PERSONAL DATA PROTECTION POLICY – PRIVACY POLICY FOR THE WEBSITE www.dormed.gr – INFORMATION REGARDING THE PROCESSING OF PERSONAL DATA
‘DORMED HELLAS SA – MEDICAL MACHINERY TRADER’
S.A. Registration Number: 63103/62/Β/07/0098
GCR Number: 059040504000, T.C.C.I.,
T.I.N.: 084271222, P.F.O. SA Taxation Office of Thessaloniki
& Commercial Publicity Website www.dormed.gr
No 10 KLEANTHOUS STREET, THESSALONIKI, POSTAL CODE GR-54642
- Introduction
‘DORMED HELLAS SOCIÉTÉ ANONYME – MEDICAL MACHINERY TRADER’ (hereinafter: “the Company”) as controller, shall inform you on the method of collection and processing of data concerning you. Personal data (hereinafter “Data”) is any information relating to an identified or identifiable natural person. Protecting your personal data is very important to the Company, which takes measures in that direction when collecting personal data. This Personal Data Protection Policy Update of the subjects of the personal data provides the type of information that we may collect and informs you on how, for how long, and for what purposes we use this information. It applies to all parties involved with the Company (Suppliers, customers, partners, etc.)
ΙΙ. Data sybjects, personal data we collect and process, sources of personal data collection:
ΙΙ.1. As regards our suppliers: we collect personal data and information from you that is required for the drafting and implementation of the contract between us: full name, father’s name, address, TIN. P.F.O., bank account number, ID Card No, e-mail address, signature, an image of your face through our video surveillance system.
ΙΙ.2. As regards our partners: we collect personal data and information from you that is required for the implementation of the contract between us: full name, father’s name, address, TIN. P.F.O., bank account number, ID Card No, e-mail address, signature, an image of your face through our video surveillance system.
ΙΙ.3. As regards our customers: we collect personal data and information from you that is required for the commencement and implementation of the contract between us: full name, father’s name, address, TIN. P.F.O., bank account number, e-mail, D.O.B., signature, specialty, an image of your face through our video surveillance system, ID Card No, credit/debit card No. Furthermore, your personal data (full name, specialty, address, e-mail) may also be collected from public sources where you have allowed it to be registered (e.g. otewhitepages).
Lastly, as regards all subjects above we collect any information you make known to us when contacting us through our pages on FACEBOOK, INSTAGRAM, and LINKED IN (user’s full name, profile picture, and any other data you have published).
III. Purpose of personal data processing – Legal basis for processing.
We process the Data in so far as it is necessary for:
(a) Signing and implementing the contract between us (article 6[1]b GDPR).
(b) Our compliance with our obligations in accordance with the law (tax law in particular) (article 6[1]c GDPR).
(c) Sending information material/offers (article 6[1]a GDPR).
(d) The purposes of the legitimate interests we pursue, more specifically the sound operation of the partnership between us and the monitoring of its progress, the protection of our rights, the foundation, exercise and support of legal claims (article 6[1]f GDPR).
We process the Data for the satisfaction of those legitimate interests of ours and the legitimate interests of third parties, only if your interests, fundamental rights, and freedoms do not supersede them. Any refusal on your part to make known to us those data causes, at no fault of our own, our inability to implement the contract between us.
- Disclosing and Transferring Data
Your data is not disclosed or transferred to third parties, with the exception of the specific cases mentioned below. It should be noted that in cases where your data is (also) retained electronically, they may be disclosed to website, hosting, domain management and technical support service providers, in the framework of the services offered by them.
Your data is transferred to:
(a) Our partners (such as attorneys, accountants, etc.) and Public Authorities (e.g. S.A. Taxation Office of Thessaloniki, TAXIS system) in so far as is necessary for the signing of a contract between us, determining its terms, and meeting our tax obligations.
(b) Attorneys, competent court authorities or other authorities, services, agencies, public officials (indicatively, court enforcement officers, notaries), as well as third parties (indicatively, court or private experts and technical advisors, arbitrators or mediators). This disclosure is only made if necessary to protect our rights, and to found, exercise, and support our legal claims.
- Data retention period.
Your data is retained for the duration of the contract between us.
After its expiry or termination, by any means, we shall continue to process:
- Only the Data necessary for our compliance with our obligations, mainly based on tax legislation. Processing those data will last as long as the relevant legal provisions require, and no longer than twenty years.
- Only the Data that are necessary to protect our rights, and to found, exercise, and support our legal claims. The processing of the Data will last as long as required for the time-barring of claims on both sides, the irrevocable completion of judicial or administrative proceedings which we may be involved in, or the conclusion of a procedure for the extra judicial resolution of a dispute between us and, in any event, no longer than twenty years
- The data we receive with your consent, until you rescind your consent.
- Regarding the image data received through the video surveillance system installed at our central store at No 10 Kleanthous Street – Thessaloniki, we refer you to the ‘Update on image processing’ which is posted at the aforementioned store, as well as on our company website, www.dormed.gr.
- We periodically review the Data we have stored following the expiry or termination of the contract between us, and delete said Data when it is no longer required for the fulfilment of the aforementioned purposes.
- Special terms for the processing of Data via the website: www.dormed.gr
VI.i. Declaration: This website (hereinafter “Website”) is the property of the société anonyme with the registered name ‘DORMED HELLAS SOCIÉTÉ ANONYME – MEDICAL MACHINERY TRADER’ (the “Company”), which manages it. Exploring and using the Website requires and results in your (hereinafter “you”, “yours”, “User”) explicit and clear acceptance and consent to these Terms of Personal Data Protection. The Company, as personal data controller, has taken all necessary measures for the greatest protection of your personal data, in accordance with current legislation. However, transferring data via the internet is not completely safe, and each data transfer is carried out at your own risk. As stated in the Terms of Use of the website (see link for Terms of Use) and in the Cookie Policy described below, the services provided via the website are addressed to the general public, it does not target children, and does not – knowingly – collect personal data from children under the age of 16. Without prejudice to the special provisions of the Current Personal Data Protection Policy, no personal data can be rented, sold, publicly posted or disclosed to other companies, organisations, or websites.
VI.ii. The use of the Website by the User requires and results in their explicit agreement with the following:
- User Recognition
For a User to register and create an account, they will be asked for their full name, the location at which they wish to be served, a contact telephone number, and an e-mail address. In no case shall the Company ask the User for data regarding their bank accounts or tax data.
During your visit to the website, the following is automatically collected:
- Data regarding the pages you visit on the website
- The date and time of you visit
- Your IP address
- The type of browser and operating system you are using
- The website (URL) you visited prior to this website and
- Certain cookies (see below, Unit 2.1)
Furthermore, any information you submit when using the website is also used.
We also collect and process, for the purposes mentioned below (under unit 3), the following personal data, which we receive upon the creation of your account and your consent to receive updates:
- Your name
- Your address
- Your telephone number
- Your e-mail address
- Your preferences, depending on your choices while using the website, your interests, and your “favourites” and “saved” selections.
- Your personal listings.
- Google Analytics, Facebook, LinkendIn, Google, Instagram and AddThis plug-ins.
2.1. Google Analytics
This website uses Google Analytics, an web analytics service provided by Google, Inc, 1600 Amphiteatre Parkway Mountain View, CA 94043, USA (“ Google”). Google Analytics uses cookies that help us analyse the way in which you use the website. Data originating from the cookies regarding your use of the website shall be transmitted and stored by Google on serves in the United States. If IP anonymisation is enabled on this website, your IP address will first be truncated by Google within the member states of the European Union or the European Economic Area before being send to the United States. Only in exceptional cases is the full IP address sent to a Google server in the US and truncated there. Google guarantees its compliance with the personal data protection regulations and has been certified with regards to the ‘Privacy Security Agreement’. Google will use this information to evaluate your use of the website, compile reports on website activity, and provide other services related to website and internet usage for the website operator. The IP address transmitted by your browser will not be associated with any other data held by Google. The processing of personal data helps improve our presence on the internet and the assessment of user behaviour on our website. You can prevent Google from collecting this data (including your IP address) via cookies and stop it from processing these data by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout. You can find more detailed information on the terms of use and privacy policy at Google Analytics Terms of Service or Google Analytics Privacy Overview. We would like to point out that Google Analytics has been extended on this website by “gat.anonymazeIp” in order to ensure anonymous collection of IP addresses (known as IP masking).
2.2. Facebook plug-ins (Like-button).
Our pages integrate plug-ins of the social network Facebook operated by Facebook Inc., 1601 Willow Road, Menlo Park, California, 94025, USA. The Facebook plug-ins are characterised by the Facebook logo or the “Like-Button” (“Like”) on our website. You can find an overview of Facebook plug-ins here: http://developers.facebook.com/docs/plugins/. When you visit our pages, the plug-in establishes a connection between your browser and the Facebook server. Facebook thereby obtains the information that you have visited our website using your IP address. If you click on the Facebook “Like” button while you are logged into your Facebook account, you can link the content of our pages on your Facebook profile. Thereby Facebook can correlate your visit of our site with your user account. We point out that our company as the provider of this website has no knowledge of the content of the transmitted data or how Facebook uses it. FACEBOOK guarantees its compliance with the personal data protection regulations and has been certified with regards to the ‘Privacy Security Agreement’. For more information, please refer to the privacy statement of Facebook under http://facebook.com/policy.php. If you do not wish for Facebook to associate your visit to our website with your Facebook-account, please log out from your Facebook account before visiting our website.
2.3. AddThis plug-in
Our website also uses a social bookmarking plug-in called ‘AddThis’, which is provided by the Oracle Corporation, 500 Oracle Parkway, Redwood Shores, CA 94065 (“Oracle”). Through AddThis, Oracle also provides web analytics services to us. AddThis uses cookies to implement the described functionality. Oracle collects data such as your IP address or your activity on our website to assess your use of our website and compile anonymised reports on website activity. This information will be used by Oracle for the purpose of serving you with targeted advertising. Oracle may transfer the collected information to their servers or third parties outside of the EU/EEA. Further details on the categories of collected data and the its processing are available at http://www.addthis.com/privacy/privacy-policy. You may object to the collection of data by Oracle by following the instructions at http://www.youronlinechoices.eu/.
2.4. Creation of an account on our Website through Google, Facebook, LinkendIn.
You can create an account on our website by using your Google, Facebook, and LinkendIn passwords. If you choose to create an account using this method, you will be asked for your consent from the data transfer application in our Company. Your data we receive in these cases refers only to your full name, e-mail address, your posts in so far as they are accessible to us depending on the applications you use, and the user photo you have selected in each of the aforementioned applications.
2.5. Instagram.
Instagram plug-ins are integrated into our website. This function is offered by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. Personal data may be collected and transmitted via your interaction with this service. They may include content such as images, videos, text, or buttons that allow you to interact with the Company or to register for our notifications. If you are an Instagram user, Instagram may match the content and functions on your profile. Instagram ensures compliance with European personal data protection standards and is certified based on the US-EU Personal Data Protection Safety agreement For information on Instagram’s privacy policy, see https://help.instagram.com/519522125107875. If you wish to stop the connection of your data to your profile, you must disconnect from Instagram and delete the cookies before using them.
VI.iii. Purpose of personal data processing
We process all your personal data in accordance with the law. The Company makes use of your information to provide you with the services of our website in order to measure Website traffic and User requirements (generation of website usage statistics), to further improve and further develop the website, to respond to your requests and messages, to send you, following your providing consent, informative material about new actions, promotions, events, news & announcements, to send you, following your προωιδινγ consent, information and/or newsletters.
VI.iv. Legal basis for processing and Retention duration of specific Data belonging to you that we receive via website use
We retain and process your data only for as long as it is necessary to fulfil the purposes for which they were collected. We will retain your data that we collect automatically when you visit this website for no longer than six months. Retention of your data via cookies will continue until you disable or limit cookie transmission. Stored cookies can be deleted at any time following a statement on your behalf. If you have subscribed to our newsletter, we will retain you email address until you unsubscribe from our newsletter. If you have accepted our sending information material, we shall retain your Data until you tell us otherwise. If you have registered on our website, we will retain your data for as long as your account exists and thereafter only for as long as there are any legal obligations to retain your data.
As to the remainder, see above under section V.
VI.v. Transferring Data to third parties.
See above Under section IV and as described specifically for each case of processing.
VI.vi. Storage – protection of personal data: The storage space (data centre) where your personal data is stored, is located on the server rack within the company, where the backups are also stored.
VII. Your rights
Under applicable data protection law, you have the rights:
- a) to check whether and what kind of personal data we hold about you and to access or to request copies of such data,
- b) to request correction, supplementation or deletion of personal data about you that is inaccurate or processed in non-compliance with applicable requirements,
- c) to request that we restrict the collection, processing or use of personal data about you,
(d) in certain circumstances, to object for legitimate reasons to the processing of your personal data,
(e) to request your data be transferred,
(f) to know the identities of third parties to which your personal data are transferred,
(g) to revoke your consent.
You can exercise these rights of yours by sending a corresponding e-mail to the address info@dormed.gr or by filling in the existing documents at our Company. In such a case, we will respond to your request within a month, unless the request is especially complicated or there is a number of similar requests, in which case the above deadline is extended by two months.
(h) to contact the Personal Data Protection Authority for issues relating to the processing of your personal data. For information on the Authority’s competencies and on how to file a complaint, you can visit the Authority’s website (www.dpa.gr. → My rights → File complaint), which provides detailed information. The Authority’s information is:
Address: Nos 1-3, Kifissias Street, Postal Code GR-115 23, Athens
Tel. No: (0030) 210 6475600
Fax No: (0030) 210 6475628
Ε-mail: contact@dpa.gr.
VIΙΙ. Changes to the personal data protection policy – Extension
The Company may amend/add to this Personal Data Protection Policy. Please check the Date of Implementation at the beginning of this Policy, to see when it was last revised. All revisions will be implemented as soon as the revised Policy is posted. If we make significant changes to this Policy that broaden our right to process you Data, we will inform you and provide you with the option for future processing of your Data by us. This Personal Data Protection Statement is governed by Greek law. The courts of Thessaloniki are exclusively competent for resolving any disputes arising therefrom.