Your Cart

Privacy Policy

Introduction

The protection of the personal data of individuals who come into contact with our company is of primary importance to us. For this reason, we take appropriate measures to protect the personal data we process and to ensure that the processing is always carried out in accordance with the obligations set by the applicable Legislative Framework (Law 4624/2019). This Statement of DEKA SA describes the personal data we collect, the purpose for which we collect it, the way we use and protect personal data as well as the rights of those who have entrusted us with their personal data.

What personal data do we collect

The personal data we collect, process and retain are names, contact details (addresses, telephone numbers, e-mails), registration and identification numbers of the company's associates, which have been granted to them by State Services such as VAT number, AMKA and identity number, data necessary for the implementation of contracts, information from movements by company vehicles that are present in the company's vehicles as well as files from the CCTV surveillance system of our facilities.

Why we need it – Purpose of processing

Personal data is collected, stored and processed at the Company's central facilities located in Pallini, Attica, Ploutarchou 21 We need the data we collect:

  • To communicate with our partners in the context of our business activity
  • To inform interested parties about our services
  • For the Company to comply with any of its legal obligations, such as for example for reasons of compliance with labor, insurance, and tax legislation.
  • For purposes of legitimate interests pursued by the Company, provided that the interests and/or fundamental rights of the subjects of personal data do not outweigh these legitimate interests.
  • To investigate and respond to reports or incidents concerning our business
  • For the security of our facilities and our personnel
  • For another specific purpose that we take care to disclose when we obtain personal data.

We also process personal data to comply with laws and regulations as well as to protect our legitimate interests when cooperating with the competent Authorities. In most cases of personal data management we provide notices and obtain the corresponding consents. We do not obtain consent when the processing is necessary for:

  • the performance of a contract
  • the compliance with a legal obligation of our Company
  • the protection of your vital interests or those of another natural person
  • the performance of a duty carried out in the public interest
  • the purposes of the legitimate interests pursued by our Company

Transfer of personal data to Third Parties

The personal data we process are transferred to the following:

  • To Public Financial Services, Insurance Funds and Banks for the purpose of carrying out financial transactions
  • To our external partners, professional service providers (e.g. legal advisors, auditors, insurers).
  • To the Police and Judicial Authorities, upon their lawful request

In each transfer, we always take every measure to ensure that the data transmitted is the minimum necessary and that the conditions for lawful, fair and transparent processing are always met. When using the services of any third party performing the processing, the company will ensure that the third party provides the appropriate technical and organizational measures for the protection of personal data as required by applicable law. No data is transmitted to Third Parties outside the EEA.

Personal data retention period

Personal data is stored for no longer than is necessary, taking into account the purposes of the processing activities and the requirements of applicable law. After this period, the personal data will be destroyed or deleted without us being able to recover it.

What are the rights of the owners of personal data?

Under specific conditions set out in the Personal Data Protection Legislation and the General Regulation, as the owners of personal data you have the following rights:

Right of access to your personal data.

You have the right to request and receive a copy of all personal data we hold about you, to be informed of the information referred to in Article 15 of the General Data Protection Regulation, and to ascertain that your data is being lawfully processed.

Right to rectification of your personal data.

You have the right to request the correction of any inaccurate or no longer valid data concerning you (e.g. home address).

Right to erasure of your personal data (right to be forgotten).

You have the right to request the erasure of data concerning you, under the specific conditions of article 17 of the General Data Protection Regulation.

Right to restriction of the processing of your personal data.

You have the right to request restriction of the processing of your data in the cases and under the conditions described in article 18 of the General Data Protection Regulation.

Right to data portability.

You have the right, under the conditions of Article 20 of the General Data Protection Regulation, to request, on the one hand, the receipt of your data in the format you wish and, on the other hand, the transmission of your data to another controller, if this is technically feasible.

Right to object to the processing of your personal data.

You have the right to object, in whole or in part, to the processing of your data in the cases and under the conditions described in Article 21 of the General Data Protection Regulation.

Right to withdraw consent.

Where processing is based on consent you have given us, you have the right to withdraw your consent at any time without this affecting the lawfulness of the processing for the period before your consent was withdrawn.

You have the right to exercise the above rights provided that we are not obliged to act otherwise due to a legislative or regulatory obligation or a court decision. In case you wish to receive more information regarding your above rights or to exercise one or more of these rights, please contact the Personal Data Protection System Manager in writing - by sending an email - at deka@deka.gr. You will be notified in writing of the procedure for submitting your request and the appropriate request forms will be sent to you. If you wish to file a complaint about the way we handled your personal data, please contact the Data Protection System Manager at deka@deka.gr. The Data Protection System Manager will review your complaint and work with you to resolve the matter. If you still believe that your personal data has not been handled appropriately in accordance with the law, you can contact the Data Protection Authority (www.dpa.gr) and file a complaint. To withdraw your consent to our processing of your data and to have it deleted from our records, please contact us at e-mail, deka@deka.gr

Security Measures

Our Company has taken appropriate security measures to protect personal data against any breach that may lead to its accidental or unlawful destruction, loss or alteration, or unauthorized disclosure to third parties. In addition, we limit access to strictly necessary personal data only to those employees or associates who have a specific business reason to have such access. This access is made with specific and detailed instructions and is subject to obligations of confidentiality and privacy. Our Company has developed a Policy on security incident management which, if required, will be implemented in order to address any security incidents or data breaches. In the event that such an incident occurs, and provided that the legal requirements are met, the necessary updates/notifications will be made to the competent supervisory authority and the personal data subjects involved will be informed in a timely and detailed manner.

Amendments to the Privacy Policy

In the event that this Policy is amended, you will be informed through a relevant posting on the Company's website www.deka.gr, where you will also be able to find the revised Policy.