A. Object and scope of the present Policy
SBS Group respects your privacy and protects your personal data. For every issue pertaining to the present, you can contact the person mentioned below, in charge of personal data protection issues. With the present policy we aim to inform you about the personal data we collect and process during our operation. The personal data which concern you are collected and maintained for the required time, for specific, explicit, and lawful reasons described below in detail, they are subject to lawful and legitimate transparent processing according to the legal framework in force and in a way that guarantees the integrity and confidentiality of such data. These data are appropriate, related, suitable, and not more than those required in view of the above objectives; they are also true, and, if required, they are updated.
Data Controller Information:
Name: “SVOLOS -SARRIS MELETITIKI EMPORIKI KAI APOTHIKEYTIKI ETAIREIA EPAGGELMATIKOY EKSOPLISMOY ANONYMOS EMPORIKI VIOMIXANIKI ETAIREIA”
Distinctive title: SBS Group
Address: Location Stravo Pefko, Aspropyrgos, Attica
VAT (TIN) no: 095632836, Commercial Companies’ Athens Tax Office.
B. Terms and Definitions
“Personal data”: every piece of information concerning the identified or identifiable natural person (“data subject”). Identifiable is the natural person whose identity can be verified, directly or indirectly, especially via reference to a key identity element, such as the name, ID number, location data, online identity trait, or one or more factors specifying the physical, physiological, genetical, psychological, financial, cultural, or social identity of the said natural person.
“Personal data processing”: every action or series of actions performed on personal data or sums of personal data with or without automated media, such as the collection, reporting, organization, structuring, storing, adjustment or modification, recollection or search of information, the use, disclosure through transfer, dissemination or any other form of disposal, correlation or combination, limitation, deletion / erasure, or destruction.
“Data controller” is the natural or legal person, public body, service, or other entity that, independently or jointly with others determines the scope and manner of personal data processing.
“Data processor” is the natural or legal person, public body, service, or other entity that processes personal data on behalf of the data controller.
“Consent” of the data subject: any indication of free, specific, explicit, and in full awareness will, by which the data subject expresses that they agree, by declaration or related positive action, that their personal data be object of processing.
“Personal data breach (violation)”: the security breach which leads to casual or illegal destruction, loss, modification, disclosure, or access of data, which is transferred, stored or otherwise subject to processing without permission.
“Health data”: personal data relating to the physical or mental health of a natural person, including provision of healthcare services, which reveal information relating to their health state.
“Special personal data categories/ Sensitive personal data”: personal data revealing racial or ethnic origin, political views, religious or philosophical beliefs or trade union membership, as well as the processing of genetic or biometric data aiming at the undoubted identification of the person, of data which concern the natural person’s health, sexual life or sexual orientation.
C. General Principles of Personal Data Processing
SBS Group sees to it that the personal data it processes be
• Subject to processing which will be lawful and legitimate in relation to the data subject.
• Collected for determined explicit and lawful purposes.
• Appropriate, related and limited to the required minimum for the purposes for which they become subject to processing.
• True and updated
• Subject to processing in a way that guarantees the suggested security of personal data; among others, their protection from non-authorized or illegal processing and casual loss, destruction or damage, by means of appropriate technical and organizational measures.
• Maintained only for the time required for the purposes of personal data processing. In some cases they can be maintained for a longer period, especially if their processing is deemed necessary for:
o Legal conformity provided by another law
o Duty fulfillment for the execution of a public interest purpose
o Archiving for public interest, scientific or historical research
o For purposes concerning public health protection
o For statistical purposes
o For the establishment, rebuttal, exercise, or support of legal claims.
D. Personal Data Protection Legal Framework
Apart from the General Data Protection Regulation of the European Parliament (2016/679) on the protection of natural persons against personal data processing and on the free circulation of these data, the national laws in force concerning the personal data processing and protection are applicable, as well as the Directives issued by the Hellenic Data Protection Authority. The following laws are mentioned indicatively:
• Law 4624/2019 (Application measures of the General Data Protection Regulation of the European Parliament (2016/679))
• Law 2472/1997 for the protection of the individual from personal data processing.
• Directive 95/46/EC of the European Parliament and Council, for the protection of natural persons against personal data processing and for the free circulation of these data.
• Directive 2022/58/EC of the European Parliament and Council regarding personal data processing and protection of private life in the field of electronic communications.
• Directive 1/2011 of the Hellenic Data Protection Authority for the use of video surveillance systems for the protection of people and goods.
• Guideline 115/2001 of the Data Protection Authority on personal data protection in the field of employment.
• Law 3471/2006 for personal data and private life protection on the field of electronic communications.
• Regulatory Acts of the competent administrative bodies.
• Health Protocols, Legislative Acts, Joint ministerial decisions.
E. Scope of Processing
According to the above legal framework, personal data collected by SBS Group are used for the following processing purposes:
a) To process the orders we receive, as well as every other service we provide.
b) To administer our relationship with you before, during and after your using our services
c) To comply with Greek and European Law
d) For marketing purposes
e) To establish, acknowledge, exercise or support rights and legal claims
f) To support our entrepreneurial procedures
g) To improve our services
h) To secure our information systems
i) To execute our duty toward public interest and specifically in the field of public health
F. Legal grounds of personal data processing
SBS Group processes your personal data with transparency, according to the principles of legality, proportionality, confidentiality and integrity, the limitation of scope and accuracy of the determined time of data maintenance and minimizing the data (processed).
The legal grounds of personal data processing may be:
a) Your consent
b) The necessity of data processing in the framework of executing our contractual obligations or during the pre-contractual phase
c) The necessity of data processing in the framework of securing our lawful interests
d) The necessity of data processing for the protection of your vital interests
e) The necessity for extraction of statistical data
f) The necessity of processing for the execution of our duty toward public interest, and specifically in the field of public health.
G. Data processed by SBS Group
According to the above scopes, SBS Group collects and processes personal data, such as, including but not limited to, the following:
G.1 Employees/ Third-party contractors: name and last name, father’s name, mother’s name, year of birth, place of birth, sex, citizenship, address, e-mail address, contact phone numbers, ID number, Tax Identification Number, Social Security Number, bank account number IBAN, data concerning family status, education and training of the employee/contractor, their prior work experience, their Curriculum Vitae, wage, work schedule, medical folder/health certificate
Scopes/ Legal grounds for processing:
– Administering the work relationship between SBS Group and the employee/ third-party contractor. The processing of those data is deemed necessary for the execution of the employment contract.
– Fulfillment of SBS Group’s employer obligations. Data Processing is required for SBS Group to comply with its legal obligations.
– Evaluation of the candidate’s eligibility to cover the specific job position. Legal grounds for processing constitute SBS’s legal interest and the candidate’s consent.
G.3 Order completion: name and surname, e-mail, address, phone number, charge information, order content, billing data. SBS does not process data that belong to special categories (“sensitive data”), such as data relating to dietary habits, allergies, religious preferences, diseases etc.
Scopes/Legal grounds for processing:
– Contract execution, whose subject is the contracting party
– Subject’s consent
– Compliance with SBS Group’s lawful obligation
G.4 Suppliers: name and surname, Tax Identification Number, IBAN, contact phone number, address, e-mail
Scopes/Legal grounds for processing
– Contract execution, whose subject is the contracting party
G.5 Contact information
Persons who have stated their desire via valid consent in order to receive news and updates from SBS Group.
Purposes/ Process Legal Basis
Persons who have stated their wish, through their valid consent, to receive news and offers from SBS Group.
H. Data transfer
The entirety of the workforce – staff which is employed at SBS Group and which processes your personal data is contractually bound through discretion, confidentiality and privacy protection clauses for your said data.
At SBS Group, it is part of our philosophy and a of ours basic principle not to disclose your information to third parties for their own independent business reasons or marketing purposes without your consent.
In any case, SBS may transfer the required data concerning each one of your orders (name and surname, address, products) to its collaborators, in order to complete the order. The collaborator-companies operate as independent data controllers with regards to data processing with the purpose of completing your order.
In addition, we may share your information with the following bodies:
– Affiliated companies. Your information may be used jointly with SBS Group’s affiliated companies.
– Business partners. We may also use your information jointly with trusted business partners. The said partners may use your information to provide you with the services you requested and to deliver marketing material, advertisements and other materials, if you have given your consent.
– Service providers or/and third parties who execute processing on our behalf. We may also share your information to companies who provide services for us or on our behalf, such as IT subcontractors, companies which send mass e-mails on our behalf, credit card issuers, law offices, post or courier offices, printing service companies etc.
– Credit approval: When you submit a credit request, your personal data is used and disclosed to eligible third parties according to the legislation in force, so that the issuance and maintenance of a credit limit can be decided upon.
– Public Entities, when so explicitly provided by the national legislation.
Exceptionally, access to your personal data is allowed:
A) To judicial authorities and public prosecutors when exercising their duties ex officio or upon request of a third party pleading a lawful interest and according to the legal procedures,
B) To other bodies of the Greek State, which have such right and competency according to their constitutional provisions.
I. Data maintenance period
We take reasonable measures in order to ensure that your personal data shall be kept only for as long as it is necessary and only for the purpose, for which they have been collected and/ or for as long as it is required by contract or by the legislation in force. Your personal data shall be erased if you ask us to proceed to erasure thereof.
Your tax (fiscal) data shall be kept in accordance with the tax / fiscal legislation.
IN any case however, even despite your request to Erase your data, we may perhaps need to store some of your data because of legal requirements. Nevertheless, in such a case we shall limit your data from further processing.
J. Rights of the Data Subject
SBS Group sees to it that data subjects can at any time exercise their rights, which are acknowledged by the legislation, with regards to the data collection and processing. Those rights are the following:
– Right to access the data (Right to Access)
– Right to correct the data (Righto to Rectification)
– Right to erase the data (Right to Erasure)
– Right to limit data processing (Right to Limitation)
– Right to data mobility
– Right to data processing rebuttal (Right to Object)
Data subject requests are submitted to SBS group via the e-mail address firstname.lastname@example.org
SBS will reply free of charge to your request, without delay and in any case within one month from receiving the request, except for exceptional cases, where the above time limit can be extended by two more months, if required, considering the request´s complexity or the number of requests. SBS Group will inform you of any delay within one month of receiving the request, as well as of the reasons for the delay.
In case your request satisfaction is impossible, SBS Group will inform you, within one month of receiving the request, of the related reasons and the possibility to submit a Complaint to the Data Protection Authority, as well as of your right to seek justice before the competent judicial authorities.
If your request is judged by SBS Group to be manifestly unfounded or exaggerated, SBS Group has the right to impose the payment of a reasonable and equitable fee, considering the administrative expenses for the satisfaction of the request, or it may refuse to follow up on your request.
K. Right to lodge a complaint with the competent Authority.
If you believe that the data protection is infringed, you can seek justice before the Data Protection Authority (www.dpa.gr, Leoforos Kifissias 103 P.C. 115 23, Athens, +30 210 6475600, +30 210 6475628, email@example.com)
L. Amendments to the present Policy
SBS Group may unilaterally amend the present policy at any time, for compliance purposes with the regulatory changes or for operational reasons.
We recommend that you regularly revisit the present Policy to keep yourselves updated about the way that SBS Group manages and processes your personal data.
The present Policy was uploaded on 15 December 2022.