GDPR COMPLIANCE OF THAMMA NATURAL PRODUCTS SINGLE MEMBER PRIVATE COMPANY

Address: 5 Moatsou Street, 74100 Rethymno, Greece
28310 42828, info@thamma.gr

WITH THE UNIFIED EU REQUIREMENTS, ACCORDING TO REGULATION 2016/679 (GENERAL DATA PROTECTION REGULATION, GDPR)

THAMMA NATURAL PRODUCTS S.P.C. processes personal data of its employees, partners and clients, who have given to THAMMA NATURAL PRODUCTS S.P.C. their personal data voluntarily and informedly, and their agreement for giving their personal data to THAMMA NATURAL PRODUCTS S.P.C. is given in an informed way, expressed unambiguously, either in personal, or through the activity of a physical or legal entity, who/which has occupation-based or law-based authorization to process the data and to submit it further to or from THAMMA NATURAL PRODUCTS S.P.C.

Point of contact of THAMMA NATURAL PRODUCTS S.P.C.: info@thamma.gr

Categories of personal data processed and accordingly protected at THAMMA NATURAL PRODUCTS S.P.C. include:

  • Regular personal data – names, address, email address, phone number, IP address;
  • Unique individual number of citizens;
  • Special personal data – employees’ membership in professional organizations; employees’ health condition data;
  • Data from security cameras and access control systems

THAMMA NATURAL PRODUCTS S.P.C. processes personal data only for the needs of the official objectives of THAMMA NATURAL PRODUCTS S.P.C. The official objectives of processing personal data at THAMMA NATURAL PRODUCTS S.P.C. are connected to:

  • Labor matters,
  • Production activities
  • Trade and sales activity,
  • Marketing activity,
  • Finance and accounting,
  • Control activity,
  • Security and protection,
  • Law-regulatory,
  • IT connectivity and services
  • Other corporative or law-defined purposes.

The term for storing of personal data for all corporate systems of THAMMA NATURAL PRODUCTS S.P.C. is up to 12 months after the expiration of the terms specified by law, or 12 months after dropping out of the corporate need or the particular reason because of which the personal data was received and processed. Deletion of personal data is registered with a protocol.

The data subjects may apply their rights, in accordance with Regulation 2016/679, in front of THAMMA NATURAL PRODUCTS S.P.C. The Company will answer in written within a month to every written claim submitted to the info@thamma.gr in connection with enforcement of the following rights of the subjects of personal data:

The right to be informed / Transparency: You have the right to know who is processing your data, what categories of data they are using and why. The organizations processing your data must give you clear information in plain language (for more details see Articles 12, 13 and 14 of the GDPR).

The right of access: You have the right to request access to your personal data that an organization has about you (for more details see Article 15 of the GDPR). You can exercise this right free of charge in most cases by making an access request in writing or verbally, if you wish to.

The right to rectification: You have the right to have the data rectified, if your data is inaccurate and/or incomplete (for more details see Articles 16 & 19 of the GDPR).

The right to erasure (‘right to be forgotten’): You have the right to have your personal data erased under specific conditions, such as where your data is no longer necessary, you have withdrawn your consent, your data has been unlawfully processed etc. (for more details see Articles 17 & 19 of the GDPR).

The right to restriction of processing: You have the right to obtain restriction of processing where the accuracy of your personal data is contested, the processing is unlawful, the controller no longer needs the personal data for the purposes of the processing, you have objected to automated processing (for more details see Articles 18 and 19 of the GDPR).

The right to data portability: You have the right to have your data transmitted to another data controller (for more information see Article 20 of the GDPR).

The right to object: You have the right to object to the processing of your personal data by an organisation, provided that this is not contrary to the public interest (for more details see Article 21 of the GDPR).

The right to human intervention: You have the right to object where a decision is based solely on automated processing, including profiling, which produces legal effects concerning you or significantly affects you (for more details see Article 22 of the GDPR).

At THAMMA NATURAL PRODUCTS S.P.C. personal data is not electronically profiled and automatized decisions are not taken.

THAMMA NATURAL PRODUCTS S.P.C. informs (with visible plates on the walls and by a message on the corporate internet site) its employees, clients and partners that video surveillance may be performed over the working facilities owned by THAMMA NATURAL PRODUCTS S.P.C., together with control over the provided by THAMMA NATURAL PRODUCTS S.P.C. electronic means for communication and printing at the working facilities owned by THAMMA NATURAL PRODUCTS S.P.C. (this includes: corporate internet access, corporate centralized printing access, corporate fixed phone devices access, company mobile phone devices  access) in order to avoid and prevent malpractices or fraud.

Α. Definitions and legal references 

Personal Data (or Data)

Any information that directly, indirectly, or in connection with other information — including a personal identification number — allows for the identification or identifiability of a natural person.

Usage Data

Information collected automatically through this Application (or third-party services employed in this Application), which can include: the IP addresses or domain names of the computers utilized by the Users who use this Application, the URI addresses (Uniform Resource Identifier), the time of the request, the method utilized to submit the request to the server, the size of the file received in response, the numerical code indicating the status of the server’s answer (successful outcome, error, etc.), the country of origin, the features of the browser and the operating system utilized by the User, the various time details per visit (e.g., the time spent on each page within the Application) and the details about the path followed within the Application with special reference to the sequence of pages visited, and other parameters about the device operating system and/or the User’s IT environment.

User

The individual using this Application who, unless otherwise specified, coincides with the Data Subject.

Data Subject

The natural person to whom the Personal Data refers.

Data Processor (or Data Supervisor)

The natural or legal person, public authority, agency or other body which processes Personal Data on behalf of the Controller, as described in this privacy policy.

Data Controller (or Owner)

The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data, including the security measures concerning the operation and use of this Application. The Data Controller, unless otherwise specified, is the Owner of this Application.

This Application

The means by which the Personal Data of the User is collected and processed.

Service

The service provided by this Application as described in the relative terms (if available) and on this site/application.

European Union (or EU)

Unless otherwise specified, all references made within this document to the European Union include all current member states to the European Union and the European Economic Area.

Cookies

Small sets of data stored in the User’s device.

Legal information

This privacy statement has been prepared based on provisions of multiple legislations, including Art. 13/14 of Regulation (EU) 2016/679 (General Data Protection Regulation).

This privacy policy relates solely to this Application.

Β. Cookie Policy of www.thamma.gr

Cookies consist of portions of code installed in the browser that assist the Owner in providing the Service according to the purposes described. Some of the purposes for which Cookies are installed may also require the User’s consent.

Where the installation of Cookies is based on consent, such consent can be freely withdrawn at any time following the instructions provided in this document.

Β.1 Technical Cookies and Cookies serving aggregated statistical purposes

Activity strictly necessary for the functioning of the Service

This Application uses Cookies to save the User’s session and to carry out other activities that are strictly necessary for the operation of this Application, for example in relation to the distribution of traffic.

Activity regarding the saving of the preferences, optimization, and statistics

This Application uses Cookies to save browsing preferences and to optimize the User’s browsing experience. Among these Cookies are, for example, those used for the setting of language and currency preferences or for the management of first party statistics employed directly by the Owner of the site.

Β.2 Other types of Cookies or third parties that install Cookies

Some of the services listed below collect statistics in an anonymized and aggregated form and may not require the consent of the User or may be managed directly by the Owner – depending on how they are described – without the help of third parties.

If any third party operated services are listed among the tools below, these may be used to track Users’ browsing habits – in addition to the information specified herein and without the Owner’s knowledge. Please refer to the privacy policy of the listed services for detailed information.