Search
Close this search box.

PRIVACY POLICY

1.  Introduction

With this Privacy Policy (hereinafter referred to as the “Policy”), our company, operating under the name “EMFI SA” (hereinafter referred to as the “Company,” “we,” “us,” “Data Controller”), respecting the privacy of users and visitors of this website (hereinafter referred to as “visitors,” “you,” “yours”), and ensuring the security of their personal data, provides the necessary information and updates regarding the processing of personal data and your rights as subjects of this data processing.

In order to be transparent about the methods of collecting, using, processing, and storing personal data, the Company encourages visitors to its website and all interested parties to read this Policy to acquire the following information:

2.     Legislative Framework

The processing of your personal data is governed by the relevant provisions of the applicable legislation for the protection of personal data (Law 4624/2019), the Directives and Regulations of the European Union (particularly the General Data Protection Regulation (EE) 2016/679 – GDPR, hereinafter referred to as “GDPR”), as well as the relevant decisions, guidelines, and regulatory acts of the Data Protection Authority (DPA). It is subject to the legal provisions and constraints they establish.

3.     Definitions

For the purposes of this Policy:

  • ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
  • ‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
  • ‘controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; For the purposes of this Policy controller is EMFI SA.
  • ‘processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
  • ‘recipient’ means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not.
  • ‘consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;


4.     Personal Data Subject to Collection and Processing, and the Legality of Processing (Legal Basis and Purpose of Processing)

We collect data and information that you provide to us when you enter and navigate our Company’s website, use our services. Specifically, we collect and process, on a case-by-case basis, the following categories of your personal data in the following instances:

Entering website: IP address, date and time of access.

5.     Processing of personal data of special categories

Our company does not process or collect “sensitive” personal data of special categories through its website. This includes data related to your racial or ethnic origin, religious or philosophical beliefs, health data, or data concerning your sex life or sexual orientation. These types of data are not necessary for us and the purposes of processing. Visitors to our website are required to refrain from providing, disclosing, or submitting personal data of special categories concerning themselves or third parties. In the event that such data is discovered, it will be immediately and securely deleted in a manner that cannot be recovered. The company is not responsible for any provision or processing of such data that occurs due to the actions or omissions of visitors, in violation of the aforementioned obligation.

6.     Data concerning minors

For the purposes of this Policy, minors are considered individuals who have not reached the age of eighteen (18) years. Our company does not process personal data of minors through the websites. Therefore, our company does not process personal data from minors. In case we become aware that a minor has provided or disclosed their data to us, without the consent of their legal representative, Company reserves the right, to delete the relevant data. If you become aware that a minor has provided their data without the consent of their legal representative, please contact us immediately. If we become aware that personal data we process belongs to a minor without the consent of their parent or guardian, the company will take appropriate measures to immediately delete such data and prevent similar incidents in the future.

7.     Recipients of personal data

The company does not disclose personal data to third parties (natural or legal persons) unless required or permitted by law.

The following entities may process personal data gathered in the course of our relationship:

  • Authorized and appropriately trained personnel of our company who are subject to confidentiality and non-disclosure agreements
  • In some cases, our partners to whom the company assigns the execution of specific tasks on its behalf (data processors), in accordance with Article 28 of the GDPR, have agreed to implement adequate measures in accordance with the relevant provisions of the GDPR (Articles 28, 32). This may include, but is not limited to, third parties for the shipment of orders, third-party technical companies involved in website management and service provision, application support companies, and promotional service providers (e.g., sending newsletters, conducting customer surveys to evaluate the company’s services).
  • Public authorities and bodies, such as public services and agencies, independent regulatory authorities, police, competent authorities, prosecutors, and other administrative services, when required by the applicable legislative framework.

In these circumstances, we take all necessary steps to ensure that these recipients are subject to confidentiality obligations and implement sufficient security measures to safeguard your personal data.

8.     Data Retention

At our company, we understand the importance of safeguarding the privacy and security of your personal data. Our commitment is to retain your data only for as long as necessary to fulfill the purposes for which it was collected and to comply with applicable legal and regulatory requirements. The specific retention period may vary depending on the type of data and the relevant laws.

In general, we retain your personal data, both in physical and/or electronic form, for the duration of your contractual relationship with our company and any individual contractual obligations. The maximum retention period is set at 20 years from the date of collection, or for the duration necessary to achieve the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

When determining the retention period, we take into account the following factors:

  • The nature and sensitivity of the personal data.
  • The purposes for which the data was collected and processed.
  • Any legal, accounting, or reporting obligations that necessitate data retention.
  • Our legitimate business interests, including maintaining accurate records and improving our services.

Upon the expiry of the retention period, we will securely delete or anonymize your personal data in compliance with applicable laws and regulations.

Please note that certain circumstances may require us to retain your personal data for an extended period, such as to fulfill legal obligations or protect our legitimate interests in case of a legal claim or dispute.

If you have any queries regarding our data retention practices or if you require specific information about the retention period for a particular type of personal data, please contact us using the details provided in the “Contact Us” section of this Privacy Policy.

9.     Technical and Organizational Measures

The Company takes all necessary technical and organizational measures to safeguard technological and physical security, in accordance with the applicable legislation (Art. 32 of the GDPR).

Our Company continuously evaluates, and enhances the desired level of information security, taking additional measures on a regular basis to address new threats and associated risks, as well as adopting new factors for further risk mitigation in line with the management’s intentions.

In general, we demonstrate due diligence in ensuring the integrity, confidentiality, and availability of personal data to the extent possible. We remain prepared to respond effectively and promptly to any potential data breaches. To this end, we have adopted, update, and implement appropriate internal policies and procedures in accordance with best practices and international standards.

Furthermore, the Company maintains an updated record of processing activities, including the required information as stipulated in Article 30 of the GDPR, and has appointed a Data Protection Officer (DPO) in accordance with Articles 37 and onwards of the GDPR.

10.  Cookies

To ensure the proper functioning of this website, we utilize cookies. For more information on these cookies, you may consult our Company’s Cookie Policy, which is available on our website.

11.   Rights of the Individual

You have a number of rights with respect to your personal data under GDPR:

  • Right of access – You can request details on whether your data is being processed, and receive copies of that data.
  • Right to rectification – You can have inaccurate or incomplete data corrected or added to.
  • Right to erasure (right to be forgotten) – Under certain conditions you can request erasure of your data.
  • Right to restrict processing – You can request limits on how your data is handled.
  • Right to data portability – You can transfer your data to another controller.
  • Right to object – You can object to processing of your data for marketing or profiling.
  • Rights related to automated decision making – You have rights around decisions made solely by automated means that impact you.

Any request concerning your personal data and the exercise of your rights, according to the current legislative framework for the protection of personal data, should be submitted in writing. Please fill out the Rights Exercise Form available on our website and email it at dpo@emfi.gr or write to us. Requests are generally free but may incur administrative costs if excessive or repetitive.

Informally, the role of the Data Protection Officer is purely advisory and involves mediating between our Company and the data subjects.

Our Company is committed to making every possible effort to carry out the necessary actions within a period of thirty (30) days from receipt of each request, unless the work regarding its satisfaction is characterized by specificities and/or complexities, based on which the Company reserves the right to extend the completion period up to sixty (60) additional days. Certainly, in this case the data subject will be informed of the above extension within the thirty (30) day period.

You also have the right to lodge a complaint with the Hellenic Data Protection Authority if you feel your data rights have been infringed. Contact details are available at www.dpa.gr or by phone at +30 210 6475600.

12.   Company Statements

  • Disclaimer of Liability: The Company makes no representations or warranties about the accuracy, completeness, or suitability for any purpose of the information and related graphics published on this website. Such information and materials may contain inaccuracies or errors, and are subject to change without notice.

The Company shall not be liable for any damages arising from the visitor’s use of or inability to use the website or reliance on any information provided on the website. The visitor is solely responsible for taking precautions, such as using virus checking software, to protect their own systems and data from viruses and other Internet security risks.

  • Policy Updates and Notifications: This Privacy Policy may be updated from time to time to reflect changes in our practices and services. The Company will post notice of material revisions on this page and indicate the date of the last update at the top of the policy. Continued use of our services after any changes come into effect constitutes your acceptance of the modified Privacy Policy.

The Company makes no representations or warranties about the accuracy, completeness, or suitability for any purpose of the information and related graphics published on this website. Such information and materials may contain inaccuracies or errors, and are subject to change without notice.

  • Scope of consent: By accessing this website, the visitor acknowledges and consents to the collection, use and disclosure of personal information by the Company as described in this Privacy Policy. This consent is given solely for the purposes stated herein and extends only to the Company, unless otherwise stated.
  • The Company will not use or share any of the visitor’s personal information collected through this website for any other purpose without first obtaining the visitor’s consent, unless otherwise permitted by applicable law.

Last update: April 2024

EMFI AE Iera Odos 88,
10447 Athens
Τel: 210 3487400
info@emfi.gr
www.emfi.gr
C.E.M.: 5040701000

Copyright© EMFI 2024