Last modified: 25/7/2018

This Privacy Policy explains the practices we follow regarding the protection of your personal data and provides the information required by EU Regulation 2016/679 (hereinafter "Regulation"), within the framework of transparent information.

If you wish to submit a CV/job application, please read the specific Privacy Policy for Candidates, which you will find on this website.

1. Data Controller – Contact

The controller of your personal data in accordance with the Regulation is the company “P. Karfopoulos – D. Papadouli O.E.” with the distinctive title “DIMIOURGIA” and headquartered at 3 Vasili Antonopoulos Street, Kifissia, PC 145 61, Attica, Greece, Tel.: 210 346 5887, (hereinafter “Company”, “we”, “us” or “our”). You can contact us to resolve any questions you may have regarding the way in which we process your personal data, by sending a message to the address: dataprivacy@dimiourgia.eu.

2. Personal data we collect and process

We collect and process the following categories of personal data:

• Identification and contact data: name, surname, email address, postal address and landline and/or mobile phone number, which are necessary for us to communicate with you.
• Pricing data: VAT number, tax office number, bank account details
• Internet activity information: We receive certain information about you when you use our website. This includes your IP address and other online identifiers. See our Cookies policy.
• Image and motion data collected through video surveillance of our premises, always within legal frameworks and with the required markings.
• CVs and job applications: Please read the specific Privacy Policy for Candidate Employees, which you will find on our website.

3. Sources of personal data collection

We collect personal data that you provide to us voluntarily, either directly from you or at your request (e.g. you instruct your accountant to provide it to us) and which concern you yourself (unless you indicate third parties), and which is less frequently collected from publicly accessible sources. More generally, we collect your data in the following circumstances:

• when you visit, browse, interact, or fill out a contact form on our website (www.dimiourgia.eu)
• when you contact us by phone or email
• when you visit our offices, or our stand at an exhibition and on other occasions, where we may exchange information and personal data, including business cards
• when you express interest and transact with us regarding an order or supply of materials, as a Customer, Supplier, or Partner
• when you place an order, purchase, or enter into a contract with the Company
• when you submit job applications and/or resumes to the Company.

Attention: Before you provide us with personal data concerning a third party, you are responsible for informing that person about this Policy.

4. Uses, purposes and legal bases.

We use your personal data for specified, explicit and legitimate purposes and do not further process it in a manner incompatible with those purposes, which are:

• We use your identity and communication data to identify you and communicate with you, in the context of conclusion and execution of a contract.
• We also use identity and communication data for the purpose of promoting our products and services, within the framework of legitimate interests ours, as long as your rights and freedoms are not affected. Otherwise, we process your data only on the basis of your prior explicit consent. consent.
• We use your identity and contact data, in combination with your order, billing and payment information, for the purpose of fulfilling an order, settling claims, or other transaction related to the conventional our relationship. We also use your identity and contact data, in combination with order, billing and/or payment information, for the purpose of:
• the provision of technical support
• complaint management, measuring your satisfaction as our Customer and improving our services (according to ISO 9001),
• compliance with a contractual or legal obligation, vital or public interest, or for our own legitimate interest and for the establishment, exercise and defense of legal claims.
• We use the data under (3) and (4) of paragraph 2 above, to protect the property, the physical safety of the Company's employees and visitors, as well as for the security of transactions and the personal data we hold.

5. Retention times – Deletion

The Company retains personal data for as long as is provided for in each case and in accordance with the applicable legislative and regulatory framework.

• In the event that you enter into a contract with our Company, your data will be kept for a period of twenty (20) years from the last calendar day of the year of each of our current business relationships.
• If you did not enter into a contract with our Company, as well as in the event of rejection of a cooperation proposal, your personal data will be stored for five (5) years from the last calendar day of the year of our current business relationship.
• In the event of a lawsuit, your personal data will be retained until the end of the lawsuit, even beyond the twenty (20) year limit.

Your data is then deleted in a secure manner, unless its continued retention is required by law (tax or other).

6. Protection of your personal data

Our Company uses appropriate technical and organizational security measures and follows international best practices to protect your personal data from unauthorized access, misuse, alteration, prohibited dissemination, loss and accidental or unlawful destruction. For example:

• We have properly configured firewalls, secure remote connection methods (VPN), we maintain backups with a proven, effective Disaster Recovery plan and we implement encryption where required.
• We adhere to the necessary Security Policies as well as a process for identifying security breaches and notifying the Authorities.
• We train our staff to handle your personal data with due respect.
• Finally, we bind our employees and partners, who manage personal data, to appropriate confidentiality agreements.

7. Recipients of your personal data

Our Company transfers your personal data in the following cases:

• To its employees, who are responsible for carrying out obligations related to the conclusion and execution of the contract between us (e.g. employees in the Sales Department for preparing an offer, in the Accounting Department for issuing documents, in Production, etc.), as well as for settling legal obligations.
• To payment service providers and/or domestic or foreign credit institutions, for the execution of a contract with you or transactions you requested or made, such as SEPA, SWIFT, VISA, PAYPAL, MASTERCARD, etc.
• To companies (and/or freelancers) that process your data on our behalf (processors), such as IT application maintenance service providers, export consultants, lawyers and law firms, cloud service providers, telecommunications, security, advertising and promotion services, etc. and which we always bind with appropriate contracts and confidentiality clauses.
• Our Company is obliged to disclose information concerning you if required by law enforcement agencies or competent government bodies.

8. Your rights

You can exercise the following rights, based on the Regulation:

The right of access and information, regarding your personal data: which is collected, from which sources, what processing is carried out by the Company, for what purposes and on what legal bases, any recipients or transfers outside the EU, retention periods, protection measures, etc.

The right to correct or update your your personal data, by submitting a statement to the Company with your correct personal data.

The right to erasure of your personal data in the following cases:

• when your personal data are no longer necessary for the purposes for which they were collected or otherwise processed,
• when you withdraw your consent, pursuant to which your personal data was processed and there is no other legal basis for processing them,
• when your personal data has been processed without the necessary legal basis,
• when the law allows the deletion of your personal data.

The right to restrict processing of your personal data in the following cases:

• when you dispute the accuracy of your personal data and until its accuracy is verified,
• when the conditions for deletion from the previous paragraph are met and instead of deletion, you wish to restrict the processing of said data,
• when the Company no longer needs your personal data, but it is required by you, for the establishment, exercise or defense of your legal claims.

The right to object for the processing of your data, unless there are compelling and legitimate reasons for the Company to establish, exercise and defend its legal claims, which override your rights and freedoms.

The right to portability of your data, i.e. their delivery to you, in a suitable machine-readable format, provided that such personal data has been processed with your consent or on the basis of a contract.

The right of withdrawal, at any time, of consent that you have provided to the Company for the processing of your personal data. This revocation will not have retroactive effect, i.e. it will not affect the lawfulness of the processing that was based on your consent and took place before you revoked it.

The above rights may be subject to restrictions due to legal obligations or rights of the Company, such as when you request deletion of data, while the Company is obliged to retain it under legislation, tax or otherwise.

To exercise your rights and for the clarification of any issues regarding applicable legislation, you can contact the Company by sending an email to the following address: dataprivacy@dimiourgia.eu, or a letter to the postal address: P. Karfopoulos – D. Papadouli O.E., Vasili Antonopoulos 3, P.C. 145 61 Kifissia, Attica, Greece.

The Company will respond to your request free of charge within 30 days of receipt, except in exceptional cases, in which case the deadline may be further extended by 60 days, if deemed necessary, taking into account the complexity of the request and the number of requests. In the event of such an extension, you will be informed within 30 days of receipt of the relevant request, as well as of the reasons for the extension. The Company may contact you for identification.

If your claim is considered manifestly unfounded or excessive by the Company, it may impose a reasonable fee, taking into account the costs of completing it, or refuse to continue to respond to your request.

Right to file a complaint

In case you believe that our company has not responded to your requests regarding the protection of your personal data, you have the right to submit a complaint to the Personal Data Protection Authority, following the instructions provided on its website: www.dpa.grYou also have the right to refer to the competent judicial authorities.

9. Minors

Our products and services are not directed at minors. If you believe that information may have been collected concerning a minor, please inform us at dataprivacy@dimiourgia.eu.

10. Transfers outside the EU

Our Company does not transfer personal data to countries outside the EU or international organizations, except in the following cases:

• Transfer to or from a foreign financial institution (bank), within the framework of the execution of a contract we have between us, in which case only your data required for the purpose will be transmitted to intervening bodies (SWIFT, SEPA, etc.)
• If we are obliged to do so by law, international agreement, or court order, or if it is necessary for the establishment, support, or exercise of our Company's rights or for the defense of its interests.

11. Amendments

We reserve the right to modify this Policy. For material modifications, we will inform you by any appropriate means.

End of Policy