basis of an adequacy decision (art. 45 of GDPR), transfers subject to appropriate safeguards (art. 46 of GDPR) or transfers by derogation for specific situations (art. 49 of GDPR).
HOW TO CONTACT US
You can submit any of the aforementioned requests by contacting the Company at the address:
GP Hellenic Soil ltd – Greek Branch
132, Kifissou Ave., Peristeri, 3rd floor
Tel.: 216 9009400
HOW TO LODGE A COMPLAINT
If you wish to lodge a complaint as regards how the Company manages your data, you can contact the Data Protection Controller at the e-mail: email@example.com, so as to investigate the issue; then, we will examine it and get back to you within one month (this deadline is extended to two months in case of a complex request).
If you are not satisfied by the Company’s response or you believe that your data processing does not comply with the provisions of the applicable legislation, you may lodge a complaint to the Hellenic Data Protection Authority (www.dpa.gr).
CHANGES IN PERSONAL DATA POLICY
We may update this Personal Data Policy at times. When we do so, for your facilitation, we will post the updated Statement on this webpage. This Statement was last updated on 07/02/2019.
We will always manage your personal data in compliance with the applicable Personal Data Statement at the time when they were collected and with the applicable legislation at the time of collection.
We will not make or any substantially different use or new notification of your personal data to another party do that they can use your data for their own purposes, unless we inform you and we grant you the right to object, or if there is a relevance between these purposes, namely for purposes related to the initial ones (articles 9, 6, 89 of GDPR).