PRIVACY POLICY & PERSONAL DATA PROTECTION

Last Update: November 30, 2021

A. Introduction

Our Company, DOUZENIS OLIVE OILS SA (hereinafter the Company), whose purpose is OLIVE OIL PRODUCTS, takes seriously the protection of the privacy of visitors, customers, suppliers, partners and employees. For this reason, we strictly follow this Personal Data Protection Policy (hereinafter the Policy), which ensures a high level of services offered and is based on the current legal framework. The personal data concerning you, are collected and kept, for predetermined, explicit and legal purposes, for the absolutely necessary and legal times, and are processed legally and fairly in a legal, fair and transparent manner, based on the current legal framework and method that governed by integrity and confidentiality. This data is always appropriate, relevant, and not more than required, in view of the above legal and clear purposes, and is accurate and, if necessary, subject to updates.

B. Company Details DOUZENIS OLIVE OILS S.A.

The details of the Company, to which you address or trade with anyone, are as follows:

Trade Name: DOUZENIS OLIVE OILS S.A.

Headquarters: 1st km. Astros – Paralio Astros

VAT Number: 081696741

Tax Office: TRIPOLIS

General Commercial Registry: 29069614000

and the data of the Data Protection Officer for the SA. is: Douzenis Ioannis, e-mail: dpo@douzenis.gr.

C. Purpose

This Policy defines the terms and conditions observed by our company for the full protection of the privacy of our visitors, customers, suppliers, partners, employees, as well as any natural person who trades in any way with us, the personal data of which are processed and the users of the websites www.douzenis.gr.

The purpose of this Policy is to inform you about how we collect, store and process information about you, such as the personal information you provide to us.

The Company reserves the right to modify and update this Policy, whenever it finds it necessary, while the respective changes take effect from the posting of these on the Websites www.douzenis.gr

In any case, we suggest that you check this Policy from time to time, as we may have made changes to improve it.

D. Definitions

“Personal data” means any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one whose identity can be ascertained, directly or indirectly, in particular by reference to an identifier such as name, identity number, location data, online identity identifier or one or more physical attributes; physiological, genetic, psychological, economic, cultural or social identity of that natural person.

“Special category of personal data” are, among others, genetic, biometric, data related to health, racial or ethnic origin, etc.

“Processing of personal data” means any act or series of acts on personal data, such as the collection, registration, organization, structure, storage, adaptation or alteration, retrieval of information, use, disclosure by transmission, dissemination or any other form of disposal, association, combination, restriction, deletion or destruction.

“Responsible for Processing” means a natural or legal person, public authority, department or other body which, individually or jointly with others, determines the purposes and manner of processing personal data.

“Processor” means a natural or legal person, public authority, department or other body which processes personal data on behalf of the responsible of processing.

E. Legal framework for the protection of personal data

The “legal framework for the protection of personal data”, from which this Policy derives, is no. 2016/679 General Regulation for the Protection of Personal Data of the European Parliament and of the Council for the protection of natural persons against the processing of personal data and for the free circulation of this data, Law 4624/2019 Government Gazette Issue A ‘137 / 29-08 -2019 and any Law or Regulation that has been issued subsequently or for the implementation of the above General Regulation, as well as any national law that is in force and applied and concerns the processing and protection of personal data in general.

F. Ways to collect your information

We collect and process personal data about you whenever you do business with us (either directly with us or through third parties acting on our behalf), when you use our website or when you use our call center or our mobile and tablet applications. Also, information about you is collected by us:

– Through the browser cookies that you use during your navigation on our Website, in order to respond, promote and launch your request accurately. In this case, we may collect information about the type of browser you use for the purposes of managing our system and to compile aggregate information about visitors to our Website, purely statistical in nature, which does not identify any natural person.

– When using contact forms to request more information or post a comment.

– When we contact you.

• When connecting to our wi-fi.

G. Purposes of data collection

We collect your data, so that we are able on the one hand to provide you with the services you requested, on the other hand with the aim of improving their level. In particular, we collect data for the following purposes:

1. For the execution of our commercial activity.

2. For organizational reasons (eg list of customers / suppliers)

3. To use data analysis tools in order to improve our website, our products / services, our customer relationships and generally to better meet your needs.

4. To optimally manage and protect our business, our websites and our systems in general.

5. In order to comply with the current Greek and European legislation.

6. To serve you in further activities that you want to perform.

7. In order to provide you with personalized services we may collect personal preferences.

8. For informing you about our news and our services.

H. Which data do we collect

Depending on the purpose of your visit and the service you wish to receive through our Website, the type of personal data we collect will include information such as name, address, email address, telephone number, etc.

We reserve the right to collect, store and process different types of personal data about you. More precise:

– Customer / Supplier ID, e-mail.

– Invoicing information (eg VAT number, Tax Office, bank card payment number, iban, etc.).

– When ordering products or we may request further information to process your order.

– In case of participation in one of our competitions or our promotional activity, you may be asked for your name, contact details, email, personal or professional interests, etc.

– Device information (eg unique device IDs, IP address, device settings for accessing our Services, etc.)

– Location information (eg GPS of your device, etc.)

– Other information regarding your use of our services (eg interaction with content offered through a Service)

I. Time of storing Personal Data

Our Company keeps your personal data exclusively and only as needed in order to fulfill the purposes for which we collected them (eg completion of legal / tax process). In addition, depending on the quantity, nature and sensitivity of the personal data, as well as the purposes for which we process them, we determine the time of the appropriate data retention period.

We reserve the right to anonymize your data so that it may not be associated with you for research or statistical purposes, so we may use this information indefinitely without further notice to you.

The CVs collected by the qualified Human Resources Department are kept for one year and then destroyed, in accordance with the Disaster Policy followed by our company.

J. Third Party Access to Your Personal Data

Our basic principle is not to disclose your information to third parties for your own independent business or marketing purposes without your consent.

However, in order to provide the best services to you, we provide access to your personal data or part of it, to our properly trained staff. Employees who have access to your personal data use encrypted passwords, which are updated regularly. In addition, we may disclose your personal data to trusted business associates who comply with the standards of the GCC, but also to the competent Authorities, in order to comply with the rules of accounting and taxation and in general with the rules of current legislation, to confirm our compliance with the policies governing our services, as well as to achieve the highest level of security of the Company.

K. Your rights regarding the protection of personal data

Personal data protection legislation gives you the following rights, which you can first exercise free of charge and in accordance with the legal framework:

– Right of access, ie to be informed about what data we have collected and are being processed by the Company, their origin, purposes and legal basis for their processing, any recipients or categories of recipients of personal data, especially in third countries as well as and the time of their observance.

– Right to correct any inaccuracies in your Personal Data, so that they become accurate, by submitting to the company a relevant statement with your exact Personal Data.

– Right to fill in any of your incomplete Personal Data, so that it becomes complete, by submitting a relevant statement to the company with your complete Personal Data.

– Right to delete your Personal Data in the following cases: i. when your Personal Data is no longer necessary in relation to the purposes for which it was collected or otherwise processed, ii. when you withdraw your consent on which the processing of your Personal Data is based and there is no other legal basis for the processing, iii. when your Personal Data has been processed without the necessary legal basis, iv. the law provides for the obligation to delete your personal data, v. when collected through the provision of information society services Personal data of the child, with his / her consent or consent is given or approved by the person who has custody of the child.

– Right to restrict the processing of your Personal Data in the following cases: i. you question the accuracy of your Personal Data and until the Company verifies their accuracy, ii. when instead of deleting, you request the restriction of the processing of your Personal Data, iii. when the Company no longer needs your Personal Data for processing purposes, but this Personal Data is required of you to establish, exercise or support legal claims.

– Right to object to the processing of your data, unless there are compelling and legal reasons for the processing, which overwrite your interests, rights and freedoms or to establish, exercise or support legal claims of the Company,

– Right to portability, ie to receive and transfer to another controller your Personal Data, which you have provided to our company, in an appropriate format, if the processing of your Personal Data has taken place with your consent or was necessary for its execution. between us contract.

– The right to revoke at any time the consent (without retroactive effect) that you have provided for an issue related to the Protection of Personal Data.

The above due rights may be restricted due to the obligation to apply another law, such as in case you request to delete data, while we are obliged to maintain them by law.

For all the above and to resolve any questions regarding the applicable legislation on personal data, you can contact our company as follows:

– via e-mail at the following address: dpo@douzenis.gr

– by letter to: Data Protection Officer, Mr. Douzenis Ioannis

– The company DOUZENIS OLIVE OILS S.A. will respond to your request free of charge, without delay and in any case within one month of receipt of the request, except in exceptional cases, in which case the above deadline may be extended by two more months, if required, taking into account the complexity of the request or the number of requests. The company will inform you of any extension within one month of receiving the request, as well as the reasons for the delay.

– If it is not possible to satisfy your request, the company will inform you without delay and no later than one month from the receipt of the request, for the relevant reasons and for the possibility to file a complaint to the Personal Data Protection Authority, as well as for your right to appeal to the competent judicial authorities.

L. Right of complaint

In case you consider that your rights concerning the Protection of your Personal Data are violated, you reserve the right to submit a complaint to the Personal Data Protection Authority (1-3 Kifissias Ave., 115 23, Athens, tel.: +30 2106475600, email: contact@dpa.gr)

You also have the right to appeal to the competent judicial authorities for the protection of your personal data.

M. Security Measures

The Company has taken the appropriate technical and organizational measures in order to ensure the implementation of the Legislation and the appropriate level of security of your personal data and has duly trained its staff and the entire network of its collaborators, through the Personal Protection Policies and Procedures. Data binds all its associates, who act on its behalf as Executors of the Processing with contracts governed by guarantees and safeguards. If for any reason you consider the interaction between us unsafe please let us know.

Ν. Newsletter

Our Company sends emails for the purpose of advertising and direct promotion of our products and / or services through a newsletter. In each such email, we clearly and unequivocally notify you of our identity and give you the opportunity to object and request, in an easy and free manner, the termination of the communication and the deletion of your data from that database.

O. Cookies

Our website works with electronic cookies. For more information please visit the link below regarding our use of electronic cookies. Read about the Cookies Policy.