PERSONAL DATA POLICY
valid as of 25/05/2018
Information on Personal Data Processing
We would like to inform you that, for Retail@Link, the protection of personal data is a priority. We are, therefore, taking the necessary technical andorganisational measures to protect the personal data we process and to ensure that personal data processing is always carried out in compliance with statutory obligations, both by the Company itself and by third parties which process personal data on behalf of the Company.
What is the GDPR
The General Data Protection Regulation (Regulation EU 2016/679) is the new European Union (EU) regulatory framework for data protection. The purpose of the law is to lay down the conditions for the processing of personal data, the protection of the rights and freedoms of natural persons and in particular, the right to protect their personal data.
Controller or Processor
The company “ΡΙΤΕΪΛΛΙΝΚ AE” trading as “Retail@Link”, which has its registered offices at 362 Syngrou Avenue, Kallithea, Attica, P.C. 17674, email: firstname.lastname@example.org , telephone: +302111063800 as legally represented, hereby states that, for the purposes of exercising its business activities, it processes its clients’ personal data in accordance with both current Greek laws and EU Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free flow of such data (the General Data Protection Regulation, hereinafter called the “Regulation”), as in force. Depending on the specific characteristics of each contract that it signs with its clients, Retail@Link may act as a controller or as a processor.
When Retail@Link itself determines the purposes and means of the processing of personal data which it manages (e.g. as part of its relations with its employees, in the way it processes the contact details of its clients), then it acts as a controller in accordance with Article 4 (7) of the GDPR.
When Retail@Link acts as a service provider to the client by providing IT support and IT services, and thus processes personal data on behalf of its clients, then it is deemed to be the processor in accordance with Article 4 (8) of the GDPR and the client is considered to be the controller. When acting as a processor of personal data, Retail@Link is required, in respect of its clients/controllers, to take the necessary technical and organisational measures to be able to guarantee the protection of the personal data it processes in accordance with the requirements of the GDPR.
Please contact the Retail@Link Data Protection Department and the Retail@Link Data Protection Officer (DPO) about any issue whatsoever connected to personal data processing using the following contact details:
Which categories of personal data do we process, and for what purposes
We only process your personal data for legitimate purposes.
Personal data you provide us with in relation to products and the implementation of services
- Demo or Presentation: a service where you allow us to contact you to organize a presentation of our business solutions (as a controller or a processor). The personal details registered in our information systems for the above purposes are: name, email, mobile/land line telephone number.
The legal basis for the above processing is to fulfil our contractual obligations (GDPR Article 6 (1b)) if there is a contract between us and the above service is provided as part of this contract, or if we are involved in negotiations to conclude a contract between us.
- Retail@Link periodically organizes surveys, promotions or business meetings to present and evaluate its products and services. It also participates in exhibitions, conferences and business events in Greece and abroad (as a controller). Personal information provided to us as part of a business cooperation (business cards, contact information forms) may be registered in our information systems to allow us to communicate and inform data subjects about the company’s products and services via telephone and/or email. The personal data for the above purpose are: name, email, mobile/land line phone number, profession, job.
The legal basis for the above processing is to fulfil our contractual obligations (GDPR Article 6 (1b)) if there is a contract between us and the communication takes place as part of this contract, and as part of our company’s legitimate interest (GDPR Article 6 (1f)) which is the company’s need to promote its activities when this communication is between the company and its potential clients.
- In IT systems implementation and support services (as processors), our staff may gain access to personal data in a client’s database, and/or may use applications and links that allow remote communication and provision of services. All appropriate organizational and technically feasible measures to protect personal data are taken when these services are provided
The legal basis for the above processing is to fulfil our contractual obligations (GDPR Article 6 (1b)).
- In IT systems implementation and support services (as processors), it may be necessary for us to transfer-transmit personal data by transferring the client database to Retail@Link‘s facilities so that specialized technical services can be provided. In this case, the best international practices for information security are followed and the explicit consent of the client is required.
The legal basis for the above processing is to fulfil our contractual obligations (GDPR Article 6 (1b)).
Read more about our Cookies Policy
- Personal data published by third parties
- As part of Retail@Link‘s legitimate interest in generating market interest in its products and services, we may process information published on the internet in search engines and social media applications (Google, LinkedIn, Facebook, Twitter, Instagram) (as controller).
The legal basis for the above processing is the company’s legitimate interest (GDPR Article 6 (1f)).
- Personal data for commercial transactions
- We keep personal data for commercial transactions (sales, purchases, payments, etc.) and contact details for these processes (as a controller) in our Information Systems and in our contracts with our clients and suppliers.
The legal basis for this specific processing is the company’s compliance with a legal obligation (GDPR Article 6 (1) (c)), in particular a tax liability.
In providing your consent you declare that you are over 16 years of age. If you are under 16, you can only use our website and its services with the participation and approval of a parent or guardian.
How and why do we use your personal data
We may use the information we collect for the following purposes:
- To register you on this website or for one of the services it provides.
- To send your username and password for demo presentations.
- To send Newsletters or phone updates about Retail@Link‘s products, services and news
- To implement an Retail@Link service contract
To whom are personal data disclosed
Retail@Link may transmit personal data provided by natural persons to third parties in the following cases and for specific purposes.
- Retail@Link’s Certified Partners (processors). These are companies which employ certified implementation and support consultants for Retail@Link products and services. These consultants can use the information which is necessary to provide these services. There is always a contractual relationship between Retail@Link and the Certified Partner which includes the necessary confidentiality commitments and the appropriate organizational and technical measures needed to protect your personal data.
- Other Third Parties, to fulfil legal obligations: We may disclose the necessary elements of your personal data to third parties, such as police, judicial or prosecution authorities, tax authorities and insurers, in order to comply with the law or to comply with a mandatory legal process, to protect the rights or security of Retail@Link.
- Other third parties to implement Retail@Link services: There are cases where we need to share the necessary personal data to ensure the uninterrupted operation of certain electronic services (datacenter, hosting, etc.). In any of these cases, this will be mentioned specifically in the services contract.
- The Personal Data Protection Authority, in the event that it discovers a personal data breach.
Recipients outside the European Union
We do not provide your data to recipients with registered offices outside the European Union or the European Economic Area.
Period of Storage
The period for which the personal data are stored is determined based on the following specific criteria depending on each case:
When the processing is imposed as an obligation by the provisions of the current legal framework, your personal data will be stored for the period necessitated by the relevant provisions.
When the processing is carried out on the basis of a contract, your personal data are stored for as long as is necessary for the implementation of the contract, and the establishment, exercise and/or support of legal claims based on the contract.
When the processing is based on your consent, your personal data will be stored until this consent is retracted. You can withdraw your consent at any time. Withdrawal of consent does not affect the legality of consent-based processing in the period before this consent was withdrawn.
Security of Personal Data
Retail@Link implements the appropriate technical and organisational measures with the aim of ensuring secure processing of personal data and preventing accidental loss or destruction or unauthorised and/or unlawful access thereto or unlawful use, amendment, or disclosure thereof. In any case, the way the Internet operates and the fact that it is freely accessible to anyone makes it impossible to provide guarantees that unauthorised third parties will never be able to breach the technical and organisational measures implemented and gain access to, and possibly use, personal data for unauthorised and/or unlawful purposes.
In cases where, either due to the use of new technologies or because of the large-scale processing of the specific categories of data, a high risk is likely to be posed to the rights and freedoms of our clients, before carrying out such processing, Retail@Link assesses the impacts the planned processing will have on personal data protection (DPIA).
Actions if your personal data have been breached
In case that a violation of your personal data is detected and this violation may pose a risk to your rights and freedoms, Retail@Link, when acting as a controller, undertakes to disclose this without delay, and if possible, within 72 hours of it becoming aware of the breach, to the Data Protection Authority. When Retail@Link acts as a processor, it is committed to notifying a breach of your personal data to the controller without delay. If this breach presents an increased risk to your rights, Retail@Link will inform you of this promptly unless it is able to access the risk using the appropriate technical and organizational means at its disposal.
What are your rights as regards your personal data?
Any natural person whose data are processed by Retail@Link enjoys the following rights:
Right to information
You have the right to be informed of our identity and contact details, or those of our representatives, the contact details of the data processing officer (DPO), the purposes of the processing for which the personal data are intended, and the legal basis for the processing and the recipients or categories of recipients of the personal data. Under the principle of transparency which governs our company’s operation, you can contact us and ask for further information on how your personal data is processed and how to exercise your rights by submitting the appropriate requests. Your requests will be answered without delay and in any case within one month of receipt. This period may be extended by a further two months if necessary, taking into account the complexity of the request and the number of requests.
Right of access
You have the right to be aware of and verify the lawfulness of the processing and to ask us for copies of the personal data which are processed. Thus, you have the right to have access to the data and receive additional information on the processing thereof. You also have the right to access special information in regard to the content of your personal data and how to exercise your individual rights.
Right to rectification
You have the right to examine, rectify, update, or modify your personal data.
Right to erasure
You have the right to lodge a request for erasure of your personal data when we process them with your consent or in order to protect our legitimate interests. In all the other cases (such as when there is a contract, a statutory obligation for personal data processing, public interest), this right is subject to specific restrictions, or does not exist, depending on the case (e.g., we may refuse to erase your personal information so we can establish, exercise or support our legal claims).
Right to restriction of processing
You have the right to request restriction of the processing of your personal data in the following cases: (a) when you contest the accuracy of the personal data until verification is performed; (b) when you oppose the erasure of the personal data and request the restriction of their use instead; (c) when the personal data are no longer needed for the purposes of the processing, but they are necessary for the establishment, exercise or defense of legal claims; and (d) when you object to processing and until it is verified that there are legitimate grounds concerning us and that such grounds override those for which you object to processing.
Right to object to processing
You have the right to object at any time to the processing of your personal data in the cases where, as described above, it is necessary for purposes involved in the legitimate interests we pursue as data controllers, and also to prossessing for direct marketing purposes. In particular, you have the right to oppose any decision taken solely on the basis of automated processing, including profiling, which produces legal effects which relate to you or which affect you significantly. As an exception, you can not oppose automated decision making which relates to you when this decision is either necessary for the conclusion or performance of the contract we have concluded with you, or is based on your explicit and free consent.
Right to data portability
You have the right to receive your personal data free of charge in a format which allows you to access them, use them and process them with widely used processing methods. You also have the right to request us, if it is technically feasible, to transmit the data directly to another controller. This right involves the data you have provided us and which is processed by automated means, on the basis of your consent or in implementation of a relevant contract.
Right to withdrawal of consent
Finally, Retail@Link would like to inform you that where the processing is based on your consent, you have the express and free right to withdraw it freely, without affecting the lawfulness of processing which was carried out based on your consent before its withdrawal.
To withdraw your consent, you can contact Retail@Link‘s Personal Data Protection Department using the following contact details:
If you wish to contact the Data Protection Officer (DPO) you may do so at the following address:
email: email@example.com and telephone: +302111015000
You can also use the subscription options by following (clicking on) the corresponding link which can be found in our electronic communications.
Right to lodge a complaint with the Data Protection Authority
If there is a breach of your personal data you have the right to file a complaint with the Data Protection Authority (www.dpa.gr): Call Centre: +30 210 6475600,
Fax: +30 210 6475628
Email address: firstname.lastname@example.org.
Version dated 24/7/2018