PERSONAL DATA PROTECTION POLICY
“KARLOS ENTERPRISES S.A.” Company (hereinafter referred to as “Company”) respects privacy of individuals and is taking full account of the need to protect their personal data.
This informative notice provides to all persons interested in our services, as well as to any visitor of our website, with concise, fully defined and transparent information regarding the practices followed in the management and protection of personal data.
The company, based on its experience and know-how, aims at continuously expanding its products and services, always focusing on quality, safe and complete satisfaction of its customers’ needs and requirements.
The company has installed a Private Information Management System (PIMS) which complies with the general principles of the International Standard for Information Security and Data Management ISO 27552: 2018 and is committed to:
- Satisfying its customers by providing high quality services according to their requirements.
- Ensuring the confidentiality, integrity and availability of information that is processed, transmitted, maintained electronically or physically by the Company’s personnel and information systems.
- The timely and rapid identification and response to emergencies related to a breach (or suspicion of breach) of company information security.
- Protecting the company’s investment in information and communication technologies.
- Compliance with the requirements of Greek and European Legislation in the field of personal data management, confidentiality, copyright, etc.
- Continuous improvement of the Private Data Protection System, its efficiency and performance in terms of ensuring the integrity, confidentiality and availability of information for the benefit of the business itself, its employees, customers and partners.
It is important for the “company” to have the resources required to support the Private Data Protection System and to provide the necessary knowledge to its staff and executives on information security issues, utilizing their skills and abilities.
It fully recognizes the objectives of the Private Data Protection System and supports its implementation.
Company executives and staff are committed to:
- Compliance with all business policies and processes related to the protection of personal data.
- Ensuring that the requirements of other interested parties are met.
This Personal Data Privacy & Security Policy is already known to all business executives and staff, and is available to all interested parties as it is posted on the business website.
It is reviewed annually, or earlier, if the Company’s Management deems this appropriate.
- What is the purpose of this Policy?
This Policy is intended to inform all interested parties on how the personal data of individuals is collected, stored, used and transmitted in some cases, the security measures the company is taking for the protection of personal data, the reasons and the time such data is stored, but also on the type of personal data collected. It refers to any operation or series of operations performed with or without the use of automated means, on personal data or sets of personal data, such as collection, registration, organization, structure, storage, adjustment or alteration, recovery, searching information, use, disclosure, dissemination or any other form of distribution, association or combination, restriction, deletion or destruction.
The company reserves unilaterally the right to update, amend, add, modify its services and this Policy, from times to times, whenever deemed necessary, without prior notice, always within the respective legal framework in force and in accordance with any changes to the existing data protection legislation.
The company encourages all interested parties to check this Policy periodically, in order to be informed of the changes introduced hereto.
- What does “Personal Data” mean?
Personal data is any information relating to a specific individual or person which can be identified (e.g., name, ID card number, address etc.). The company shall not process your personal data without your consent. However, the company reserves the right to process your personal data, to the extent permitted or required by law and/or in accordance with the contract concluded between you and the Company, and/or upon any court judgement or prosecutorial order.
- How we collect your personal data
Your personal data is collected in the following ways:
- Through direct interaction with you, when the company provides you its services, when you contact the company so that you or a third party receives our services, when you participate in an event of the company, when you apply for a job with us, when you fill in online forms or send us an e-mail (“e-mail”)
- Automatically, through your browser (“browser”) or mobile device (cell phone, tablet, etc.) that you use to access our website.
- A third party partner provides it to the company, after you have given your consent (e.g. one of our partners etc.)
When you sign up for a service provided by the above company website, you will need to fill in some fields. In cases where your consent is required for the collection of your personal data, this will be expressly requested by you and you have the right to withdraw it at any time.
- What type of personal data is collected?
In summary, personal data collected and further processed include:
- Full Name, address and contact information in general (including e-mail address and telephone number).
- Date of birth, Sex and other relative data necessary for recruitment to the company.
- other information deriving from the use of our website and other digital platforms we use to inform you about the following services provided by the company through the website:
- e-mail reception
- Submission of CVs for recruitment to the company
In addition to the above data you provide to us, technical information may also be collected, which is personal data, such as your device’s Internet Protocol address (e.g. computer, laptop, tablet, smartphone). This technical information is used for the smooth operation and performance of the website and online services and is not permanently stored.
For more details on the technologies used on the cookies website see our Cookies Policy.
We may also use the information in other ways for which we shall be giving you specific notice at the time of collection. The information collected is essential for the purposes outlined above.
- What principles govern processing of your Personal Data by the Company?
The Company processes your personal data in a lawful and legitimate manner for the purposes clearly set out in this Policy. Your personal data, processed by the company, is limited to what is strictly necessary to achieve such purposes, is accurate and up-to-date, it is kept for the period determined by the purposes of processing, is protected by adequate security measures and is not transmitted to countries that do not ensure an adequate level of protection.
- Who collects personal data and for what purpose? Is personal data transmitted to third parties?
The Company shall be using the information provided by you for the following reasons, if:
- This is necessary for the conclusion of a contract to which you are a party.
- We have obtained your consent.
- We have a legitimate interest in doing so (including a legitimate interest in conducting marketing activities, research activities, data analysis and internal management, processing and enforcing legal requirements and conducting our operations in accordance with the applicable law and with our policies).
The personal data collected is processed by authorized employees of our company, for the sole purpose of providing the service concerned each time. Such data shall be transmitted only to authorized third parties who are bound by the obligation of confidentiality, where they are required to have access in the context of the provision of such services.
After your order, your personal data may be forwarded to third parties/ partners of our company.
The company is explicitly committed that it will not commercialize your personal data by making it available for sale/rent, by giving/ transmitting/ publicizing or communicating it to third parties or using it in any other way and for other purposes which may jeopardize your privacy, rights or freedoms, unless required by law, court judgment/ order, administrative act, or contractual obligation necessary for the proper functioning of the Company’s website and for its operation. Personal data may be transmitted to partner companies, or to third parties, in accordance with the terms of this Policy, committed to maintaining confidentiality for further processing to provide services, evaluate and improve the functionality of the website, marketing purposes, data management and technical support, only after the user has been informed in advance and consent has been obtained.
These third parties have been contractually required to use personal data only for the above reasons, and shall not transmit or disclose such personal data to third parties unless required by law.
- How long is my personal data kept?
Your personal data is kept for as long as required by the nature of the service provided by the company and you have chosen, and additionally, for the time specified in the relevant legislation.
The company does not retain your data for longer than necessary to fulfill the purpose for which such data is processed. In determining the appropriate retention period, the company takes into account the quantity, nature and sensitivity of personal data, the purposes for which such data is processed and the possibility to achieve such purposes by other means.
Also, the company takes into account the periods for which it might need to retain your personal data to fulfill its legal obligations (e.g. in relation to tax audits) or to respond to complaints/ questions and to protect its legitimate rights in the event of a claim filed against the company (20-year period under 904ep, Civil Code).
When we no longer need or no longer have a legitimate reason to keep your personal data, this is safely deleted or destroyed.
Also, the company takes into account whether and how it may minimize, over time, the personal data it uses, as well as whether it can retain it anonymously, so that these may no longer be correlated with you or identify you. In this case, the company may continue using your data without further notice.
- What are my rights? What can I do if I have any issues with my personal data being processed?
- You have the right, at any time, to ask us about the type of personal data we process, for what purposes we process it, whether we give it to third parties and to whom, and other relevant information.
- You also have the right to receive a free copy of your personal data upon request.
- Other rights that you have under the relevant personal data protection legislation include the right to request updating and/ or revision of your data, pause and/ or restriction of processing and deletion from the systems of a company, provided that there is no other statutory obligation to be retained.
- You also retain the right to portability and / or objection to the processing of your personal data.
In particular, with regard to a future “Newsletter”, it will be possible to “unsubscribe”, following the instructions included in each newsletter, to stop the processing of personal data related to this service.
You may exercise all such rights by submitting your request in writing in the address found in our contact page: https://www.karlos.gr/contact/.
For any questions you have about your personal data and / or for any clarification, you can contact the company’s Data Protection Officer either by phone at 2610-312001 or by e-mail at https://www.karlos.gr/contact/.
In any case, you have the right to apply to the competent Data Protection Authority (DPA, www.dpa.gr ) and/ or to file a lawsuit.
The company shall be making all effort to ensure that your requests are answered promptly and in any case within one month. This period may be extended by two (2) more months if necessary, taking into account the complexity of the request and the number of requests submitted. For such extension and of the reasons for the delay, you will be informed within one month of receipt of the request from the company. If you submit your request electronically, the answer will be provided, if possible, by electronic means, unless otherwise requested (e.g. in writing).
In any case, you may contact the Data Protection Officer of our Group, the Data Protection Authority (DPA, www.dpa.gr ) and / or life a lawsuit if you consider that your above rights have been violated.
- Is my personal data safe?
Privacy of persons whose personal data is processed by the Company, whether customers, employees, or third parties is very important to us and we are taking all necessary measures to protect it, as to the confidentiality/ privacy of information, as well as to its integrity (risk of being distorted, accidentally damaged, etc.).
In this context, the company operates an Information Security Management System, which follows the best practices of the international standard ISO 27001.
We will always take care of and store your personal data in accordance with industry best practices, in line with ISO 27001, the international standard for information security. These practices include the activities and procedures undertaken by our staff and authorized third parties (see Section 10), as well as the technical controls we apply to prevent unauthorized access or theft of information from our applications, constantly supporting the modern media every time, our entire Information System, which we monitor at regular intervals.
The company takes all proper organizational and technical measures designed to protect information from loss, misuse, unauthorized access, disclosure, distortion or destruction and cares for the fair and lawful collection and processing of personal data, as well as for its safe storage, in accordance with the relevant provisions of both Greek and Community and international law concerning protection of the individual from the processing of personal data, and with the decisions of the Hellenic Data Protection Authority, safeguarding the privacy and confidentiality of any information becoming available to us. In particular, this Policy takes full account of the provisions and articles of Regulation (EU) 2016/679 of the European Parliament on the protection of individuals with regard to the processing of personal data and on the free movement of data (“General Data Protection Regulation” – (GDPR)) and shall make every effort to comply therewith.
Access to contact information of visitors/ users of the website of the company is limited to authorized persons who are bound to confidentiality (employees, providers of services) and reasonably deemed to need to know that information to provide products or services to visitors / users of website or for performing their work.
- How is my personal data collected and used on the website?
The personal data is collected on the company’s website in the following cases:
- When you ask to be informed about the services provided by the company through our website.
- When you register and use the services of the company website.
- When you participate, at your free will, to the company services.
- When you choose to sign in via social networking accounts (e.g., using your Linkedin account credentials, to create an account or link).
- Using “Cookies” or similar technologies.
The personal data collected on a case-by-case basis include:
- Receiving a “Newsletter” on a regular basis: an email address.
- Entry of information data: contact details [e-mail address, postal address, telephone etc.].
- Monitoring the proper functioning and improving website functionality and performance: internet protocol (“Internet Protocol address”), website browsing patterns (“browsing patterns”), information on the use of the website, browser history (“browser history”), geolocation data, HTTP protocol elements, etc. This data shall be aggregated so that users cannot be identified to the extent possible.
Collection and processing of personal data is solely for the purpose of:
- Personalized information and service provision.
- Provision of services according to user preferences and characteristics.
- Statistical analysis of the traffic and use of the company’s website.
- Satisfaction of users’ requirements as well as direct communication for the purpose of informing about new services of the company (provided the users have given their consent).
Further transmission to third party partners will be at the request of the visitors/ users themselves. User consent is explicitly requested, subject to information about the purposes and legal basis for the use of personal data, and is a prerequisite for any processing or transmission of user personal data.
– Cookies & Internet Tags
Cookies are small text files that are stored on your device using any web browser whenever you visit a website. Cookies can be used to let us know for example if you have visited our site in the past or if you are a new visitor and also to help us identify features of our site that you may be more interested in. Cookies can improve your online experience by storing your preferences as you visit a website and can be removed at any time.
- For the smooth running of the website with the required speed.
- To identify the device you are using to navigate your browser and / or operating system website, to provide a personalized navigation and / or use experience on the company’s website.
- To save your settings during a visit or between visits (such as your username, preferred language, or use of social media), so as to avoid re-typing some data.
- To improve the performance and / or security of the website.
- To provide content based on your interests and needs.
- To analyze how you browse and / or use the Website.
- For the collection of personal data without your consent.
- For the transmission of your data to advertising agencies.
- For the transmission of your data to third parties without your consent.
You can also delete cookies from the computer or device you use, anytime you want. However, please note that by not accepting cookies or some of these cookies, some of the features of the website may not be fully available.
Internet Explorer http://support.microsoft.com/kb/278835
Safari for iPad and iPhone http://support.apple.com/kb/HT1677
Web Beacons (also known as Internet tags, pixeltags and clearGIFs) are often transparent graphic images that are placed on a website. Web beacons are used in combination with cookies in order to monitor the behavior of the users visiting websites.
The company assures that through web beacons (“internet tags”, etc.) and cookies, personal, identifiable information about website visitors such as names, addresses, email addresses or phones is NOT collected or searched for.
Our website, like almost all websites worldwide, uses Google Analytics, a data analysis service, offered by Google inc, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. Google Analytics uses “cookies”, which are text files that are stored on your computer or device and make it easy to analyze how you use the website. The information obtained from cookies about your use (including your IP address) is transferred to a Google server in the US and stored there. Google will use this information to evaluate your use of the Website, to report to its administrators about these activities, and to provide other services related to the use of the website and the Internet.
The cookies used by the analytics.js library are the following:
CookieName ExpirationTime Description
_ga 2 years. Used to distinguish users.
_gid 24 hours. Used to distinguish users.
_gat 1 minute. Used to throttle request rate. If Google Analytics is deployed via Google Tag Manager, this cookie will be named _dc_gtm_<property-id>.
AMP_TOKEN 30 seconds to 1 year. Contains a token that can be used to retrieve a Client ID from AMP Client ID service. Other possible values indicate opt-out, inflight request or an error retrieving a Client ID from AMP Client ID service.
_gac_<property-id> 90 days. Contains campaign related information for the user. If you have linked your Google Analytics and Google Ads accounts, Google Ads website conversion tags will read this cookie unless you opt-out.
Google may also transfer this information to third parties, under the condition that it is provided by the law or if any third parties process the data on its behalf. Google will not associate you IP address with any other data it holds. You may disable Google Analytics by selecting the appropriate settings in your browser but note that in such a case you may not be able to use all the features of this website.
By using this website, you agree to the processing of your personal information collected by Google, in the way described above and for the abovementioned purpose. If you do not want Google to collect information from your browser when you visit the websites, you can opt out of Google Analytics by clicking here.
You can set your browser to inform you each time before a cookie is downloaded and decide whether on not to accept it. In this case, keep in mind that you may not be able to make the most of it.
The company website can and may use Google Analytics for advertisement display (e.g. remarketing, Google Network display, DoubleClick campaign manager integration and demographic and interest reports).
By using ads settings, visitors can opt out from Google Analytics for ads display and customize Google Display Network ads.
Click here for the available web opt out options of Google Analytics: https://tools.google.com/dlpage/gaoptout?hl=en
Our website in any case complies with GoogleAdWords Interest-based Advertising Policy and the restrictions on sensitive categories.
Our site uses additional ‘social plugins’ of the Linkedin social networking site operated by Linkedin SA, Sunnyvale, California USA (‘Linkedin’). The plugins are identified by the Linkedin logos (a white ‘in’ icon on a blue background). If you find a page on our website where we have a plugin embedded, the browser will contact the Linkedin server to load the plugin and view it. During this process, Linkedin receives information about your visit to our site, such as your IP address. When it loads the plugin, Linkedin integrates its content into our website. That’s why we don’t know how much data Linkedin can collect using these plugins.
You can find out more about how much and what data Linkedin collects, how it processes and uses it, what your rights to the data you provide, and what settings you can modify to protect your privacy by going to the Linkedin data usage policy. If you have a Linkedin account but you do not want Linkedin to collect information about your visit, you must log out of your Linkedin account before visiting our site. You can also use additional applications in your browser to prevent the viewing of these plugins from our site.
IP addresses and URLs
The IP address is a unique locator used by some electronic devices, to locate and communicate with each other on the Internet. When you visit our websites, we can see the IP address of the device you used to connect to the Internet. We use this information in order to change the way our websites are presented to improve your visit and to determine the general geographical location of the device and to understand from which geographical areas our site visitors come from. We may use this information to change the way our website is presented in order to improve your visit.
The URL (Uniform Resource Locator) is a unique locator or address for every medium on the internet and is essentially the address of the site you are visiting. We will use this information to see which websites have traffic and how you navigate our site.
The company, recognizes the importance of personal data and electronic transactions privacy, acknowledges its obligations and takes all necessary technical and organizational measures using the most modern and advanced methods to ensure maximum User security. All information relating to the User’s personal data is secure and confidential. We receive the personal information that you have chosen to provide to us.
Safety is achieved as follows:
- Controlled Access
Access to the systems of the company is controlled by firewall which allows users to access specific services, while prohibiting access to systems and databases of the company containing confidential data and information.
- SSL Security:
The SSL protocol (Secure Sockets Layer), is currently the global standard in online certification websites to Web users and to encrypt data between network users and webservers. An encrypted SSL communication requires that all information sent between a client and a server be encrypted by the shipping software and decrypted by the receiving software, thereby protecting personal information during transmission. In addition, all information sent with the SSL protocol is protected by a mechanism that automatically checks if the data has changed during the transmission.
By using special software, the company’s electronic system decrypts the information it receives before processing it. The system of the company sends information using the same encryption process. For any information you fill in anywhere in our website (password, e-mail, address, phone number, credit card number, etc.), there is 128-bit SSL encryption. Encryption is a way of codifying information so that it can be securely accessed by its intended recipient, who can decode it using the appropriate key.
- Privacy of Transactions
Confidentiality is self-evident to us. Electronic transactions are governed by the same basic principles that apply to traditional trade. All information transmitted by the User is confidential and the Company has taken all necessary measures so that it remains secure and is used only to the extent necessary for the execution of the contract and provision of services.
The User, in order to ensure security of their data, should not disclose these data or access to such data to third parties.
- How does the website treat children’s personal data?
The company commits that it shall not process any personal data of visitor / users of the Web Site under sixteen (16) years of age, without having ensured prior consent of the person having custody of the child (parent or guardian), via direct communication, off-line or online.
- What about links- hyperlinks to other websites?
The company’s website may includes hyperlinks to other websites, for the content and services of which the Company bears no responsibility, and for which the company does not guarantee continuous and safe accessibility. The company shall under no circumstances be deemed to accept or adopt the content or the services offered by the hyperlink websites or to be connected with such websites in any way. Any issue arising out of the use of such websites is the sole responsibility of the respective owner of the website. In the case of hyperlinks to other websites, the company is not responsible for the administration terms and protection of personal data practices followed by such websites.
We use social media to present the work and services of the company through widely used and up-to-date channels. The use of social media by the company is specifically noted on our site.
The company strongly encourages users to read the respective policies of each third party (e.g. search engines, social media companies such as Linkedin etc.), to get information on the practices followed for the protection of personal data.
The website of the company may include material of promotional/ informational content, purpose and character. The Company shall not be liable to the visitor / user as well as to any third party for any unlawful act or omission, inaccuracy or inability to comply with the laws and regulations of any country or the European Union in relation to the content of this informational content. The company is not required to consider and is not considering legitimacy or not of the information material displayed on its website and therefore it may not bear any related liability. This liability rests with the advertisers, sponsors and/ or creators of the promotional material displayed.
- Updates to our Personal Data Protection Policy
This Policy may be updated regularly and without any notice, in order to reflect our personal data privacy practices. A prominent notice on our website will be posted to inform you on any significant changes to our Personal Data Protection Policy and the most recent update of it shall be mentioned in the beginning of the Policy.
- How To Contact Us
If you have any questions or comments about this Policy, or if you would like to exercise your rights, please send us a notice in writing, in the address: Kanari 1 – Post Code 26222 Patra Greece, or you can call as: +30 2610-312001.