Last update: November 2019
We wish to reassure you that all information and data that you provide to us or that are otherwise collected by us in the context of the Website, will be used by our Company in compliance with applicable legislation on the protection of personal data, to include Regulation (EU) 2016/679 (hereinafter the “GDPR”) and Law 4624/2019 “Data Protection Authority, measures for the implementation of Regulation (ΕU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and transposition of Directive (ΕU) 2016/680 of the European Parliament and of the Council of 27 April 2016 into national law and other provisions”.
“Personal Data”: any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
“Data Processing”: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
“Data Controller”: a natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
“Data Processor”: means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
- Data Controller
The data controller regarding all personal data processing operations carried out through our Website is our Company “MANTZARIS SOCIETE ANONYME”, having its registered seat in Zevgolatio, Korinthia, Tsakiri, 200 01, Greece, tel. no. (+30) 27410 54900, 51900, 54400, 51666.
- Types of personal data that we collect from you
When you use the Website, the Company may collect information that is related to you and allow you to be identified, directly or indirectly in combination with additional information. Such information, known as “personal data”, may be collected by the Company both when you choose to voluntarily provide same to us (e.g. when you subscribe to our newsletter list) or simply by analyzing your behavior on our Website (e.g. through cookies).
Data voluntarily provided by you
If you wish to subscribe to our mailing/newsletter list through our Website, you will be requested to fill-in your email address. If you choose to communicate with us by making use of the “Contact Form” available through our Website, you will be requested to provide us with your contact details (name, surname, email and, optionally, the name of your company). Similarly, if you make use of the “Order Form” available through our Website, you will be requested to provide us with your contact details (name, surname, email, telephone number, address and, optionally, company and competence). It is not mandatory for you to provide the above-mentioned personal data to the Company. However, if you fail to provide same, the Company will not be able to respond to your requests and/or provide the services that you requested.
Our Website’s operation, as is the case with most websites on the internet, involves the use of computer systems and software procedures that collect information about the Website users as part of their ordinary operation. Even though the Company does not collect such data in order to associate them with a specific user, it is possible, due to their nature and through association with additional data kept by third parties, to allow the identification of the user, either directly or indirectly by using other information collected.
Such information may include parameters related to your operating system, to include you Internet Protocol (IP) address, your location (country), the domain names of your computer, the Uniform Resource Identifier (URI) addresses of resources you request through the Website, the time of requests made, information about your activities on our Website (e.g. webpages visited, products viewed), details about the device (e.g. computer, tablet or smartphone) used in order to gain access to our Website etc., through cookies and other technologies that allow such tracking. For more information, please visit our Cookies Policy.
Such data will be used by the Company solely for anonymous, statistical purposes that relate to the use of the Website, without being associated in any other manner with any identifier of the users, to endure the proper operation of the Website and detect any faults and/or abuses of the Website. Such data may also be used in order to investigate liabilities in the event of cybercrimes committed against the Website.
- Scope and Legal Basis of Processing of Personal Data
The Company intends to process your personal data, collected through its Website, for the following purposes:
Ι. To respond to your queries and provide information or services that you may request. To process transactions and enrolments that you request and contact you when necessary, also through emails. To complete purchase orders and deliver products ordered through its Website, as well as to provide all other types of services that you may request. For the above purposes (hereinafter “Provision of Services”) your consent for the processing of your personal data will not be required, as such processing is necessary for the provision of the services you have requested and, therefore, for the performance of an agreement to which you are a party or for the implementation of measures requested by you prior to entering into an agreement (GDPR article 6, para. 1 b). It is not mandatory for you to provide your personal data to the Company for the above purposes. However, if you fail to provide same, the Company will not be able to respond to your requests or/and provide the services that you requested.
ΙΙ. For marketing, promotional and advertising purposes in connection with the Company’s products and services, as well as to send you offers, carry out direct marketing campaigns, send you electronic newsletters and other information about our products and services. The processing of your personal data for such purposes (hereinafter “Marketing”) is based on your consent (GDPR article 6, para. 1 a). It is not mandatory to provide your consent to the Company for the use of your personal data for the above purposes and you will suffer no consequence in case you choose not to give it, apart from the fact that you will not be receiving any marketing communications from the Company. Any consent provided, may be withdrawn at a later stage; note that the withdrawal of consent does not affect the lawfulness of processing carried out based on such consent.
ΙΙΙ. For future marketing, promotional and advertising purposes, by sending you direct electronic marketing communications regarding products and services provided by the Company that are identical or similar to those that you have requested in the past by our Company (hereinafter “Soft Spam”). The processing for the above purposes is based on the Company’s legitimate interest (GDPR article 6, para. 1 f) in sending you electronic marketing communications regarding its products and services that are identical or similar to those you have previously requested. You may block such communications without any consequence, by objecting through the unsubscribe link that is provided at the bottom of all such future communications.
IV. To analyse the use of the Website, to examine its traffic, to collect information regarding user preferences, as well as to deliver advertisements that are more relevant to the users and their interests, through the use of statistics/performance cookies as well as targeting/advertising cookies. The processing of your personal data for the above purpose (hereinafter “Advertising/Analysis”) is based on your consent (GDPR article 6, para. 1 a) that is provided through the cookie banner and/or specific field that you must actively complete. It is not mandatory to provide your consent to the Company for the use of your personal data for the above purpose and you will suffer no consequence in case you choose not to give it. Any consent provided, may be withdrawn at a later stage by changing your browser settings, in accordance with our Cookies Policy.
V. For compliance with laws that require from the Company the collection and/or further processing of certain categories of personal data. When you provide any personal data to the Company, the Company must process same in accordance with applicable law, which may include retaining and reporting your personal data to official authorities, in compliance with tax, customs or other legal obligations. Your consent is not required for such purpose (hereinafter “Compliance”), as such processing is necessary for compliance with a legal obligation to which the Company is subject (GDPR, article 6, para. 1 c).
VI. To protect and defend the security of the Company’s systems and property, to include the prevention and detection of any misuse of our Website or any fraudulent activities taking place through the Website, as well as to defend the Company’s legitimate interests before the competent Courts and Authorities. The processing of your personal data for such purpose (hereinafter “Security/Legitimate Interests”) is necessary for the Company to pursue its legitimate interests (GDPR article 6, para. 1 f).
- Recipients of Personal Data
Our Company does not sell, exchange, lease personal data to third parties, natural or legal persons. We may disclose personal data only to the extent necessary as follows:
- To our duly appointed collaborators/service providers (e.g. internet service providers, IT service providers and providers of related infrastructure, customer service providers, transportation companies, attorneys-at-law, accountants);
- Other companies of our group for internal administrative purposes;
- Selected individuals that have been authorized by our Company to process data that are strictly necessary for the carrying out of activities relating to the provision of the services through the Website (e.g. technical maintenance of network equipment and electronic communications networks), who have undertaken an obligation of confidentiality or are subject to an appropriate legal obligation of confidentiality (e.g. employees of our Company);
- Credit institutions (e.g. for the carrying out of payments);
- Public authorities, bodies or offices, to include tax authorities, to the extent necessary in compliance with applicable law;
- In the event of a corporate change of our Company, reorganization, merger, sale etc., your personal data may be disclosed. In this case, the Company will make every effort to adequately inform you and will provide you with the possibility to exercise your rights.
- Transfer of Personal Data outside the E.U.
The electronic platform that hosts our newsletter subscribers’ database is currently located outside the EU, while the provider of such hosting and marketing/newsletter campaign services is Rocket Science Group Llc (MailChimp), having its seat in the United States. Mailchimp participates in and has certified its compliance with the E.U.-U.S. Privacy Shield Framework and acts as data processor on our behalf. We wish to reassure you that in the limited and necessary circumstances that your personal data will be transferred outside the EU/EEA, the Company will put in place adequate measures and will provide appropriate safeguards, in order to ensure the privacy and security of your personal data. You may obtain additional information regarding such safeguards, by emailing us at [email protected]
In compliance with the laws that protect minors’ online privacy, the Company does not purposely collect personal data of individuals under the age of 18. In case the Company is informed that it has unintentionally collected minors’ personal data, such information will be promptly deleted.
- Security of Personal Data
All personal data collected through the Website will be kept and processed in a manner that will minimize the danger of destruction, loss (including accidental loss), non-authorized access, use or incompatible use with the initial purpose of collection. This is attained through appropriate technical and organizational security measures, implemented by the Company.
- Data Retention Period
In general, the Company retains your personal data strictly for as long as necessary, in order to fulfill the purposes for which the data were collected. The criteria used by the Company to determine its data retention periods include: (a) for as long as we have an ongoing relationship with you, (b) if the processing is based on your consent, from the moment that you provide such consent until the moment you withdraw same, unless if further retention is necessary for the protection of the rights of the Company; it is hereby clarified that the withdrawal of consent does not affect the lawfulness of processing carried out based on such consent, (c) for as long as necessary in light of a legal obligation to which the Company is subject, (d) for as long as necessary in light of the legal position of our Company (indicatively, to defend our rights before the Courts, to comply with regulatory controls etc.). In particular:
- Personal data processed for the Provision of Services (as per article 5.I. above) will be kept by the Company for a period that is strictly necessary for the fulfillment of such purpose. Information will, however, be retained for a longer period if we need to address any claims regarding the services or in case we need to protect the Company’s interests in connection with a potential liability regarding the Provision of Services.
- Personal data processed for Marketing as well as Advertising/Analysis purposes (as per Articles 5.I. and 5.IV. above), will be kept by the Company from the moment that you provide your consent until the moment you withdraw same. In case of withdrawal of consent, your personal data will no longer be used for these purposes, however, they may be retained by the Company, as we may be required to protect the Company’s interests in connection with a potential liability relating to such processing.
- Personal data processed for Soft Spam (as per article 5.III. above) will be kept by the Company from the moment that you provide your data to us until the moment you object to such processing.
- Personal data processed for Compliance purposes (as per article 5.V. above), will be kept by the Company for the period required, in accordance with specific legal obligations for which such data were processed.
- Personal data processed for Security/Legitimate Interests purposes (as per article 5.VI. above), will be kept by the Company for a period that is strictly necessary for the fulfillment of the purposes for which such data were initially collected.
Following the lapse of the above-mentioned periods, all data will be deleted or anonymized, with the exception of data that, based on applicable law, must be retained for a longer period of time.
- Your Rights
As a data subject you have the following rights that you may exercise at any time, unless if Regulation (EU) 2016/679 or applicable law provide otherwise:
- Obtain confirmation on whether your personal data is being processed by the Company and, in the affirmative, access and obtain a copy of such data;
- Update, modify and/or rectify your personal data, where it may be inaccurate or incomplete;
- Request the erasure of your personal data, where the processing is unnecessary or unlawful;
- Request the restriction of processing of your personal data, when you feel that your personal data is inaccurate or that the processing is unnecessary or unlawful;
- Withdraw your consent to the processing of your personal data, when such consent serves as the legal basis for processing;
- Request, under certain conditions, the portability of your personal data, namely, to obtain a copy of your personal data in a structured, commonly used and machine-readable format, as well as to request the transmission of your personal data to another data controller;
- Object to the processing of your personal data;
- File a complaint with the Hellenic Data Protection Authority. Regarding the competency of the Authority and for information on how to file a complaint, you may visit the website www.dpa.gr → Citizen rights → Complaint to the Hellenic DPA.
The Company reserves the right to amend the present Policy from time to time. Any changes will appear on our Website, accompanied by a clear indication of the date that our Policy was last updated. We invite you to periodically review the present Policy, in order to acquaint yourself with the latest updated version.
For any request or query that you may have regarding this Policy, please contact us by:
- Post: MANTZARIS SOCIETE ANONYME, Tsakiri, Zevgolatio, Korinthia, 200 01, Greece (to the attention of the Data Protection Office)
- Email: [email protected]
We will make every effort to respond to your query the soonest possible.
Copyright® 2019 Eurofilm All rights Reserved