CONTRACTORS AND OTHER THIRD PARTIES
The protection and security of your personal data is important to SKLAVENITIS CYPRUS LTD (hereinafter “the Company”), which is bound to protect your personal data. This policy applies to both existing, future and former customers and contractors of the Company and generally to any other third party, except the employees. Please read carefully this policy, which includes important information in order to understand our policy regarding the personal data you provide to us or which we collect, otherwise, through our website in accordance with the General Data Protection Regulation and applicable laws and regulations.
“Personal data” means any information, direct or indirect, which may lead to the identification of a natural person (data subject).
“Processing” means any activity, which is performed on personal data, including collection, recording, organisation, structuring, storage, dissemination or otherwise making available, transfer, erasure and destruction of personal data.
The «SKLAVENITIS CYPRUS LTD» is a “Data Controller”, this means that determines the purposes and means of processing of personal data. The Company as Controller is responsible, according to the legislation for the protection of personal data, to inform you for all the information which is included in this policy.
C. DATA PROTECTION PRINCIPLES
Considering the data protection law and principle your data will be:
- Used lawfully, fairly and in a transparent way.
- Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
- Relevant to the purposes we have told you about and limited only to those purposes.
- Accurate and kept up to date.
- Kept only as long as necessary for the purposes we have told you about.
- Kept securely.
We would like to inform you that, in compliance with the General Data Protection Regulation, we collect only the necessary data for the fulfillment of the purpose of processing, within the framework of either our legal or contractual obligation, or when the processing is necessary for the purposes of our legitimate interest (or third party) provided that this overrides our rights, interest and fundamental freedoms. The personal data are processed by authorised and properly trained persons, who are committed to confidentiality, with respect of privacy and the basic principles of transparency, security, confidentiality, legality and necessity.
Ε. POLICY ANALYSIS
PROCESSING OF PERSONAL DATA
You can use our website without being required to provide any personal data to us. However, for certain services or activities, as explained below, you will need to provide us personal data in order for us to be able to provide you with our services or products or certain activities or to respond to any request. If you do not provide the requested information, then we may not be able to perform our contract (such as the payment for the services provided) or we may not be able to comply with our legal obligations.
- Information provided by our customers, suppliers and contractors
The Company collects personal data that you provide for the performance of our contractual relationship. The Company collects, stores and uses, where necessary, the following categories of personal data:
- Personal Information such as name, title, home address, telephone and personal e-mail address;
- Date of Birth;
- Passport number or ID card number;
- VAT number;
- Bank account
- Information provided through the Contact Form on our website
In case that you have any question or other request, please complete the Contact Form on our website. There you will be asked to provide your name, surname, email address and necessary information related to your request.
Please note that we will retain all the provided information for the period of 1 month after your question/request has been answered or the inquiry was closed.
- Information provided by the customers through Suggestion Card.
In case that you would like to submit any suggestions to the Company, please complete the Suggestion Card which can be found at the Customer Service Desk in all «Sklavenitis» supermarket. Completing the Suggestion Card you should provide all the necessary information regarding your suggestion.
Please note that we will retain all the provided information for the period of 1 month from the submission of your suggestion. In some cases the Company may retain your personal data for a longer period which will inform you about, in order to settle your suggestion.
- Information provided through emails for the performance of your order
The Company collects the personal data provided by the customers through email or telephone, for the performance of the order. The Company will collect the provided data such as name, surname, address, email, telephone and other related information regarding the customer’s order.
The Company will retain all the provided information for the period of 1 month after the delivery date of the order.
- Information provided through Discount Cards Registration Form, for certain categories of customers.
In case Students wish to get a discount card, the student should fill in the Student Card Application Form in which the following personal data should be filled in: name, surname, date of birth, id number and passport number, address, postal code, email address, mobile number, home phone, nationality, contact language, name of university/college and number of student identity card.
It is noted that the Company will collect and retain all the provided information for the period of 1 month after the discount card becomes inactive.
In case professionals wish to get a discount card, they should fill in the Registration Form for Professionals which can be found from the Customer Service Desk in all «Sklavenitis» supermarkets or the specific customers can send their details to the email address email@example.com. The Company will collect the following personal data: name and surname of the representatives of the company, email address, mobile number and business phone.
The Company will collect and retain all the provided information through the Discount Card Form for 3 years after the discount card becomes inactive.
F. NON AUTOMATED DECISION MAKING
The use of personal data by an electronic system of making a decision without any human involvement constitutes automated decision making. The Company does not have and use systems and procedures for automated decision making in relation to personal data of customers, suppliers and contractors.
G. PURPOSE OF PROCESSING
The Company collects and processes personal data only when permitted by law. Specifically, the Company needs all the above categories of personal for the performance of our contract and in order to comply with its legal obligations. In certain circumstances we can use your personal data for the protection of our legitimate interest or third party, provided that this overrides your interest and fundamental freedoms or as the case may be, according to your consent. The cases when we will process your personal data are stated below.
- To manage the contract we have with you or to respond to your request.
- To manage your accounts with your company.
- For the processing of your orders or requests.
- For promoting any suggestions.
- For the settlement of payments to our suppliers and contractors.
- For the quick and efficient service of our customers.
- For the management of the company, including accounting audits.
- To deal or defend any legal disputes or procedures that relate to you.
Some of the above reasons for processing your personal data will overlap and there may be several reasons to justify the used of your personal data.
Η. COMMON USE OF DATA
There may be instances where we will share your personal data with third parties, including service providers or other legal entities, where required by law, where it is necessary to manage our relationship or where we have a legitimate interest in doing so. The following activities are performed by third party service providers, filing of the invoices and credit notes, auditing and accounting services, insurance services, credit insurance, taking legal action in relation to overdue debts.
We required from all third party service providers and legal entitles to respect the safety of your personal data and to manage them in accordance with the Law as well as to take appropriate security measures to protect your personal data in accordance with our company policies. We do not allow third party service providers to use your personal data for their own purposes. We only allow them to process your personal data for specified purposes and in accordance with our instructions.
We may share your personal data with other third parties, for example, in case of a possible sale or restructuring of the business. In this case, as far as we can, we will share anonymous data with other third parties before the transaction is completed. When the transaction is complete, we will share your personal data with third parties if and to the extent required by the terms of the transaction.
I. SECURITY OF PERSONAL DATA
Having as a primary aim the security of personal data, the Company has put in place appropriate security and organizational measures in compliance with the General Data Protection Regulation (GDPR), to prevent unauthorised loss, use or access to your personal data, modification or disclosure. In addition, we restrict access to your personal data to employees and other third parties who have business reasons to know this information. They will process your personal data only in accordance with our instructions and are subject to confidentiality obligations.
We have established procedures for dealing with any data breaches and will notify you and any supervisory authority of a potential breach where we will be legally obliged to do so.
J. RETENTION OF DATA
Your personal data is stored on the Company’s servers, which are located at the Head Offices and in some cases in a physical file, within Company’s premises taking the necessary security measures. They are subject to processing for the period of time required for the fulfillment of the respective purpose of processing and/or for the Company’s compliance with any obligations under the law.
The retention period of your personal data is specified above, separately for each specific purpose. In any other case which is not specified above we will retain your personal data only for a period of six (6) years after the expiration of our contractual relationship, unless court proceeding are pending where the data will be retained for a longer period for the purpose of establishing, exercising and defending legal claims. After the above periods (Point E) your personal data are deleted, unless you consent for their further retention.
For the purpose of this term, termination of our contractual relationship shall be defined as the date of full and final settlement of any debt or the fulfillment of any transaction between you and the Company.
In some circumstances, we may use your personal data anonymously so that the data cannot be associated with you, and in such case we may use this information without any further notice.
It is important that your personal data we collect about you is accurate and up-to-date. Please let us know if there is any change to your personal data during our contractual relationship.
Right of access, correction, deletion and restriction
In some instances, in accordance with the applicable laws, you have the following rights with respect to your personal data:
- Access your personal data (known as "data subject's access rights"). This allows you, for example, to receive a copy of the personal data we hold for you and to check that we are legally processing it.
- Ask for the correction of your personal data that we maintain on you. This enables you to correct any incomplete or inaccurate data we hold about you.
- Ask for the deletion of your personal information (known as the "right to be forgotten"). This allows you to request that we delete your personal data when there is no valid reason to continue processing it. You also have the right to ask for the deletion of your personal data when you exercise the right to oppose processing (see below).
- Prohibit the processing of your personal data (known as the "right to object") when we rely on a legitimate interest but there is something special about your situation that makes you want to oppose processing for that reason.
- Ask to restrict the processing of your personal data. This allows you to ask us to restrict processing if, among other things, the accuracy of your personal data that we collect is questioned.
- Request the transfer of your personal data to third parties (known as the "data portability right").
Without additional charge
You will not have to pay any amount to access your personal data (or to exercise any other rights). However, we may charge you a reasonable fee if your request for access is unfounded or excessive. Alternatively, we may refuse to comply with your request in such instances.
Right to complain
You have the right to file a complaint with the Office of the Personal Data Protection Commissioner, the contact details are as follows:
1 Iasonos Road
1082 Nicosia, Cyprus
Phone: +357 22 818 456
Fax: +357 22 304565
E-mail address: firstname.lastname@example.org
Change to this privacy notice
We may occasionally change or modify this privacy notice at any time and we will duly notify you of any changes either directly or through our website depends on the case. We can also notify you in other ways at times about processing your personal information.
If you have any questions regarding the way that the Company process your personal data or in case you would like to exercise any of your rights, please contact the Data Protection Officer Mr. Panagiotis Panagiotou at email@example.com or at 25- 316816.