Privacy Policy
Privacy Policy of the Company Stergiou Family Food Products Manufacturing Société Anonyme
- General
This privacy policy defines the way in which the company Stergiou Family Food Products Manufacturing Société Anonyme (hereinafter referred to as "Stergiou Family") collects, uses, processes, stores, manages and protects the personal data (hereinafter referred to as "personal data" or "PD") of customers, suppliers, partners, prospective employees and visitors to the Webpage in order to meet the company's data protection standards and to comply with applicable law. Your personal data includes any information on paper or electronic medium that may lead, either directly or in combination with other information, to your unique identification or to your tracing as a natural person (indicatively, full name, TIN, telephone numbers etc), in accordance with the provisions of the General Data Protection Regulation (GDPR 2016/679), Law 4624/2019, the applicable Greek legislation in force at the relevant time as well as the decisions of the Hellenic Data Protection Authority (HDPA).
This policy applies to any information (i) that relates to the customer (hereinafter referred to as the "Customer") in the context of his/her commercial cooperation with Stergiou Family (ii) that relates to the supplier's PD in the context of his/her commercial cooperation with Stergiou Family (iii) that concerns the data of prospective employees collected during the recruitment procedure (iv) that concerns visitors and customers of the Webpage of Stergiou Family http://stergioufamily.gr/ (hereinafter referred to as the "Webpage") (v) that concerns customer data in the context of customer service (complaint registration procedure).
2. Categories and Types of Personal Data Collected
Α. CV evaluation procedure: Contact Information - Personal Information - Health data revealing the health status of the individual. - Data revealing behaviour, lifestyles or consumer habits. - Banking & Financial Information
Β. Procedure for handling personal data of customers in the context of commercial cooperation: Contact Information - Banking & Financial Information - Personal Information - Data revealing behaviour, lifestyles or consumer habits.
C. Procedure for handling personal data of suppliers in the context of commercial cooperation: Contact Information - Personal Information - Banking & Financial Information
D. Communication procedure with Webpage visitors: Contact Information - Personal Information, IP address, browser, operating system and settings, social media username
Statement on the Processing of Personal Data by Stergiou Family (in its capacity as Data Controller and Data Processor - in accordance with the EU General Data Protection Regulation 679/2016)
Why will Stergiou Family process my personal data (PD)?
Stergiou Family is active in the manufacturing, promotion and sale by any legal means of food products and in particular bakery and confectionery products, and frozen products as well as any kind of raw materials used for this purpose, with which it also supplies, among others, stores throughout Greece. In the context of the general business activity in accordance with the above and the pursuit of its statutory objectives, the Company has created and maintains a database of customers and suppliers. Stergiou Family processes and stores such data within the EU.
In addition, in cases where Customers use the contact form on the Webpage, they will be asked to provide certain personal data which is processed with their consent. Similarly, in order to serve Customers, certain personal data such as, indicatively, contact information etc is provided by the subjects themselves.
The legal basis of data processing is the execution of the respective contract, the legitimate interest of Stergiou Family and in some cases the consent of the data subjects (Webpage contact form, complaints registration).
Additionally, Stergiou Family may collect personal data of prospective employees who are interested in working with Stergiou Family for the sole purpose of examining the possibility of a future cooperation - employment. The legal basis for the aforementioned data collection is the consent of the data subject who provides the necessary information.
Information that is automatically collected when you visit and interact with the Webpage:
We inform you that the personal data and information collected and processed during the management of your account on the Webpage is appropriate for the purpose for which it is collected and is necessary for the processing of your requests, applications and use of the services of Stergiou Family.
More particularly, when you visit and interact with the Webpage, certain information may be collected automatically, such as:
● the Internet Protocol (IP) address of your computer;
● the type of browser and operating system.
More specifically, the Stergiou Family Webpage uses various types of cookies. For a full description of the types of cookies used and the type of data collected through them, please refer to the Stergiou Family[A1] Cookies Use Policy.
Stergiou Family does not manage, collect or process geographical distribution data, which is collected and processed exclusively by the companies that provide operating systems for each device you use (in case of using iOS - Apple Inc or in case of Android - Google Inc). Stergiou Family does not have access to the GPS location refresh rate.
3. Data collection points
1) General Commercial Register (GCR webpage) - A, B
2) Sole proprietorships, customers - B
3) Sole proprietorships, suppliers - C
4) Webpage - D
5) Social media - A, B
4. Recipients and transfer of data to third parties
Stergiou Family reserves the right to disclose the personal data of the data subjects to any member of an affiliate / subsidiary of the company (parent company and its subsidiaries) which apply appropriate technical, physical and administrative security measures to protect the data from loss, misuse, damage, alteration, unauthorised access and disclosure, as provided for by Article 32 of the General Data Protection Regulation (EU) (679/2016), or to other third parties to the extent that this is reasonably necessary for the purposes set out in this announcement and more particularly:
● The personal data of the data subject will be transferred to the departments of Stergiou Family that are competent for the smooth and uninterrupted operation of the services and functions of the Webpage as well as for the service of customers in the context of the evaluation of their complaints.
● The personal data of the data subject may be transmitted and made accessible by legal entities with which we conclude contractual agreements from time to time in order to pursue our statutory purpose (sale of products) in the context of the legitimate interest of our company. At our Company we select reliable providers and strive to place contractual restrictions on third parties who receive your personal data in order to ensure its lawful use. However, we cannot guarantee you that they will not use or disclose this data without your permission. For this reason, we recommend that you carefully review the personal data protection practices of any third party providers/suppliers whose products or services you purchase through our webpages.
● In addition, our Company's webpage may contain links leading to other third-party, independent body webpages, such as, indicatively, content provider companies, payment service providers etc, which are operated and maintained exclusively by them, and which we do not control, as previously mentioned above, and therefore, we bear no responsibility whatsoever for their content, actions or policies. Please read carefully the respective data protection policies of the webpages you visit, as they may differ significantly from ours.
● The personal data relating to billing may be transmitted and made accessible to banking institutions with which we cooperate to process employee payments as well as to competent public bodies in the context of our compliance with a legal obligation. More particularly, such parties may be official governmental and supervisory bodies (e.g. law enforcement and prosecution authorities, Cyber Crime Division, HDPA, HTPC, IAPR, supervisory authorities), in case we are required to comply with the legislation and prevent acts of unlawful interference against us and against our customers (e.g. telecommunication fraud, abuse, personality infringement etc).
● The personal data of the data subjects may be disclosed to cloud hosting providers for the purpose of storing and safeguarding the data with appropriate technical and security measures.
● The personal data of customers (sole proprietorships) may be disclosed to companies providing commercial and financial information concerning the creditworthiness of trading parties in order to exercise the right to financial freedom based on information that ensures commercial loyalty, reliability and security of transactions. We conclude agreements with these companies to process personal data in the context of GDPR.
● In the course of all data transmissions, we always take all appropriate measures so as to ensure that the data transmitted is the minimum required for the pursued purpose of the processing and that the conditions of lawful and valid processing are always met. The partners of Stergiou Family to whom personal data may be transferred have signed the necessary data processing agreements or have provided specific guarantees regarding the transmissions of personal data by applying standard contractual clauses to their agreements.
5. Personal Data Retention Period
The personal data retention period depends on the legal basis for processing, as set out in detail below:
● In the case where the legitimising basis of the processing is the exercise of legitimate interest, the processing and retention of personal data will be carried out for as long as it is deemed necessary to achieve the pursued purpose of Stergiou Family, and also for as long as it is still required until the limitation period of any relevant claims has expired.
● In the case where the personal data of the Customer Information is provided with their own consent in the context of sending the CV or information via the contact form of the Webpage, we will retain their data until the consent granted is withdrawn by the data subject. In the case where, for whatever reason, this is discontinued, we will retain it for as long as it is still required until the limitation period for any relevant claims has expired.
● In the case where the legitimising basis of the processing is the performance of the contract, we will retain your data for as long as you maintain a contractual relationship with us in both paper and electronic form or for as long as it is still required until the limitation period for any relevant claims has expired.
● In cases where the processing of personal data is carried out on the basis of a legal obligation (Article 6(c) of GDPR), its retention period is determined on the basis of the requirements of the legislation and the time period during which checks may be carried out by the competent authorities.
In any case, you may obtain detailed information in relation to the more specific time periods for the retention of personal data by submitting a relevant request in accordance with the procedure provided for in this policy.
6. Data subject rights
You can exercise, where applicable, the rights arising from the applicable Greek Legislation and the General Data Protection Regulation (Regulation (EU) 2016/679), which are the following: a. Right to information (Article 13); b. Right of access (Article 15); c. Right to rectification (Article 16); d. Right to erasure ("right to be forgotten") (Article 17); e. Right to restriction of processing (Article 18); f. Right to portability of personal data (receiving your personal data in a structured and commonly used format - Article 20, where applicable); and g. Right to object (Article 21) which applies to certain data processing activities
● These rights may be exercised only in cases where Stergiou Family acts as a data protection officer and more particularly a) in the processing of personal data of prospective employees for the purpose of assessing the possibility of a potential professional cooperation b) in the processing of personal data related to the pursuit of its statutory purpose (sale and distribution of baked goods and confectionery products) c) in the processing of personal data of visitors and customers of the Stergiou Family webpage d) in the processing of data of the customers' data subjects in the context of the procedure of evaluation and processing of complaints.
● These rights are exercised free of charge to you by sending a relevant letter to the Data Protection Officer of Stergiou Family: Latsoudis & Associates Law Firm, +30 210 2205 950 or via email to dpo@latsoudislaw.com. Alternatively, you can also visit the Data Subject Access Request on our webpage http://stergioufamily.gr/. You may also submit your request in writing by sending the request:
- To the Complaints / Customer Service Department of Stergiou Family: 85 Tatoiou Avenue, GR - 136 77, Acharnes, Attica, Greece, GDPR@stergioufamily.gr
- To the Data Protection Officer (DPO) of Stergiou Family: Latsoudis & Associates Law Firm, +30 210 2205 950 or via email to dpo@latsoudislaw.com.
● However, in the case where the aforementioned rights are exercised in an abusive manner and without reasonable cause, thus causing an administrative burden, we may charge you with the costs associated with the exercise of the respective right.
● In the case where you exercise any of your rights, we will take all appropriate steps to satisfy your request within thirty (30) days of receipt of the relevant request. We may either inform you of the acceptance of your request or of any objective reason which prevents us from processing your request.
● Irrespective of the foregoing, you may at any time oppose to the processing of your Personal Data by withdrawing your consent (Article 7(3) of GDPR 679/2016) by sending a letter to the Data Protection Officer (DPO) of Stergiou Family: Latsoudis & Associates Law Firm, +30 210 2205 950 or via email to dpo@latsoudislaw.com. This right applies only in cases where the legal basis for data processing is the consent of the data subject.
7. Data processing by Stergiou Family
In some cases, customers provide us with their business data, such as customer, supplier or third party data, which may contain personal data (which may refer to natural persons or companies) in the context of providing our services. In such cases, Stergiou Family will act as a "Processor" of the personal data included in such business data. Therefore, in such cases, different provisions of the General Data Protection Regulation (EU) 679/2016 apply, with which we comply.
Additionally, Stergiou Family applies throughout the data processing procedure appropriate technical, physical and administrative security measures to protect and secure personal data against loss, misuse, damage or modification, unauthorised access and disclosure, in accordance with Article 32 of the General Data Protection Regulation (EU) 679/2016, in order to ensure an appropriate level of security against these risks. These include, among others, the following, where applicable: a) the application of encryption protocols; b) the ability to ensure confidentiality (Article 90 of the General Data Protection Regulation (EU) 679/2016), integrity, availability and resilience of processing systems and services on a continuous basis; c) the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident; d) the procedure for regular checking, evaluation and assessment of the effectiveness of technical and organisational measures to ensure the security of processing.
In addition, Stergiou Family takes steps to ensure that any natural person acting under the supervision of a data controller, who has access to personal data, will not process such data except only under the instructions of the data controller and will restrict access to your personal information to authorised employees.
The indicative security measures applied by Stergiou Family are as follows:
A. Organisational security measures
1. Designation of a Personal Data Protection Officer
2. Organisation / Management of personnel - definition of roles and responsibilities of persons involved in the processing of PD
3. Management of information assets
4. Personnel training on personal data security - information on the individual policies/procedures of Stergiou Family
5. Management of processors
6. Establishment of a procedure for the destruction of data and storage media
7. Management of personal data leakage incidents
8. Control of security measures
B. Technical security measures
1. Access control
2. Backups
3. Computer configuration
4. User action and security event logs
5. Communications security
6. Management and protection of external - removable storage media
7. Software and application security
8. Change management
C. Physical security measures
1. Physical access control
2. Environmental security - protection against natural disasters
3. Document report
4. Protection of portable storage media
8. Cookies and other technologies
8.1 General terms
This webpage uses cookies and similar technologies. Technically required cookies will be used automatically. Other cookies (or similar technologies such as pixels, fingerprints) will only be applied based on your prior consent. You can find more information about the Cookies used on our webpage and their purposes in our Cookies Policy (with hyperlink). There you will also find information on how you can withdraw your consent for the future.
Your preference is set for the specific domain, per browser and computer. Therefore, if you visit our webpage from home and work or from different browsers, you need to deactivate data storage for each device or browser.
8.2 Web monitoring
A) Google Analytics
This webpage uses Google Analytics, a web analytics service provided by Google Inc. ("Google"). For this purpose, a cookie is installed on your computer. The information generated by the cookie about your use of the webpage (including your IP address) will be transferred to and stored by Google on servers in the United States.
We have activated IP anonymisation which means that Google will truncate/anonymise the last octet of the IP address for European Union Member States as well as for other parties to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent and be subject to shortening by Google servers in the USA.
On behalf of the webpage provider, Google will use this information for the purpose of evaluating the use of the webpage, compiling reports on webpage activity for website operators as well as for providing other services relating to webpage activity and internet usage by the website operator. Google will not associate your IP address with any other data held by Google.
Objection to the collection of personal data:
You can also prevent the collection and use of data by Google (cookies and IP addresses) by changing your browser settings or by downloading and installing browser plug-ins as available at https://tools.google.com/dlpage/gaoptout?hl=en
B) Google DoubleClick
We use the DoubleClick function on our webpage in order to evaluate its use and to enable us, Google as well as other advertisers working with DoubleClick to provide you with user-tailored advertisements. For this purpose, a cookie is installed on your computer. This cookie collects information about the advertisements that appear in your browser and those that you choose. The information generated by the cookie about your use of the webpage is transferred to a Google server in the USA and stored there. Based on the information collected, advertisements related to your interests will be displayed in your browser.
Objection to the collection of personal data:
You can also permanently deactivate the DoubleClick cookie by changing your browser settings or by using a browser plug-in. With this, the deactivation of your settings for this browser are maintained even if you delete all cookies. You can obtain a browser plug-in for permanent deactivation at https://support.google.com/ads/answer/7395996
8. Use of Social Media Plug-ins
Plug-ins ("plug-ins") of different social media are embedded in our webpages. The associated services are provided by respective companies ("providers"). These providers are:
Facebook operated by Facebook Inc, 1601 S California Ave, Palo Alto, CA 94304, USA ("Facebook"). For a comprehensive overview of Facebook plug-ins and their appearance, please refer to: https://developers.facebook.com/docs/plugins
Instagram is provided by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland ("Instagram"). For an overview of Instagram plug-ins and their appearance, please go to: https://developers.facebook.com/docs/instagram
LinkedIn is provided by LinkedIn Corporation, 1000 West Maude Avenue, Sunnyvale, California 94085, USA, and within the EU by LinkedIn Ireland Unlimited Company, Gardner House, Wilton Plaza, Wilton Place, Dublin 2, Ireland ("LinkedIn"). For an overview of LinkedIn plug-ins and their appearance, please go to: https://developer.linkedin.com/plugins#
Further information about the collection and use of data by providers as well as your rights and options to protect your privacy under these circumstances can be found in the providers' personal data protection statements:
Facebook Personal Data Protection Statement: http://www.facebook.com/policy.php
Google Personal Data Protection Statement: https://www.google.com/intl/de/policies/Data Protection/
9. Lodging a complaint - Recourse
●For any matter relating to the processing of personal data, you can contact us via email at the address GDPR@stergioufamily.gr.
Additionally, you always have the right to contact the Hellenic Data Protection Authority, which may accept in writing the lodging of relevant complaints in its protocol at its offices at 1-3 Kifisias Avenue, GR - 115 23, Athens or via email (complaints@dpa.gr) in accordance with the instructions given on its webpage.
10. Amendments
This policy may be updated from time to time, due to amendments to the relevant legislation or changes in the Company's corporate structure. Therefore, we encourage Customers/Visitors to visit this webpage periodically so that they can keep up to date with the latest information on our personal data protection practices. In any case, Customers may be notified via email or via notice on our webpage of any amendments to this policy.