‘DORMED HELLAS SA – MEDICAL MACHINERY TRADER’
S.A. Registration Number: 63103/62/Β/07/0098
GCR Number: 059040504000, T.C.C.I.,
T.I.N.: 084271222, P.F.O. SA Taxation Office of Thessaloniki
& Commercial Publicity Website www.dormed.gr
No 10 KLEANTHOUS STREET, THESSALONIKI, POSTAL CODE GR-54642
‘DORMED HELLAS SOCIÉTÉ ANONYME – MEDICAL MACHINERY TRADER’ (hereinafter: “the Company”) as controller, shall inform you on the method of collection and processing of data concerning you. Personal data (hereinafter “Data”) is any information relating to an identified or identifiable natural person. Protecting your personal data is very important to the Company, which takes measures in that direction when collecting personal data. This Personal Data Protection Policy Update of the subjects of the personal data provides the type of information that we may collect and informs you on how, for how long, and for what purposes we use this information. It applies to all parties involved with the Company (Suppliers, customers, partners, etc.)
ΙΙ. Data sybjects, personal data we collect and process, sources of personal data collection:
ΙΙ.1. As regards our suppliers: we collect personal data and information from you that is required for the drafting and implementation of the contract between us: full name, father’s name, address, TIN. P.F.O., bank account number, ID Card No, e-mail address, signature, an image of your face through our video surveillance system.
ΙΙ.2. As regards our partners: we collect personal data and information from you that is required for the implementation of the contract between us: full name, father’s name, address, TIN. P.F.O., bank account number, ID Card No, e-mail address, signature, an image of your face through our video surveillance system.
ΙΙ.3. As regards our customers: we collect personal data and information from you that is required for the commencement and implementation of the contract between us: full name, father’s name, address, TIN. P.F.O., bank account number, e-mail, D.O.B., signature, specialty, an image of your face through our video surveillance system, ID Card No, credit/debit card No. Furthermore, your personal data (full name, specialty, address, e-mail) may also be collected from public sources where you have allowed it to be registered (e.g. otewhitepages).
Lastly, as regards all subjects above we collect any information you make known to us when contacting us through our pages on FACEBOOK, INSTAGRAM, and LINKED IN (user’s full name, profile picture, and any other data you have published).
III. Purpose of personal data processing – Legal basis for processing.
We process the Data in so far as it is necessary for:
(a) Signing and implementing the contract between us (article 6b GDPR).
(b) Our compliance with our obligations in accordance with the law (tax law in particular) (article 6c GDPR).
(c) Sending information material/offers (article 6a GDPR).
(d) The purposes of the legitimate interests we pursue, more specifically the sound operation of the partnership between us and the monitoring of its progress, the protection of our rights, the foundation, exercise and support of legal claims (article 6f GDPR).
We process the Data for the satisfaction of those legitimate interests of ours and the legitimate interests of third parties, only if your interests, fundamental rights, and freedoms do not supersede them. Any refusal on your part to make known to us those data causes, at no fault of our own, our inability to implement the contract between us.
- Disclosing and Transferring Data
Your data is not disclosed or transferred to third parties, with the exception of the specific cases mentioned below. It should be noted that in cases where your data is (also) retained electronically, they may be disclosed to website, hosting, domain management and technical support service providers, in the framework of the services offered by them.
Your data is transferred to:
(a) Our partners (such as attorneys, accountants, etc.) and Public Authorities (e.g. S.A. Taxation Office of Thessaloniki, TAXIS system) in so far as is necessary for the signing of a contract between us, determining its terms, and meeting our tax obligations.
(b) Attorneys, competent court authorities or other authorities, services, agencies, public officials (indicatively, court enforcement officers, notaries), as well as third parties (indicatively, court or private experts and technical advisors, arbitrators or mediators). This disclosure is only made if necessary to protect our rights, and to found, exercise, and support our legal claims.
- Data retention period.
Your data is retained for the duration of the contract between us.
After its expiry or termination, by any means, we shall continue to process:
- Only the Data necessary for our compliance with our obligations, mainly based on tax legislation. Processing those data will last as long as the relevant legal provisions require, and no longer than twenty years.
- Only the Data that are necessary to protect our rights, and to found, exercise, and support our legal claims. The processing of the Data will last as long as required for the time-barring of claims on both sides, the irrevocable completion of judicial or administrative proceedings which we may be involved in, or the conclusion of a procedure for the extra judicial resolution of a dispute between us and, in any event, no longer than twenty years
- The data we receive with your consent, until you rescind your consent.
- Regarding the image data received through the video surveillance system installed at our central store at No 10 Kleanthous Street – Thessaloniki, we refer you to the ‘Update on image processing’ which is posted at the aforementioned store, as well as on our company website, www.dormed.gr.
- We periodically review the Data we have stored following the expiry or termination of the contract between us, and delete said Data when it is no longer required for the fulfilment of the aforementioned purposes.
- Special terms for the processing of Data via the website: www.dormed.gr
VI.ii. The use of the Website by the User requires and results in their explicit agreement with the following:
- User Recognition
For a User to register and create an account, they will be asked for their full name, the location at which they wish to be served, a contact telephone number, and an e-mail address. In no case shall the Company ask the User for data regarding their bank accounts or tax data.
During your visit to the website, the following is automatically collected:
- Data regarding the pages you visit on the website
- The date and time of you visit
- Your IP address
- The type of browser and operating system you are using
- The website (URL) you visited prior to this website and
- Certain cookies (see below, Unit 2.1)
Furthermore, any information you submit when using the website is also used.
We also collect and process, for the purposes mentioned below (under unit 3), the following personal data, which we receive upon the creation of your account and your consent to receive updates:
- Your name
- Your address
- Your telephone number
- Your e-mail address
- Your preferences, depending on your choices while using the website, your interests, and your “favourites” and “saved” selections.
- Your personal listings.
- Google Analytics, Facebook, LinkendIn, Google, Instagram and AddThis plug-ins.
2.1. Google Analytics
2.2. Facebook plug-ins (Like-button).
Our pages integrate plug-ins of the social network Facebook operated by Facebook Inc., 1601 Willow Road, Menlo Park, California, 94025, USA. The Facebook plug-ins are characterised by the Facebook logo or the “Like-Button” (“Like”) on our website. You can find an overview of Facebook plug-ins here: http://developers.facebook.com/docs/plugins/. When you visit our pages, the plug-in establishes a connection between your browser and the Facebook server. Facebook thereby obtains the information that you have visited our website using your IP address. If you click on the Facebook “Like” button while you are logged into your Facebook account, you can link the content of our pages on your Facebook profile. Thereby Facebook can correlate your visit of our site with your user account. We point out that our company as the provider of this website has no knowledge of the content of the transmitted data or how Facebook uses it. FACEBOOK guarantees its compliance with the personal data protection regulations and has been certified with regards to the ‘Privacy Security Agreement’. For more information, please refer to the privacy statement of Facebook under http://facebook.com/policy.php. If you do not wish for Facebook to associate your visit to our website with your Facebook-account, please log out from your Facebook account before visiting our website.
2.3. AddThis plug-in
2.4. Creation of an account on our Website through Google, Facebook, LinkendIn.
You can create an account on our website by using your Google, Facebook, and LinkendIn passwords. If you choose to create an account using this method, you will be asked for your consent from the data transfer application in our Company. Your data we receive in these cases refers only to your full name, e-mail address, your posts in so far as they are accessible to us depending on the applications you use, and the user photo you have selected in each of the aforementioned applications.
VI.iii. Purpose of personal data processing
We process all your personal data in accordance with the law. The Company makes use of your information to provide you with the services of our website in order to measure Website traffic and User requirements (generation of website usage statistics), to further improve and further develop the website, to respond to your requests and messages, to send you, following your providing consent, informative material about new actions, promotions, events, news & announcements, to send you, following your προωιδινγ consent, information and/or newsletters.
VI.iv. Legal basis for processing and Retention duration of specific Data belonging to you that we receive via website use
We retain and process your data only for as long as it is necessary to fulfil the purposes for which they were collected. We will retain your data that we collect automatically when you visit this website for no longer than six months. Retention of your data via cookies will continue until you disable or limit cookie transmission. Stored cookies can be deleted at any time following a statement on your behalf. If you have subscribed to our newsletter, we will retain you email address until you unsubscribe from our newsletter. If you have accepted our sending information material, we shall retain your Data until you tell us otherwise. If you have registered on our website, we will retain your data for as long as your account exists and thereafter only for as long as there are any legal obligations to retain your data.
As to the remainder, see above under section V.
VI.v. Transferring Data to third parties.
See above Under section IV and as described specifically for each case of processing.
VI.vi. Storage – protection of personal data: The storage space (data centre) where your personal data is stored, is located on the server rack within the company, where the backups are also stored.
VII. Your rights
Under applicable data protection law, you have the rights:
- a) to check whether and what kind of personal data we hold about you and to access or to request copies of such data,
- b) to request correction, supplementation or deletion of personal data about you that is inaccurate or processed in non-compliance with applicable requirements,
- c) to request that we restrict the collection, processing or use of personal data about you,
(d) in certain circumstances, to object for legitimate reasons to the processing of your personal data,
(e) to request your data be transferred,
(f) to know the identities of third parties to which your personal data are transferred,
(g) to revoke your consent.
You can exercise these rights of yours by sending a corresponding e-mail to the address email@example.com or by filling in the existing documents at our Company. In such a case, we will respond to your request within a month, unless the request is especially complicated or there is a number of similar requests, in which case the above deadline is extended by two months.
(h) to contact the Personal Data Protection Authority for issues relating to the processing of your personal data. For information on the Authority’s competencies and on how to file a complaint, you can visit the Authority’s website (www.dpa.gr. → My rights → File complaint), which provides detailed information. The Authority’s information is:
Address: Nos 1-3, Kifissias Street, Postal Code GR-115 23, Athens
Tel. No: (0030) 210 6475600
Fax No: (0030) 210 6475628
VIΙΙ. Changes to the personal data protection policy – Extension
The Company may amend/add to this Personal Data Protection Policy. Please check the Date of Implementation at the beginning of this Policy, to see when it was last revised. All revisions will be implemented as soon as the revised Policy is posted. If we make significant changes to this Policy that broaden our right to process you Data, we will inform you and provide you with the option for future processing of your Data by us. This Personal Data Protection Statement is governed by Greek law. The courts of Thessaloniki are exclusively competent for resolving any disputes arising therefrom.