PRIVACY POLICY

Your Rights

Introduction
The following text, which is called Privacy Policy, explains in plain terms how we process the personal data which we collect from you or that you voluntarily provide to us as part of your transactions or communication with our business.

Data Controller


Personal data Controller is the legal entity with the name QUALITECH ENGINEERING & COMPLIANCE which is based in N. Ionia, 6 Pergamou Str., VAT number 801280785 with General Commercial Registry (GEMI) number 153418201000, tel: 6943000586, e-mail address: info@qualitechengineering.com and which is legally represented.
Our priority is to legally process this data and keep you fully informed about it. Please feel free to contact us for any queries.

Privacy Policy contents
•    Section One: General information
1) What is personal data?
2) What is Personal Data Processing?
3) Is the processing of your personal data mandatory?
4) When and how we collect your data
5) Which principles do we follow during your personal data processing?

•    Section Two: Processing analysis 
A. Categories of personal data which we process
B. Purposes of processing - Legal basis of processing
C. Personal data date retention
D. Your rights

•    Section Three: Other information

 


SECTION ONE: General Information

1. What is personal data?
The term "personal data" means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
In other words, personal data is any information related to a natural person, whether it immediately reveals its identity or it can reveal it.

2. What is personal data processing? 
Any  operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Basically, almost every action, from the moment personal data is created until it is destroyed ( or it is completely anonymised) constitutes processing.
Personal data processing is a legal action, provided it is carried out within the framework provided by the relevant legislation, meaning national law 4624/2019 and the European  General Data Protection Regulation (GDPR) 679/2016.

3. Is personal data processing necessary?
Providing some of your data to our business is necessary when you are trading or contacting us. 
With this policy we inform you of the processing rules we follow
 If you do not provide us with the data listed below, we will probably not be able to complete the transactions you requested or respond to your contact request or any other request you submit.

4.When and how we collect your data?
We collect your data at the following moments:
Α. When you make purchases from our shop
Β. When you contact us
C. When you request to receive newsletters online about our news, promotions and events, by subscribing to our newsletter


5. Which principles do we follow during your personal data processing?
When processing your data, we accept, adopt, and apply the principles of processing under article 5 GDPR, meaning that your data:
a) processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’);
b) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall, in accordance with Article 89(1), not be considered to be incompatible with the initial purposes (‘purpose limitation’);
c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’);
d) accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’);
e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) subject to implementation of the appropriate technical and organisational measures required by this Regulation in order to safeguard the rights and freedoms of the data subject (‘storage limitation’);
f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’).

SECTION TWO: Processing analysis 

A. Categories of personal data which we process
Our company collects and then processes (stores etc) the following categories of personal data:
•    Full name, father's name, VAT number, home address / area, telephone number (landline / mobile), email address
•    account number / IBAN, credit / debit card number, pricing information (goods / services, value, quantity), order history

B. Purposes of processing - Legal basis of processing
We collect and process the above categories of personal data for the following purposes:
1. Product Selling / Providing Services, Invoicing-Credit

2. Product order-shipment management
3. Product Return / Change / Warranty Management
4. Customer service (information on products-services, communication, 
customer record keeping)
5. Legal claims defend
6. Compliance with legislation (tax legislation, etc.)
7. Newsletter


Legal basis of processing


Please be advised that the above purposes are processed for the following reasons:
•    under the legal basis of article 6, paragraph 1, subsection b of GDPR 679/2016/EE (processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract)
•    under the legal basis of article 6, paragraph 1, subsection c of GDPR 679/2016/EE (processing is necessary for compliance with a legal obligation to which the controller is subject)
As regards newsletter sending, we inform you that this takes place only if there only if a sale (product / service) has occured between us or only if you have voluntarily subscribed to our business newsletter, that is, with your consent.
The sending of a newsletter is solely for the promotion of similar and related products or services of our business.
Your email address is not disclosed to third parties.

C. Personal data date retention
Processing of personal data should be limited in time, only for the time absolutely necessary for the purposes of processing.
The personal data we process according to the above, is kept for a period of time necessary to comply with the legislation (mainly tax legislation) and to safeguard our legal claims.
In case of a credit / debit card use, we do not store their details (card number-cvv number), and in case of a telephone transaction we delete them immediately upon completion.

D. Your rights
We process the above data in accordance with the above protection policy and of course we support and ensure that your rights are exercised in a similar manner.

Our response to your requests (whether it is for the exercise of rights or the submission of complaints) takes place free of charge and without delay, and in any case within (1) one month after we receive your request and confirm your identity. However, if your request is complex or a large number of requests are submitted to our business at the same time, we will let you know within this month if we need to receive another (2) two-month extension within which to respond. Reported times of one (1) plus two (2) months (if required) are legal and provided for in the GDPR.
If your requests are manifestly unfounded or excessive, our business may charge a reasonable fee, taking into account administrative costs for providing the information or performing the requested action or refuse to respond to your repeated request.
Specifically you have the following rights:
1. Right to information about all the above issues and any other issue relating to the processing of your data.
2. Right of access, that is, the right to receive a copy of the data you have given us.
3. Right of updating / rectification if any data is or becomes incorrect so as to correct it. The update will take place within 7 business days of the date of submission of your written request and confirmation of your identity.
4. Right to erasure (‘right to be forgotten’). This right may be subject to limitations due to the need to retain certain data due to legal obligations.
5. Right to restriction of processing when:
a) the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
c) the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims
6. Right to data portability, meaning the right to receive the personal data concerning you, which you have provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided.
7. Right to withdraw your consent to being send newsletters, that is, the right to request that you not receive future newsletter emails from our business by choosing the  "unsubscribe" option to any such email you receive.
8. Right to lodge a complaint to the Hellenic Data Protection Authority (dpa.gr) in case you believe we are breaching the relevant data protection laws.

 

 

SECTION THREE: Other information

A. Our business uses modern and up-to-date protection systems (antivirus systems, firewalls, etc.) to prevent the illegal invasion, access or dissemination of your personal data.

B. We inform you that we do not proceed to automated individual decision making or profiling.

C. Privacy Policy Revisions
Our business reserves the right to modify or periodically review this Privacy Policy at its sole discretion. In the event of any changes, our business will record the date of modification or revision in the new Privacy Policy and the updated Policy will apply to you from that date. We encourage you to review this Privacy Policy from time to time to see if there are any changes to the way we handle your personal information.

D. Contact - Requests - Complaints
info@qualitechengineering.com  . 
If you have any questions, comments or complaints about the management or protection of your personal information or if you wish to exercise any of your rights, please contact us at 6943000586 or at info@qualitechengineering.com .
To file a complaint about a breach of your personal data you can contact the Hellenic Data Protection Authority (1-3 Kifisias Str., Zip Code 115 23, Athens, Call Centre: 210 6475600, Fax number: 210 6475628, e-mail address for reporting a personal data breach incident : databreach@dpa.gr, general e-mail address:  contact@dpa.gr)

 

  • LinkedIn Social Icon
  • Facebook Social Icon

Pergamou 6, Nea Ionia 142 34, Greece | info@qualitechengineering.com | +30 2102206572

©2020 by QUALITECH ENGINEERING & COMPLIANCE. Proudly thdige.co.uk