Privacy Notice

A. EUROFILM’S PRIVACY NOTICE FOR CLIENTS

B. EUROFILM’S PRIVACY NOTICE FOR SUPPLIERS AND EXTERNAL PARTNERS

 

Α. EUROFILM’S PRIVACY NOTICE FOR CLIENTS

Last update: December 2020

  1. Introduction

“MANTZARIS SOCIETE ANONYME” with distinctive title “Eurofilm” (hereinafter the “Company”, “we”, “us”) acknowledges how important is to protect the personal data of our clients and potential clients, their representatives and persons to whom our clients have entrusted the execution of our Agreements (hereinafter jointly the “Clients”, “you”). The purpose of this Privacy Notice (hereinafter the “Notice”) is to inform you about the personal data that our Company collects, the purpose for which such data are being processed and the rights that you have in connection with your personal data.

We wish to reassure you that any information and data that you provide to us or that are otherwise collected by us, will be used by our Company in compliance with applicable legislation on the protection of personal data, to include Regulation (EU) 2016/679 (hereinafter the “GDPR”) and Law 4624/2019 “Data Protection Authority, measures for the implementation of Regulation (ΕU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and transposition of Directive (ΕU) 2016/680 of the European Parliament and of the Council of 27 April 2016 into national law and other provisions”.

  1. Definitions
  • “Personal Data” means any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
  • “Data Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
  • “Data Controller” means a natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
  • “Data Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

 

  1. Data Controller

The data controller regarding all personal data processing operations carried out in accordance with the present Notice is our Company “MANTZARIS SOCIETE ANONYME”, having its registered seat in Zevgolatio, Korinthia, Tsakiri, 200 01, Greece, tel. no. (+30) 27410 54900, 51900, 54400, 51666, email: [email protected].

 

  1. The Principles and Values of Eurofilm
  • We fully respect our Clients and the protection of their personal data is a priority for our Company.
  • We apply full transparency in the way that we process our Clients’ personal data.
  • We treat and manage our Clients’ personal data as strictly confidential, applying all necessary technical and organizational measures to protect such data.
  • We collect personal data for specified, explicit and legitimate purposes and we do not process them further in a manner incompatible with those purposes.
  • We apply the principle of data minimization by processing only data that are strictly necessary for the purpose for which they have been collected.
  • We do not disclose or transfer your personal data to third parties without your prior notice and, if necessary, your consent, unless permitted by applicable law or by the contract between us.
  • We comply with applicable data privacy law and abide by all our obligations arising from such legislation.

 

  1. Types of Personal Data that we Collect

In the context of providing products or services to our Clients, to include the execution of contracts as well as the pre-contractual stage, our Company may collect the following personal data:

  • Your personal information (indicatively, name and surname, tax registration number, position, capacity, other identification data).
  • Your contact details (indicatively, postal and electronic address, telephone numbers [landline/mobile], fax number).
  • Commercial and financial data (indicatively, client card, order file, copies of contracts, check data, payment data and details of transactions, bank account details, credit or debit card information, data related to your creditworthiness and transactional behaviour).

 

  1. Sources of Personal Data Collection

Our Clients’ personal data are primarily collected:

  • Directly from our Clients, for example when you provide us with data that allows us to fulfill our contractual obligations towards you, to include the provision of data during the pre-contractual stage, when you contact us in any way (through telephone, email, fax), when you complete our Company’s forms and leaflets (for example, in order to send you informative emails, newsletters ).
  • From other sources, such as companies checking transaction behaviour and creditworthiness, providing in general credit risk management services (indicatively, ICAP S.A., ΤIRESIAS S.A., EULER HERMES HELLAS etc.) or public sources (Government Gazettes, General Commercial Registry, professional catalogues etc.), containing entries regarding your professional activities.
  • Automatically, for example when you decide to access our website eurofilm.gr or when you visit the premises of our Company, where a video surveillance system (CCTV) operates.

 

  1. Scope of Processing of Personal Data

The Company collects and processes the above-mentioned personal data of its Clients, for one or more of the following purposes:

  • To manage and respond to requests, questions, complaints of our Clients, to include delivery of informative and promotional materials regarding our products and services.
  • To manage our business and/or contractual relationships, to include the management of the pre-contractual stage, the evaluation of our Clients and their transactional behaviour, as well as the assessment of credit risk.
  • To fulfill our contractual obligations, including keeping Client files, the completion of purchase orders and delivery of our products, the management and monitoring of payments, the service and general support of our Clients throughout every stage of our cooperation.
  • For tax purposes, for reasons of invoicing and proof of service.
  • To safeguard the safety of staff and our corporate assets (facilities, systems, infrastructure, equipment etc.).
  • To conduct internal audits and ensure compliance with corporate procedures and policies.
  • To defend the rights and lawful interests of our Company before any competent Court and Authority.
  • For the purpose of enforcing and complying with Court decisions, provisions of laws, guidelines, regulations and/or circulars.

Our Company collects and processes the personal data of its Clients for the above-mentioned purposes, only to the extent necessary for the effective service of those purposes. The data that our Company collects are relevant, appropriate and limited to what is necessary in relation to the purposes for which they are processed.

 

  1. Legal Basis of Processing of Personal Data

Our Company lawfully processes personal data of its Clients, based, as the case may be, on at least one of the following legal bases of processing:

  • The processing is necessary for the performance of a contract to which you are a party or for the implementation of measures requested by you prior to entering into a contract (GDPR article 6, para. 1 b). If you fail to provide personal data that are necessary for the execution of a contract between us, our Company will not be able to enter into a contract with you and/or provide you with the products or services that you have requested.
  • The processing is necessary for our Company to comply with a legal obligation to which it is subject (GDPR article 6, para. 1 c). When you provide your personal data to our Company, the Company will process same in accordance with applicable law, in compliance with tax, customs or other legal obligations.
  • The processing is necessary for the purposes of the legitimate interests pursued by our Company (GDPR article 6, para. 1 f), to include the prevention and defence of the security of our systems and property, the defence of the Company’s legitimate interests before the competent Courts and Authorities and the carrying out of audits to ensure compliance with our corporate procedures and policies.
  • The processing is based on your consent, when none of the above legal bases of processing apply (GDPR article 6 para. 1 a). In some cases, me may ask for your consent in order to process your personal data for a specific purpose, such as for instance in order to send you promotional material that bests suits your preferences, to publish your details in our corporate forms and leaflets or to post a picture from your participation in one of our corporate events. You may withdraw your consent at any time, without affecting the lawfulness of processing based on your consent prior to its withdrawal.

 

  1. Recipients of Personal Data

Our Company does not sell, exchange, lease personal data to third parties, natural or legal persons. We may disclose personal data only to the extent necessary as follows:

  • To our Company’s duly appointed collaborators, external consultants, service providers (e.g. internet service providers, IT service providers and providers of related infrastructure, customer service providers, transportation companies, Attorneys-at-Law, accountants, auditors, security and insurance providers, companies controlling transaction behaviours and creditworthiness and providing in general credit risk management services);
  • Other companies of our group in the context of centralized management of our sales, as well as for internal administrative purposes;
  • Selected individuals and departments within our Company (Account Department, Invoicing, IT) that have been authorized to process data that are strictly necessary and who have undertaken an obligation of confidentiality or are subject to an appropriate legal obligation of confidentiality;
  • Credit institutions (e.g. for the carrying out of payments);
  • Tax, audit and other public authorities, bodies, services, to include law enforcement authorities, to the extent necessary, in compliance with applicable law and/or any other legally enforceable act or mandate;
  • In the event of a corporate change of our Company, reorganization, merger, sale etc., your personal data may be disclosed. In this case, the Company will make every effort to adequately inform you and will provide you with the possibility to exercise your rights.

 

  1. Transfer of Personal Data outside the E.U.

We wish to reassure you that in the limited and necessary circumstances that your personal data will be transferred outside the European Union/European Economic Area, the Company will put in place adequate measures and will provide  appropriate safeguards, in order to ensure the privacy and security of your personal data.  You may obtain additional information regarding such safeguards, by emailing us at [email protected].

 

  1. Security of Personal Data

Our Company makes every effort so that all personal data collected to be kept and processed in a manner that will minimize the danger of destruction, loss, including accidental loss, non-authorized access, use or incompatible use with the initial purpose of collection. This is attained through appropriate technical and organizational security measures, implemented by the Company, including asking service providers with whom we cooperate to take appropriate measures for the protection of the confidentiality and security of your personal information.

 

  1. Data Retention Period

The Company retains your personal data strictly for as long as necessary, in order to fulfill the purposes for which the data were collected. The criteria used by the Company to determine its data retention periods include: (a) for as long as we have an ongoing relationship with you, (b) if the processing is based on your consent, from the moment that you provide such consent until the moment that you withdraw same, unless if further retention is necessary for the protection of the rights of the Company; it is hereby clarified that the withdrawal of consent does not affect the lawfulness of processing carried out based on such consent before its withdrawal, (c) for as long as necessary in light of a legal obligation to which the Company is subject, (d) for as long as necessary in light of the legal position of our Company (indicatively, to defend our rights before the Courts, to comply with regulatory controls etc.). After this period, the data are deleted or anonymized, with the exception of data that by virtue of applicable law must be retained for a longer period.

 

  1. Your Rights

As a data subject, you have the following rights that you may exercise at any time, unless if Regulation (EU) 2016/679 or applicable law provide otherwise:

  • Obtain confirmation on whether your personal data is being processed by the Company and, in the affirmative, access and obtain a copy of such data;
  • Update, modify and/or rectify your personal data, where it may be inaccurate or incomplete;
  • Request the erasure of your personal data, where the processing is unnecessary or unlawful;
  • Request the restriction of processing of your personal data, when you feel that your personal data is inaccurate or that the processing is unnecessary or unlawful;
  • Withdraw your consent to the processing of your personal data, when such consent serves as the legal basis for processing;
  • Request, under certain conditions, the portability of your personal data, namely, to obtain a copy of your personal data in a structured, commonly used and machine-readable format, as well as to request the transmission of your personal data to another data controller;
  • Object to the processing of your personal data;
  • File a complaint with the Hellenic Data Protection Authority. Regarding the competency of the Authority and for information on how to file a complaint, you may visit the website dpa.gr ® Citizen rights ® Complaint to the Hellenic DPA.

 

  1. Amendments to the present Privacy Notice for Clients

The Company reserves the right to amend the present Notice from time to time; a clear indication of the date that our Notice was last updated will appear. Any modifications will take effect from the moment they are notified to you either by email or by post on the Company’s website (www.eurofilm.gr) or through any other means that the Company deems appropriate.

 

  1. Communication

For any request or query that you may have regarding this Notice, please contact us by:

  • Post: MANTZARIS SOCIETE ANONYME, Tsakiri, Zevgolatio, Korinthia, 200 01, Greece (to the attention of the Data Protection Office);
  • Email: [email protected].

We will make every effort to respond to your query the soonest possible.

 

B. EUROFILM’S PRIVACY NOTICE FOR SUPPLIERS AND EXTERNAL PARTNERS

Last update:  Decenber 2020

  1. Introduction

During the selection process as well as throughout our cooperation with suppliers and external partners, our company, “MANTZARIS SOCIETE ANONYME” with distinctive title “Eurofilm” (hereinafter the  “Company”, “we”, “us”), collects personal data about such suppliers and external partners, their representatives, employees, subcontractors, contact persons, authorized representatives and other individuals, including persons who have access and/or provide work/services at our premises in the context of the above-mentioned  cooperations (hereinafter  jointly the “Suppliers”, “you”). If you belong to any of the above categories of data subjects, this Privacy Notice (hereinafter the “Notice”) concerns you; the purpose of the present Notice is to inform you about the personal data that our Company collects, the purpose for which such data are being processed and the rights that you have in connection with your personal data.

 

We wish to reassure you that any information and data that you provide to us or that are otherwise collected by us, will be used by our Company in compliance with applicable legislation on the protection of personal data, to include Regulation (EU) 2016/679 (hereinafter the “GDPR”) and Law 4624/2019 “Data Protection Authority, measures for the implementation of Regulation (ΕU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and transposition of Directive (ΕU) 2016/680 of the European Parliament and of the Council of 27 April 2016 into national law and other provisions”.

 

  1. Definitions
  • “Personal Data” means any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
  • “Data Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
  • “Data Controller” means a natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
  • “Data Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

 

  1. Data Controller

The data controller regarding all personal data processing operations carried out in accordance with the present Notice is our Company “MANTZARIS SOCIETE ANONYME”, having its registered seat in Zevgolatio, Korinthia, Tsakiri, 200 01, Greece, tel. no. (+30) 27410 54900, 51900, 54400, 51666, email: [email protected].

 

  1. The Principles and Values of Eurofilm
  • We fully respect our Suppliers and the protection of their personal data is a priority for our Company.
  • We apply full transparency in the way that we process our Suppliers’ personal data.
  • We treat and manage our Suppliers’ personal data as strictly confidential, applying all necessary technical and organizational measures to protect such data.
  • We collect personal data for specified, explicit and legitimate purposes and we do not process them further in a manner incompatible with those purposes.
  • We apply the principle of data minimization by processing only data that are strictly necessary for the purpose for which they have been collected.
  • We do not disclose or transfer your personal data to third parties without your prior notice and, if necessary, your consent, unless permitted by applicable law or by the contract between us.
  • We comply with applicable data privacy law and abide by all our obligations arising from such legislation.

 

  1. Types of Personal Data that we Collect

During the selection process and throughout our cooperation with our Suppliers, as said term is defined above, depending on the circumstances and the legal provisions in force, our Company may collect the following personal data:

  • Your personal information (indicatively, name and surname, tax registration number and other identification data).
  • Your contact details (indicatively, postal and electronic address, telephone numbers [landline/mobile], fax number).
  • Training data and work experience.
  • Position (indicatively, description of current position, job title, details of your employer, to the extent that you provide your services or perform work on behalf of a supplier or partner of our Company, history of cooperation, start and end date, time of service).
  • Information regarding your hours of presence in the Company, if you provide services or perform work at the Company’s premises on behalf of a supplier or partner of our Company, as well as identification data that may be collected when you enter our facilities.
  • Remuneration data (indicatively, copies of contracts, payment data and details of transactions, bank account details, data relating to your contractual relationship and/or your cooperation with the Company and your fees).

Some of the data mentioned above are necessary for the fulfilment of our contractual obligations towards you, while other data are required for the smooth operation of our contractual relationship and/or our cooperation in general. Depending on the types of personal data and the legal basis on which we rely for their processing, should you refuse to provide same to us, we may not be able to fulfill our contractual obligations and/or serve the smooth operation of our cooperation, while in some instances we may be obligated to terminate our cooperation.

 

  1. Sources of Personal Data Collection

Our Suppliers’ personal data are primarily collected:

  • Directly from you, for example when you provide us with data that allows us to fulfil our contractual obligations towards you, to include the provision of data during the pre-contractual stage, when you contact us in any way (through telephone, email, fax), when you complete our Company’s forms and leaflets, when you send any type of documents to us, or when we exchange business cards.
  • From other sources, such as third parties with whom you have cooperated in the past and have recommended you to our Company, or by public sources containing entries regarding your professional activities (Government Gazettes, General Commercial Registry, professional catalogues etc.).
  • Automatically, for example when you decide to access our website eurofilm.gr or when you visit the premises of our Company, where a video surveillance system (CCTV) operates.

 

  1. Scope of Processing of Personal Data

The Company collects and processes the above-mentioned personal data of its Suppliers, for one or more of the following purposes:

  • For the fulfilment of our contractual obligations and the smooth operation of our cooperation, to include the pre-contractual stage and the evaluation of our Suppliers.
  • For tax purposes, for reasons of invoicing and proof of service.
  • To safeguard the safety of staff and our corporate assets (facilities, systems, infrastructure, equipment etc.).
  • To conduct internal audits and ensure compliance with corporate procedures and policies.
  • To defend the rights and lawful interests of our Company before any competent Court and Authority.
  • For the purpose of enforcing and complying with Court decisions, provisions of laws, guidelines, regulations and/or circulars.

Our Company collects and processes the personal data of its Suppliers for the above-mentioned purposes, only to the extent necessary for the effective service of those purposes. The data that our Company collects are relevant, appropriate and limited to what is necessary in relation to the purposes for which they are processed.

 

  1. Legal Basis of Processing of Personal Data

Our Company lawfully processes personal data of its Suppliers, based, as the case may be, on at least one of the following legal bases of processing:

  • The processing is necessary for the performance of a contract to which you are a party or for the implementation of measures requested by you prior to entering into a contract (GDPR article 6, para. 1 b).
  • The processing is necessary for our Company to comply with a legal obligation to which it is subject (GDPR article 6, para. 1 c). When you provide your personal data to our Company, the Company will process same in accordance with applicable law, in compliance with tax, customs or other legal obligations.
  • The processing is necessary for the purposes of the legitimate interests pursued by our Company (GDPR article 6, para. 1 f), to include the prevention and defence of the security of our systems and property, the defence of the Company’s legitimate interests before the competent Courts and Authorities and the carrying out of audits to ensure compliance with our corporate procedures and policies, to improve the quality of our cooperations and the services provided to our Company, as well as to maintain a continuous and effective communication with our Suppliers.
  • The processing is based on your consent, when none of the above legal bases of processing apply (GDPR article 6 para. 1 a). In some cases, me may ask for your consent in order to process your personal data for a specific purpose, such as for instance in order to send your contact details to third parties who may be interested in your services, to publish your details in our corporate forms and leaflets or to post a picture from your participation in one of our corporate events. You may withdraw your consent at any time, without affecting the lawfulness of processing based on your consent prior to its withdrawal.

 

  1. Recipients of Personal Data

Our Company does not sell, exchange, lease personal data to third parties, natural or legal persons. We may disclose personal data only to the extent necessary as follows:

  • To our Company’s duly appointed collaborators, external consultants, service providers (e.g. internet service providers, IT service providers and providers of related infrastructure, transportation companies, Attorneys-at-Law, accountants, auditors, security and insurance providers);
  • Other companies of our group in the context of centralized management of our supplies, as well as for internal administrative purposes;
  • Selected individuals and departments within our Company (Account Department, Invoicing, IT) that have been authorized to process data that are strictly necessary and who have undertaken an obligation of confidentiality or are subject to an appropriate legal obligation of confidentiality;
  • Credit institutions (e.g. for the carrying out of payments);
  • Tax, audit and other public authorities, bodies, services, to include law enforcement authorities, to the extent necessary, in compliance with applicable law and/or any other legally enforceable act or mandate;
  • In the event of a corporate change of our Company, reorganization, merger, sale etc., your personal data may be disclosed. In this case, the Company will make every effort to adequately inform you and will provide you with the possibility to exercise your rights.

 

  1. Transfer of Personal Data outside the E.U.

We wish to reassure you that in the limited and necessary circumstances that your personal data will be transferred outside the European Union/European Economic Area, the Company will put in place adequate measures and will provide  appropriate safeguards, in order to ensure the privacy and security of your personal data.  You may obtain additional information regarding such safeguards, by emailing us at [email protected].

 

  1. Security of Personal Data

Our Company makes every effort so that all personal data collected to be kept and processed in a manner that will minimize the danger of destruction, loss, including accidental loss, non-authorized access, use or incompatible use with the initial purpose of collection. This is attained through appropriate technical and organizational security measures, implemented by the Company, including asking service providers with whom we cooperate to take appropriate measures for the protection of the confidentiality and security of your personal information.

 

  1. Data Retention Period

The Company retains your personal data strictly for as long as necessary, in order to fulfill the purposes for which the data were collected. The criteria used by the Company to determine its data retention periods include: (a) for as long as we have an ongoing relationship with you, (b) if the processing is based on your consent, from the moment that you provide such consent until the moment that you withdraw same, unless if further retention is necessary for the protection of the rights of the Company; it is hereby clarified that the withdrawal of consent does not affect the lawfulness of processing carried out based on such consent before its withdrawal, (c) for as long as necessary in light of a legal obligation to which the Company is subject, (d) for as long as necessary in light of the legal position of our Company (indicatively, to defend our rights before the Courts, to comply with regulatory controls etc.). After this period, the data are deleted or anonymized, with the exception of data that by virtue of applicable law must be retained for a longer period.

 

  1. Your Rights

As a data subject, you have the following rights that you may exercise at any time, unless if Regulation (EU) 2016/679 or applicable law provide otherwise:

  • Obtain confirmation on whether your personal data is being processed by the Company and, in the affirmative, access and obtain a copy of such data;
  • Update, modify and/or rectify your personal data, where it may be inaccurate or incomplete;
  • Request the erasure of your personal data, where the processing is unnecessary or unlawful;
  • Request the restriction of processing of your personal data, when you feel that your personal data is inaccurate or that the processing is unnecessary or unlawful;
  • Withdraw your consent to the processing of your personal data, when such consent serves as the legal basis for processing;
  • Request, under certain conditions, the portability of your personal data, namely, to obtain a copy of your personal data in a structured, commonly used and machine-readable format, as well as to request the transmission of your personal data to another data controller;
  • Object to the processing of your personal data;
  • File a complaint with the Hellenic Data Protection Authority. Regarding the competency of the Authority and for information on how to file a complaint, you may visit the website dpa.gr ® Citizen rights ® Complaint to the Hellenic DPA.

 

  1. Amendments to the present Privacy Notice for Suppliers and External Partners

The Company reserves the right to amend the present Notice from time to time; a clear indication of the date that our Notice was last updated will appear. Any modifications will take effect from the moment they are notified to you either by email or by post on the Company’s website (www.eurofilm.gr) or through any other means that the Company deems appropriate.

 

  1. Communication

For any request or query that you may have regarding this Notice, please contact us by:

  • Post: MANTZARIS SOCIETE ANONYME, Tsakiri, Zevgolatio, Korinthia, 200 01, Greece (to the attention of the Data Protection Office);
  • Email: [email protected].

We will make every effort to respond to your query the soonest possible.