PRIVACY POLICY
Last modified: 21/ 01 / 2020.
The company ELVIAL SA (hereinafter referred to as 'the Company' or 'us' or 'we') is committed to the protection of your personal data with respect to this site, in accordance with the European General Data Protection Regulation - EU 2016/679 (hereinafter referred to as 'the Regulation') and the applicable national legislation.
This Website Privacy Policy is intended to inform you of the practices the Company applies when processing your personal data on its website, www.elvial.gr (hereinafter referred to as 'Website'). You may find the company’s detailed privacy policy related to all the personal data it processes on its website, www.elvial.gr.
1. CONTROLLER
ELVIAL SA, an aluminium extrusion industry based at the 25th km of the highway Thessaloniki - Kilkis, postcode 611 00, Tel: (+30) 23410 39500.
2. PERSONAL DATA
The term "personal data" in accordance with the Regulation means any information relating to an identified or identifiable natural person (" data subject "); the identifiable natural person is one whose identity can be verified, directly or indirectly, especially through reference to an identifier, such as name, ID number, location data, to an online identifier or one or more factors that are appropriate to that natural person’s physical, physiological, genetic, psychological, financial, cultural or social identity, any information relating to an identified or identifiable natural person ("data subject").
3. DATA COLLECTION AND PROCESSING
The Company collects some of your personal information through this Site in the following ways:
A. Directly from you voluntarily, when you
► fill out and submit online the Contact Forms. There are some contact forms available on the Website, through which you may contact the Company to request information, submit opinions or complaints, and submit a curriculum vitae and job application. Any personal information (name, telephone number, email address, delivery address, etc.) is voluntarily submitted by you, will be collected, stored and processed only for the purposes for which it was provided to us, namely, to fulfill your request or to contact you. This information will be retained by the Company for a period of three years.
► You log in the Partner area (“Login”).
► You subscribe to our Newsletter (mailing list) service in order to receive our newsletter.
B. Automatically when you visit our Site.
We may automatically collect your Internet Protocol (IP) addresses, as well as information on third-party websites or portals, when you choose to access them through links that may be present on our Website. The information is collected by specialized security software, for security reasons of information technology (IT systems security) and error diagnostics or security violations (forensics). Cookies may also be stored on your device during your visit and depending on your browser’s settings.
Warning: before you provide us with any personal data relating to a third party you have the responsibility and obligation to inform that person of the content of this Policy.
4. PERSONAL DATA PROTECTION
Our Company uses appropriate technical and organizational security measures and follows the best practices worldwide to protect your personal data from unauthorized access, misuse, alteration, unauthorized disclosure, loss, and accidental or unlawful destruction. Indicatively:
- We have properly configured new generation firewalls.
- We apply encryption where required.
- We follow a procedure for disclosing any security breach to the Data Protection Authority, and if necessary, we also initiate the disclosure procedure to affected data subjects.
- We train our staff to handle your personal data with due care and always in accordance with the Regulation.
- We bind our employees and partners who handle personal data by written contracts, as set out in the Regulation.
- In particular, for security purposes during the Partners Login ("Login") two fields are used to identify the user: login name (e-mail or username) and a Personal Secret Security Code (password). Whenever you enter your details as a user, access is only given to you, to your personal account. This process is safely achieved by encryption when transferring your personal data to the Internet and the servers of the Company and its Partners. The Company commits its Partners to comply with the Regulation and to protect the data you enter and to provide secure access to your account. As a user, you are the only ones who have access to your information through the above password and are solely responsible for maintaining its privacy and concealing it from third parties. In case of loss or leak, you should notify the Company immediately, otherwise the Company is not responsible for its use by an unauthorized person. We encourage all users to change their password at regular intervals, avoid using easily guessable codes (e.g. birth date or phone number or 1234... etc.) and to use a mixed set of numbers and symbols to create their password, in addition to the standard letters of the alphabet. Finally, users should not use the same password for more than one service (which means that, for their own security, they should have a different e-banking code, a different one for their email, a different one for logging in the Partners Site, etc.).
These security measures shall be reviewed and amended as necessary. You may find a detailed list of the technical and organizational measures applied by our company at www.elvial.gr in Corporate Privacy Policy.
5. PROTECTION OF MINORS
The Company’s products and services are not intended for minors. The company does not collect or knowingly disclose personal data of minors. Persons under the age of 15 must not provide us with their personal information without the consent of their parents or legal guardians.
6. RECIPIENTS OF YOUR PERSONAL DATA
Our Company transmits personal data that you enter to the Website, or that is automatically generated by the Website (cookies), to the following persons:
• To its executives, who are in charge of managing and fulfilling the obligations associated with your application (e.g. to the Sales Department for bidding, if you request so on the contact form, or to the Marketing Department, if you have applied for a subscription to our newsletter/mailing list, etc.).
• To affiliate companies (and/or freelancers) that process your data on our behalf (controllers who are bound by appropriate written contracts and comply with the Regulation), such as infrastructure, IT and telecommunications service providers, providers of maintenance and security for the above, advertising and promotion companies, etc.
• To credit rating agencies (such as Tiresias, etc.), to credit insurance agencies, or agencies providing guarantees where appropriate.
In all events, we bind both our employees and our affiliated companies and third parties by appropriate written contracts, in accordance with the Regulation.
Finally, our Company transfers personal data to relevant governmental/state authorities or law enforcement agencies only in the following cases:
► When the transfer is imposed by a mandatory provision of law, inter-state agreement, or court decision, or
► When the transfer is necessary to the foundation, support or exercise of the Company’s rights for the protection of its legitimate interests.
7. YOUR RIGHTS
The company shall ensure and take appropriate measures to allow data subjects to exercise their rights under national and Union law in connection with the collection and processing of personal data concerning them. These rights are as follows:
I. The Right of Access to Data
II. The Right to Correct Data
III. The Right to Delete Data ("right to be forgotten")
IV. The Right to Limit Data Processing
V. The Right to Data Portability
VI. The Right to Object to Data Processing
The company may refuse to fully satisfy the partially relevant request it receives from the data subject only where such capability is provided by the Regulation or national law. The company shall provide the data subject with information on processing operations following the request made within one (1) month of receiving the request and identifying the subject. This period may be further extended by two months if necessary, when the request is complex or when there are a large number of requests. In this case, the company is obliged, within one month of receipt of the request, to inform the data subject of the delay and the reasons for the delay. Within the above period it shall also inform the data subject of any refusal to satisfy, in whole or in part, the request made, as well as the reasons for the refusal.
If the data subject submits the request online, the information shall be provided, if possible, by electronic means, unless the data subject requests otherwise.
If the data subject's request is manifestly unfounded or immoderate, in particular because of its repeated nature, the company may subject its satisfaction to payment of reasonable fee or refuse to respond to the request.
To exercise your rights, you may contact the Company using the details provided in the "Contact" section below.
Data subjects have the right to refer to the Personal Data Protection Authority ("DPA") for matters relating to the processing of their personal data. Detailed information on the powers of the Authority and how to file a complaint is provided on DPA’s website (http://www.dpa.gr / My rights / Submit a complaint).
8. CONTACT
For more information about or exercising your rights, you may contact the Company in one of the following ways:
• Written letter to be delivered by post to the address Industrial Park Ag. Panteleimonas PO box 79, 61100 Kilkis
• Phone: + (30) 23410 39500
• Fax: + (30) 23410 64173
• Email: info@elvial.gr
9. THIRD PARTY WEBSITES
This Website may contain links to third-party websites that are not covered by this Privacy Policy. As the Company cannot guarantee the safety measures of such, all visitors are encouraged to read their respective privacy policies before providing information of any kind. Also, since both the Website and the email use publicly available communications networks, which by their nature are not guaranteed to be completely secure, the Company can in no way guarantee an uninterrupted and error-free provision of Internet services and of its content, not even the lack of "viruses".
10. MODIFICATIONS
From time to time we improve the services we provide and apply new technologies, so this Website Privacy Policy will be updated accordingly. Therefore, it is important that visitors regularly consult our Privacy Policy. The last modified Policy is deemed to be the applicable one and is always listed at the top of the first page.