PRIVACY POLICY IN RELATION TO CUSTOMERS, SUPPLIERS,
CONTRACTORS AND OTHER THIRD PARTIES

Α.  INTRODUCTION

The protection and security of your personal data is important to SKLAVENITIS CYPRUS LTD (hereinafter “the Company”), which is bound to protect your personal data. This policy applies to both existing, future and former customers and contractors of the Company and generally to any other third party, except the employees. Please read carefully this policy, which includes important information in order to understand our policy regarding the personal data you provide to us or which we collect, otherwise, through our website in accordance with the General Data Protection Regulation and applicable laws and regulations.   


Β. DEFINITIONS

Personal data” means any information, direct or indirect, which may lead to the identification of a natural person (data subject).
Processing” means any activity, which is performed on personal data, including collection, recording, organisation, structuring, storage, dissemination or otherwise making available, transfer,  erasure and destruction of personal data.

The «SKLAVENITIS CYPRUS LTD» is a “Data Controller”, this means that determines the purposes and means of processing of personal data. The Company as Controller is responsible, according to the legislation for the protection of personal data, to inform you for all the information which is included in this policy.


C. DATA PROTECTION PRINCIPLES

Considering the data protection law and principle your data will be:


D. COMPLIANCE

We would like to inform you that, in compliance with the General Data Protection Regulation, we collect only the necessary data for the fulfillment of the purpose of processing, within the framework of either our legal or contractual obligation, or when the processing is necessary for the purposes of our legitimate interest (or third party) provided that this overrides our rights, interest and fundamental freedoms. The personal data are processed by authorised and properly trained persons, who are committed to confidentiality, with respect of privacy and the basic principles of transparency, security, confidentiality, legality and necessity.


Ε. POLICY ANALYSIS

PROCESSING OF PERSONAL DATA


You can use our website without being required to provide any personal data to us. However, for certain services or activities, as explained below, you will need to provide us personal data in order for us to be able to provide you with our services or products or certain activities or to respond to any request. If you do not provide the requested information, then we may not be able to perform our contract (such as the payment for the services provided) or we may not be able to comply with our legal obligations.  

The Company collects personal data that you provide for the performance of our contractual relationship. The Company collects, stores and uses, where necessary, the following categories of personal data:

In case that you have any question or other request, please complete the Contact Form on our website.  There you will be asked to provide your name, surname, email address and necessary information related to your request.

Please note that we will retain all the provided information for the period of 1 month after your question/request has been answered or the inquiry was closed.  

In case that you would like to submit any suggestions to the Company, please complete the Suggestion Card which can be found at the Customer Service Desk in all «Sklavenitis» supermarket. Completing the Suggestion Card you should provide all the necessary information regarding your suggestion.

Please note that we will retain all the provided information for the period of 1 month from the submission of your suggestion. In some cases the Company may retain your personal data for a longer period which will inform you about, in order to settle your suggestion.  

The Company collects the personal data provided by the customers through email or telephone, for the performance of the order.  The Company will collect the provided data such as name, surname, address, email, telephone and other related information regarding the customer’s order.  

The Company will retain all the provided information for the period of 1 month after the delivery date of the order.

Students

In case Students wish to get a discount card, the student should fill in the Student Card Application Form in which the following personal data should be filled in: name, surname, date of birth, id number and passport number, address, postal code, email address, mobile number, home phone, nationality, contact language, name of university/college and number of student identity card.  

It is noted that the Company will collect and retain all the provided information for the period of 1 month after the discount card becomes inactive.

Professionals

In case professionals wish to get a discount card, they should fill in the Registration Form for Professionals which can be found from the Customer Service Desk in all «Sklavenitis» supermarkets or the specific customers can send their details to the email address cy.pro.customerservice@sklavenitis.com. The Company will collect the following personal data: name and surname of the representatives of the company, email address, mobile number and business phone.

The Company will collect and retain all the provided information through the Discount Card Form for 3 years after the discount card becomes inactive.  


F. NON AUTOMATED DECISION MAKING

The use of personal data by an electronic system of making a decision without any human involvement constitutes automated decision making. The Company does not have and use systems and procedures for automated decision making in relation to personal data of customers, suppliers and contractors.

 
G. PURPOSE OF PROCESSING

The Company collects and processes personal data only when permitted by law.  Specifically, the Company needs all the above categories of personal for the performance of our contract and in order to comply with its legal obligations.  In certain circumstances we can use your personal data for the protection of our legitimate interest or third party, provided that this overrides your interest and fundamental freedoms or as the case may be, according to your consent. The cases when we will process your personal data are stated below.

Some of the above reasons for processing your personal data will overlap and there may be several reasons to justify the used of your personal data.


Η
. COMMON USE OF DATA

There may be instances where we will share your personal data with third parties, including service providers or other legal entities, where required by law, where it is necessary to manage our relationship or where we have a legitimate interest in doing so.  The following activities are performed by third party service providers, filing of the invoices and credit notes, auditing and accounting services, insurance services, credit insurance, taking legal action in relation to overdue debts.

We required from all third party service providers and legal entitles to respect the safety of your personal data and to manage them in accordance with the Law as well as to take appropriate security measures to protect your personal data in accordance with our company policies.  We do not allow third party service providers to use your personal data for their own purposes.  We only allow them to process your personal data for specified purposes and in accordance with our instructions.

We may share your personal data with other third parties, for example, in case of a possible sale or restructuring of the business.  In this case, as far as we can, we will share anonymous data with other third parties before the transaction is completed. When the transaction is complete, we will share your personal data with third parties if and to the extent required by the terms of the transaction.


I. SECURITY OF PERSONAL DATA


Having as a primary aim the security of personal data, the Company has put in place appropriate security and organizational measures in compliance with the General Data Protection Regulation (GDPR), to prevent unauthorised loss, use or access to your personal data, modification or disclosure.  In addition, we restrict access to your personal data to employees and other third parties who have business reasons to know this information. They will process your personal data only in accordance with our instructions and are subject to confidentiality obligations.

We have established procedures for dealing with any data breaches and will notify you and any supervisory authority of a potential breach where we will be legally obliged to do so.


J. RETENTION OF DATA

Your personal data is stored on the Company’s servers, which are located at the Head Offices and in some cases in a physical file, within Company’s premises taking the necessary security measures. They are subject to processing for the period of time required for the fulfillment of the respective purpose of processing and/or for the Company’s compliance with any obligations under the law.

The retention period of your personal data is specified above, separately for each specific purpose.  In any other case which is not specified above we will retain your personal data only for a period of six (6) years after the expiration of our contractual relationship, unless court proceeding are pending where the data will be retained for a longer period for the purpose of establishing, exercising and defending legal claims. After the above periods (Point E) your personal data are deleted, unless you consent for their further retention.  

For the purpose of this term, termination of our contractual relationship shall be defined as the date of full and final settlement of any debt or the fulfillment of any transaction between you and the Company.
In some circumstances, we may use your personal data anonymously so that the data cannot be associated with you, and in such case we may use this information without any further notice.

It is important that your personal data we collect about you is accurate and up-to-date. Please let us know if there is any change to your personal data during our contractual relationship.


Right of access, correction, deletion and restriction

In some instances, in accordance with the applicable laws, you have the following rights with respect to your personal data:


Without additional charge

You will not have to pay any amount to access your personal data (or to exercise any other rights). However, we may charge you a reasonable fee if your request for access is unfounded or excessive. Alternatively, we may refuse to comply with your request in such instances.

Right to complain

You have the right to file a complaint with the Office of the Personal Data Protection Commissioner, the contact details are as follows:  
1 Iasonos Road
1082 Nicosia, Cyprus
Phone: +357 22 818 456
Fax: +357 22 304565
E-mail address: commissioner@dataprotection.gov.cy

Change to this privacy notice

We may occasionally change or modify this privacy notice at any time and we will duly notify you of any changes either directly or through our website depends on the case. We can also notify you in other ways at times about processing your personal information.

If you have any questions regarding the way that the Company process your personal data or in case you would like to exercise any of your rights, please contact the Data Protection Officer Mr. Panagiotis Panagiotou at ppanagiotou@sklavenitis.com or at 25- 316816.