Privacy policy

I. The S.A. Corporation (anonymous company) called “PAPAGIANNI Bros S.A.”, located in Dimini, Volos, 12 Diminiou str and legally represented, maintains and runs a shop, in the above address, which trades in tools, locks, hardware, etc. According to the new General Data Protection Regulation, No 2016/679, of the European Parliament, which has been applied since 25th May 2018, (also known as GDPR), PAPAGIANNI Bros, S.A. Company, respecting your personal data, with the current protection policy informs you about the way it protects the privacy of your communication, collects, processes, uses and stores your personal data, as well as about how you can communicate with us about issues that concern your personal data.

Our company, which is responsible for processing your data and with which you can communicate via:
Post:
PAPAGIANNI Bros S.A.
Dimini Volos
12 Diminiou str
PC 38500
Phone Number: 2421085285 & 2421085553
Email: info@papagtools.com
Fax: 2421085600 and
Website: afoipapagianni.gr & papagiannibros.com, reserves the right to modify and readjust this policy whenever it considers this is necessary and you will be accordingly informed through the revised version which will appear in our websites www.papagtools.gr, afoipapagianni.gr, papagiannibros.com.

Our company collects and processes your personal data exclusively for the purposes which are directly connected to our business activity and it handles these data with great responsibility and totally respecting the applicable legislation.

II. Processing Principles

When processing your data, we follow the below mentioned basic principles:

• Your data are subjected to legal and rightful processing in a transparent way (“legality, objectivity and transparency”),
• We take care to collect and process, for explicit and legal purposes, only the absolutely necessary personal data, which are appropriate and clear for the purpose for which they were collected and which are not subjected to any further processing in  an incompatible way towards these purposes (“limitation of the purpose”),
• Under the current policy we do not make your personal data known to third parties without your consent, unless this is dictated by law or is permitted by our contract,
• We use these data to draft and execute  the contract between us or (and) to directly communicate with you as regards our new products or (and) to offer you better services,
• We limit ourselves to the purpose for which the data were collected,
• We use the absolutely appropriate, pertinent and necessary for the purpose we pursue personal data (“minimization of data”),
• We use your accurate personal data and when necessary we update them, taking at the same time all the reasonable measures for their immediate deletion or correction when they are inaccurate or when it is deemed necessary in relation to the purpose of their processing,
• We keep your personal data in a form that allows your identification only for the period of time which is necessary for the purpose of their processing,
• We subject your personal data to processing in a way that guarantees their appropriate safety, among others, their protection from unauthorized or illegal processing and accidental loss, destruction or damage, by using suitable techniques or organizational measures (“integrity and confidentiality”).  

III. The types of data we collect & purposes

The types of personal data we collect and process are directly connected either to the contract between us or to our services or (and) the products you ask us to provide you with.

What do we collect?

• When you send a message through the communication form : e-mail, name, family name, sex (optional), date of birth (optional), mobile or other phone number, address (city & PC), trade name, activity and your TIN (Tax Identification Number).
• When you register for our company’s newsletter: e-mail,
• When we receive a resume: full name, father’s name, date of birth, sex, nationality, military service obligations, marital status, home address, contact details, educational level, work experience, references,
• When you surf the website: Internet Protocol address (IP), surfing data within the website, information about preferences and services (cookies), record produced by the user.
• Under no circumstances does our company collect or obtain access to “sensitive” personal data.

Legal reasons for processing

1. the proper execution of the contract you assign us or you intend to assign us,
2. the service, preservation and protection of the vested interests that both of us pursue and on which the contract between us, and our relation are based,
3. compliance with an obligation enforced by law,
4. the consent provided under the specific conditions imposed by the legal framework.

Specifically we use your personal data as applicable:

In order to identify you, to offer you good service, to properly serve the legal relationship between us since the provision of the above mentioned personal data is absolutely necessary and reasonable for the conclusion of the contracts between us, so that you can receive customized information and offers, so that we can answer your requests, for the protection of vested interests either ours or yours, so that we can inform you about both existing and new products, as well as about our services and promotions, ask for your opinion concerning the improvement of them, manage and analyze our customer base (buying behavior) in order to improve the quality,  variety, and  availability of the services we offer, as  well as for the administrative organization and operation of our company,  for handling your requests and complaints.

Who else has access to your personal data – Third Party Data Recipients:

We do not share your Personal Data with third party private businesses in order to benefit economically or ask for something else in return. It is possible that our company, after ensuring confidentiality, may give access  or forward your personal data to the below mentioned executors of processing, so that the provision of services to you can be feasible or so that your experience regarding our services can be made better.

• To consulting companies for the provision of analysis services,
• To our company’s subsidiaries,
• To other marketing companies or advertising companies, for the commercial communication, promotion, advertising and record keeping, and to courier companies,
• To companies which deal with the maintenance and support of database software programs,
• To the internet service provider with whom we have a contract,
• To collaborating lawyers,
• To Public Services and Government Agencies,
• To the employees of our company and of our subsidiary companies.

In these cases we ensure through contractual terms that they adequately abide by the legislation regarding data protection.

IV. Your rights as regards protection of your personal data.

According to the legislation about data protection, you have rights about which we must inform you. The rights you can exercise are the following:

1. Access rights, that is, you can know which personal data that concern you the company keeps and processes, as well as their origin. Also, you have the right to ask, at any time, for copies of your personal data. There are some exceptions, which means, that you may not always be able to receive all the information we process. You can read more about that in articles 12 and 15 of GDPR, to which we explicitly refer (see link about the General Regulation). The GDPR text is available in all EU languages on the webpage of the European Commission and in pdf form in Greek by clicking here.
2. The right of correction, that is, you can ask us, at any time, to correct the information you consider inaccurate. You also have the right to ask for completion of the information you consider incomplete, bringing us, at the same time, every necessary document for the correction or the completion of the information. You can read more about that in articles 12, 16 and 19 of the GDPR, to which we explicitly refer (see link about the General Regulation).
3. The right of deletion, namely, you can ask us to delete your personal data in specific cases. You can read more about this right in article 17 of GDPR, to which we explicitly refer (see link about the General Regulation).
4. The right of limiting the processing, that is to say, you can ask us to limit the process of the information in some cases. You can read more about this right in articles 18 and 19 of GDPR, to which we explicitly refer (see link about the General Regulation).
5. The right of data portability, that is, you can ask us to relay the information you have given us, and only this, to another organization – responsible for processing or to give it to you. You can read more about this right in article 20 of GDPR, to which we explicitly refer (see link about the General Regulation).
6. The right of objection, namely, you can express objections about the processing of your personal data and oppose to it. You can read more about this right in articles 6 and 21 of GDPR, to which we explicitly refer (see link about the General Regulation).
7. The right not to be subjected to any decision which is exclusively taken based on automated personal data processing, the creation of profile included, under the restrictions that are posited in article 22 of GDPR, to which we explicitly refer (see link about the General Regulation).
8. The right to withdraw your consent at any time, when the processing of your data was based only on that, according to article 6 par. 1 of GDPR (see link about the General Regulation), without the legality of the processing which was based on your consent before its withdrawal being affected.
9. The right to file a complaint to a supervisory authority, namely to the Hellenic Data Protection Authority, located in Athens (note: 1-3 Kifisias str, Ampelokopoi, PC 115 23, Internet Site: www.dpa.gr, phone: 210 6475 600, Fax: 210 6475628), if you believe that we process your personal data improperly or illegally. Before filing the above mentioned complaint, please, notify us properly, making the specific case known to us.
10. Our company will respond to every request you make within a month from its reception. After we notify you, there is a possibility that the above deadline may be extended accordingly and if it is required, taking into account the number of requests and their complexity. Any possible rejections of your request will be justified. Our company reserves the right, if your requests do not meet the requirements of the law, either to impose the payment of a fee, taking into account the time needed for the execution of the task you asked, the employment expenses for the in-company information and the possible relevant announcement, or to decline your request. If we have doubts about the individual who makes the request, it is likely that we may ask for additional information to verify your identity.

V. Information about the way of securing your data:

We do our best to secure your Personal Data. We use safe protocols for the communication and the transfer of data, while we take all the proper organizational, technical, natural, electronic and procedural security measures. We use software for the protection of the webpage and of the server. Even though we make every possible effort, we can’t guarantee the security of the information. However, we promise to notify the competent authorities about any possible data breach. Also we will inform you if there is a threat for your rights or your interests. We will do whatever possible to prevent any data breach and to help the authorities if there are any breaches like that. The company processes the data with the help of authorized for this purpose staff, which is bound by strict obligations for the observance of their confidentiality.

VI. Obligations of website users.

When you use our websites and grant your personal data, you acknowledge that you are obliged to state the real, accurate and complete details asked by our Company. You can inform our company, at any time, about any possible changes to these details, so that they remain updated and accurate. Using the websites of PAPAGIANNI Bros S.A. you confirm that you are above sixteen years old. If you are below sixteen years old, you must refrain from using the websites, as well as from granting any personal data without approval of the person who legally exercises your custody. The company cannot be hold responsible for the violation of the above obligations. The company can delete, crosscheck, supplement or alter the information you grant, based on information legally collected by third parties, and it will inform you accordingly.

VII. Length of time of personal data retention.

Your personal data are kept so that we can accomplish the purposes defined by the current Policy and if you ask us we can remove all the information we keep (unless longer period of retention is required by the current legislation).  Additionally, our company can keep personal data after the accomplishment of the purposes of collection and processing, in order to use them: before tax authorities, social security authorities, supervisory authorities, and any other public Authority or competent Court until the provided for by law statute of limitation or for as long as we deem it necessary for the protection of our rights and vested interests. After expiration of the time of retention, your personal data are destroyed / deleted from our records and system in compliance with our company’s policy and always provided that their retention is not required any longer for the accomplishment of the aforementioned purposes.

VIII. Information Leak.

In case we discover breach of data, we will notify the Data Protection Authority within 72 hours, in accordance with what is defined by the General Data Protection Regulation