PERSONAL DATA PROTECTION POLICY
1. Purpose, Range
The company "DIMAND SA" complies with the legislation related to the Protection of Personal Data. This Policy sets out the basic principles by which it processes the personal data of customers, employees, suppliers, partners and other persons. This Policy applies to "DIMAND S.A." and its affiliated directly or indirectly subsidiaries having their legal seat in Greece. All employees with an indefinite or fixed-term relationship, as well as all cooperators, representatives, or even subcontractors working on behalf of "DIMAND S.A.", are bound by this Policy..
2. Basic Definitions
The basic definitions of the terms used in this document, as set out in Article 4 of the General Data Protection Regulation, in order for the Data subject to become familiar with the terminology of the Regulation are the following:
Personal Data: any information relating to an identified or identifiable individual ("data subject"); an identifiable natural person is the person whose identity can be ascertained, directly or indirectly, mainly by reference to an identification identifier, such as name, identity number, location data, online identity card or one or more factors specific to the physical, physiological, genetic, psychological, economic, cultural or social identity of the said natural person.
Personal Data of Special Categories: Personal data, which are by nature very sensitive in relation to fundamental rights and freedoms, require special protection, as the context of their processing could create significant risks to the fundamental rights and freedoms. This personal data includes personal data revealing the racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, as well as the processing of genetic data, biometric data for the undeniable identification of a person, data relating to health or data relating to sexual life of a natural person or sexual orientation.
Data Controller: the natural or legal person, the public authority, the service or other body who, alone or jointly with others, determine the purposes and the manner of processing personal data
Data processor: the natural or legal person, the public authority, the service or other body processing personal data on behalf of the data controller
Processing: any act or set of acts carried out with or without the use of automated means of personal data or sets of personal data such as the collection, registration, organizing, structure, storage, adaptation or alteration, retrieval, search of information, use, disclosure by transmission, dissemination or any other form of disposal, association or combination, restriction, erasure or destruction.
Authority: The Personal Data Protection Authority
3. Basic principles relating to the Processing of Personal Data
"DIMAND S.A.", as data controller, strictly adheres to the data protection principles set out in Article 5 of the General Data Protection Regulation.
3.1. Legitimacy, Objectivity and Transparency. - "DIMAND S.A." processes the personal data legally, objectively and transparently against the data subjects.
3.2. Purpose Restriction. -The personal data is collected only for specific, explicit and legitimate purposes and is not processed for any other purpose.
3.3. Minimize data. - "DIMAND S.A." keeps the accurate personal data of the subjects and ensures that their retention is limited to whatever is necessary in relation to the processing purposes. At the same time, it applies the appropriate technical measures to achieve the above objectives.
3.4. Accuracy. - The personal data maintained by the company is accurate and up-to-date. Steps are taken to ensure that the personal data that are inaccurate, in relation to the purposes for which they exist, are erased or corrected within a reasonable time.
3.5. Restriction of Storage Period. -The personal data is kept for a time no longer than what is necessary for the purposes for which the company processes them.
3.6. Integrity and confidentiality. – Taking into account the technological level and other available security measures, the implementation cost, as well as the possibility and seriousness of the risks to personal data, "DIMAND S.A." uses appropriate technical and organizational measures for the processing of Personal Data in a way that guarantees the appropriate security of personal data and their protection against accidental destruction, loss, damage, unauthorized or unlawful processing.
3.7. Accountability. -The company bears the responsibility and is able to demonstrate compliance with the General Data Protection Regulation to the competent Data Protection Authority.
4. Notification of Privacy, Consent and Rights of Data Subjects
4.1. Notification to Data Subjects. -Before collecting personal data or during the collection for any processing activity undertaken by "DIMAND SA", including but not limited to the provision of marketing services or activities, it provides appropriate information to the data subjects and, more specifically, information for the types of personal data collected, the processing purposes, the processing methods, the rights of the data subjects in relation to their personal data, the registration period, any international transfers of data, if personal data is provided in the framework of cooperation with third parties, and the security measures taken by the company for the protection of personal data. This information is provided through the Privacy Notice.
4.2. Consent. -When the collection of personal data has as its legal basis the consent of the data subject, the company is responsible for ensuring that the data subjects provide their consent freely, with positive action, expressly and having gained knowledge of the content of the text to which they consent. "DIMAND S.A." allows data subjects the ability to revoke their consent at any time. Where there is a collection of personal data of children under the age of 16, "DIMAND S.A." ensures that Parent's consent is given prior to collection. Personal data must be processed only for the purpose for which they were originally collected from the outset. In case the company wishes to process personal data for another purpose, it must seek the consent of the data subjects in an explicit and specific written way. Any such request must contain the original purpose for which the data were collected, as well as the new or additional purpose(s).
4.3. Collection. - "DIMAND S.A." makes every effort to minimize the number of personal data it collects. If personal data is collected by a third party, the company ensures that this data is collected legally.
4.4. Relationship "DIMAND S.A." with Third Parties. -In cases where the company has assigned to a third party the provision of a service to its customers or even uses a third party as supplier or business partner to whom it assigns the processing of personal data on its behalf, it ensures that the data processor provides the appropriate security measures and personal data protection in order to address the possible associated risks. "DIMAND S.A." makes every effort to ensure that its suppliers or business partners process personal data only for the performance of their contractual obligations to the Company, always in accordance with its instructions and for no other purpose.
4.5. Access Rights of Data Subjects. - "DIMAND S.A." as Data Controller is responsible for providing data subjects with a mechanism for accessing their personal data, which will also allow them to review, correct, delete or transfer them.
4.6. Data portability. -The Data Subjects are entitled to receive, upon request, a copy of the data provided to "DIMAND S.A." in a structured form and to transfer these data to another data controller. "DIMAND S.A." is responsible for ensuring that these requests are processed within one month, provided these claims are not apparently unfounded. During the exercise of the right to the data probability, the data subject is entitled to request the direct transmission of the personal data from a data controller to another, in case is not technically possible.
4.7. Right to be forgotten. - Upon request, the Data Subjects are entitled, under certain conditions, to ask the "DIMAND S.A." to delete their personal data. The company immediately takes the necessary actions (including technical actions), as far as these do not conflict with the applicable legislation, to satisfy the request and will ensure the same against any third parties using or processing personal data on its behalf.
5. Responding to Facts of Breach of Personal Data
If you continue to have any query or need any clarification regarding the processing of your personal data by "DIMAND S.A." please send your message to firstname.lastname@example.org and "DIMAND S.A." will be happy to serve you directly.