Privacy Policy
PREAMBLE
Our Company, “ENIA SA” (also referred to as the “Company”), is the Controller of the personal data of the users of the website enia.gr and ensures that all its business actions are conducted in accordance with the principles of privacy protection, respect for human value, personal data protection, as we believe that these principles demonstrate our unwavering commitment to ethical and responsible practices.
This Policy describes our standards for the management and protection of personal data from or on behalf of our Company.
This personal data privacy policy is valid and applied to all facilities and/or digital environments and applications which belong to the Company and are related to its activity.
DEFINITIONS
For the purposes of this Policy, the following terms shall be understood as follows:
– Personal data: Any information concerning an identified or identifiable natural person (“data subject”). An identifiable natural person is one whose identity can be ascertained, directly or indirectly, in particular by reference to an identifier such as a name, an identity number, location data, an online identifier or one or more factors specific to the physical, genetic, psychological, economic, cultural or social identity of the natural person.
– Special categories of personal data or Sensitive data: Personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, as well as the processing of genetic data, biometric data for the purpose of indisputable personal identification, data relating to health or data relating to a natural person’s sex life or sexual orientation.
– Processing: Any operation or series of operations carried out with or without the use of automated means, on personal data or sets of personal data, such as collection, registration, organization, correction, storage, adaptation, alteration, retrieval, information retrieval, use, disclosure by transmission, dissemination or any other form of disposal, association or combination, restriction, deletion or destruction.
– Anonymization: Τhe processing of personal data in such a way that the data can no longer be attributed to a specific data subject.
– Pseudonymization: The processing of personal data in such a way that the data can no longer be attributed to a specific data subject without the use of additional information, provided that said additional information is kept separate and subject to technical and organizational measures to ensure that it cannot be attributed to an identified or identifiable natural person.
– Controller: The natural or legal person, public authority, agency or other entity that, alone or jointly with others, determines the purposes and manner of personal data processing. Where the purposes and manner of such processing are determined by the law of EU or the law of a Member State, the controller or the specific criteria for his appointment may be provided for by EU law or the law of a Member State.
– Processor: The natural or legal person, public authority, agency or other entity that processes personal data on behalf of the controller.
– Data Protection Officer: The Data Protection Officer (DPO) ensures, in an independent manner, the supervision of the strategy and compliance of the controller and the processor with the provisions of GDPR 2016/679 EU (GDPR) and mediates between different parties (e.g. supervisory authorities, data subjects). His role is advisory (not decisive) and he bears no personal responsibility for non-compliance with the Regulation.
– Consent of the data subject: Any indication of will, free, specific, explicit and fully informed, by which the data subject manifests that he agrees, by statement or by a clear positive action, to be the subject of processing the his/her personal data.
– Personal Data Breach: The breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access of personal data transmitted, stored or otherwise processed.
– Existing legislation: The provisions of the currently existing Greek, EU or other Legislation, to which the Company is subject and which define personal data protection issues.
Personal data controller
For any processing of personal data carried out by the Company or its partners, exclusively for the purposes and in the manner determined by the Company, the Company under the name “ENERGY NETWORKS AND INDUSTRIAL APPLICATIONS ENERGEIAKA DIKTYA KAI VIOMICHANIKES EFARMOGES ANONYMI ETAIREIA” is considered the Controller. In some cases, the Company may act as a Processor for other legal entities, with whom the Company is contractually bound.
LEGAL FRAMEWORK FOR THE PROTECTION OF PERSONAL DATA
As a Company we collect and process your personal data in accordance with this policy on personal data protection and
• in compliance with the EU Regulation 2016/679,
• the existing Greek legislation on data protection,
• the current legislative framework that governs the operation of businesses,
• the consents we receive.
This policy provides you with the necessary information regarding your rights and obligations and explains how, why and when we collect and process your personal data.
PERSONAL DATA WE COLLECT
The Company, in the context of its activities, may collect personal data of its employees, as well as of its partners in general, as well as of other individuals, with whom it deals and cooperates.
The Company always takes care to collect and process only the personal data that is necessary and relevant for the purposes of processing, as stated below and in order for the Company to comply with its obligations, as they arise from the applicable legislative and regulatory framework, its legal interests and its contractual obligations.
Indicatively, the categories of personal data processed by the Company, whether they regard employees or customers-suppliers-partners or other third parties with whom the Company deals, are the following:
– Demographic information and identification/contact information, such as: first and last name, father’s name, matrimonial name, date of birth, place of birth, gender, nationality, residential address, e-mail address, contact numbers, ID number, Tax Registration Number, SSN number and other numbers of insurance fund registers, health books etc.
– Data related to the education and training of employees or prospective employees, such as CV, high school diploma, diplomas, master’s and doctoral degrees, certificates of seminar’s attendance and licenses to practice a profession, data on previous experience or training etc.
– Health data, (including sensitive personal data), such as medical examinations of employees, leaves and medical history, to the extent that this is necessary for the assessment of a candidate or the fulfillment of obligations by the employment contract or provision of law, including obligations for health and safety at work, social security and social protection law, to the extent that this is necessary for the provision of the Company’s services or if there is some other legal basis for the processing, such as the fulfillment of the Company’s obligations regarding the Contract or provision of the law.
– Data related to benefits or expenses paid by the Company to its staff, such as e.g. employee expense reports, management of company phones or emails, etc.
– Image data collected from CCTV and security cameras to achieve the protection and safety of natural persons, materials (machinery, electromechanical equipment etc.) and facilities [Cameras are placed in areas where there is an increased risk of accidents or sabotage and their use is done exclusively for security reasons, while relevant signs have been placed in the monitored areas according to the standards and instructions of the relevant Greek Authority of Personal Data Protection.
– Entry – exit registration data at the Company’s facilities.
LEGAL BASIS OF PROCESSING
The Company processes personal data that are necessary, in order for the Company to be able to serve its contractual and legal obligations. The Company processes your personal data transparently in accordance with the principles of lawfulness, proportionality, confidentiality and integrity, purpose limitation and accuracy, specific data retention time and data minimization.
The company, in the context of its operation and for the fulfillment of its objective, receives and processes personal data based on the following legal bases:
– The processing is necessary for the performance of a contract, in which the data subject is a contracting party or to take measures at the request of the data subject prior to the conclusion of a contract (Article 6 / paragraph 1 / point (b) of the GDPR).
– The processing is necessary to comply with a legal obligation of the controller or to establish, exercise and support legal obligations (Article 6 / paragraph 1 / point (c) of the GDPR – Article 9 / paragraph 2, point f).
– Processing is necessary to safeguard the vital interest of the data subject or other natural person (Article 6 / paragraph 1 / point (d) of the GDPR).
– The need to carry out the obligations and exercise specific rights of the controller or the data subject or the data subject in the field of labor law and social security and social protection law (Article 9 / paragraph 2 / item (b) of the GDPR).
– The processing is necessary for the purposes of the legal interests pursued by the controller or a third party (Article 6 / paragraph 1 / point (f) of the GDPR)
– Consent, where required, which is usually obtained through written consent or prior disclosure of personal data by the subject himself/herself.
PURPOSES OF PROCESSING
We collect and store your personal data based on the following legal bases and specifically for:
a. the observance of the contractual agreement with you,
b. our legitimate interest,
c. the retention of data for the purpose of the Company’s response to audits by relevant authorities regarding the legality of our procedures,
d. the maintenance of the employee file and its procession in accordance with labor legislation,
e. the establishment, exercise or support of legal claims,
f. compliance with a legal obligation,
g. the execution of rights and obligations arising from social security law,
h. our legal interest and/or our legal obligation to protect the site as well as the goods located on the site from illegal acts.
In addition, we may share your information with third parties (outside the Company) only if:
– An official court decision has been issued.
– Sharing information with the police can prevent a serious crime.
– You give us express instructions and authorization to do so.
– We must safeguard the legal interests of the company or third parties.
– It is our legal obligation (e.g. tax authorities, insurance funds), after you have first been informed.
– A special legal interest exists following your relevant prior information, after you have received a reasonable deadline for any possible objections to the transmission.
TRANSMISSION OF PERSONAL DATA
We do not share or disclose your personal data without your consent, except for the purposes set out in this policy or where required by law. The Company uses selected partners (acting as “processors” under the GDPR) to provide services and all processors acting on our behalf process your personal data in accordance with the instructions they receive from us, with the appropriate confidentiality and security measures. The main categories of processors with whom we may share your data include:
– Public Social Security Organizations/Social Security/Health Funds,
– Organizations and companies providing information system support services and accounting support.
– External partner Auditors (Internal Auditors, Statutory Auditors, etc.).
– External Legal Advisors.
– External partners and/or consultants to whom the Company entrusts the processing of personal data on its behalf (banks, legal advisors, accountants, insurance companies, mobile phone service providers, car rental companies, etc.), having signed a relevant contract for the processing and protection of personal data.
– Company’s Doctor
– Chief Information Officer
DATA RETENTION TIME
In the Company, we maintain personal data only for a predetermined and limited period depending on the purpose of processing, at the end of which, personal data are deleted from our databases. Under no circumstances can the retention period be shorter than that required by law (e.g. tax documents, etc.) and data are not deleted for as long as there is a connection with individuals, e.g. through a contractual relationship and for the period during which any legal claims can be raised.
Furthermore, retention and processing of personal data is also allowed, if the data subject provides his/her consent.
RIGHTS OF THE DATA SUBJECTS
According to the GDPR, the subject of personal data can exercise the following rights:
(a) The right of access and information, i.e. the subject is entitled to receive information from the Company about the personal data it processes and to receive a copy of it, if he/she so wishes.
(b) The right of rectification, i.e. the subject may request that inaccurate, incomplete data kept regarding him/her be corrected and/or completed.
(c) The right of erasure, i.e. the subject can request the erasure of his/her data, only as long as the Company maintains it without there being a legal basis for processing.
(d) The right to limit processing, only if one of the conditions of article 18 of the GDPR is met.
(e) The right of data portability, i.e. the subject may, under certain conditions, request that his/her data be provided in a structured, commonly used and readable format or request that the data to be transmitted to a third party.
(f) The right to object to the processing, unless there are compelling and legitimate reasons for the processing, which override your interests, rights and freedoms or if the processing is necessary for the establishment, exercise or support of the Company’s legal claims.
(g) If the processing is based on your consent, you can withdraw it at any time, however the lawfulness of the processing carried out before the withdrawal of consent is not affected.
As an exception, the Company’s employees may not refuse the provision and processing of personal data that are legally necessary for the execution of their Contract.
In addition, in the event of exercising one or more of the aforementioned rights to rectification, erasure and limit of processing of your personal data, the relevant requests will also be forwarded to any third-party recipient, to whom the personal data may have been transmitted in the context of the aforementioned processing purposes.
To exercise any of your above rights, you can also contact the Company by using the following email: info@enia.gr.
The Company will respond to your request free of charge, without delay and in any case within one month of receiving the request, with the exception of exceptional cases in which the above deadline can be extended by two more months, if necessary, taking into account the complexity of the request, the volume of material to be processed and/or the number of requests. The Company will inform you of any extension within one month of receiving the request, as well as regarding the reasons for the delay. If it is not possible to satisfy your request, the Company will inform you, without delay and at the latest within one month of receiving the request, of the relevant reasons and of the possibility of submitting a complaint to the Personal Data Protection Authority, as and for your right to appeal before the competent judicial authorities.
WEBSITE
The website enia.gr will use your personal data in its capacity as Data Controller.
What personal data we use
The Company collects and keeps exclusively the personal data that you disclose to it by entering the requested personal information in the respective fields and/or your answers in the context of specific actions that it carries out and that you may voluntarily to participate, and are the minimum necessary for the proper functioning of the website and the services it provides.
WHAT ARE COOKIES?
Cookies are pieces of information in the form of very small text, stored in the browser you use on your PC, Smartphone & tablet (Chrome, Mozilla Firefox, etc.), helping the more efficient operation of our site. Cookies in no way cause damage to users’ computers or files stored on them. The information stored in cookies is used for identification & optimization purposes.
Categories
1) Necessary Cookies
They allow the execution of basic functions of the site, such as adding products to the cart, electronic payment and saving products to the wish-list. Without these absolutely necessary Cookies, the smooth operation of the site is immediately affected, but your personal navigation experience is also degraded since basic functions are underpowered.
2) Performance cookies
Performance cookies collect information about how visitors use the website. They allow us to see which pages are visited most often or show us if they are experiencing any problem while navigating. These cookies do not collect information that identifies the visitor. All information collected by these cookies is aggregated and used only to improve the way enia.gr operates.
3) Functionality cookies
These cookies “remember” your preferences while browsing our site, so that we can recommend the appropriate products and actions based on your needs. With these cookies you enjoy a personalized version of enia.gr, making it much easier to find what you are looking for.
4) Advertising cookies
These cookies are used to provide advertising more relevant to you and your interests. They are also used to send targeted advertising or offers with the aim of limiting bulk, spam and irrelevant advertising messages. At the same time, they help us measure the effectiveness of advertising campaigns.
5) Cookies Analytics
They are a subset of Functionality Cookies and enable us to evaluate the effectiveness of the various functions of our site, so that we can continuously improve the experience we offer you.
Specifically:
– Third-party vendors, including Google, may display company advertisements on websites on the Internet.
– Third party suppliers, including Google, may use cookies to update, optimize and display advertisements based on the user’s previous visit to the website enia.gr.
– Enia.gr may also use cookies from a previous visit to its website for remarketing.
You can set your browser to notify you each time before a cookie is downloaded and decide whether to receive it or reject it. In this case, keep in mind that you may not be able to use all of its features.
– Enia.gr may use Google Analytics features for display advertising (eg, remarketing, Google Display Network impression reports, Doubleclick Campaign Manager integration, and demographic and interest reports).
Using Ads Settings, visitors can opt out of Google Analytics for display ads and customize Google Display Network ads.
Enia.gr complies with the Google AdWords interest-based advertising policy and restrictions for sensitive categories and:
Uses remarketing with Google Analytics for online advertising.
Enia.gr and third-party suppliers, including Google, use both first-party cookies (such as the Google Analytics cookie) and third-party cookies (such as the DoubleClick cookie) to update, optimize and display advertisements, in accordance with the previous visits of some users to its website.
Enia.gr and third-party suppliers, including Google, together use first-party cookies (such as the Google Analytics cookie) and third-party cookies (such as the DoubleClick cookie) to perform reports on how the display of enia.gr ads, other uses of advertising services and the interactions with these display ads and advertising services are related to visits to the website of enia.gr.
Enia.gr may use data from Google’s interest-based advertising or third-party audience data (such as age, gender and interests) with Google Analytics.
In the context of the obligation to safeguard and protect the information of its customers and partners, the Company undertakes to protect and use in an appropriate manner the personal data collected either online from this website or through communication/collaboration with each third.
The Company only collects the personal data voluntarily provided by our online visitors, so that we can satisfy your requests, we can provide you with information about our products and services, by sending information material (letters, newsletter etc.) and to serve you in the best possible way. Where additional, optional information is sought, you will be notified at the time it is collected.
This personal data falls into the following categories:
a) Identity data: includes first name, last name, title, etc. If you communicate with us via social media, your social media username may also be included.
b) Contact data: including shipping address, delivery address, email address and telephone numbers.
c) Transaction Data: includes details of payments made by you and other details of the products you have purchased from us.
d) Technical data: includes your internet connection address (IP address), your browser, your location, your operating system and other information related to the device you use to visit the website.
e) Tracking data: includes data that we or others collect through cookies and similar tracking technologies such as web beacons, pixels and mobile identifiers.
Collection and purpose of personal data processing
The collection of personal data takes place only if you voluntarily choose to provide it, for example, in person or if you contact us by email or if you register as a customer of the products and services of the Company or if you participate in various actions / contests on social media and/or as users of enia.gr.
The use of the products and services provided by enia.gr, including the provision of online ordering services for our products and services, requires ensuring the ability to communicate with you. Therefore, it is necessary during your registration on the website enia.gr to declare the true personal data that will be requested.
By registering for the services provided by enia.gr you also consent to the storage and use of your personal data, in accordance with this Policy.
The purpose of the collection, use and processing of your personal data is:
(a) the provision of the services and products that you request through the website, the receipt of which requires the use and/or processing of e.g. Online orders, and the subsequent implementation of contractual obligations, in the context of execution, delivery and invoicing of orders under optimal conditions and in the most efficient way,
(b) providing personalized services and facilitating the ordering process, for the purpose of user convenience and/or ensuring that the content of the website is presented in the most efficient way for you and your computer. The legal basis for processing personal data for this purpose is your consent (Article 6(1)(a) and Article 9(2)(a) GDPR)
(c) in addition, but only with your optional consent, which is the legal basis of the processing in accordance with Article 6 paragraph 1 letter a) of the GDPR: the promotion of the products and services provided by the Company, in particular through enia.gr, and receiving advertising information material (direct marketing) from the Company.
Your data may in any case be processed, even without your consent, for the purposes of compliance with laws, regulations, EU law (Article 6(1)(c) GDPR), to obtain statistical data regarding the use of the Website and its proper operation (Article 6 paragraph 1 point f) of the Regulation), and the establishment or defense of legal claims in the interest of the company.
Personal data is entered into the company’s IT system in full compliance with data protection legislation, including security and confidentiality profiles and based on principles of good practice, legality and transparency in processing.
The data is stored for as long as it is absolutely necessary to achieve the purposes for which it was collected. In any case, the criteria used to determine this period are based on compliance with the deadlines set by law and the principles of data minimization, storage limitation and rational file management.
All your data will be processed in paper or automated means, ensuring in each case the appropriate level of security and confidentiality.
Your personal data is not used for purposes other than those described in this Policy, unless we obtain your prior permission, or unless this is required or permitted by law.
The Company collects “sensitive” personal data only when you voluntarily provide us with such data or when such data is required or permitted by law.
We advise you to refrain from providing sensitive data, unless this is required for the purpose of providing the personal data or you hereby consent to the use of such data.
The Company may ask you to provide certain personal data to send informational messages about products and services and/or related offers and announcements. It may also ask for your permission for certain uses of your personal data, and you can either agree to or decline those uses. If you wish to receive specific services or communications, such as an electronic newsletter, you will be able to unsubscribe from the relevant list of recipients at any time by following the instructions contained in each communication. If you decide to unsubscribe from a service or communication, we will try to delete your data as soon as possible, although we may need some time and/or information before we can process your request.
Persons with access to Personal Data and Transfer of Personal Data
The Data are processed by electronic and manual means in accordance with the procedures and practices related to the aforementioned purposes and are accessible by the personnel of the Controller authorized to process the Personal Data and the supervisors and in particular the employees belonging to the following categories: technical staff, IT staff and administrative staff, product managers, as well as other staff members who need to process the data for the performance of their duties.
The Company does not transmit personal data to third parties.
In some cases, the Company may share your personal data with various companies or service providers that cooperate with it, in order to respond to your requests or with natural or legal persons entrusted with the execution of the processing, provided that we will notify you in advance and obtain your prior consent. People who have access to data are obliged to maintain the confidentiality of such data.
The Data may be shared, also in countries outside the European Union (“Third Countries”): a) to institutions, authorities, public bodies for institutional purposes, b) to professionals, independent consultants – whether working individually or collectively – and others third parties and providers who provide the Data Controller with commercial, professional or technical services required for the operation of the Website (e.g. provision of IT and Cloud Computing services) for the purposes mentioned above and to support the Company in providing the services you have requested and c) to third parties in the event of mergers, acquisitions, transfers of businesses or their branches, audits or other extraordinary acts.
The recipients mentioned receive only the data necessary for their respective functions and duly undertake their processing only for the purposes stated above and in accordance with data protection laws. The Data may also be shared with the other legal recipients identified from time to time by applicable laws. With the exception of the above, the Data will not be communicated to third parties, natural or legal persons, who do not perform tasks of a commercial, professional or technical nature for the Controller and will not be disseminated. The people who receive the data will process it, as the case may be, as Data Controllers, Processors or persons authorized to process the personal data for the purposes mentioned above and in accordance with the applicable data protection legislation.
Regarding the transfer of data outside the EU, even in countries whose laws do not guarantee the same level of protection of the privacy of personal data as that provided by EU law, the Controller informs that the transfer will in any case take place in accordance with the methods permitted by the GDPR, such as for example based on the user’s consent, based on the standard contractual clauses approved by the European Commission, selecting parties participating in international programs for the free movement of data or implemented in countries considered safe by the European Commission.
Your rights regarding Personal Data
If you wish, you can request at any time to be informed about your personal data kept by the Company, their recipients, the purpose of keeping and processing them as well as their modification, correction or deletion, by sending a relevant electronic message to the address info@enia.gr from the electronic contact address you have declared. You also have the right to review the personal data we hold and generally to exercise any right provided by the legislation for the protection of personal data.
The personal data that you provide to us through enia.gr, either during your registration or at a later stage, are collected and used and processed in accordance with the applicable provisions on the protection of personal data. and specifically, in accordance with the provisions of Law 4624/2019, as applicable, and of the new European General Data Protection Regulation (EU) 2016/679, on personal data protection.
Keep, upon your request, in accordance with the provisions of Articles 15 – 22 of the GDPR:
–Right to be informed about the personal data we hold about you.
–Right to rectification of your personal data.
–Right to complete your personal data, provided that this data is necessary for the purposes of processing your data.
–Right to erasure of your personal data. Some data will only be deleted after a specified retention period, for example because in some cases we are required by law to retain the data, or because the data is required to fulfill contractual obligations to you.
–Right to freeze your personal data: in certain cases provided by law, we will freeze your data if you ask us to do so. Further processing of retained data takes place only to a very limited extent.
–Right to withdraw your consent, which can be done at any time.
–Right to object to the processing of your data.
You can object at any time to the processing of your personal data in the future, if we process your data on the basis of one of the legal justifications provided for in Article 6 §§ 1e) and 1f) of Regulation (EU) 2016/679. If you object, we will stop processing your data, provided there are no legitimate grounds for further processing. Processing your data for advertising purposes does not constitute a lawful reason.
Security of Personal Data
The Company applies specific technical and organizational security procedures in order to protect personal data and information from loss, misuse, alteration or destruction. Our partners who support us in the operation of the website and digital infrastructure also comply with these provisions. The company has ensured the compliance of the cooperating companies with the GDPR policy and bears no responsibility for any unfair action by them on personal data.
Links to other sites
This Privacy Policy applies only to the Website defined above. Although the Website may contain links to other websites (known as third-party websites), we inform you that the Company does not have access to or use cookie tracking systems, web beacons or other user tracking technologies that may be active on third-party websites, the content and material published on them or the methods of processing your personal data. For this reason, the company expressly disclaims any responsibility for such matters. Therefore, you should verify the privacy policies of such third-party websites and gather information about their terms and conditions and how they process your personal data.
How we store data and for how long
In accordance with Article 5(1)(c) of the GDPR, the computers and programs used by the company are created in such a way as to minimize the use of personal data and information
Resolution of complaints, complaints
According to the General Regulation of Personal Data, the Company is committed to resolve complaints or complaints regarding the collection or use of personal data.
If you wish to report any complaint, you can send a relevant email to info@enia.gr from the email address you have provided.
In the event that you consider that the protection of your personal data is affected in any way, you can appeal to the Personal Data Protection Authority, Kifisias 1-3, c. 115 23, Athens, www.dpa.gr
CHANGES TO THIS POLICY
This Privacy Policy may be revised occasionally, in accordance with the requirements of current legislation. In the event of any modification of this Policy, the revised version will be posted on the Company’s website. We encourage you to periodically review this Policy to review any changes to the way we manage your personal data.
