COMPANY’S PRIVACY POLICY

A. DATA MANAGER

A.1. The company NELLOPOULOS DIM. DIONYSIOS (hereinafter referred to as ”The Company”), headquartered in Thessaloniki, 191 Monastiriou Street, tel. 2310557229, e-mail: info@nflex.gr having as legal representative Mr. Nellopoulos Dionysios, son of Dimitrios, is in charge of the process of your data.

A.2.The Company has appointed a Personal Data Protection Officer and for any questions regarding your rights you may contact us at: info@nflex.gr.

B. GENERAL PRINCIPLES ON GDPR

B.1. The information you require of us as well as the information in this document is provided free of charge provided that it is well founded, non-excessive and does not have a recurring character. Otherwise, the company may charge a similar fee or refuse to provide the information on your request.

B.2. If the company has doubts about your identity when applying for your rights, it may ask for more information to confirm your details and process your request.

B.3. The Company will respond to your above rights within one (1) month of the request or within four (4) months in specific cases (eg complex request, high difficulty request, large number of requests etc.).  As long as the Company has legal grounds as set out in the General Data Protection Regulation (GDPR 2016/679) it may refuse to provide information. If the delay is longer than anticipated or if you believe that your right is being violated you have the right to file a complaint to the Supervisory Authority on the following: Personal Data Authority, 1-3 Kifissias Street, Pοstcode 115 23, Athens, e-mail: contact@dpa.gr, tel. 2106475600. You have the right to withdraw consent by submitting a request to the Data Protection Officer via e-mail to info@nflex.gr

B.4. Effective protection of personal data requires strengthening and detailing the rights of data subjects. The General Data Protection Regulation refers to how to provide information in a ”concise, transparent, comprehensible and easily accessible form” using clear and simple wording. The information may be provided either in writing or electronically.

DATA PROCESSING PURPOSE

C.1. Partners – Customers – Suppliers – Employees

For the current customers, suppliers, and partners of our company the purpose of processing your data is only to execute the contract between us and to comply with the tax laws. The legal basis is the execution of our contract and compliance with the current law. The retention time for your data is what the tax law stipulates and they will be deleted after it expires.

C.2. Prospective partners – Clients – Suppliers

With regard to prospective partners, customers, suppliers we inform you that your personal data (full name, telephone, e-mail, address, etc.) that you have provided to our company through digital or print contact form, e-mail, telephone, etc., have the purpose to investigate the possibility of cooperation or transaction between us. The legal basis is to serve the legitimate interest of our company to enter into a commercial agreement with you. The data retention time is 12 months and they will be deleted after it expires.

C.3. Prospective Employees

For prospective employees, the receipt of your resume is intended to evaluate your ability to be hired by our company on the basis of your consent. The data retention time is 6 months and after expiry they will be deleted.

C.4. Out-of-Company Data Transfer

Transfer of your data outside the company is permitted if required by law (Labor Inspection, Insurance, Tax Office, etc.). Also to computer and network technicians, computer software for the purpose of computer support of the company as well as to any partner with the company for its smooth operation (such as Accountants, Transport companies etc.)

D. RIGHTS

D.1. Right to information

You have the right to request information about the personal data we hold and have collected from you.

D.2. Right of access – correction

Our company has the obligation, when it is asked, to provide you with access to the information we hold about you and concern you and to confirm whether your data is being processed or not, the purposes of the processing, the categories of data, the recipients, etc. You also have the right to request a correction of the data if it has been changed or entered incorrectly.

You reserve the right to report to the supervisory authority if the information available has not been made available by yourself and find if there is profile training and automated decision making.

D.3. Right to be forgotten – erasure

It is one of the flags of the regulatory reform effort.

If your personal data are not necessary for the purpose of collecting or you consider them as illegal you have the right to request a complete or partial erasure. The company is obliged to respond to you for the progress of your request within one month or four (4) months in specific cases (eg complex request, high difficulty request, large number of requests etc.). In case of failure to erasure you have the right to file a complaint to the Supervisory Authority (Data Protection Authority, 1-3 Kifissias Street, PC 115 23, Athens, e-mail: contact@dpa.gr, tel. 2106475600) or file a lawsuit.

In case you deem the processing of data illegal but do not wish to have them removed due to a possible legal claim, you dispute the accuracy of your data or you believe that your rights override the processing reasons by the Company you have the right to request the restriction of the processing of personal data (quantitatively, chronologically and for the purpose of processing).

You may object to the use of the processed data by the Company for marketing purposes and especially for the development of profile related to marketing.

D.4. Portability Right

You have the right to receive and transmit your data to a third party without any objection from the Company and at your request the possibility of direct transmission without your intervention.

DATA SECURITY – WARRANTIES

The Company takes all necessary technical and organizational measures to protect your data as required by law and solely for the above purposes.

The Company will not disclose your personal data except as required by law (Tax Office, Insurers, etc.) and the Company’s information systems support providers.

 Updated on 27/01/2020