SECURITY AND PRIVACY POLICY - STATEMENT OF PROTECTION OF PERSONAL DATA


1 Introduction

We treat your personal data protection with responsibility and we believe that your data should be collected and processed only when absolutely necessary. Therefore, the site www.beverage-world.gr has been designed with the appropriate operational and internal systems and complies with European data protection law (Regulation 679/2016 EU - GDPR).

 

This Privacy Policy sets the foundations under which the limited partnership under the name "P.T. BEVERAGE WORLD LIMITED & CO. HERITAGE COMPANY" and "BEVERAGE WORLD", located in the Municipality of Vrilissia, Attica, on Attica Street no. 55 and is legally represented (hereafter "business"), collects, uses, communicates or otherwise processes personal data.


It is noted that the company is a member of Fotiadis Group of Companies (Photos Photiades Group). Our company, in providing its services, also maintains and manages the site www.beverage-world.gr who only performs an informative character.


With this Privacy Policy we aim to help you understand what data we collect and why we collect it. We have also taken steps to improve the Privacy Control and other controls we provide to secure your data and protect your privacy.
Nothing changes in your settings or how your data is processed. Instead, we've improved the way we describe our practices and how we explain the options you have for updating, managing, exporting, and deleting your data.


We are making these updates as the General Data Protection Regulation (GDPR) enters into force throughout the European Union. The General Data Protection Regulation (GDPR), designed to harmonize privacy laws across Europe, improves transparency rules on how companies describe their data processing. We make some necessary updates to our Privacy Policy and take this opportunity to make improvements for our site users.

 

2. Your personal data processor

Address: 55, Attikis Str, 15235 Vrilissia, Athens.

Email Address: This email address is being protected from spambots. You need JavaScript enabled to view it.

Tel. communication: +30 210 685 75 21


Our company manages the above website as a whole, which is designed with appropriate business and internal systems and complies with European data protection legislation (EU Regulation 679/2016 EU - GDPR).


This Policy has been adopted by our business, which is also responsible for processing your personal data. Our business is competent to protect you every time you use the website and to inform you of all the information you need in accordance with Articles 12, 13 and 14 of the new GDPR applicable from 25 May 2018 at European level.

 

3. Personal data collected by our business

 Personal Data is any information that relates to you, or it may be attributed to you. Our business may collect simple personal data, such as (but not limited to) name, surname, e-mail address, telephone number and VAT number and tax registrar. (if you require a PCD version) as well as data of a technical nature, such as email, which is processed as described below.

In case we receive your personal data belonging to a specific category (eg data related to your health status), we undertake to process them even more with caution and only with your explicit consent, or in a manner permitted by the relevant legislation.       -Contact Messages: When you want to contact our business, you give us your name, surname, email address and phone number.     If you are under 18, you MUST have the consent of your parents before contacting the business.     The above personal data is used by our Company for the purpose of communicating with you after you have requested it. We may collect your data either by telephone (for example, by telephone) or online (eg, registration on the electronic communication platform), or of course (eg if you visit our office) in accordance with these terms use and this statement, as well as the data protection statement available at our office - office.  We may also use your e-mail and your phone to send you a message if we encounter a problem when communicating with you.     Our company collects, maintains and processes personal data of its employees, such as name, address, date of birth, ID number, VAT number, etc., for the purpose of performing the employment contract, the payroll with the requirements of relevant labor and tax legislation.

    In addition, our business may occasionally receive CVs from our affiliates, where we provide personal information about them, professional qualifications, work experience, etc. We collect this data, updating it whenever necessary, always following appropriate organizational and technical security measures and for as long as necessary to perform the contract between us or if this is warranted in view of our possible future cooperation.

   -Backgrounds and Online Data: Like most websites, this one, with your browsing, collects and processes personal data and information about you, either through third-party sources or directly from you who give it to us.    The collection and processing of your personal data and information relating to you takes place on the one hand for purposes directly related to the services you request and we offer you and / or for the purposes for which you have given us your consent and always in accordance with the applicable laws and provisions on the protection of personal data. We hold your personal data for as long as necessary to provide you with our services, and we keep certain of them in accordance with our legal obligations as detailed below.    By browsing the site, the latter collects and processes your personal data and information, especially from you who give it to us. Also, there is no automated way of collecting data, cookies, etc. When navigating the site. Our site does not contain any user database so there is no encryption. You do not need to sign up for your navigation on our Internet Site, so we can also direct your personal data or other information to you.     The above data and information provided by our Company uses, for purposes of advertising and promotion of its products and services, statistical purposes for market research purposes in order to optimize our services, to measure the effectiveness of the website, upgrading its content, adapting it to the demand and the needs of the visitors, as well as measuring the effectiveness of presenting and displaying our business on websites riton.

     Additionally, email service providers (as listed below) may use cookies that allow them to detect and record visitors' interests, and in these cases we refer to "performance" or "functional" cookies cookies. These cookies and other similar detection technologies are primarily used to monitor user behavior for analysis purposes.

     E-mail providers may use other, similar technologies from time to time, such as web beacons, pixels (or "clear gifs") and other tracking technologies. These are tiny graphic files that contain a unique identifier that enables providers to recognize if someone, in the case of web beacons, has opened an e-mail sent to him.    Email service providers may automatically place single pixel gifs, known as web beacons, in every email you send. These are tiny graphics files that contain unique identifiers that allow them to recognize when you opened an email or typed specific hyperlinks. If you wish to enable or disable the use of cookies from your browser settings, please visit the following web pages, depending on your browser, to learn about the necessary actions.-Internet Explorer -Firefox-Chrome-Safari-Safari for iPad and iPhone If our users link to third-party sites via links, hyperlinks, banners, our business is not responsible for the terms of management and protection of personal data they follow.

 

4. Purposes of collecting and processing personal data from our business

Information-Promotion Goals: We collect the above-mentioned communication data to promote the products and benefits of the business. In addition, the data is collected for communication with the company and its employees (via live, telephone, email, sms, social media etc.), sending promotional emails and newsletters (newsletter, etc.), sending sms for (our business) and third parties (affiliated with our company), pricing and other tax or other legal reasons.

Analytic purposes: Incidentally, we may collect the above mentioned location data and online data in order to obtain information about our informative and promotional material. 

 

 5. Legal basis for the collection and processing of data from our business

Consent: To process your personal information as described above, we rely on your consent. You may revoke your consent at any time by contacting us with the information listed at the beginning of this document.Conventional Link: Our business collects personal data in the context of executing a business-to-customer contract. Legal obligation: We do not sell, share or lease your personal data to third parties unless you have given us your consent (see above) or required by law. We may disclose your personal data if such disclosure is necessary for establishing, exercising or defending against legal claims, whether pending before the judicial authorities or not, or whether it is an out-of-court procedure (eg, a credit check), but always under conditions that fully ensure that your personal data does not undergo any unlawful processing.Our business does not collect or process personal data of underage children unless it has the express consent of their parents. Our Company will in no case receive from you any more personal information than what is necessary for each purpose it collects. 

 

6. Recipients of your data

Our business may transfer the personal data it collects to you under the terms hereof to third parties but always under conditions that fully ensure that your personal data is free from any unlawful processing other than the purpose of the transmission and always according to our previous written agreement with them.

These agencies are always carefully selected by us and comply with the relevant legislation. In addition, your data may be transmitted to countries within the European Economic Area, where all security requirements are met. In case you need to transfer your data outside of the EEA, this will only be done in accordance with international safety requirements and with a view to maximizing your data protection.

Also, your data may be processed by employees of our company, however, workers who may process your personal data are properly trained. The records of our records may be communicated to the competent judicial, police and other administrative authorities upon their request and in accordance with the applicable laws. In addition, in the case of a statutory provision, a service order or a formal preliminary examination, the Company has the right to place the relevant information at the disposal of the respective service.

        In particular, we may transmit your data in accordance with the following:

  • In Google, as outlined above, in particular for the use of Google Analytics or for re-marketing, This organization is headquartered in the United States and is in accordance with the EU-US Privacy Shield. It collects general statistical data and there is absolutely no personalization of the site user (number of views, browser, mobile device, or visitor country / region).
  • Service providers to host the database, technical support and site management
  • Third parties providing services related to its operation, such as developers, data analysts, suppliers, data security and subject information providers, strictly for the purpose of processing their services to us.
  • Service providers under a contract that assist in parts of the business (eg, marketing, technology services).
  • Credit institutions, accessing our platform and completing your order directly from these credit institutions, as we have already described.
  • To email and newsletter and telephony providers - sms. Service providers may access the personal data required to fulfill their obligations and may not disclose or use this information for any other purpose. These providers are bound by written confidentiality and confidentiality clauses and have adequate safeguards for the security of your personal data.

       We may transmit and process your personal data globally in places where processing activities take place. Today the systems where your personal data is stored are basically in the United States of America. This means that your personal data may be forwarded, or even processed in the United States.    Any transfer of personal data from us to third countries (including the United States) will only take place to countries that have data protection legislation that provides an adequate level of protection as interpreted in accordance with European data protection law.   As long as international transmission of personal data takes place, we will seek and obtain assurances that any information we may transmit is adequately safeguarded in accordance with the Privacy Statement and the requirements of the applicable personal data legislation.·       To data security providers. ·       To accountants and tax consultants with whom our company cooperates to meet its tax and financial obligations

  • A security services company, as there is a security camera and alarm system installed on our premises.
  •  In special successors: In the event that our business undergoes a business change such as a merger, Joint Venture, a takeover by another business, or the sale of all or part of its assets, it may transfer all user information and data, including personal information, to the successor organization. If important changes occur in our business privacy practices as a result of our business transition, our business will inform you before transferring your personal data.
  •  Group companies when disclosure is required to provide the company's services.
  • In public authorities: In cases where we consider that disclosure is necessary in connection with search, prevention, or action on illegal activity, suspected fraud or other harmful action, we may share your personal data with the appropriate public authorities. Also, your data is communicated to public authorities for tax purposes.

     Our company informs you that the above categories of recipients of your personal data and information are processed by us and therefore as such do not process the data beyond the above purposes and always act in accordance with our explicit instructions and instructions.

     In any case, our employees and external partners who have access to your personal information and information are specific and properly trained, and unauthorized access to your data is prohibited.

 

7. Rights of the subject of personal data

We are committed to providing you with the opportunity to exercise all of your rights, in accordance with GDPR,More specifically, you have the right:

  • be informed about the processing of your personal data;
  • access your personal data;
  • ask for the correction of incorrect, inaccurate or incomplete personal data. You can check and update any inaccurate personal data. You may also ask to fill in your personal data if it is incomplete.
  • request a deletion of personal data when it is no longer necessary or if processing is illegal. You may ask us to delete any of your personal data that is no longer necessary in relation to the purposes for which it is collected or in cases where you have withdrawn your consent.
  • oppose the processing of your personal data for marketing purposes or for reasons related to your particular situation
  • make a request to restrict the processing of your personal data in specific cases. You may ask us to restrict the use of your personal data if such use is unlawful or if you believe that your personal data is no longer needed for the above purposes.
  • Receive your personal data in a structured, commonly accepted and machine-readable form and ask us to transfer this data to another processor without any objection from us.
  • Make a request so that decisions based on automated processing affect you or affect you to a significant degree and are based on your personal data by natural persons and not just by computers. You also have the right in this case to express your point of view and challenge the decision.
  • Right to file a complaint with the AIDCP.
  • Right to appeal against a legally binding decision of the AIDCP.
  • Right to appeal directly against the person or processor if you believe that your rights under the Rules of Procedure have been violated as a result of the processing of your PDs.
  • Right to compensation for any person who has suffered material or non-material damage as a result of a violation of the Rules, directly by the person or processor, for the damage suffered.
  • In any case you wish to exercise any of your rights in respect of any personal data of ours that you can address in writing to our company in the above email and telephone number. You have the option of submitting a request to us for free access to your data, however depending on the amount of data our business holds for you, we may charge you the cost of our Enterprise to provide information about your data or any other information we hold for you. Our business will respond to your requests without undue delay and at least within one month.

        For any impediment to meeting your request, we will let you know the reason. You may be asked to provide information to confirm your identity in order to exercise your rights.   

      These rights apply across the EU, regardless of where the data is processed and where the business is located. These rights also apply to goods and services offered by companies based outside the EU but active in the EU.

      In the event of a violation of your personal data, our business, in compliance with the obligation to notify the violation to the APIA, has the appropriate means to disclose, if possible within 72 hours of knowing it, the case of violation of your personal data may cause a risk to your rights, and in the event of a delay in disclosure beyond that time limit, it will be warranted.

     If you are a parent of a child under the age limit of 18 years and realize that your child provides you with personal data in our business, please contact our company in the manner mentioned above and you may request the exercise of your existing rights. If we realize that we have collected personal data of a child under the age of 18, we will take reasonable steps to delete the personal data.

 

8. Retention time of your data

The communication data is stored for five (5) years, with explicit reservation of any obligations under the applicable legal provisions, and your revoked consent for a period of five (05) years, with explicit reservation of any obligations under the applicable legal provisions.    Please note that your data will be retained in our database only for as long as we have a contractual or legitimate right or we need to maintain it even if it exceeds the stated duration. Since this can not be determined in advance, the retention period may be different from a visitor to a visitor.   In the event that, for any reason, our contractual relationship is interrupted, we may keep some of your data for as long as it is still required (eg if there is a tax liability) and in any case until the limitation period has elapsed of our relevant claims.  Of course, all of the data we hold for you will be deleted if you ask us to delete your data from our database unless we are required to keep all or some of them for a longer period of time by law (eg, with the tax documents of the services to you) or to safeguard your vital interest (eg related health reasons).  While we may keep your data for a period of time necessary for the operation of our business, we will never contact you without your explicit consent or without it being absolutely necessary to carry out your order or to confirm her.

 

 9. Privacy of the data subject

As soon as our business receives your details, procedures and security measures are triggered to prevent unauthorized access to them. We are committed to protecting our users' information and implement appropriate technical and organizational measures to protect the security of your personal data. However, keep in mind that no system is ever completely safe.The security measures that our company has taken are the following; Saving Files in Physical Format: Our company can keep files in natural, printed form, which contain your personal data. We keep these records in locked-protected areas that are accessible only to those employees or partners who need it for purposes described in their employment contract. Saving Files in Electronic Format: Some of your personal information will be stored in the database of the web site, which is maintained by specialized software management software as well as in our company's database. The e-mail accounts of Beverage World are in "Microsoft Office 365", they are protected by the steps taken by Microsoft for "Office 365" and are additionally controlled by the FortiMail-FortiGuard server (antivirus, antispam, etc.) fortiguard services ). Fortinet Firewalls (NGF) are also installed on the network (LAN / WAN), and we have set codes that are only available to those employees or partners who are required to access these files over the Internet. all applications on the enterprise's computers are "Microsoft Office 365 Business Premium", and "Ms Outlook" e-mail. Also, since the company is a member of a group, the connection to the central electronic systems in Cyprus is via "Remote Site VPN connection" in "Fortinet Firewalls".File Transfer:. Our company has access to the server's website through admins which are provided only to those employees or partners who are required to access these files over the Internet.Card Details: In addition, we do not store your card details at our headquarters. At the same time, you also need to take all possible steps to prevent third parties from gaining access to your account.We will report any unlawful violation of the data base of this third party data processing site or database to all relevant stakeholders as well as authorities within 72 hours of the violation if it is obvious that the personal data stored in a recognizable form, have been stolen.  

 

10. Changes to privacy policy

This privacy policy may change from time to time according to legislation or industry developments without prior notice. That is why we invite you to check this policy regularly, as the continued and unpredictable use of the site implies accepting any possible modifications.

 

11. Right to complain to the competent authority

You have the right to submit a complaint about how we process your personal information at:

Privacy Authority (API)Postal Address: 1-3 Kifissias Avenue, 115 23 Athens, GreeceTel .: +30 210 6475600Fax: +30 210 6475628Mail Address: This email address is being protected from spambots. You need JavaScript enabled to view it. 

 

12. Applicable Law - Jurisdiction

The present terms, any modification of which is governed by Greek law. Any provision of these terms becomes legally inapplicable, it shall automatically cease to be valid and shall be withdrawn from the present, without in any way undermining the validity of the other terms. Any jurisdiction that may arise is determined by the courts of Athens.  13. Contact usBefore you navigate to the Business Website or make any transactions with us, we invite you to consult this Policy and make sure that you agree with the terms and conditions we collect and process your personal data.However, if you wish to have any clarification or information regarding the terms of this Policy, or if you have any dispute, reservation or query, you may contact our Company based on the above contact details.