PRIVACY POLICY
The company under the name “I. & F. KONTARATOS S.A. – COMMERCIAL ENTERPRISES", which is based in Mykonos (Mykonos Airport) and is legally represented (hereinafter, the “Company"), with its present policy, declares that it respects your privacy and is its primary concern to effectively protect and secure your personal data.
In this context, the Company is committed to maintaining and processing personal data in compliance with the provisions and provisions of the national and EU legislation in force from time to time, in particular it undertakes to safeguard the security, confidentiality and confidentiality of personal data and to fulfill the security conditions in order, as far as possible, to prevent any data loss in any way, their unlawful or unlawful use, as well as unauthorised access to them.
1. Purpose and procedure for the processing of personal data
The personal data you provide to us will be processed for the following purposes:
- • for the purpose of professional meetings and participation in conferences, seminars and other events.
- • for the purpose of the expression of interest at a stage prior to the conduct of a commercial transaction.
- • for the purpose of invoicing, the registration of orders in the company's systems, as well as the agreement and the execution of payments.
- • for the purpose of preparing the execution and completion of transactions – purchases of products, either from our physical stores using the Flora Card Club Member card, or through the internet (on line purchases).
- • for the purpose of hiring employees, managing leave and departures, executing the payroll of the Company's employees and associates, posting on the internet photos and other details of the company's employees and associates, as well as for providing them with private insurance, as well as transmitting their data to any company doctor.
The Company will collect, maintain and process only those personal data that are the minimum and absolutely necessary to achieve the respective processing purpose. The processing of personal data will be both automated and non-automated by maintaining a physical record.
2. What personal data we collect
Personal Data means any information about a person from which that person can be identified. The concept of personal data does not include any anonymised data from which the natural person cannot be identified. Pursuant to the above processing purposes, as described under -1-, we may collect and process personal data that we have indicatively categorised and in accordance with the purposes set out above, as follows:
- • for the purpose of business meetings and participation in seminars, conferences and other events we collect the following information: name or name, registered office, address, landline phone, mobile phone, e-mail address.
- • for the purpose of the expression of interest at a stage before the commercial transaction is carried out, we collect the following information: name, company, job position in the company, e-mail address, telephone number.
- • for the purpose of invoicing, registration of orders in the Company's systems, as well as the agreement and payment execution, the following information: name, billing data, Tax Identification Number (TIN), Tax Office, credit and debit card details, bank account, bank account details, bank account holder details.
- • for the purpose of preparing the execution and completion of transactions – purchases of products, either from our physical stores using the Flora Card Club member card, or through the internet (on line purchases) the following information: personal email address, security code (password) of your choice, surname, name, address for the delivery of orders (street & number), city, region, zip code, telephone, longitude and latitude.
- • for the purpose of hiring employees, managing leave, dismissals and voluntary departures, performing payroll of employees and associates of the Company, posting photos and other identification data of employees and associates on the Company's website, as well as providing them with private insurance, as well as transmitting their (medical) data to the Company's doctor, we collect the data required each time by each one of them. e of current legislation (where this requires the collection and processing), and indicatively the following information: name, father's name, mother's name, identity card number, address, landline and mobile phone number, e-mail address, marital status, studies, educational level, vocational training and specialization, experience, personal interview details, CV and any letters of recommendation, vocational training and specialization, past service, social security number and social security data, VAT number, tax office, date of recruitment, salary, fees and allowances, bank account details.
Credit/Debit Card Details
The details of your credit / debit card will be requested at the completion of your order, through our e-shop, if you choose the relevant payment method and will be used exclusively for their electronic transmission through the secure environment of the cooperating banks and for the completion of your payment only.
Our company does not store any credit / debit card data in its electronic systems or in a physical file. For the certification of the cardholder, it may be necessary to transfer your card details to a third party provider, cooperating with the bank which implements the completion of the card payment process.
In any case of collection of Personal Data, we will keep it transparently and accurately and in accordance with the principle of minimization. For this purpose, we kindly ask you to inform us of any change in your personal data, so that they always correspond to reality.Use of closed-circuit television
In order to safeguard and protect the safety and legitimate interests of our customers and our company, we use cctv and security cameras in the physical stores of our company and our facilities. These operate in accordance with the instructions of the Data Protection Authority in our country.
3. Consequences of non-consent on the provision of personal data
The provision of personal data is in no way mandatory. In any case, the non-provision of personal data, which have been classified as “mandatory", may prevent us from fulfilling the above processing purposes or fulfilling any contractual relationship. The non-provision of other, non-mandatory, personal data in no way may affect the provision of the services on our part.
4. Recipients of personal data
Personal data may be processed by natural and / or legal persons, established within and / or outside the European Union, who act in the name and on behalf of the Company on the basis of specific contractual obligations. Furthermore, the transfer of personal data will take place only in the context of compliance with legal obligations, in the context of the execution of an order of public authorities and in the context of the exercise by the Company of its rights before judicial and administrative authorities.
5. Transfer of personal data outside the European Union
In the context of our contractual obligations, the Company may transmit and disclose personal data to countries outside the European Union, expressly including their storage in databases operated by entities acting on behalf of the Company. The management of databases and the processing of personal data will always take place within the framework of the intended purposes of processing and in accordance with the applicable law on the protection of personal data.
6. The Data Controller and the Data Protection Officer
The Data Controller is the Company.
7. Retention period of Personal Data
The Personal Data submitted to the above processing purposes under -1- will be kept by the Company for the period deemed absolutely necessary for the fulfillment of these purposes, including for the satisfaction of any legal, accounting or informational requirements and obligations, as well as for the performance of any duties performed in the public interest.
With regard to personal data processed for the provision of the contractual service, the Company may continue to store these Data for a longer period of time, as may be necessary for the protection and safeguarding of the Company's legitimate interests in relation to possible liability related to the provision of the Service.
In some cases, we may anonymize your personal data so that it can no longer be associated with you and cannot be identified for statistical and research purposes, in which case we may use this information for an indefinite period of time without further notice to you.
8. The rights of the Data Subject
You may exercise the following rights in accordance with and within the limits set by the specific provisions of Regulation (EU) 2016/679, namely:
- 1. The right of access to your Personal Data, which means your right to be informed by the Company if your Data are being processed and to have access to them (Article 15 of Regulation 679/2016).
- 2. The right to rectification and erasure (the right to be forgotten) means the right to correct any inaccurate information you may have and the right to delete your data in case there is a legitimate interest in such deletion (Articles 16-17 of Regulation 679/2016), without the express reservation of any overriding interest of the Company or a legal obligation to retain the personal data.
- 3. The right to restriction of processing means your right to request the suspension of processing when you have a legitimate interest in it (Article 18 of Regulation 679/2016).
- 4. The right to portability means your right to receive your Data in a structured, commonly used and machine-readable format, as well as your right to request that these data be transmitted to other controllers as well (Article 20 of Regulation 679/2016).
- 5. The right to object means your right to object to the processing of your Data when there is a legitimate interest in accordance with the terms and provisions of Article 21 of Regulation 679/2016, including your right to object to any automated processing of your data and their processing for any marketing purposes.
- 6. The right to withdraw your consent within the limits and provisions of the legislation.
- 7. The right to lodge a complaint with the competent supervisory authority in case of unlawful processing of your Data.
You can exercise these rights by sending a relevant letter to I&F KONTARATOS SA, MYKONOS AIRPORT, 84600, MYKONOS or to the email: info@mykonos–flora. gr
You will not have to pay a fee to access your personal data or to exercise the above rights. However, we may charge you a reasonable fee if your request is manifestly unfounded or excessive, in particular due to its repetitive nature. Also, in such a case we may refuse to respond to your such request.
The Company will make every effort to respond to your above requests within one (1) month from their submission. In any case, if the complexity or volume of your requests requires more time, we will inform you accordingly.9. Protection of Personal Data
To protect the personal data you provide to us, we have taken the appropriate technical and organizational measures. In this context, we regularly check our security systems and limit access to your personal data only to those who need to be informed of this data and who are expressly committed to keeping this data as strictly confidential.
10. Mapping processing purposes and conducting an impact assessment on privacy
The Company has recorded the purposes of the processing of Personal Data in the Company's Activity Register. The Activity Register shall record at least the following information:
- • The purposes of processing
- • Description of the categories of data subjects and categories of Personal Data
- • The categories of recipients to whom the Personal Data are disclosed or may be disclosed
- • Where possible, the time limits for keeping and erasing Personal Data
- • To the extent possible, a description of the technical and organizational security measures in accordance with the terms of article 32 of Regulation 679/2019.
On the basis of this Registry, as will be periodically updated, the Company undertakes to prepare periodic impact assessments of the above processing operations and of any incidents of violation on the subjects of the Personal Data.
11. Processors
The Company uses Processors who provide sufficient assurances for the protection of personal data and the subjects of these Data. They are also contracted with the Company and are expressly committed to the protection of your Personal Data through a contract or other legal act which defines the object and duration of the processing, the nature and purpose of the processing, as well as the rights and obligations of the Processor.
12. Conversions
This Personal Data Protection Policy may be amended from time to time. We reserve the right to change or amend this Privacy Policy at any time. Please check our Company's Personal Data Protection Policy at regular intervals and especially before providing any new personal data.
13. Contact
If you have any questions or concerns about the use of your personal data, please contact us at the contact details I&F KONTARATOS SA, MYKONOS AIRPORT, 84600, MYKONOS or email: info@mykonos –flora. gr and we will make every effort to answer your questions.
Last updated: __06/04/2020___
See our Stores