Privacy and Personal Data Protection Policy
The Company “SEMITRON ELECTRONIC AND ELECTRIC CONSTRUCTIONS S.A.” is committed to protecting your privacy and handling your Personal Data (hereinafter to be referred to as “Personal Data”) in an open and transparent manner and in accordance with the definitions and requirements of the General Data Protection Regulation (GDPR) no. 2016/679 (hereinafter to be referred to as GDPR) for the protection of natural persons with regard to the processing of personal data and for the free movement of such data, as well as Law 4624/2019 “Personal Data Protection Authority”, measures implementing Regulation (EU) 2016/679 of the European Parliament and of the Council of 27th April 2016 on the protection of natural persons with regard to data processing”.
Personal Data is subject to processing within the explicitly defined purposes, based on the principles of lawfulness, objectivity and transparency, purpose limitation and storage period, data minimisation, accuracy, integrity and confidentiality and within the framework of necessity and proportionality that governs each processing operation. It shall also ensure that technical and organisational security measures are taken by design and by default to comply with the above system of principles, which is periodically reviewed and updated.
- Company Information – Data Controller – Data Protection Officer
1.1. The Data Controller is the Company with the name “SEMITRON ELECTRONIC AND ELECTRIC CONSTRUCTIONS S.A.” with the distinctive title ‘SEMITRON SA”, having its registered office in the Industrial Area of Sindos, Thessaloniki, with VAT number : 094450220 and GEMI number : 038327705000 (hereinafter to be referred to as ‘SEMITRON’ or ‘the Company’). It is legally represented, phone center at 2310796963, and contact email at firstname.lastname@example.org (“The Company”)
2.1 This policy specifies the protection regime for the processing of personal data collected by the Company when you visit, register or use the Company’s website and describes the system of rules under which this processing is carried out and the way in which your personal data is used.
For the purposes of this document, the definitions of the GDPR used include, but are not limited to:
“Personal Data” meaning information relating to identified or identifiable natural persons (“data subjects”), namely persons whose identity can be directly or indirectly verified, in particular by reference to an identifier such as a name, an identification card number, location data, an epigraphic identifier or one or more factors specific to the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.
“Processing of Personal Data” meaning any operation or series of operations performed, with or without the use of automated means, on Personal Data or sets of Personal Data, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or any other form of making available, alignment or combination, restriction, deletion or destruction. Finally,
“Controller” meaning the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for their appointment may be provided by Union or Member State law.
- Purpose of Processing Personal Data
Depending on the purpose for which we may be required to process your personal data, we will process certain categories of personal data on a case-by-case basis, which, in general, will be:
- Your basic identification data.
- Your contact details.
- Traffic data of our Company’s website.
- Login and geolocation data to provide the best possible website experience.
- Your social media username, if you interact with our Company through these channels to help us respond to your comments, questions or feedback.
- Information about your habits and preferences; and
- any other information that you may voluntarily provide to us.
We remind you that whenever we ask you to fill in your personal data in order to access any function or service provided by our Company’s website, we will mark certain fields as mandatory, as they are the basic information we need in order to be able to provide you with the Service. Please note that if you do not disclose such data to us, you may not be able to benefit from the relevant services of our Company’s website.
Depending on how you interact with our Application, we will process your personal data for the following purposes:
Α. For updates, promotions and personalized offers
Through our Company’s website, you have the possibility to request the sending of our Company’s newsletter / offers.
The newsletters are sent electronically (e-mail) to the e-mail address indicated by you.
In this context, the reception, processing and retention of your data provided by you is done to satisfy the exclusive purpose of informing you about the Company’s products and actions.
The following personal data will be processed in accordance with Article 6 par. 1 (a’) of the General Data Protection Regulation (GDPR) for the purpose of performing the contract:
- e-mail address (email)
If you do not wish to receive the updates mentioned above, you may, at any time, withdraw your consent by clicking on the active “unsubscribe” link in the newsletter which has been sent to you.
Please note that the unsubscribing and subsequent changes are only valid for the future and will take effect or be implemented no later than 48 hours after you have unsubscribed.
Β. For contacting the Company
Through our Company’s website, you are provided with the opportunity to fill out an online contact form.
The contact form, as filled out by you, is sent electronically and our Company’s response is sent electronically (e-mail) to the email address indicated by you.
In this context, the receiving, processing and retention of data provided by you is solely for the purpose of investigating the possibility of a transaction with the Company and serves the legitimate interest of the Company to pursue its commercial purposes by responding to the requested communication to investigate the possibility of a transaction with you.
The following personal data will be processed in accordance with Article 6 par. 1 (b) and (f) of the General Data Protection Regulation (GDPR) for the purpose of performing the contract:
- full name
- e-mail address
- name of the company or organisation you are employed by or represent for the purposes of our communication
C. In order for the COMPANY to comply with its contractual obligations to you, or pursuant to statutory provisions or in execution of court orders.
The above Personal Data, if you have provided them to us, may be used by the Company to send you communications which are required by law or are necessary to inform you of any changes to the services that the Company provides to you. For example, updates to these privacy notices, product recall notices, and legally required information about products or services in which you have expressed an interest. These service messages will not include promotional content and will not require prior consent when sent by email. If we do not use your personal data for these purposes, we cannot comply with our legal obligations.
- Recipients of Personal Data – Disclosure
The processing of your Data is carried out either by the Company’s specially authorized personnel, or through computer systems and electronic devices by the Company, and exceptionally by third parties, who, having been contractually bound to confidentiality and the protection and lawful processing of your Data, carry out tasks necessary to achieve the purposes strictly related to the use of our website and the services provided through it.
Thus, your data is not intended to be transferred to any organization other than the Company and its subsidiaries with the exception of a) our agents and/or subcontractors for the purpose of supporting, promoting and executing our business relationship (accounting firms, tax firms, consulting firms, programming and internet service companies, promotional material editing companies) b) the competent tax authorities in the context of our mandatory compliance with the tax law, and to the degree to which (and provided that) that is necessary.
All third parties to whom the Personal Data is disclosed undertake to respect the principle of confidentiality and to act with a view to protecting them, in accordance with domestic law and the principles of the GDPR. Similarly, all processors appointed by us to process personal data on our behalf are contractually bound to comply with the provisions of the GDPR.
We will also disclose your personal data when required by law or when we believe that disclosure is necessary to protect our rights and/or to comply with a judicial proceeding, court order, request from a regulatory authority or any other legal process served on us.
- Retention period for Personal Data
We will retain your personal data for as long as we have a transactional or other contractual relationship with you, or for as long as your legal consent is required, or for as long as required by the tax and other laws of the state or the exercise of our legal right and the serving of legitimate interests, or as long as required by the instructions of the competent data protection authority.
In any case, the relevant data is kept for a maximum of twenty years (indicative limitation period for any resulting legal claims), a period during which it is possible that any legal case for processing them may arise, such as, for example, in the event of a civil case or investigation of a criminal offence, a tax audit, etc.
- Data Retention Policy
To ensure the protection of your personal data, we use appropriate technical means and organizational measures in compliance with applicable legal framework by putting in place important information security measures and procedures (protected storage and secure operating environments, controls and access restrictions). This website has an SSL security certificate, which ensures data confidentiality.
It is noted that this website may contain links to other websites, which are under the exclusive responsibility of third parties, as regards the processing of any of your data, the Company not being liable for any damage caused by this cause during your browsing them.
- Data Subject Rights
In the context of the application of the GDPR, you retain the following rights, which you can exercise electronically or in writing:
- Right of update and access to information (information on the Personal Data held and downloading of copies):
You may request confirmation from the controller as to whether or not your personal data are being processed and, if so, the right of access to the personal data and additional information (such as the relevant categories of personal data, the recipients or categories of recipients to whom they have been disclosed, the purposes of the processing, etc.).
- Right to rectification (correction of inaccurate or incorrect information in the Personal Data maintained)
You may request that we correct or complete the data you have provided to us if it is incomplete or contains inaccuracies.
- Right to erasure (deletion of data or cessation of their use, subject to the restrictions provided for by the GDPR)
In certain circumstances, you can request the erasure of all or part of your data (e.g. if the data is no longer necessary for the purposes for which it was collected, if you withdraw your consent, etc.).
- Right to restriction of processing (subject to the conditions laid down in the GDPR)
You have the right to restrict the processing of your personal data, quantitatively, temporally or in relation to the purpose of the processing (e.g. if the accuracy of the personal data is contested by you, for a period of time that allows us to verify the accuracy of the personal data, if you consider the processing unlawful but instead of deleting it you choose restriction, or because it is no longer necessary for us to use it but you do not wish to delete it as its retention would serve you for some purposes).
- Right to data portability (direct transmission of Personal Data to a third party organisation, at your request, in an appropriately structured format)
You may request that we provide or transfer certain information that you have provided to us to a third party organisation in electronic format.
This right is subject to the limitations of the right to erasure and its exercise may not adversely affect the rights and freedoms of others.
- Right to object (provided that there are no compelling and legitimate grounds for processing that override your interests, rights or freedoms or for the establishment, exercise or maintenance of legal claims)
You may object to the processing of your data carried out in pursuit of our legitimate interests as set out above.
- Right to lodge a complaint with the Personal Data Protection Authority..
You have the right to complain directly to the lead supervisory authority, the Personal Data Protection Authority, about how we process your personal data.
Any request relating to your Personal Data and the exercise of your rights in relation to it must be submitted in writing to the e-mail or postal address of the controller or in person (or through a third person, with an authorisation certified as authentic) at the company’s headquarters.
The company responds to your requests free of charge, without undue delay and within one month of them receiving it, except in special cases, in which the above deadline may be extended by two more months, if required, given the complexity or volume of requests. In the latter case, the company shall give notice of the extension and the reasons for the delay within one month of receiving the request. In the event that the Company considers that any of the above rights are exercised in a manifestly unfounded manner or the request is excessive or (even more so) of a repetitive nature, it is entitled, on the one hand, to impose a reasonable charge on you for providing further information (which is in principle free of charge) and, on the other hand, to refuse to follow up the request.
In case the Company has reasonable doubts about your identity when you submit a request to exercise any of the above rights, it may request additional information necessary to confirm your identity before processing the request.
In the event that your request cannot be satisfied, the company will inform you without delay, at the latest within one month of receiving it, of the relevant reasons and of your right to lodge a complaint with the competent supervisory authority for GDPR implementation issues, namely the Hellenic Data Protection Authority (Hellenic Data Protection Authority – L. Kifissia 1-3, P.O.Box. 11523, Athens, tel.: 210-64.75.600 or e-mail: email@example.com), to which you reserve the right to lodge a complaint if you consider that the processing of your Personal Data is in breach of the applicable legislation, as well as your right to appeal to the competent judicial authorities.
- Withdrawal of consent
You have the right to withdraw your consent (if any) at any time by submitting a written request to the email address of the Data Protection Officer firstname.lastname@example.org (see 1.2.)
If you have any questions about this Policy or how we handle your Personal Data, or wish to exercise your rights, please contact SEMITRON’s Data Protection Officer at the following e-mail address email@example.com.
- General Terms