|
A. GENERAL part |
|
INTRODUCTION |
|
The protection of your personal data is very important to us. In that direction, we attach great importance on harmonizing our Company's practices with the legislation in force. This General Data Protection Policy (hereinafter referred to as the "Policy" or the “Data Protection Policy” or the “GDPR Policy”) concerns the conditions for collecting, storing, retaining, processing and using of your personal information by the personal company “T ONE PC”, with registered address 2 Ralli street & Kottou street, Metamorfosi Attica, with Company Registry No 120830101000, and VAT No issued by the Tax Registry of Nea Ionia, hereinafter referred to as the "Company" |
|
DEFINITIONS Website, the website (portal) www.shisan.gr User/Visitor every website visitor. Use the access, study, advice, storage, or other recording in memory or other magnetic or non-magnetic medium, installation, viewing in any way, mechanical or not, including printing, of the Data of the website. The Beneficiary or Content Owner is the company by the personal company “T ONE PC”, with registered address 2 Ralli street & Kottou street, Metamorfosi Attica, with Company Registry No 120830101000, and VAT No issued by the Tax Registry of Nea Ionia, as the creator of the Website and all the Elements contained in it, or as the lawful user of those of the Elements that are not its original intellectual creations. Any other affiliated company or any other company who acts as a proxy of the Company in respect of the operation of the website is considered to act as a representative and the aforementioned rights of are not affected The basic definitions of the terms and names to be used in this document, as referred to in Article 4 of the General Regulation on Personal Data Protection 2016/679 / EU (EU GDPR), are the following: Personal Data: Any information or data relating to an identified or identifiable natural person ("data subject"). As identifiable natural person is considered to be the natural person whose identity can be ascertained, directly or indirectly, in particular by reference to an identifying element such as its’ name, identity card and/or passport number, tax information, location data, summarized identity, or one or more factors specific to physical, physiological, genetic, physical, economic, cultural or social identity of that natural person. Personal data of special categories (sensitive): Personal data which are by nature very sensitive in relation to fundamental human rights and freedoms are considered sensitive and therefore require special protection as the context of their processing could pose significant risks to the fundamental human rights and freedoms. This personal data include data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union memberships, as well as the processing of genetic data, biometric data used for undisputed identification of a persons’ health status or data relating to its’ sexual life or its’ sexual orientation. It is clarified that all personal data of minors -under the age of 16 - are by definition considered as sensitive and treated as such. Controller: a natural person or legal entity, a public authority, a service or other entity that alone by itself or acting jointly with others determine the purposes and the manner in which personal data are processed. Processor: a natural person or legal entity, a public authority, a service or other entity processing personal data on behalf of the controller. Processing: any action or set of actions carried out with or without the use of automated means of collecting personal data or clusters of personal data (sensitive and non-sensitive) such as collection, registration, organization, structure, storage, adaptation or alteration, retrieval, search of information, use, disclosure by transmission, dissemination or any other form of disposal, association or combination, restriction, erasure or destruction. Authority: The Personal Data Protection Authority (PDPA)
|
|
The Company is designated as a controller and strictly complies with the Data Protection Principles set out in Article 5 of the General Data Protection Regulation.
|
|
B. SPECIFICS |
|
The purpose of the Company through the use of the website www.shisan.gr is the providing information and services about Japanese cuisine and sushi culture in relation to its physical restaurants and the attraction of the consumer public as well as interested parties to participate in its network of stores (franchisees). Operating as an information and interaction platform, it aims to become a point of communication and reference from which the consumer public and Japanese cuisine lovers will discover the best that the Company has to offer in its field of activity. This website aims to inform the public about its products and services. The Website is an online platform of the Company, through which products and services are displayed and access to products/services of third parties is provided (either directly in the environment of the Website from information provided by third parties, or on external websites of third parties). In particular, through the Website, third-party services are provided to you, the users, on the one hand, and third-party business promotion services, on the other hand (catering services, accommodation, guided tours, transport, entertainment or any other service added or to which are provided by the Website their viewing services through the Website). The Company under no circumstances guarantees and/or confirms the correctness, accuracy or completeness of the information of any third parties (Service Providers) displayed on the website, nor is it liable to the user/visitor, for any reason related to the contractual relationship between the Service Provider and the user. Unless expressly stated, the Website does not constitute, directly or indirectly, an endorsement or recommendation or suggestion to you of any Service Provider or its services/products.
|
|
2. WHAT IS PERSONAL DATA? |
|
The term "personal data" or “private data” or "data" as used in this Policy refers to information belonging to natural persons (as for example the full name, the e-mail address, etc.), hereinafter "Personal Data or Private Data or Data". |
|
3. WHAT PROCESSING OF PERSONAL DATA REFERS TO? |
|
As Processing of Personal Data is considered any action or set of operations/actions carried out with or without the use of automated means for collecting data, either in an electronic form (soft copy) or in a hard copy, such as collection, registration, organization, classification, structure, storage, adaption, change, retrieval, search for information, use, transmission, dissemination, association, combination, restriction, deletion and destruction of Personal Data.
|
|
4. WHICH DATA DO WE COLLECT |
|
A) The Company collects all the necessary information from its contractors (either as a customer or as a supplier) for the preparation and performance of the service contract and/or for the communication between us following your explicit consent, in particular: 1) Identity data such as first and last name 3) telephone (fixed land line/mobile), 4) e-mail address,
|
|
B) When you visit and navigate on the Company's website, we ARE NOT collecting your Data, except from the ones automatically collected by the cookies you have authorized yourself by providing your consent to be used. Specifically, the only types of cookies used by our Site belong to the following categories: i. Absolutely Required Cookies and ii. Functionality Cookies and both are necessary for the proper operation of the site. The information they collect is anonymous and does not monitor the activity of browsing other sites. For more information, please refer to the Company's cookie privacy policy posted on the Company's website www.shisan.gr Furthermore, upon your explicit consent, and exclusively provided by you, information is collected through our website for the purpose of notifying and communicating our activities to you as detailed in our Privacy Policy posted on our website |
|
5. WHY ARE WE ARE PROCESSING YOUR DATA FOR? |
|
We collect your Data solely for the purposes of:
|
|
6. WHAT IS THE LEGAL BASE FOR DATA PROCESSING BY THE COMPANY? |
|
Data Processing is performed for the execution of any contract between us for the provision of our services, for your information on the activities, events and promotions of the Company to you, as well as for the communication of the Company with you, only after your prior explicit consent, in writing or electronically. |
|
7. DO WE USE THE DATA FOR OTHER PURPOSES i.e PROMOTING GOODS AND / OR SERVICES?
|
|
The Company does not use the Data for purposes other than those mentioned in paragraph 6 above, which relate to the proper provision of our services, in view of high quality standards and the compliance of our company with the applicable legislation. The Company may use the Affiliates and Customer Information on its website for publicity/promotional or other purposes related to the Company's professional visibility and publicity.
|
|
8. WHO ARE THE DATA RECIPIENTS? |
|
The recipients of the Data are:
|
|
Our website includes hyperlinks to, and information from, third party sites. We cannot control and are not responsible for the protection policies and practices of third parties. We may disclose your personal information to trusted third party service providers as necessary for them to perform services on our behalf. Examples of data sharing include cookies, your IP address, your email address, and your name. Your email address and name are used only in trusted services that we use to create newsletters. We disclose only the minimum necessary information, and third parties are not allowed to use your information for any other purpose, as stated in our Privacy Policy. Every third party we use also complies with the GDRP set of regulations. The site may provide links that redirect the user to third-party sites. The Company does not control these third-party websites and is not responsible for the content posted on them or any further links that appear on them. The Company is not responsible for the privacy practices of third parties or for the content of third-party websites. |
|
9. HOW DO WE SECURE THAT YOUR DATA ARE RESPECTED |
|
The Data Processors have agreed and contracted with the Company: • to be bound by confidentiality/non-disclosure agreements, • not to disclose any data to third parties without the prior provided permission by the Company, • to take all appropriate security measures • to comply with the legal framework for the protection of personal data, and in particular the EU GDPR Regulation. The Company takes all appropriate technical and organizational security measures to ensure that processed personal data are accurate and, where necessary, accordingly updated. The Company takes all necessary measures to ensure that inaccurate or incomplete data will be erased or accordingly corrected. Personal data processed are appropriate, proportionate and relevant to the needs of the service rendered to the customer, meet the contractual obligations undertaken by each contract party and are collected only for defined, explicit and legitimate purposes, as above mentioned as well as in the relevant contracts. The personal data process is conducted by the Company in a manner that ensures their confidentiality and follows rules and other procedures to protect them against unauthorized access, misuse, alteration, forbidden dissemination, disclosure, loss or accidental / unlawful destruction and any other form of unfair processing. The Company applies technical and organizational security policies, routines, and procedures to protect the personal data it collects from potential security breach, loss, misuse, alteration, or destruction. Internal audits on the processing of personal data are routinely conducted by the Company to review the effectiveness of the applicable data protection measures. Specially authorized individuals have access to data processing systems through which personal data is processed or used only in accordance with the Company's instructions. Data processing systems cannot be used by unauthorized persons. Persons authorized to use data processing systems have specific and targeted access only to the data for which they have been authorized. Personal data may not, during the processing or use or after, be recorded, read, copied, modified, or shifted by unauthorized persons of the Company. Access to personal data is limited only to those who have authority in the course of their duties appointed to them by the Company, provided they need to be aware of them. People who have access to the data are required to keep the data confidential.
|
|
10. FOR HOW LONG DATA WILL BE STORED?
|
|
As a rule, all personal data are deleted/destroyed by the termination of our contractual relationship. The duration of the retention of the Data is also determined by the retention obligation imposed by the applicable legislation governing the Company's contractual and tax obligations. Exceptionally, it is possible to extrapolate the length of retention of the Data for purposes of proofing before the courts in regards of the compliance of contractual obligations by the Company or in case it is required by a rule of law or due to compliance with instructions from Public or Independent Authorities.
|
|
11. ARE YOUR DATA SECURE? |
|
The Company is committed in safeguarding your Personal Data. We have received appropriate organizational and technical measures for the security and protection of Data from any form of accidental or fraudulent processing. Security measures shall be reviewed and amended whenever necessary to meet the conditions and standards set forth in the applicable legislation. Indicatively, and not restrictively, the following rules describe how, and in which space the data are safekept. The data stored in hard-copy files are kept to a point where unauthorized persons have no access. The same applies to files that are kept electronically, but for some reason they have been printed-out. Important points are: • Envelopes and scanned data are kept in a locked cabinet. • Employees are confident that printouts are not left unattended where unauthorized people could access them, such as for example in or near the printer. • Printed-out data that are not in use are usually destroyed. In the event that the data are stored electronically (soft copies), they are protected against unauthorized access, accidental destruction and spyware. Specifically:
Your Data may only be processed by specifically authorized persons, employees, and partners solely for the purposes stated above. The Company carries out regular audits and routine inspections to verify that the data are secure and that the present Policy is implemented.
|
|
12. WHAT ARE YOUR RIGHTS? |
|
You have the right to access your personal data. This means that you have the right to be informed by us whether we process your Data. If we process your Data, you can ask to be informed about the purpose of the processing, the kind of Data we process, who we give it, for how long we store it, whether we use automated collecting tools, but also about your other rights, such as correcting, deleting data, limiting the extend of processing and submitting a complaint to the Data Protection Authority. You have the right to correct inaccurate personal data. If you find that there is an error in your Data, you can apply for us to correct it (for example, a name correction or an update of an address change). You have the right to delete / the right to oblivion. You may ask us to delete your data if they are no longer necessary for the processing purposes. You have the right to transfer your Data. You may ask us to receive the Data you have provided in a readable form or ask us to forward it to another controller. You have the right to restrict your processing. You may ask us to restrict the processing of your Data for as long as your filed objection on procession is pending. You have a right to object to the process of your Data. You may oppose to the process of your Data or withdraw your consent and we will cease processing your Data, unless of course there are other compelling and legitimate reasons that prevail over your right.
|
|
13. HOW CAN YOU PERFORM YOUR RIGHTS?
|
|
In order for you to exercise your rights you can send us a written request, describing the right you wish to exercise, via e-mail to the address gdpr@shisan.gr under the title/subject "Exercise of the right of access/rectification/deletion/restriction/opposition", describing your request, We will review it and revert as soon as possible.
|
|
14. WHEN DO WE REPLY TO YOUR REQUESTS? |
|
We will respond to your requests free of charge, without any delay, and in any case within (1) one month from the date of receipt of your request. However, if your request is complicated or there are a large number of requests (clustered requests) by you, we will inform you within one (1) month whether we will be needing an additional two (2) month extension, within which we will respond to you. If your claims are manifestly unfounded or excessive due in particular to their recurrence, the Company may impose a reasonable fee, taking into account the administrative costs of providing the information or executing the requested action or refusing to follow up the request.
|
|
15. HOW TO FOLLOW UP THE DEVELOPMENT OF YOUR REQUESTS |
|
For more information, you can directly contact us via e-mail address gdpr@shisan.gr using the title: "Request Progress".
|
|
16. DO WE USE AUTOMATIC DECISION-MAKING TOOLS / INCLUDING CREATING A PROFILE WHEN YOUR DATA PROCESSING?
|
|
NO, we do not make decisions, nor do we create a profile based on our automated data processing.
|
|
17. WHAT IS THE LAW APPLICABLE FOR PROCESSING OF YOUR DATA BY THE COMPANY?
|
|
We process your Data in accordance and compliance with the General Personal Data Protection Regulation 2016/679 / EU and in general the current national and European legal and regulatory framework for the protection of personal data.
|
|
18. TO WHOM SHOULD YOU SUBMIT ANY COMPLAINTS IN CASE OF INFRINGEMENT OF THE APPLICABLE LAW FOR PROTECTION OF PERSONAL DATA? |
|
You have the right to lodge a complaint addressed to the Personal Data Protection Authority (1-3 Kifisias Avenue, Athens/ www.dpa.gr ) if you believe that processing of your Personal Data violates the current national and regulatory framework for the protection of private data
|
|
19. HOW WILL YOU BE INFORMED FOR ANY MODIFICATION OF THIS POLICY? |
|
We will update this Policy whenever deemed necessary to comply with the applicable national and European laws and regulations on the protection of personal data. If there are any significant changes to the Policy or the way we use your Personal Data, we will post in a prominent place on our website. We encourage you to review this policy regularly in order to monitor how your Data are protected from time to time. The Company is the controller of the process of the private data of natural persons or individual businesses it receives. If you wish to contact any matter relating to the processing of your Data and the exercise of your rights, you may contact the Company’s Data Controller, by using the e-mail address gdpr@shisan.gr
|
0