The management and protection of your personal data as visitors and users of the Website’s services is subject to the terms and conditions of this Policy and to the relevant provisions of the European Data Protection Regulation (2016/679 - GDPR) and of law nο 4624/2019. Such terms and conditions are formulated by taking into account both the rapid development of technology and Internet in particular and the applicable laws relating to such matters. In any case the controller reserves the right to vary the personal data protection terms and conditions in order to ensure compliance with the dynamically developing Greek and European legal framework.
The company “KYKNOS S.A. GREEK CANNING COMPANY” is responsible for processing your data, being the owner and proprietor of this Website.
Definition of the Personal Data and of the Processin
Personal data means information such as the full name, the mailing address, the e-mail address, the contact telephone number etc that identify or may in conjunction with other information identify a natural person, who visits/uses the Website.
Personal data processing means the collection, recording, organisation, storage, adaptation, variation, recovery, request for information, use, transfer to third parties, disclosure, correlation, combination, restriction, erasure and destruction of natural persons’ personal data. Processing includes any operation made by the Controller on personal data of the Website’s users.
Collection of your Personal Data
In our Website we mainly collect your data passively through localisation tools such as cookies. In addition, we collect data from third parties such as the social networking platform ‘Facebook’. The ways of your data’s collection are depicted in the following stages:
A) When you visit and navigate in the Website your data are collected only through the cookies, the use of which has been allowed with your consent. To see in detail our Cookies Policy visit here.
B) When you enter our page on Facebook in order to criticise or comment, both your Facebook username and message content are recorded.
C) Through the Website we provide information and addresses for you to contact us through e-mail, telephone or mail or through the form we provide in the Website. In case you choose one of the above-mentioned communication means, you provide to us your full name and e-mail address which we collect together with your comment in order to answer you.
D) In the event you participate in one of the contests that we organise, we shall collect and store some of your personal data that are necessary for the purposes of conducting the contest and awarding the presents to the winners (e.g. full name, e-mail address, telephone number, Social Security Number).
E) We do not collect personal data from minors without their guardian’s consent. If we become aware that a minor is attempting to file his/her personal data, then we shall delete such data from our files. If you happen to be the parent/guardian of a minor who has filed his/her personal data without your consent, please contact us and we shall delete the same.
G) Use of Plugin Social Media: Our Website uses additional “social plugins” applications of social networking media such as Facebook, Tweeter and Pinterest. Plugins are recognised by the respective logos of the above-mentioned media (a white “f” on a blue background or the “thumbs-up” icon for Facebook, the drawing of a bird with the word “Tweet” for Tweeter and the letter P in a circle for Pinterest). In case you are in a Website’s page where we have incorporated a plugin, the browser shall communicate with the medium’s respective browser in order to load the plugin and display it. During that procedure, the social networking medium may receive information regarding your visit to the Website. We do not know how many data may be collected by using the specific plugins. In any case, data collected through the above-mentioned plugins are subject to the protection policies of the relevant media. If you develop an activity with the plugins, for example by clicking ‘Like’ or by adding a comment through your Facebook account, then the information you provide in such manner is sent directly to Facebook and stored there.
Also, we may process in our Website, through notification and posting of the relevant material, third-party pictures for the promotion of our products after having received the relevant consent.
NOTICE REGARDING THE PROCESSING OF PERSONAL DATA THROUGH VIDEO SURVEILLANCE SYSTEM
1. Data Controller
‘KYKNOS S.A.’, 16 Sidiras Merarchias, 21100 Nafplio, Tel. 210-5225671,
2. Processing purpose and legal grounds
We use a surveillance system for the purpose of protecting persons and goods. Processing is required for the purposes of the legitimate interests pursued by us as Data Controller (Article 6 paragraph 1 GDPR).
3. Legitimate interests’ analysis
Our legitimate interest consists in the need to protect our premises and the goods placed therein against unlawful acts including indicatively theft. The same applies to the safety of life, physical integrity, health and property of our staff and of third parties placed duly in the premises under surveillance. We only collect image data and we limit the recording to premises for which we have assessed that there is an increased risk of commission of unlawful acts including theft, such as the entrance or the tomato loading area, and we do not focus on areas where private life of persons the image of whom is recorded may be excessively restricted including the right of such persons to respect for the personal data.
The retained material may be accessed only by our competent/ authorised staff which is responsible for the area’s safety. Such material may not be disclosed to third parties except in the following cases: (a) to the relevant judicial, prosecutorial and police authorities where there are data required for the investigation of a criminal offence relating to persons or goods under the Data Controller’s responsibility, (b) to the relevant judicial, prosecutorial and police authorities where the same request data duly in exercising their duties, and (c) to the victim of a punishable offence or to the offender when the data may constitute evidence of the offence.
5. Retention period
We retain the data for a period of fifteen (15) days after the expiry of which they are erased automatically. In the event that during such period we notice some incident we will isolate a part of the video and retain it for a further period of one (1) month in order to investigate the incident and to institute legal proceedings in order to defend our legitimate interests and if the incident concerns a third party we will retain the video for a further period of up to three (3) months.
6. Data subject’s Rights
The data subjects have the following rights:
- Right to access: you have the right to be informed of whether we do process your image/ sound and, if so, to receive a copy thereof.
- Right to restriction: you have the right to ask us to restrict processing such as for example to ask us to refrain from erasing data you mays deed necessary in order toestablish, enforce or defend legal claims.
- Right to objection: you have the right to object to processing.
- Right to erasure: you have the right to ask us to erase your data.
You may enforce your rights by sending an e-mail to the address email@example.com or a letter to our mailing address. In order to allow us to examine a request relating to your image you should specify to us when approximately you were within the cameras’ range and give us an image of yours so that to help us locate your own data and hide the data of third parties appearing therein. Alternatively, we offer you the possibility to visit our facilities in order to view the images you appear in. We should also point out that the enforcement of the right to objection or to erasure does not result in the immediate erasure of data or in the processing’s variation. In any case we will answer to you in detail as soon as possible within the periods defined by GDPR.
7. Right to lodge a Complaint
In case you consider that processing of data relating to you infringes Regulation (EU) 2016/679 you have the right to lodge a complaint with a supervisory authority.
The relevant supervisory authority for Greece is Hellenic Data Protection Authority (H.D.P.A.), 1-3 Kifisias Avenue, 11523, Athens, https://www.dpa.gr/, Tel. 210 6475 600.
Purpose and Legal Grounds for the Processing of your Data
We are processing your data for the following purposes and especially for:
Α) The management of the Website and connected applications.
Β) The monitoring of the Website’s traffic.
C) The optimisation of the Website’s navigation and of the visitor and user experience regarding the services contained therein.
D) The communication and visitors’ information.
E) The conducting of contests and award of presents to the winners.
Each processing of personal data requires specific and lawful grounds pursuant to the applicable laws. To that effect we ensure that any use of your data relies upon one of the following legal grounds:
A) The user’s consent to the Website’s cookies policy.
B) The data subjects’ consent to the taking and display of their pictures in the Website where such data subjects are third parties.
C) Securing our legal interests without such interests circumventing the users’ rights as in the case of enforcing civil claims.
D) Compliance with law provisions as in the case of reporting a user’s unlawful activity to the relevant authorities.
Access to and Transfer of your Personal Data
Access to your personal data that are being processed in the Website is given to the absolute necessary staff of the Controller and to our specialised partners, who process your data as processors on our behalf and in accordance with our instructions. Our partners provide services for the Website’s management, technical support and maintenance and comment posting management. The Processors are contractually bound by us to keep confidential and not to disclose data to third parties without the Controller’s consent, to apply the appropriate security measures, and to comply with the legal framework in respect of personal data protection and especially the GDPR.
Furthermore, we may use your data when you have requested it expressly or when this is required by law, as for example if we are requested by the police authorities in the context of unlawful activities’ investigation.
Your data shall not be transferred outside the European Economic Area (EEA). In the event that transfer of your data to countries outside the EEA is deemed necessary, we shall ensure that your rights and freedoms with regard to the processing of your personal date will be properly and adequately protected. To the extent we are obliged to, we shall ensure that such processing will take place in compliance with contractual understandings using standard contractual clauses approved by the European Commission or other appropriate safeguards under the applicable law.
Links to third-party websites: The Website contains links to and from websites of third parties. If you follow a link to any of such other websites, please bear in mind that they have their own secret protection policies and that we accept no responsibility or compensation liability for the policies in question or such third-party websites. Please check those policies before filing any personal data to them.
Retention and Security of your Personal Data
Your personal data are detained for as long as the lawful processing purpose for which they had been collected initially applies.
For the data’s retention we apply the appropriate security level and we have implemented reasonable natural, electronic and administrative procedures in order to avoid any accidental or unlawful damage, loss, alteration, non-authorised disclosure of or access to personal data transferred, stored or otherwise processed. Our information security policies and procedures are strictly in line with international standards and are regularly reviewed and updated whenever this is required so that they meet our business needs and comply with technological changes and regulatory requirements.
We delete personal data when they are no longer necessary to achieve the purposes for which they had been initially collected. The data that have been collected exclusively for the purpose of the user’s communication with us are retained during the communication and deleted within one (1) year as from its stop. However, we may be required to store your personal data for a longer period under law provisions. We delete data collected by cookies in accordance with our Cookies Policy.
Your Legal Rights
As a data subject you have specific legal rights regarding the personal data we collect from you:
Access: You have the right to be informed of whether and in what manner we are processing personal data at any time without any charge.
Update: You may request the rectification of personal data which are incomplete or incorrect.
Erasure: You are entitled to request the erasure of your data when they are no longer necessary to achieve the purposes for which they had been initially collected or if you wish to withdraw your consent and there are no other legal grounds for processing.
Objection: You may at all times file an objection to the processing of your personal data and we shall respect it provided that there are no other legal grounds therefor.
Processing restrictions: You may ask us to restrict the processing of your personal data, if you question their accuracy or the processing’s lawfulness.
Portability: You may request to receive in a readable form the data you have provided to us or ask us to transmit such data to another controller.
Right to the consent’s withdrawal: You have the right to withdraw your consent at any times without affecting the legal grounds of your personal data’s processing form our part based on such consent before withdrawal thereof.
In respect of matters relating to the processing of your personal data and in view of the exercise of your legal rights, please contact our office in writing by mail or through e-mail at the address firstname.lastname@example.org
We shall endeavour to satisfy your request within 30 days. Nevertheless, such period may be extended for specific reasons relating to the specific legal right or to the complexity of your request. We may ask for proof of your identity for identification purposes before answering your request. In some cases we may not be able to allow access to specific personal data (e.g. if your personal data are connected to other people’s personal data or for legal reasons).
You may file a complaint with the Hellenic Data Protection Authority (mailing address 1-3 Kifisias Avenue, P.C. 11523, Athens, tel. 210 6475600, e-mail address email@example.com), if you consider that processing of your personal data is in breach with the applicable national and European legal framework on personal data protection.
Update of this Secret Policy