PERSONAL DATA
Introduction
The Controller of your personal data is the company PREVELIANAKIS ANGELOS SOLE SHAREHOLDER LTD. – CRETAN MYRON, with registered office in Avgeniki Maleviziou, P.C. 700 11, Heraklion Crete, Tel. +30 2810 792040, e-mail: info@cretanmyron.gr, T.I.N.998865342.
Our company specializes in the standardization of extra-virgin olive oil and for this reason it collects, standardizes and trades – guaranteed – only top quality extra-virgin olive oil – from the most renowned areas of Crete – always in collaboration with selected olive oil mills certified by Agrocert. We work with producers, olive mills, researchers and experts from the most renowned and award-winning areas, from one end of Crete to the other. The main areas are Sitia, Peza, Viannos and Kolymvari. We ensure that only the best Cretan olive oils are selected for MYRON.
In our daily activities we process data related to natural persons, including:
- Customers
- Visitors of our site
- Other interested parties (employees, suppliers)
Our Company complies with the General Data Protection Regulation (2016/679 EU GDPR) and any other European and national law regarding the protection of personal data, electronic communications etc. and is committed to ensuring the protection of your Data at all times:
- The data are collected for specific, clear and legitimate purposes and are not further processed in a manner incompatible with those purposes.
- We collect the personal data necessary for each processing purpose and process it legally, fairly and transparently with respect to the data subjects.
- We ensure they are as accurate and up-to-date as possible and keep them only for as long as necessary for the purposes for which they are processed.
- In each case, the criterion we use to determine the storage period is based on and takes due account of the need to comply with any relevant legal requirements, as well as the principle of data minimization.
- We process the Data electronically and manually and take all appropriate measures to protect personal data, including protection against unauthorized or illegal processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures.
Collection, purpose, legal basis of processing and duration of retention of your data
- Data we collect automatically through our website
The website www.cretanmyron.gr uses the SSL (Secure Sockets Layer) protocol which uses methods of encrypting data exchanged between two devices (most commonly PCs), establishing a secure connection between them via the Internet, which results in the protection of your personal data.
When you visit our website, our server collects the so-called server log files, namely:
- Date and time of entry to the website.
- The volume of data sent in bytes.
- The browser and operating system you use to access the website.
- Internet Protocol address (IP address) when you access the website. The IP address is personal data along with the date and time of your visit, although we cannot identify you with this data alone.
The legal basis for which we collect your IP address and keep it in special files (log files) is our legitimate interest in processing this data to ensure the security of networks, information and services against accidental or unlawful or malicious activities that compromise the availability, authenticity, integrity, and confidentiality of stored or transmitted data (e.g. a Distributed Denial of Service (DDoS) attack control), as well as our legal obligation to provide a more secure environment for the processing of your personal data (GDPR Article 6 (1) (f) and (c)). The data will not be transferred or used in any other way. However, we reserve the right to review server log files (server log files) if specific signs of unauthorized use are detected.
- Customer Data
When you visit our company we may collect your personal information such as name and surname, telephone, e-mail, and possibly other contact information.
The processing of your data is the sale to you of our requested products and the legal basis for the processing is the execution of the contract between us (Article 6 par. 1(b) and 9 par. 2(h) of the GDPR). Your data retention duration is as required by tax legislation.
- Data we collect by email or through the contact form or to send our newsletters
As part of the communication between us by email or by the contact form of our website or for sending a newsletter, we collect your name, email address and any other information you provide us. This data is stored and used exclusively to respond to your request. The legal basis for the processing of your personal data is your consent (GDPR, Article 6 (1a)).
Your data will be deleted after the final processing of our communication, or when you wish. This will happen after the completion of the purpose and scope of our communication, provided that there are no legal requirements for storing such data.
- Processing of date for purchases from the e-shop
If you are remotely purchasing products from our online shop, we will process your data in order to execute the purchase, so that the legal basis for the processing will also be the performance of a contract pursuant to Article 6 (1b) of the GDPR. In any case, after the complete processing of the purchase and delivery of the products, you can request the deletion of your account and your data by sending a message to the above address of the Controller and your data will be deleted, apart for the data whose retention is necessary for tax and proof purposes.
To make the purchase you will need to register at the e-shop, where upon we will collect what is necessary to execute your purchase, i.e. name and surname, full billing and shipping address, e-mail, telephone. We may collect further information regarding product delivery instructions.
As regards payments for products you purchase using credit, debit cards, PayPal, bank transfer, the system used by our company does not store card or account data in a database. Card payment is processed by the secure payment platform of our partner credit institution or PayPal.
- Facebook page
Our Company maintains a Page on the Facebook social networking platform. You can contact us through our page to obtain more information about our services through the option of sending a message. In order to answer your queries, we collect and process your Social Media username and other information that is publicly available through your profile. Sending a message for the purpose of communication between us implies your consent to the above processing of your data.
If you choose to “connect” to our page (by clicking “follow”), this means that you consent to view the news and promotions (via newsfeed) that the Company performs through its Social Media Network page. If you do not wish to receive such updates, you can click on the “Delete” option “Unfollow” etc. at any time
We take all security measures (technical and organizational) for the security of data processing through Facebook, such as limiting the access of people to our social media account. Our company is not responsible for the way or the means that social media platforms process your data. You can find out on the processing of your data via the corresponding Facebook.
- Suppliers’ data
In order to perform the contract between us we collect the data of our suppliers, such as name and surname, corporate name, address, contact details, shipping details, financial data, which you provide yourself. The legal basis for the processing of your data is the performance of the contract and our compliance with legal obligations (GDPR Article 6 (1b) and (c)) and we retain it for up to twelve years after the last provision of services, or as long as required by tax and any other relevant legislation.
- Submission of Curriculum Vitae
When you submit a Curriculum Vitae to our company online or at our office, you provide us with your personal information included in your CV, such as your name and surname, training, experience, professional skills and your preferences etc. and any other information you want to reveal to us, such as your photo. We retain your personal data for up to three years in order to consider the possibility of hiring you and the legal basis for processing your personal data is your consent, as well as your application before you enter into a contract with us (GDPR Art. 6 par. 1a and 1b).
Who has access to your data. Data transfers.
Your data is accessible to our employees, as well as any other person authorized to process your data during the performance of their duties. In addition, we work with third parties, natural or legal, professionals, independent consultants etc. who provide commercial, professional or technical services (e.g. web hosting, accounting services, courier services) for the purposes mentioned above, and support our Company in whole or in part in relation to our activities. Where appropriate, such natural/legal persons shall act as Joint or Independent Controllers, Processors or persons authorized to process personal data for the same purposes as mentioned above, with the same security measures and in accordance with the applicable legal requirements.
Before a third party receives the Personal Data, we must: (1) perform a privacy control to evaluate the privacy practices and risks associated with these third parties (2) obtain contractual guarantees from these third parties that they will process our Personal Data in accordance with our instructions and in accordance with this Policy and applicable law, that they will immediately notify our company of any Personal Data Protection or Security incidents or failure to comply with the standards set forth in this Policy and existing law, that they we will work together to remedy any such incident, that they will assist us in meeting the rights of the persons set forth below, and that they will allow the Controller to control their processing as regards compliance with these requirements.
Finally, the data may be further transmitted to public authorities and institutions, as well as to our legal experts (legal advisors and insurance companies), for legal purposes.
In addition to the above, the Data will not be disclosed to third parties, individuals or legal entities and will not be disseminated.
Our Company does not transfer Personal Data outside the EU, and if necessary (for example, to use Cloud Services) this will be done in accordance with the terms and conditions set forth in Articles 44 et seq. of the GDPR, as for example following your consent, the application of standard contract clauses approved by the European Commission or countries considered safe by the European Commission.
Data of Minors
Our company does not handle data of minors.
Cookies and related technologies
Like most websites, we use cookies and similar technologies when you access and browse our Website in order to make it as comfortable and effective as possible.
Cookies are small text files that are stored on the hard disk of a computer or other electronic devices with which the user accesses the website. Cookies are unique to each web browser (web browser, e.g. Google Chrome, Mozilla Firefox, Internet Explorer, Opera etc.) and contain anonymous information about the websites you visit and the devices you use.
Types of cookies we use:
a) Technical and functional cookies (required)
These cookies are responsible for the basic functions of our website and application. They are necessary for you to browse our site and access its various sections. The basic website services of the website cannot be provided without these cookies.
b) Statistical analysis and performance cookies
These cookies collect information about how you use our website, such as the website from which your visit came from, the pages you visit most often, the browser you used, etc. We use them to analyze traffic and improve the performance of our website. They collect aggregated, anonymous statistical information, which cannot lead to the identification of the visitor.
Information on Google Analytics service
We use the Google Analytics service to record traffic and improve our website. Google Analytics uses cookies to store certain information, such as the length of the website visit, the browser used, the location from which the visit originated, and the frequency of visits.
In order to access this data, we allow Google Analytics to place cookies on the computer’s hard disk or any visitor’s electronic device. Google Analytics is owned by Google Inc. You can find more information about Google’s processing of your data here, and about using cookies as part of the Analytics service here. Technical information on Google Analytics cookies is available here.
You can completely block your data collection through Google Analytics by installing the add-on in your browser:
https://tools.google.com/dlpage/gaoptout
c) Promotional / targeted advertising cookies
We use cookies (and possibly that of third parties such as Doubleclick/Google, etc.) to display personalized ads, tailored to your preferences. A unique number (ID) identifies information such as your IP address, the browser you are using, which ad is already displayed in your browser, and whether you have accessed a webpage through an ad, or which geographic location your visit is from. You have the option of rejecting the installation of these cookies and as a result the ads displayed will not be personalized.
Management of cookies
You may decide partly or entirely to accept cookies when you visit our site. You can also configure your browser to be aware of cookies and decide whether or not to accept them. Each browser differs depending on how it manages its cookie settings. This is described in each browser’s help menu, which explains how to change your cookie settings. Follow the links below depending on your browser:
Please note that you must adjust the settings separately for each browser and device you use. We also inform you that any restriction of cookies will prevent you from fully utilizing some of our services and will not allow us to improve and personalize your navigation on our website.
You can find more information about cookies at www.allaboutcookies.org και www.youronlinechoices.eu.
Alternatively, you may disable the use of cookies by third parties through the relevant Network Advertising Initiative service.
You can see here in detail the cookies we use.
Data Subjects’ Rights
You may contact us by phone, mail or e-mail at the addresses listed in the “Introduction” above to exercise your rights under Articles 15 et seq. of the GDPR, namely the rights to information, access, rectification, deletion (where applicable), limitation of processing or objection to processing. You can, for example, request an up-to-date list of people who have access to your data, get confirmation on whether we are processing or not personal data related to you, check their content, source, correctness and location (also in relation to any third country), request a copy, request their rectification, and limit their processing, even deleting them if applicable.
You may make comments and submit a complaint to the Greek Data Protection Authority, 1-3 Kifisias Ave., GR 115 23, Athens, Call Center: + 30-210 6475600 or at http://www.dpa.gr/
September 2019