The protection of natural persons in relation to the processing of personal data is a fundamental right. Article 8 para. 1 of the Charter of Fundamental Rights of the European Union (the “Charter”) and article 16 para. 1 of the Treaty on the Functioning of the European Union (TFEU) provide that everyone has the right to the protection of personal data concerning him/her.
Furthermore, under General Data Protection Regulation (GDPR) No. 2016/679 of the European Parliament and the Council which came into effect on 25.05.2018, a stricter framework has been introduced for the protection of individuals with regard to the processing of their personal data and for the free movement of such data (the “General Regulation”).
The protection of natural persons with regard to the processing of personal data is of the utmost importance for ALTUS LSA Commercial and Manufacturing S.A. (the “Company”); consequently, the Company collects and processes personal data strictly in conformance with the General Regulation and the applicable legislation in general and to the extent necessary in connection with some aspect of labor relationships and the business of the Company. The Company limits the access to such data to authorized persons only, and takes enhanced data security measures to secure data against -among others- loss, mishandling, unauthorized access, alteration or disclosure.
- Processing of personal data in the Company websites and personal data related to your business relationship with the Company
- Categories of personal data
When you visit the Company websites or in the context of a potential or existing business relationship with the Company, the Company may process the following categories of personal data:
(a) The data that you have entered for the purpose of your registration with the website and the services offered (user name, password, full name, contact phone, e-mail address, Connection Number, Tax Identification Number, communication content);
(b) Personal data automatically collected while you browse (IP address, device type, browser, redirection website, company web pages that you visited, visit date and time).
(c) Data processed in the context of a project or a sale/purchase transaction covering goods or services, or data provided by the business partner, such as personal data with regard to orders, payments effected, requests and reports in the context of implementation of a project or a business cooperation in general.
(d) Information on credit worthiness and integrity (information with respect to litigation or other legal proceedings against business partners) collected from publicly available sources, databases and credit rating agencies and bureaus.
- Purpose of processing
Personal data are processed for the following purposes:
(a) Το serve a pre-contractual or contractual relationship in order for you to obtain personalized information and access your personal documents as well as in order for us to respond to your requests or contact you when you have so requested;
(b) Managing the contractual relationship with business partners, such as product acceptance, deliveries, provision of services, performance of work, collections, accounting audits, specifically for the energy business unit, operational and IT service, contract execution, support and monitoring, fulfillment of contractual obligations, etc.;
(c) Τo document a legitimate legal claim or defence of the Company against an attempt at fraud, cyber-attack or other unlawful activity;
(d) Ensuring Company compliance with legal obligations (tax, social security, customs, accounting and other obligations) in the context of compliance checks of business partners for the prevention of financial crimes and the safeguarding of its overriding legitimate interests such as the transmission of data to law firms or competent authorities
(e) Τo create anonymized statistics on the number of visits and accessibility of the homepage and the individual pages, for the purpose of proceeding with necessary action aimed at improving your browsing experience.
(f) Conducting customer satisfaction surveys, advertising campaigns, energy analyses and market stratification, or other promotional activities or events;
- Legal basis for data processing
The processing of your personal data is necessary in order to fulfill the above purposes. Unless otherwise stipulated at the time of collection of personal data, the legal basis for the processing of such data is one of the following:
(a) processing is necessary for the fulfillment of our contractual relationship with you (Article 6(1)(b) of the General Regulation);
(b) data processing is necessary for the purpose of complying with legal obligations of the Company or for the purposes of the legitimate interests pursued by the Company (Article 6 (1) (c) or (f) of the General Regulation respectively).
(c) you have given your explicit consent to the processing of your personal data (Article 6 (1) (a) of the General Regulation).
- Data recipients and transfers
Some of our websites may be managed by third-party IT companies (processors). In such cases we make sure, via contractual provisions and regular inspections, that should such third parties have access to personal data this is done with due observance of the applicable legislation on data protection.
The Company may transfer personal data to other subsidiaries or third parties, however only if and to the extent that such transmission is necessary solely for the above indicated purposes.
The Company may transfer personal data to judicial, administrative, taxation, customs, arbitration authorities or other public authorities, regulatory bodies and attorneys-at-law if necessary for its compliance with legislation and/or for establishing, exercising or defending its legal claims.
Furthermore, the Company may assign part or all of the said processing to third parties (processors) including their directors and employees:
a. parties who have entered into contract with the Company for promoting the company services, for the provision of postal services, data processing support services, record-keeping services, survey services, conduct of energy analyses and market stratification, IT services, advertising services, banking and credit institutions, Certified Public Accountant firms;
b. parties who have entered into contract with the Company for assessing the creditworthiness of the customer and the customer’s ability to fulfill its obligations under the contract;
c. companies informing debtors for debts in arrears, for the purpose of informing the customers pursuant to Law 3758/2009 as amended and applicable (their directors and employees), attorneys-at-law and law firms.
In the above cases we ensure by means of contractual terms and regular audits that, if and to the extent that they have access to personal data, the legislation on the protection thereof is duly complied with.
The recipients of personal data may be established outside the European Economic Area. In such cases, the Company takes measures so that adequate and appropriate safeguards are applied for the protection of personal data by other means, mainly by way of the use of the EU standard data protection clauses.
- Policy on Cookies
Http, web or browser Cookies are text files containing small amounts of information which are downloaded to user’s device when one visits a website. Every time the user loads the website, the browser sends the cookie back to the server to notify the website of the user’s previous activity. Cookies may be useful as they allow a website to recognize a user’s device.
The Company uses “cookies” for other purposes and particularly for:
(a) Marketing purposes: to measure the effectiveness of promotions on this Site, the way visitors use this Site, based on previous user’s visits to this Site.
(b) Conduct research for statistical purposes and / or to improve the content and services of the Site and / or to assess the effectiveness of the Site.
(c) Cookies social networking: In order to share content easily and without problems by users.
If the user does not agree to the use of these cookies, the user may disable them from their browser’s options.
However, some of the services will not function so well if cookies are disabled. Users may learn more at www.youronlinechoices.com as for behavioral advertising, and how one can opt out of the use of such ads.
- Personal Data of Minors
The Company and its websites are addressed to persons having completed their eighteenth (18) year of age. The Company has no liability if minors visit its websites on their own initiative. If during the data collection process it becomes evident that the user is of a younger age, the Company will not process the minor’s personal data.
- Data Retention Period
The Company shall store your personal data for as long as is necessary to achieve the purposes described in the present policy, unless the applicable legislation stipulates or allows a longer time period.
The criteria governing the determination of the data retention period include the following:
(a) as long as the contractual relationship is in effect;
(b) as long as is necessary for the Company to be in compliance with a legal obligation it incurs;
(c) as long as is necessary having regard to the legal situation the Company finds itself in (such as defense of rights in court, audits by regulatory authorities, etc.).
- Technical and organizational measures
The Company effectively implements, both at the time of determination of the means of processing and at the time of processing, appropriate technical and organizational measures such as pseudonymization, designed for the application of data protection principles, such as data minimisation, and the integration of the necessary safeguards into the said processing in a manner fulfilling the requirements of the applicable legislation and protecting the rights of natural persons.
- Right to withdraw your consent
In case you have given us your consent to process specific personal data, you have the right to withdraw your consent at any time, with prospective effect.
Such withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. In case of such withdrawal, the Company may further process your personal data only in cases where there is some other legal ground for such processing.
- Rights of the data subject
Under the applicable legislation on personal data protection and provided the relevant legal conditions are met, you have the following rights:
- 1 Right of access
You have the right to be informed as to whether or not the Company processes your data, to have access to such data and obtain supplementary information in connection with such processing.
- 2 Right to rectification
You have the right to request that your personal data be updated, rectified or completed.
- 3 Right to erasure
You have the right to submit a request for the erasure of your personal data, and such request shall be granted provided no other legal grounds for processing are in place (such as, as an indication, compliance with a legal obligation to process personal data).
- 4 Right to restriction of processing
You have the right to request the restriction of the processing of your personal data in the following cases:
(a) when you contest the accuracy of your personal data, and pending verification of the accuracy of your data;
(b) when you oppose the erasure of your personal data and you request the restriction of their use instead;
(c) when your personal data are no longer needed for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims, and
(d) when you have objected to the processing and pending verification that our legitimate grounds for processing override those for which you object to the processing.
- 5 Right to object to the processing
You have the right to object at any time to the processing of personal data concerning you which is based on the legal basis of the processing (Article 6 (1) (e) or (f) of the General Regulation) and your objection shall be granted unless the Company demonstrates compelling legitimate grounds for the processing.
- 6 Right to data portability
You have the right to receive, at no cost, your personal data in a structured, commonly used and machine-readable format or to request, if technically feasible, that we transmit such data directly to another controller.
- 7 Right to oppose automated decision-making
You have the right to request that you be excluded from decision-making which is based on automated processing, including profiling.
- Data Controller
The Data Controller is “ALTUS LSA Commercial and Manufacturing S.A.”, located at 9 Renieri Street, Chania, Crete, Greece.
The Company provides support for all questions, comments, concerns or complaints relating to personal data protection or should you wish to exercise any right in connection with the protection of your data. You may contact our Data Controller by email at email@example.com or by post at the following mailing address:
ALTUS LSA Commercial and Manufacturing S.A.
Attention: Mrs Maria Sarri (Data Processor)
9 Renieri Street,
Chania, Crete, Greece
- Right to lodge a complaint with the competent authority
If you wish to lodge a complaint with the competent authority, the competent authority for these matters is Hellenic Data Protection Authority (HDPA). You need first make an effort to exercise your rights to the Data Controller.
For the Authority’s responsibilities and how to file a complaint, you can visit its website (www.dpa.gr> My Rights> Submitting a Complaint) where detailed information is available.