Cookies Policy
Cookies policy
Cookies are small text files stored in your computer or mobile device when you visit a webpage. We use the term “cookies” as a common term to describe techniques such as cookies, Flashcookies and web beacons. Cookies are used mainly to ensure that your
visit to our webpages is as easy as possible, as well as for advertising purposes during your future visits to other webpages. The cookies policy provides further details for the types of cookies we use, their use, as well as methods to delete or prevent the storage of certain cookies in your computer or mobile device.
1.6. Personal data of minors.
The Company and its webpages are intended for persons who are at least eighteen (18) years of age. The Company accepts no liability whatsoever for underage users that willingly visit our websites. If during the collection of the data it is detected that the user is underage, the Company will not process the personal data.
2. Processing of personal data related to your contractual relationship with the Company.
2.1. Categories of personal data and sources.
In the context of a future or existing contractual relationship with the Company, the Company may process the following categories of your personal data.
(a) Identity and contact information, such as full name, T.I.N., Tax Office (ΔOY), address, phone number, mobile phone number, email provided by our counterparty or representatives thereof for identification and contact purposes, information related to classification, by the dedicated administrators, in special customer categories (e.g. customer or associate), copies of connection contracts with the relevant administrators, attestation of business activity commencement by the Tax Office (in case of trade, vendor or dealer agreements for professional use), special characteristics that document the issuance of a specific invoice (e.g. contract with a specific third party).
(b) Specifically for the business activities of the Company, information about the establishment of the prospective or current customer, about which a commercial agreement has or will be entered into, bank account numbers disclosed by you, information about transactions and payments performed in the context of a contractual relationship with the Company, information related to contact of the prospective or current customers with the Customer Service Department of the Company (including requests, complaints etc.).
(c) Data that was processed in the context of a project, a purchase of products or services, or rendered by the business partner, such as personal data related to orders, payments made, requests and reports in the context of the implementation of a project or collaboration in general.
2.2. Purposes of processing:
The aforementioned personal data is processed for the following purposes:
(a) Management of the contractual relationship, such as receipts, delivery of products, provision of services, performance of works, collections, payments, accounting audits, operational and IT support, performance, support and monitoring of the contract, fulfillment of contractual obligations, etc.;
(b) Ensuring compliance of the Company with statutory requirements (fiscal, insurance, customs, accounting, etc.), the conduction of compliance audits of the business partners, the prevention of financial crimes as well as ensuring the overriding legitimate interests of the Company, such as the transmission of data to law firms or competent authorities;
(c) The provision of digital services in vehicles;
(d) Cases requiring the recall of products.
2.3. Lawful basis for processing
Unless otherwise stated during the collection of the personal data, the lawful basis for the processing thereof is one of the following:
(a) Processing is necessary for the performance of a contract to which you are a party (Article 6 (1)(b) of the GDPR);
(b) you have given express consent to the processing of your personal data (Article 6 (1)(a) of the GDPR).
(c) processing is necessary for compliance with a legal obligation to which the Company is subject, or for the purposes of the legitimate interests pursued by the Company (Article 6 (1) (c) or (f) of the GDPR respectively).
2.4. Recipients and transmissions.
The Company may transmit personal data to other subsidiaries or third parties, but only if and to the degree that said transmission is strictly necessary for the aforementioned purposes.
The Company may transmit personal data to court, administrative, tax, customs, arbitration authorities or other public authorities, regulatory bodies and lawyers, if required for compliance with the law and/or the establishment, exercise or defense of legal claims.
Furthermore, the Company may assign the aforementioned processing, in whole or in part, to third parties (data processors) including the managers and employees thereof:
– parties that have entered into a contract with the Company for the promotion of the Company’s services, for the provision of postal services, IT support services, record keeping services, research services, energy analysis and market stratification research services, IT services, advertisement services, banking and financial institutions, chartered accountants;
– parties that that have entered into a contract with the Company for the assessment of the customer’s creditworthiness to fulfill the obligations arising from the contract;
– debtor notification companies, for the purposes of notifying the customer pursuant to Law 3758/2009 as amended and in force (the managers and employees of said companies), lawyers and law firms.
In these cases, with contractual terms and regular audits, we ensure that the legislation for the protection of personal data is adequately complied with.
The recipients of the personal data may be established outside the European Economic Area. In these cases, the Company takes measures in order to implement sufficient and appropriate guarantees for the protection of personal data with other means, mainly using the EU approved standard contractual clauses.
3. Personal Data Retention Period
The Company shall retain your personal data for as long as it is required for the achievement of the purposes described in this policy, unless applicable legislation imposes or allows a longer period. The criteria that govern the determination of the personal data retention period include the following: (a) the term of the contract between us, (b) the period required in order for the Company to comply with a legal requirement to which it is subject, (c) the period required in view of a legal situation in which the Company is found (e.g. defense of rights before courts, regulatory authorities’ audits, etc.).
4. Technical and Organizational Measures
The Company, both when determining the processing methods and during processing, implements effective, appropriate technical and organizational measures, such as pseudonymization, designed to implement data protection principles, such as the minimization of data and the incorporation of the required guarantees in the processing, in order to fulfil the requirements of applicable legislation and protect the rights of natural persons.
5. Right to withdraw consent.
If you gave your consent for the processing of specific personal data by the Company, you are entitled to withdraw said consent at any time, with proactive effect. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. In case of withdrawal of consent, the Company may further process the personal data only in cases of other legal purposes for the processing.
6. Rights of the data subject
According to currently applicable data protection legislation, and provided that all relevant legal requirements are met, you have the following rights:
6.1. Right of access
You have the right to be notified if the Company processes your data, to access the data and receive additional information on the processing thereof.
6.2. Right to rectification
You have the right to request to update, rectify or supplement your personal data.
6.3. Right to erasure
You have the right to submit a request for the erasure of your personal data, which will be granted provided that there is no other lawful basis for processing (including but not limited to an obligation to process data imposed by law).
6.5. Right to restrict processing
You have the right to request a restriction of the processing of your personal data in the following cases: (a) when you contest the accuracy of the personal data, and until the verification thereof; (b) when you oppose the erasure of the personal data and request the restriction of their use instead; (c) when the personal data is not required for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims and (d) when you object to processing pending the verification whether our legitimate grounds override the grounds on which you oppose the processing.
6.5. Right to object the processing
You have the right to object at any time to processing of your personal data based on point the lawful basis of Article 6(1) (e) or (f) of the GDPR, which shall be granted unless the Company demonstrates compelling and legitimate grounds for the processing.
6.6. Right to data portability
You have the right to receive the personal data in a structured, commonly used and machine-readable format or to request, if technically feasible, to transmit said data directly to another controller.
6.7. Right to object to automated individual decision-making
You have the right to request your exclusion from decision making based solely on automated processing, including profiling.
7. Right to lodge a complaint with a supervisory authority
The competent authority is the Hellenic Data Protection Authority. You have the right to lodge a complaint with the Data Protection Authority regarding matters related to the processing of your personal data. Before lodging a complaint with the competent Authority you must attempt to exercise your rights with the Company. For detailed information on the competence of the Authority and how to lodge a complaint you can visit its website (www.dpa.gr > citizen rights > Complaint to the Hellenic DPA).
INFORMATION POLICY FOR THE USE OF COOKIES IN WEBSITES
The Company’s website, the email messages, the advertisements and interactive applications use cookies for the optimization of the website’s and the provided services’ performance.
1. What is a cookie?
Cookies are small text files stores by a website to an internet browser during the visitor’s browsing and subsequently identify visitors when they visit the website again. Cookies do not contain personal information that could allow anyone to contact the website’s visitor e.g. via email, etc.
2. Types of cookies
The Company may use cookies of the following types in order to provide to the visitors of its website the best possible service as well as customization of the information and preferences when browsing the website with a specific internet browser.
– Session cookies
These the cookies required for the functioning of a website. For example, a session cookie may contain the users’ preferences in the website’s vehicle configurator, until they complete the configuration.
– Persistent cookies
These are cookies necessary for an improved visitors’ experience when browsing the website. For example, a persistent cookie stores the choices of the visitor so that he does not have to repeat them, such as the choice to accept the cookies policy or the choices made recently in the vehicle configurator.
– Third party cookies
Third-party cookies are necessary for the visitor’s understanding and use of the site. Cookies help to improve the website, in order to match the users’ needs. Furthermore, said cookies enable the display of targeted ads to the visitors, based on the pages visited when browsing the platforms of said third parties. The third party cookies used are:
GOOGLE ANALYTICS / ADOBE ANALYTICS, through which information is collected. Said information helps the Company to better understand the use of the website by the visitors and to optimize it based on their preferences;
GOOGLE REMARKETING / FACEBOOK REMARKETING, which display targeted ads based on the pages visited when browsing pages that host Google ads or when browsing Facebook;
Further information regarding Google’s Privacy Policy can be found at this link: https://www.google.com/intl/en/policies/privacy. If the visitor does not wish his data to be collected by Google Analytics he may download and install in his browser the Google Analytics Opt-Out program at this link: https://www.google.com/intl/en/policies/privacy. The relevant link for Adobe’s privacy policy and opt-out is https://www.google.com/intl/en/policies/privacy and for Facebook https://www.google.com/intl/en/policies/privacy.
3. Accepting the installation of cookies
The visitor, when visiting the Company’s website for the first time, is informed, with a relevant notice, that he acknowledges and understands that the use of cookies is necessary for the proper function thereof. Otherwise he must interrupt the browsing of the website or disable the use of cookies in the browser settings. If cookies are not installed there may be severe consequences in the functionality of the website and the capability of receiving information and/or services. In order to modify the cookies settings in the various browsers check the “help” option of the browser or search the manual of each program.
4. How to delete cookies
Usually you can delete cookies from the privacy or history section available in the “settings” or “preferences” menu of the browser.
The steps involved in the deletion of the cookies vary significantly, depending on the internet browser.
5. Links to social media
The Company’s website contains links to social media. In order to protect the personal data of the Company website’s visitors, no social media plug-ins are used. Instead the website incorporates links that enable easy sharing in social media platforms. The incorporation of a link prevents the direct connection to various social media servers when a page is opened from the Company’s website.
6. Important notice
Emails and social media posts of visitors should not include special categories of personal data (racial or ethnic origin, religious or philosophical beliefs, health data, etc.). Since social media posts are not 100% private, the visitors must be particularly careful because all users will have access them.