General Data Protection Regulation (GDPR)
Lat updated: 15 February 2023
PERSONAL DATA PROTECTION POLICY
Data protection policy terms
Introduction
We appreciate your interest in data protection on our website and in our online store. We want you to feel safe when visiting and browsing www.dental-co.gr and to consider the implementation of data protection as a priority of the Cooperation. Today, in accordance with the imminent implementation of the new European Regulation on the Protection of Personal Data (679/2016 GDPR), we inform you about the manner and scope of the processing of personal data by the Cooperation. Personal data is information that is classified or can be classified directly or indirectly about you.
Let’s see step by step what happens:
By entering the website various information is exchanged between your terminal and our forwarder. In this case there may also be processing of personal data. The information collected in this way will be used, among other things, to optimize our website or for advertising in your terminal browser.
Purposes of data processing/legal bases:
When entering our website, the terminal browser you use and without your action are sent automatically:
a) the IP address of the Internet-enabled device that made the request.
b) the date and time of access.
c) the name and URL of the requested file.
d) the website/application from which the access was made (referrer-URL) e) the browser used as well as the operating system of your computer that has access to the internet as well as the name of the access provider (access provider) to the forwarder of our website and are temporarily stored in a log file (log file) for the following purposes:
1) guarantee of correct connection creation
2) guarantee of comfortable use of our website/application,
3) evaluation of system security and stability.
The legal basis for the processing of the IP address is Article 6, paragraph 1, point f) of the General Data Protection Regulation (or GDPR). Our legitimate interest arises from the aforementioned purposes of data processing.
Contact by e-mail.
Sending e-mail from the Cooperation for the purpose of promoting products and offers, but also for information about scientific events.
Purposes of data processing/ legal bases: The personal data you provide us when filling out an email contact form will naturally be treated confidentially by us.
We will only use your data for a specific purpose, to process your request. Legal basis for data processing is Article 6(1)(f) GDPR. Both our and your parallel (legal) interest in such data processing arises based on the objective of providing you with an answer and possibly solving any existing problems and thereby maintaining and enhancing your satisfaction as a customer or user of our website.
The transfer of data to third parties is generally prohibited. Exceptionally, in rare cases the data is processed by processors on our behalf. They are carefully selected each time, checked by us and contractually bound according to Article 28 GDPR. In addition, we may be required to pass extracts of your request to our counterparties (e.g. suppliers, for product related requests) for the purpose of processing your request. If the transmission of your personal data is required in an individual case, we will inform you about this in order to obtain your consent. We do not pass on personal data to third parties, unless we receive your express consent.
Already through a special form we ask for your EXPRESS consent to continue sending you e-mails. At the same time, we see this action as an opportunity to update your other information, always in accordance with the principles mandated by the GDPR in data processing, which are:
Principle of legality, objectivity and transparency
Personal data is processed lawfully and legitimately in a transparent manner in relation to the data subject.
Purpose limitation principle
Personal data is collected for specified, explicit and legitimate purposes and is not further processed in a manner incompatible with these purposes. Further processing for archiving purposes in the public interest or for scientific or historical research or statistical purposes shall not be considered incompatible with the original purposes pursuant to Article 89(1) GDPR.
Principle of minimization
Personal data are appropriate, relevant and limited to what is necessary for the purposes for which they are processed.
Principle of accuracy
Personal data is accurate and, when necessary, updated. All reasonable steps must be taken to immediately delete or correct personal data that is inaccurate, in relation to the purposes of the processing.
Principle of limitation of the storage period
Personal data is kept in a form that allows the identification of data subjects only for the time required for the purposes of processing the personal data. Personal data may be stored for longer periods, as long as the personal data will only be processed for archiving purposes in the public interest, for scientific or historical research purposes or for statistical purposes, in accordance with Article 89(1) and if applicable the appropriate technical and organizational measures required by the regulation to ensure the rights and freedoms of the data subject.
Principle of integrity and confidentiality
Personal data is processed in a way that guarantees the appropriate security of personal data, including its protection against unauthorized or unlawful processing and accidental loss, destruction or deterioration, using appropriate technical or organizational measures.
Principle of accountability
The controller bears the responsibility and is able to demonstrate compliance with the above Principles.
You can easily say NO.
If you object, the contact address in question will be blocked from further processing of advertising data. We point out that in exceptional cases the sending of advertising material may continue temporarily even after the objection has been received. This technically depends on the required implementation time of the advertising messages and does not mean that we do not apply your objection. Thank you for your understanding. You can change your mind at any time in the future either by making NO a YES or vice versa.
E-shop
The principles that apply in our e-mail Policy also apply to our online store.
Consent of the data subject – definition (Article 4, No. 11 GDPR) The concept of consent is of central importance in the Regulation, because it constitutes the basic condition for the legality of processing, both simple and special category data, but also for child consent in relation to information society services.
Completing the selections of purchase items leads to the form for filling in the necessary (to complete the sales contract) your details. It is legal and necessary to receive these details in order to issue the documents required by law (invoices – shipping slips – shipping address, etc.).
Payment data. We collect data necessary to process your payments when you make purchases, such as your payment instrument number (e.g. credit card number), as well as the security code associated with the payment instrument.
Cookies – General instructions
On our websites we use so-called cookies based on article 6 paragraph 1 point f) GDPR. Our interest in optimizing our website must be considered as legitimate, within the meaning of the aforementioned provision. Cookies are small files that are stored on your terminal device (laptop, tablet, smartphone, etc.) when you visit our website. Cookies do not cause damage to your terminal device, they do not contain viruses, trojans or other harmful programs. The cookie collects information which is generated each time in relation to the specific terminal device used. This does not mean that we have direct knowledge of your identity because of them. The use of cookies aims, on the one hand, to offer you a more comfortable use. For this reason, we use so-called session cookies, to recognize that you have already visited individual pages of the website. These are automatically deleted once you leave our website. In addition, we use temporary cookies for ease of use, which are stored for a specified period of time on your terminal device. If you visit our page again to use our services, we automatically recognize that you have already visited us, which entries/settings you made, so that it is not necessary to make the same actions again. On the other hand, we use cookies to statistically analyze the use of our website in order to optimize our offer as well as display information that is specifically tailored to you. These cookies allow us to automatically recognize on a subsequent visit to our website that you have visited us again. These cookies are automatically deleted after a predetermined period of time. Most browsers automatically accept cookies. However, you can set your browser so that cookies are not stored on your computer or a hint is displayed continuously before a new cookie is stored.
Your rights as a data subject
The GDPR brought about significant changes in everything that concerns the grid of data subject rights. In addition to the right to withdraw the consents you have given us, you also have the following rights, provided that the respective legal conditions exist:
Right of access pursuant to Article 15 GDPR
You have the right to be informed upon request and free of charge, in accordance with Article 15 paragraph 1 GDPR, about the personal data we have stored about you. This includes in particular: the purposes of the processing of the personal data, the relevant categories of personal data that we process, the recipients or categories of recipients to whom the personal data concerning you is disclosed or is to be disclosed, if possible, the time period for which the personal data will be stored or, when this is impossible, the criteria that determine the period in question, the existence of the right to submit a request to the data controller for the correction or deletion of personal data or to limit the processing of the personal data that concerns the data subject or the right to object to said processing, the right to submit a complaint to a supervisory authority, when personal data is not collected from the data subject, any available information about its origin, the existence of automated decision-making, including profiling, provided for in Article 22 paragraphs 1 and 4 GDPR and, at least in these cases, important information about the logic followed, as well as the importance and intended consequences of said processing for the data subject of the data.
Right to rectification in accordance with Article 16 GDPR
You have the right to request from us without undue delay the correction of inaccurate personal data concerning you. Bearing in mind the purposes of the processing, you have the right to request the completion of incomplete personal data, including through a supplementary statement.
Right to erasure in accordance with Article 17 GDPR
You have the right to ask us to delete personal data without undue delay if one of the following reasons applies:
1. the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed,
2. you withdraw your consent on which the processing is based in accordance with Article 6(1)(a) or Article 9(2)(a) GDPR and there is no other legal basis for the processing,
3. you object to processing pursuant to Article 21(1) or (2) GDPR and there are no compelling and legitimate grounds for processing pursuant to Article 21(2) GDPR,
4. the personal data were processed illegally,
5. personal data must be deleted in order to comply with a legal obligation,
6. the personal data have been collected in connection with the provision of information society services referred to in Article 8 paragraph 1 GDPR.
Where we have made personal data public and are required to delete it, taking into account available technology and implementation costs, we will take reasonable steps to inform third parties processing your personal data that you require and have requested them to delete any links with this data or copies or reproductions of said personal data.
Right to restriction of processing in accordance with Article 18 GDPR
You have the right to ask us to restrict processing when one of the following conditions applies:
1. you question the accuracy of the personal data,
2. the processing is illegal and you request the restriction of the use of personal data instead of deletion,
3. the controller no longer needs the personal data for the purposes of the processing, but these data are required by the data subject to establish, exercise or support legal claims,
4. or you object to the processing in accordance with Article 21(1) GDPR, pending verification of whether the legitimate reasons of the controller prevail over the reasons of the data subject.
Right to data portability in accordance with Article 20 GDPR
You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format, as well as the right to transmit said data to another controller without objection from us; when:
the processing is based on consent pursuant to Article 6(1)(a) or Article 9(2)(a) or on a contract pursuant to Article 6(1)(b) GDPR and the processing is carried out by automated means. When exercising the right to data portability, you have the right to request that your personal data be transferred directly from us to another controller, if this is technically possible.
Right to object in accordance with Article 21 GDPR
Under the conditions of Article 21(1) GDPR you may object to data processing for other reasons arising from the particularity of the situation. The above general right to object applies to all data processing purposes described in these data protection terms, which are processed pursuant to Article 6 paragraph 1 letter f) GDPR. Contrary to the specific right to object regarding the processing of data for advertising purposes (cf. above, in particular points 9 and 7.6), we are obliged under the GDPR to apply this general right to object only if you tell us overriding reasons, e.g. h. a potential danger to life or health.
Contact persons – Complaints
Contact persons for questions or regarding the exercise of your data protection rights For questions about the websites or the exercise of your rights during the processing of your data (data protection rights) you can contact the Personal Data Protection Authority (www.dpa.gr).
In addition, you have the right to complain to the competent data protection supervisory authority at any time. You can contact the data protection supervisory authority, in particular the Member State in which you have your habitual residence or place of work or the place of the alleged infringement or the authority of the State in which the controller is established
Contact person for data protection questions
Of course, if you believe that we have handled your personal data in a wrong way, or if you simply have other questions about the processing of your data, you can contact the Cooperation’s Personal Data Protection Officer by sending an e-mail to: dpo @dental-co.gr
Name and contact details of the controller as well as contact details of the operational data protection officer
These data protection terms apply to the data processing of the Supply and Consumer Cooperation of Dentists of Thessaloniki SYN.PE., which is based in Thessaloniki and at 43 Tsimiski Street, P.O. (“Processor”) and for the website www.dental-co.gr.
You can contact the Personal Data Protection Officer of the Cooperation, Mr. Leonidas Seitanidis, by sending an e-mail: dpo@dental-co.gr, by letter to our Head Office at 43 Tsimiski, PO Box 546 23, Thessaloniki or to the Central Distribution Department of the University of Sindos, 21st Industrial Square A entrance, as well as on the phone +302310570550.
Thessaloniki, February 2023