This document concerns our Privacy Policy and the processing of personal data that we collect from you or that you voluntarily provide to us in the context of your transactions or communication with our company.
Data Controller
The controller of personal data processing is the company with the name Konstantinos Psillias OE & Co., which is located in Patras, at 61-63 Three Admirals Street, with VAT number 997990407, phone number +30 2610325833, e-mail address portoricopizza@yahoo.gr and which is legally represented.
Contents
A: GENERAL INFORMATION
1. What is personal data?
2. What is the Processing of Personal Data?
3. Is the processing of your personal data compulsory?
4. When and how do we collect your data?
5. What principles do we follow when processing the data?
B: ANALYSIS OF THE PROCESSING
1. Categories of personal data we process
2. Purposes of processing – lawful bases for processing
3. Time-Type of retention of personal data
4. Your rights
C: OTHER INFORMATION
A: General information
1. The term “personal data” (hereinafter “Data”) refers to any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one whose identity can be established, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, an address, a telephone number, but also by reference to one or more factors specific to the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person. Therefore, “Data” is any information relating to and concerning a natural person, whether it immediately reveals his or her identity to us or may reveal it to us.
2. Any operation or set of operations which is performed, whether or not by automated means, on personal data or on sets of personal data, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or any other form of making available, alignment or combination, restriction, erasure or destruction. That is, almost any action, from the moment a “Data” is created until the moment it is destroyed (or completely anonymized), constitutes an act of processing.The processing of “Data” is a lawful act if it is carried out within the framework defined by the relevant legislation, namely the national law 4624/2019 and the European General Data Protection Regulation (GDPR) 679/2016/EU.
3. The assignment of some of your data to our company is necessary when you carry out transactions or communicate with us. In this policy we inform you about the processing rules we follow. If you do not provide us with the data listed below, we will probably not be able to complete the transactions you request and generally provide you with our products and services or respond to your contact request or any other request you make to us.
4. We collect your data at the following times:
a. When you make reservations in our business (e.g. by visiting our business directly, by telephone, via the website, via an online platform)
b. When you communicate with us
c. When you request to receive electronic updates on our news, offers and events, i.e. by subscribing to our newsletter mailing list
d. When you visit our website
5. When processing your data, we accept, adopt and apply the processing principles according to Art.5 GDPR, i.e. your data :
(a) are processed lawfully and fairly and in a transparent manner in relation to the data subject (“lawfulness, objectivity and transparency”);
(b) collected for specified, explicit and legitimate purposes and not further processed in a way incompatible with those purposes (‘purpose limitation’),
(c) are adequate, relevant and limited to what is necessary for the purposes for which they are processed (‘data minimisation’),
(d) accurate and, where necessary, kept up to date, all reasonable steps are taken to ensure the immediate deletion or rectification of personal data which are inaccurate in relation to the purposes of the processing (‘accuracy’),
(e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed (‘storage period limitation’),
(f) processed in a manner which ensures appropriate security of personal data, including protection against unauthorised or unlawful processing and accidental loss, destruction or deterioration, using appropriate technical or organisational measures (‘integrity and confidentiality’).
B: Analysis of the treatment
1. CATEGORIES OF “DATA” PROCESSED
Our company collects and subsequently processes (stores, etc.) basically the following categories of personal data (“Data”):
Name, surname, first name, home/area address, telephone number (landline/mobile), email address, browsing data and the internet protocol (IP) address of your terminal device when you browse our site.
2. PURPOSES OF PROCESSING – LAWFUL BASES OF PROCESSING
We collect and process the above categories of “Data” for the following purposes:
Provision of services, invoicing-credits,
Management of reservations, changes
Customer service (product-service information, customer record keeping),
Defence of legal claims
Compliance with legislation (tax, etc.)
Sending newsletter
Legal bases for processing
We inform you that the processing for the above purposes is carried out:
on the legal basis of Article 6(1)(b) of GDPR 679/2016/EU (i.e. processing is necessary for the performance of a contract to which the data subject is a party) and on the legal basis of Article 6(1)(c) of GDPR 679/2016/EU (i.e. processing is necessary for compliance with a legal obligation of the controller).
With regard to the sending of newsletters, we inform you that this only takes place if a service has been previously provided between us or only if you have voluntarily subscribed to our company’s newsletter mailing list, i.e. with your consent.
In each newsletter message you receive, we provide you with the option to stop sending them by selecting the unsubscribe option at any time you wish.
The newsletter is sent only to promote similar and related products or services of our company.
Your email address is not shared with third parties.
3. TIME – PLACE OF “Data” retention
The processing of “Data” must be limited in time, for the time strictly necessary for the purposes of processing.
The personal data we process in accordance with the above are kept for the time necessary to comply with the law (mainly tax) and to safeguard our legal claims.
In the case of a telephone transaction, we delete them immediately after its completion.
Your other data are kept at our company’s premises in physical or, where applicable, digital form.
4. YOUR RIGHTS
We process the above data in accordance with the above mentioned protection policy and of course we support and ensure the exercise of your rights with a corresponding procedure.
Our response to your requests (whether to exercise your rights or make a complaint) is free of charge and without delay, and in any case within one (1) month from the time we receive your request and confirm your identity. However, if your request is complex or a large number of requests are submitted to our business at the same time, we will inform you within this month whether we need to obtain an extension of another (2) two months, within which we will respond to you. The quoted times of one (1) plus two (2) months (if required) are the statutory and prescribed times in the GDPR.
If your requests are manifestly unfounded or excessive, our firm may impose a reasonable fee, taking into account the administrative costs of providing the information or performing the requested action, or finally refuse to respond to your abusively repeated request.
IN PARTICULAR YOU HAVE THE FOLLOWING:
1. The right to be informed of all the above-mentioned issues and any other matter relating to the processing of your data.
2. Right of access, i.e. the right to receive a copy of the data you have provided us with.
3. Right to update/correct, in case some data is or becomes inaccurate so that we can correct it. Updating will be done within 7 working days from the date of your written request and confirmation of your identity.
4. Right of deletion. This right may be subject to relevant restrictions due to the need to retain some data due to legal obligations.
5. Right to restrict processing when:
(a) the accuracy of the personal data is contested by you and for a period of time that allows us to verify the accuracy of the personal data,
b) the processing is unlawful and you object to the erasure of the personal data and request instead the restriction of its use,
(c) we no longer need the personal data for the aforementioned purposes of the processing, but the data are required by you for the establishment, exercise or maintenance of legal claims and in related cases
6. Right of portability i.e. the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format, and the right to transmit such data to another controller without objection from us.
7. Right to withdraw your consent to receive our newsletter, i.e. the right to request not to receive future newsletters from our company by email, by selecting the unsubscribe option in any such email you have received.
8. Right to complain to the Data Protection Authority (dpa.gr) if you believe that we are in breach of the relevant data protection legislation regarding your data
C: Other information
1. Our company uses modern and up-to-date organizational and technical measures to prevent unlawful intrusion, access or dissemination of your personal data.
2. We inform you that we do not engage in automated individual decision-making or profiling.
3. Our website uses cookies to facilitate your connection to it, to collect traffic statistics or for marketing purposes. For more please visit our Cookies Policy.
4. Through the contact form you can send us a contact message and receive information about our services. We encourage you not to send us messages containing sensitive information about you or third parties. If you send us a message of this nature, we state that we will delete it immediately and will not process or respond to it further.
5. To subscribe to our company’s newsletter mailing list, we only ask you for your full name and email address. Your email will be used exclusively to send you information about our news, services and any special offers. We do not sell, assign or share your email with third parties. You have the right to withdraw your consent at any time by selecting the “unsubscribe” option in the emails you receive or by sending an email to portoricopizza@yahoo.gr.
6. Our company reserves the right to amend or revise this Privacy Policy periodically at its sole discretion. If changes are made, our business will record the date of the amendment or revision in the new Privacy Policy and the updated Policy will apply to you from that date. We encourage you to review this Privacy Policy from time to time to consider whether there are any changes to the way we handle your personal data.
7. If you have any questions, comments or complaints about the management or protection of your personal data or if you wish to exercise any of your rights, please contact us at the above contact details. Our priority is to process this data lawfully and to keep you fully and transparently informed about it.
To submit a complaint or a complaint regarding a breach of your personal data, you can contact the Personal Data Protection Authority (Kifissia 1-3, P.K. 115 23, Athens, Athens, Phone: 210 6475600, Fax: 210 6475628, e-mail for notification of a personal data breach: databreach@dpa.gr, general e-mail: contact@dpa.gr