Ι. Introduction
General
Respect for the privacy of customers (corporate and non-corporate), partners (external or not), employees, Users of the Website https://www.myflex.gr/ (hereinafter the “Website”), as Subjects of Personal Data and the management, protection and security of their data, constitute for the company with the name “MYFLEX DIET LIMITED LIABILITY COMPANY” or with the d.t. “MYFLEX DIET EU” (hereinafter: “MYFLEX”, “COMPANY”, “We”, “Us”), priority. The company has established this Privacy Policy, which includes the Cookies Policy as a single text and an integral part thereof (hereinafter referred to as the “Data Policy” or the “Policy”), in order to inform potential Personal Data Subjects. , as they will be defined are presented as follows in the General Terms, for any processing of their personal data, their personal data that they disclose to the Company and the purpose and the legal basis of the said processing.
In particular, the COMPANY accepts as personal data: any information that allows, either alone or in combination with others, the unique identification of the User, according to the provisions of the General Regulation of Personal Data Protection (GKPD 2016/679 or General Regulation), of the applicable Greek legislation and the decisions of the Personal Data Protection Authority (APDPH). Specific category data, such as data on health, racial or ethnic origin, and receive special protection.
The rules apply when the collection, use and storage of personal data is done digitally or in hard copy through a structured archiving system.
II. Editor & amp; Data Protection Officer
Who is your Personal Data Controller (DPO)
Editor:
Responsible for the Processing of your personal data is the “MYFLEX DIET LIMITED LIABILITY COMPANY”. The Company’s Head Offices are located at 1 Anakreontos Street, 18453 in Nikaia (Tax Identification Number 801579906).
Contact info:
- By phone: 211 013 3008
- Via e-mail to the addresses: [email protected]
- By post to: Anakreontos 1, 18453 in Nice
Organization’s Personal Data Protection Officer:
Personal Data Protection Officer of MYFLEX DIET LATE COMPANY is the company with the name “Economakis Christos & amp; Partners International Law Firm »
Contact info:
- By phone, at: 210 360 0036
- Via e-mail: [email protected]
- By post to: Bucharest 18, 10671, Athens
Questions & amp; Comments: For any questions regarding this Policy, you may contact us in the following ways:
Questions and Comments
The Subjects of Personal Data can submit their comments, questions, remarks or any complaints regarding this Policy and the general collection and processing of their personal data to the Hellenic Personal Data Protection Authority, which is the supervisory Authority in our country or which is located at 1-3 Kifissias Street, 11523 in Athens (phone: 2106475600 | fax: 210 6475628). Relevant details can be found at the following link www.dpa.gr. In any case, it is the obligation and duty of the COMPANY to manage any concerns of the Subjects of Personal Data regarding their personal data may be processed by the COMPANY upon disclosure of their personal data to it under any legal basis and purpose.
This policy is in line with the EU General Data Protection Regulation. (G.K.P.D.), as well as with opinions / decisions issued by the Hellenic Data Protection Authority.
III. Data collection and processing
Depending on the form and purpose of processing per service, the COMPANY may collect and process personal data, such as the following:
1st Category of Underlying Data – Employees of the company (every employee of the company, every natural person who expresses interest in working in the company)
- Personal Data Categories: Name, Specialty, Marital Status, Hours, Number of Children, Father’s Name, Mother Name, Date and Place of Birth, Home Address, Identity Number, Studies, IKA Registration Number, Insurance company, AMKA, TIN, Tax Office, OAED Card Number, contact telephones, email, salary, type of employment, recruitment details, bank account details, illness declarations, educational leave declarations, school leave (names of children) / li>
- Legal Basis for Processing: Article 6 (1) (b), (c) and (f), GCP
- Purpose of Processing: Creation of Personnel File for recruitment (recruitment file), Personnel for payroll and insurance (payroll file)
2nd Category of Underlying Data – Corporate Customers (Active and non-active, as well as third parties authorized to provide information)
- Categories of Personal Data: Name, Patronymic, telephone, email, address, financial card, VAT number, content of contracts, debts and bank account
- Legal Basis for Processing: Article 6 (1) (b), (c) and (f), GCP
- Purpose of Processing: Creation of corporate customer card, invoicing (creation and monitoring of their invoicing)
3rd Category of Underlying Data – Private Clients (Active and non-active, as well as third parties authorized to provide information)
- Personal Data Categories: Name, Patronymic, telephone, email, address, VAT number, debts and bank account
- Legal Basis for Processing: Article 6 (1) (b), (c) and (f), GCP
- Purpose of Processing: Creating a Customer Tab, Customer Invoicing (tracking and progress)
4th Category of Underlying Data – Suppliers (Active or not)
- Categories of Personal Data: name, surname, company details, ID number, Tax Office, contact phone, corporate email, address, VAT number, content of contracts, debts and bank account
- Legal Basis for Processing: Article 6 (1) (b), (c) and (f), GCP
- Purpose of Editing: Creating a Vendor File
5th Category of Underlying Data – External Collaborators (Active and not)
- Categories of Personal Data: name, surname, company details, ID number, Tax Office, contact phone, corporate email, address, VAT number, content of contracts, debts and bank account
- Legal Basis for Processing: Article 6 (1) (b), (c) and (f), GCP
- Editing Purpose: Creating an external collaborator file-file
6th Category of Underlying Data – Users of the e-shop (https://flexstores.gr)
- Categories of Personal Data: from the receipt of the customer details (name, email, phone, address, shipping address, bank account number, debit-credit card details)
- Legal Basis for Processing: Article 6 (1) (b), (c) and (f), GCP
- Purpose of Processing: Creation and monitoring of invoices made through the company eshop
7th Category of Underlying Data – Subscribed to the company newsletter (https://flexstores.gr)
- Personal Data Categories: email
- Legal Basis for Processing: Article 6 (1) (a)
- Purpose of Editing: Creating and tracking Newsletter subscribers
When users navigate the Website, the company may collect certain personal data about the Users either directly from the Users of the Website, or from third parties, and / or through automated means such as Cookies. Particularly:
When subscribing to the Company Newsletter, the Users or third parties authorized by the Users, voluntarily provide for the purpose of sending to them the young people of the Company, their e-mail address (e-mail). This data is provided within the framework of the free consent of the Users and is kept by the Company until the User requests his unsubscribe from the list of recipients of the Company’s newsletters.
For the purpose of communicating the Users with the Company through the sending of email, the Company collects based on the free consent of the User, on the one hand the e-mail address of the sender User, on the other hand the data that the Users provide in the context of communication with the Company for the purpose defined by each case (communication). This information is kept for as long as it takes to complete the purpose of each communication.
Using Cookies and other related technologies, Users browsing the Website automatically collect information regarding the browser, the IP address, the country from which it enters the Website, its origin from other websites, the visit of other websites after the exit from the Website. The collection of data with the installation of cookies and related trackers by the Company, is based on the consent of Users, with the exception of certain data whose collection is based on the legal interest of the Company as this (collection) is carried out by installing certain Cookies necessary for smooth technical operation of our Website. More information on the processing of data through cookies can be found in the Cookies Policy of the Company.
No information is collected by the Company knowingly from any person under 15 years of age. The content and services of the Website are intended solely for people at least 15 years of age or older. In case the User is under 15 years old, he / she must not provide his / her personal data, unless a parent or guardian has given his / her consent.
8th Category of Underlying Data – Individuals using the website (https://www.myflex.gr)
- Personal Data Categories: certain health / nutrition history, personal information such as name, telephone address, photographs, physical analysis and recommendation, eating habits
- Legal basis for processing: Article 6 (1) (b) (f) and Article 9 2 (a)
- Purpose of Processing: Creation and Monitoring of the file of natural persons who visit the site, make use of the company’s nutrition and training services through the isotope
ΙV. Retention of personal data.
Any personal data of the Users that are collected, in addition to those mentioned herein above as specific, are kept for as long as is required to fulfill the respective purpose for which they have been collected. Some of them are observed for the legal coverage of the Company in case of any dispute in the context of the use of the Website by the Users and data subjects as well as for the management by the Company of any legal claims (eg out-of-court dispute, litigation before courts and / or prosecutors or other authorities), for the period during which liability could arise from the processing, in accordance with the applicable legislation. For the determination of the retention time of the personal data according to the present, the nature of the data, the quantity, the purpose of their processing, their security etc. are taken into account. The User and data subject has the right to request from the Company the deletion of provided that the legal interests of the Company are not affected and / or there is no legal obligation to comply with the above. In any case, for as long as the User data is kept in accordance with this, they are stored securely, in accordance with the security measures of Section 4 below.
V. Disclosure of personal data to third parties and purpose of disclosure
In the context of the operation of the Website and the electronic applications of the Company in general and in order to better serve its Users, the Company has the right to cooperate with third companies – service providers, which provide support and gain access only to personal data. absolutely necessary for the service they offer us (eg for the functional and computer organization of the website).
These third party service providers undertake through a contract (DPAs, confidentiality agreements) not to use the information and data of the Users in any way other than what is absolutely necessary for the purpose of the service they provide to the Company.
In particular, the Company may cooperate:
- With a third company which, as the executor by order and on behalf of the Company, hosts and manages the Website, its electronic applications, etc.
- With data analytics companies
- Technology service providers
When transmitting or otherwise disclosing personal data in accordance with the above, the Company continuously ensures the highest possible level of security. Therefore, the data will only be transmitted to service providers and partner companies, which have been carefully selected based on the security measures they apply and are bound by a contract in advance.
It is clarified that in case the User is redirected to third party websites, affiliates or not of the Company through the Website. The company has no involvement in any collection and processing of User data carried out by the administrators of third party websites. Therefore, the User must consult the respective privacy policy on the respective website which he may visit.
The Company generally maintains the personal data of the Users collected during the use of the Website within the European Economic Area (EEA). In the event that data is to be transmitted to third countries outside the European Economic Area for which there is no adequacy decision of the European Commission or to International Organizations, all appropriate guarantees under current data protection legislation will be taken. transfers to third countries and the relevant information will be posted on the Company’s Website.
The Company reserves the right to provide any personal data of Users collected during the use of the Website to law enforcement agencies, in order to comply with a legal obligation or court order or to other Organizations and / or Companies, public or private law in in case of organizational change, merger, absorption or other change in the legal status of the Company.
VI. Security of personal data
Appropriate technical and organizational measures are applied to protect the personal information collected by Users upon entry and from the use of the Website, from unauthorized disclosure, use, conversion or destruction. Where appropriate, encryption and other technologies are used that can help secure the information (such as Firewalls, Access rights control, domain controller, antivirus, etc.). We also ask the service providers to the Company to comply with the strict requirements for protection and security of personal data. The Company, through the respective contractual commitments and its partners, takes all those necessary security measures to protect and ensure the confidentiality, confidentiality and integrity of personal data.
In any case, the transmission of data and information via the Internet is not completely secure. Although the Company takes all appropriate legal, technical and organizational measures to protect the personal data of Users, it can not guarantee their security in all cases. Therefore, their security is subject to reasons that go beyond its sphere of influence, as well as reasons due to technical or other weakness of the network that is not controlled by the Company or reasons of force majeure or lucky events. Therefore, any access and provision of data is at your own risk.
In case of violation of personal data (article 33), the Company as the controller will notify immediately and, if possible, within 72 hours from the moment of becoming aware of the violation of personal data to the supervisory authority responsible in accordance with Article 55, unless the breach of personal data may not endanger the rights and freedoms of individuals. When notification to the supervisory authority is not made within 72 hours, it will be accompanied by a justification for the delay.
VII. Keeping an Activity Record
The Company keeps a record of the processing activities according to the requirements of the Personal Data Protection Authority for which it is responsible. This file contains all of the following information:
- the name and contact details of the controller and, where applicable, the joint controller, the controller’s representative and the data protection officer,
- the purposes of the processing,
- description of categories of data subjects and categories of personal data,
- the categories of recipients to whom personal data are to be disclosed or disclosed, including recipients in third countries or international organizations,
- where applicable, transfers of personal data to a third country or international organization, including the identification of that third country or international organization and, in the case of transfers referred to in the second subparagraph of Article 49 (1), documentation of the guarantees,
- where possible, the deadlines for deleting the various categories of data,
- Where applicable, a general description of the technical and organizational security measures referred to in Article 32 (1).
VIIΙ. Data subject rights and procedures for exercising them
Regarding the personal data that the Organization has at its disposal and processes, the Users have the following rights:
- gain access to them to confirm that the Agency processes them in accordance with the law and / or their own mandates and preferences,
- correction of incomplete, out-of-date or inaccurate data. Of course, we also reserve the right to ask you to update your information at regular intervals.
- deletion, unless of course the law obliges us to do otherwise.
- Restricting their use, under certain conditions,
- Opposing their use, under certain conditions,
- Withdrawal of consent for their use,
- data portability, under certain conditions,
- not used for direct marketing and
- lodge a complaint with the supervisory authority of the country.
To exercise your rights regarding the use of cookies and other similar technologies, you can go to the
Cookies Policy .
The aim of the Company is the valid response to requests no later than one (1) month from the receipt of the relevant requests for exercise of a right, unless it is particularly complicated, in which case there will be relevant information for possible delay.
VIIΙI. Communication of Natural Persons
The above rights as well as any rights related to personal data, are exercised upon a written request submitted to any point that is accessible to the public, or via email by sending a message to
[email protected] and is also examined by the Data Protection Officer. Personal Data, as defined by the Company.
Modify
This policy may require modification regarding the processing of personal data. In case the modification of the terms in question is of such nature and extent that it is not covered by the above data processing terms, the Company must make public the new version of the policy.