G. KARAMICHALIS & SIA E.E. based in Alimos Attica at 35 Gounari Street, GLYFADA 16562, with VAT number: 998132042- D.O.Y. Glyfadas (hereinafter "Company"), recognizing the fundamental importance of personal data protection, has fully complied with its obligations as a Data Controller arising from the General Data Protection Regulation (EU) 2016/679 (GDPR) and the applicable N. 4624/2019.

This Personal Data Protection Policy, in accordance with Article 13 of the EU General Data Protection Regulation 2016/679 (GDPR), as well as the applicable Greek legislation, informs you in relation to the personal data that concern you, is collected and processed by the company and its branches, the legal basis for their processing, the purposes of their processing, the way it uses and protects them, the possibilities and the rights you have based on the above legal framework.

This Privacy Statement, which provides any person who receives or is interested in receiving products and services from our company, as well as those employed or interested in being employed by it, with accurate and detailed relevant information, may be amended from time to time at any time in order to always be up-to-date and in accordance with the provisions in force at any given time. Please visit our website https://www.quantum-oils.com/ regularly to ensure you are aware of any changes. It will also be available at the reception points of our facilities.

I. What is personal data?

– Basic Definitions
I1. The term "personal data", according to Article 4§1 of the EU General Data Protection Regulation (GDPR), refers to any information concerning an identified or identifiable natural person (data subject), hereinafter "Personal Data or Data'. An identifiable natural person is one whose identity can be ascertained, directly or indirectly, in particular by reference to an identifier such as a name, an identity number, location data, an online identifier or one or more factors that characterize the physical, physiological, genetic, psychological, economic, cultural or social identity of the natural person in question.

I2. The term "processing" of personal data" in accordance with Article 4§2 of the EU General Data Protection Regulation 2016/679 (GDPR), refers to any act or series of acts carried out with or without the use of automated means, to personal data or sets of personal data, such as collection, registration, organization, structure, storage, adaptation or alteration, retrieval, information retrieval, use, disclosure by transmission, dissemination .any other form of disposal, association or combination, restriction, deletion or destruction.

I3. The term "Data Controller" of personal data, in accordance with Article 4§7 of the EU General Data Protection Regulation 2016/679 (GDPR), refers to the natural or legal person, public authority, agency or other entity that alone or jointly with others, determine the purposes and manner of personal data processing. Where the purposes and manner of such processing are determined by Union law or the law of a Member State, the controller or the specific criteria for his appointment may be provided for by Union law or the law of a Member State.
I4. The term "processor" of personal data, in accordance with Article 4§8 of the EU General Data Protection Regulation 2016/679 (GDPR or GDPR), refers to the natural or legal person, public authority, agency or another entity that processes personal data on behalf of the controller.
I5. The term "consent" of the subject of personal data in accordance with Article 4§11 of the General Data Protection Regulation of the EU 2016/679 (GPRD or GDPR), refers to any indication of will, free, specific, explicit and in full consent, with which the data subject expresses that he agrees, by statement or by a clear positive action, for the personal data concerning him to be the subject of processing.
I6. The term "health-related data" in accordance with Article 4§15 of the EU General Data Protection Regulation 2016/679 (GDPR), refers to personal data related to the physical or mental health of a natural person, including the provision of health care services and which disclose information about his health status.

1. What personal data do we collect about you?

Συλλέγουμε και επεξεργαζόμαστε μόνον τα δεδομένα προσωπικού χαρακτήρα που σας αφορούν και είναι απολύτως απαραίτητα για την εξυπηρέτηση του σκοπού για τον οποίο δόθηκαν και χρησιμοποιούνται αποκλειστικά και μόνον για το σκοπό αυτό και αφού προηγουμένως έχουμε λάβει τη ρητή συγκατάθεσή σας. Ειδικότερα: 1.1. Απλά δεδομένα προσωπικού χαρακτήρα που σας αφορούν και στοιχεία επικοινωνίας: Συλλέγουμε απλά δεδομένα προσωπικού χαρακτήρα που σας αφορούν τα οποία μπορεί να περιλαμβάνουν ενδεικτικά: το ονοματεπώνυμο, τα στοιχεία επικοινωνίας, τυχόν σχόλια ή οδηγίες σας, ταχυδρομική διεύθυνση, αριθμός σταθερού ή/και κινητού τηλεφώνου, διεύθυνση ηλεκτρονικού ταχυδρομείου,

2. For what purpose do we process your personal data?

We process your personal data indicatively for the purposes listed below:

  • To improve the quality of our services to you. For any kind of communication with you to inform you in the context of our provided services (including a phone call, sending an SMS message, sending an e-mail message to inform you about new products and offers, promotions, contests).
  • For our general compliance with our legal obligations and in particular with the applicable tax, insurance and labor legislation.
  • To comply with legal processes and court orders, to respond to requests from public and government agencies and authorities in the exercise of their public authority.
  • To fulfill the legitimate interest of our company.
  • To defend our legal rights and claims in order to protect our legal interests and business, or those of our partners and to ensure the rights, privacy, safety or assets of our company and our partners , your own legal claims or rights, or those of others.

3. From where do we collect and process your personal data?

Your personal data is collected:

  • From you, when you contact us by phone, when you fill out electronic forms or with any other communication you have with us, with the aim of getting information or using our Company's services.
  • Automatically through the browser or mobile device you use to access our Website.
  • When you visit and use our website for informational purposes only, we only collect the Personal Data concerning you that your browser transmits to our server, which is technically necessary to view the website us to you and the guarantee of stability and security. With the exception of any Personal Data concerning you which is collected by Cookies (see more Cookies Policy here), Personal Data concerning you is limited to what you have provided expressly and for a specific purpose and provided that you have given your express consent your.
  • We also collect Personal Data concerning you during your visit to our website and if you have expressly consented to this, by explicitly completing the respective fields.

4. Legal basis for processing the personal data concerning you

The processing by our company of simple personal data concerning you takes place:

– on the lawful basis of your affirmative, free, specific, express and fully informed consent, which you can freely withdraw at any time.

– in our legitimate interest for the fulfillment of our corporate purpose, i.e. the provision of our services, for the establishment, exercise or support of our legal claims.

 

5. Retention time of your personal data

  • Your personal data is subject to processing for the period of time required to fulfill the purpose of the processing, and/or to our compliance with any legal obligation to keep records, our compliance with the provisions of the Statute of Limitations, and in any case for as long as you are an active user of our website.
  • Where we have to comply with a legal or regulatory obligation, we retain your personal data for at least as long as is required by law to comply with that obligation.
  • When it comes to our communication with you in general, your consent is retained for as long as you do not withdraw it.
  • When it comes to filling a job position and sending you a CV, for as long as you do not revoke the processing on our part, for as long as it is required by labor, tax and general legislation, as well as the contractual relationship between us, if concluded between us employment relationship.

6. Safeguards and measures we take to protect your data

When you provide us with your personal data, we take appropriate technical and organizational measures to ensure that it is held securely. We update and review the security technology we use on an ongoing basis. We limit access to the absolutely necessary personal data concerning you to only those of our employees and partners who need to know your data in order to provide our services to you. In addition, we train our company's staff on the importance of confidentiality and maintaining the privacy and security of your personal data and bind them to contracts of confidentiality, non-disclosure and non-disclosure of the information they receive as a result of the provision of our services .
Among other things, we have implemented the following appropriate technical and organizational measures and procedures to protect your personal data from any loss, alteration, illegal processing or change:
– Use of servers located in areas with classified and restricted access and are subject to regular checks.
– Use of information systems and computer programs compliant with the GDPR, installed in a way that minimizes the use of personal data. – Adoption of separate procedures for maintaining personal data and their secure deletion/destruction;
– Business continuity measures.
– Storing and maintaining your personal data either in electronic or paper form, in a special storage area, protected and secure, to which unauthorized persons cannot access.
– Coding, Encrypting data.
– Continuous adaptation and updating of the operation of our processes and systems.

 

7. Who are the recipients of your personal data?

The processing of your personal data is carried out by specially authorized staff of our company, including its branches and/or the companies that belong or will belong to the same "group" of companies, through IT systems and electronic devices or /and handwritten or - on our behalf and on our behalf - by external partners who will act as "processors" (indicatively, financial advisors - accountants, legal advisors, etc. are mentioned), who, however, have committed themselves to us for the observance of confidentiality, secrecy and for the protection of personal data concerning you and only for the purposes that have been provided to us.

7.1. Our company guarantees that it will not transmit, notify, grant, etc. of the personal data concerning you (other than those mentioned above) except if this is required by the applicable legislation and is required to be done to public/judicial/auditing bodies and authorities.

7.2. In each transmission for the processing on our behalf and on our behalf, we take the appropriate technical and organizational measures, so that the data that will be transmitted is the minimum necessary and that the conditions for its legal and appropriate processing will be met.

8. Your Rights

You have the following rights under the GDPR legal framework:
• Right of access – Right to receive information about whether data is being processed and right to access it. Right to be informed about this processing (who, for what purpose, recipients, retention period, etc.)
• Right to rectification – Right to correct inaccurate personal data and complete incomplete information.
• Right to erasure (Right to be forgotten) – Right to request the erasure of any data concerning the subject under certain conditions and as long as this does not conflict with another provision of law (data no longer necessary, withdrawal of consent, data submitted to illegal processing).
• Right to Restriction of Processing – when the accuracy of the data is disputed, the processing is unlawful, the data is no longer needed by the controller, the data subject has objected to automated processing.
• Right to data portability – Right to request the transmission of personal data to another Controller in a structured, widely used and machine-readable format, as long as this does not conflict with another prohibitive provision of law.
• The right to address before the APDPH for any issue that pertains to its competence in relation to the above-described processing of personal data concerning you.
You can exercise your above rights after submitting a relevant written request to the company, which must respond to you without charge and within 30 days from the date of submission of the relevant request.

9. Consequences of not providing your data

The provision of your personal data is necessary for the provision of our services to you and the performance of our contractual obligations, therefore, in the event of your refusal to provide them, we will not be able to provide you our services.

10. How to contact us?

You can contact us for any question regarding the processing of your personal data by sending an email to info@quantum-oils.com
Our company operates a Department for the Protection of Personal Data. To exercise your rights, you can contact it by sending an email to the address info@quantum-oils.com or by sending a form to the address: Gounari 35, Glyfada 16562 for the attention of the Personal Data Protection Department.

11. Release Information – Changes and Updates

This Privacy Policy was last updated on [27.10.2024].
We reserve the right to modify and update this Privacy Policy at any time, for any reason, without notice to you, other than posting the updated Privacy Policy on our website. We may send periodic emails to remind you of changes and updates to this Privacy Policy, but you should check our website frequently to keep up to date with the current and applicable Privacy Statement.