Privacy Policy

1. Definition of the General Data Protection Regulation (GDPR)

Our company  "THEODOROS ASLANIDIS AND CO  OE" was founded in the year 1987 and since then has been active in the trade - sale - transport and processing of iron, trade - sale - transport of building materials and sanitary ware and related items, crafts and processing of iron and building materials, import/export of building materials, timber, machinery, constructions products, cement products processing and structural materials , processing, retail and wholesale trade of the above and others, both in Greece and abroad.

Our company recognizes that the privacy of its consumers - customers, suppliers, employees and partners is of utmost importance and we want you to be familiar with how we process personal data, and therefore we list the following:

This Privacy Policy Statement describes our privacy practices and is compliant with REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of data (General Data Protection Regulation - GDPR), always in compliance with the applicable national legislation, i.e. Law 4624/2019 "Personal Data Protection Principle, implementing measures of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons against the processing of personal data and incorporation into national legislation of Directive (EU) 2016/680 of the European Parliament and of the Council of 27 April 2016 and other provisions".

For the best possible understanding we explain the following:

Personal data: any information relating to an identified or identifiable natural person ("data subject"); an identifiable natural person is one whose identity can be ascertained, directly or indirectly, in particular by reference to an identifier such as name, ID number, location data, online identifier or one or more factors that characterize the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.

Controller: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and manner of processing personal data; when the purposes and manner of such processing are determined by Union law or the law of a Member State, the controller or the specific criteria for his appointment may be provided for by Union law or the law of a Member State.

Processor: the natural or legal person, public authority, agency or other entity that processes personal data on behalf of the controller.

Processing: any operation or series of operations carried out with or without the use of automated means, on personal data or sets of personal data, such as collection, registration, organization, structuring, storage, adaptation or alteration, retrieval, information retrieval, use, disclosure by transmission, dissemination or any other form of disposal, association or combination, restriction, deletion or destruction.

Recipient: the natural or legal person, public authority, agency or other body to which the personal data is disclosed, whether it is a third party or not. However, public authorities that may receive personal data in the context of a specific investigation in accordance with Union or Member State law are not considered recipients; the processing of such data by said public authorities is carried out in accordance with applicable data protection rules depending on the purposes of the processing

Third party: any natural or legal person, public authority, agency or body, with the exception of the data subject, the controller, the processor and the persons who, under the direct supervision of the controller or the processor , are authorized to process personal data

Consent of the data subject: any indication of will, free, specific, explicit and fully informed, by which the data subject manifests that he agrees, by statement or by a clear positive action, to be the subject of processing of the personal data that it concerns

Personal data breach: the breach of security resulting in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access of personal data transmitted, stored or otherwise processed

It explains what information we collect about you when you visit our website and/or when you work, communicate or cooperate with us, when you use our services and how we handle your information to ensure that your rights are always respected.

2. Controller

ASLANIDIS THEODOROS AND CO. OE. (hereinafter "ASLANIDIS") with headquarters in Polykastro, 1st xlm Polykastro-Kilkis St., 61200, VAT number: 081840177, DOU: Kilkis, email: info@aslanidisbuild.gr, tel.: 2343023435, website: www.aslanidisbuild.gr, as it is legally represented, informs that, for the purposes of carrying out its business activities, it processes personal data of its customers in accordance with the applicable national legislation and the European Regulation (GDPR) as applicable.

For any issue related to the processing of personal data, you can contact the Personal Data Protection Department and the Data Protection Officer (DPO) of ASLANIDIS, at the following contact details:

Data Protection Officer (DPO): Aslanidis Christos

Email: dpo@aslanidisbuild.gr

Phone: 2343023435 / 6978120688

3. Use of the Website

Every time you use this website you are bound by the currently applicable Privacy Policy and you should read this text every time you use the website and make sure that you accept it.

By entering our website various information is exchanged between your terminal and our forwarder. In this case there may also be processing of personal data. The information collected in this way will be used, among other things, to optimize our website or for advertising in your terminal's browser.

When entering our website, they are automatically sent by the terminal browser you are using and without your own action:

• the IP address of the Internet-enabled device that made the request,
• the date and time of access,
• the name and URL of the requested file,
• the website/application from which the access was made (referrer-URL),
• the browser you use, the operating system of your internet-enabled computer, and the name of the access provider

to our website's forwarder and are temporarily stored in a log file for the following purposes:

• guarantee of correct connection establishment,
• guarantee of comfortable use of our website/application,
• evaluation of system security and stability

The legal basis for the processing of the IP address is Article 6, paragraph 1, point f) of the Regulation. Our legitimate interest arises from the aforementioned purposes of data processing, namely for system administration and to report aggregated information to our webmasters. This is statistical data about the actions and browsing patterns of our users, which does not identify any individual and allows us to ensure that content from our website is presented in the most effective way for you and your computer. As a rule, we exclude the transmission of this data to third parties. The data is temporarily stored for processing the session and then deleted automatically.

4. Processing of Personal Data

ASLANIDIS fully complies with the provisions of the Regulation and undertakes to pay due diligence for the correct, rational and secure processing and storage of the personal data it collects and processes. For this reason we take the appropriate technical and organizational measures to protect the personal data we process and to ensure that the processing of personal data is always carried out in accordance with the obligations set by the legal framework, both by the company itself and from third parties who process personal data on behalf of the company. It is understood that we use commercially reasonable efforts to ensure the security of your personal information on our system. However, no data transmission over the Internet can be guaranteed to be secure. Accordingly, while we strive to protect your personal information in our files, we cannot guarantee the security of any information you transmit to us.

4.1 Purpose of processing

Our company, following the principle of data minimization, limits the collection and processing only to the personal data that are appropriate, relevant and necessary for the purpose for which they are processed.

The purposes of processing your personal data are commercial transactions, communication with company executives for the implementation and support of commercial contracts, information about new products, product offers and actions of our company. The personal data you provide us will be kept in a file under the responsibility of ASLANIDIS for the following legal processing actions:

• you have given consent to the processing of your personal data for one or more specific purposes (Article 6 para. 1 para. a' and Article 9 para. 2 para. a' GDPR)
• the development, execution and application of the sales contract (article 6.1.b GDPR) for the products you have purchased, or any other contract between you and us, prior to entering into a contract
• the information about any problem that arises during the execution of the order immediately, and the answer to any of your questions or requests
• the processing of your requests (article 6, par. 1.f, GDPR)
• conducting tenders (Article 6, Par. 1.b, GDPR)
• nternal research and statistical analysis to find out how our website is used and understand how we can improve it
• the best response to a complaint/s regarding your order
• the provision of information, in the context of their transactional relationship (article 11 par. 3 GDPR) and as long as the user does not object to this communication, regarding the products of ASLANIDIS or any other brand/company belonging to ASLANIDIS ( active in the fields of building materials, sanitary ware, hardware, paint shops, ironwork, heating items, timber, roofing items, cement products, plumbing items, electrical equipment, tiles, decorative items and in other areas complementary to the aforementioned, as well as in the field of e-commerce), in which the provision of information includes, with regard to the aforementioned products, the sending of commercial correspondence via e-mail (Newsletter) or other equivalent electronic means (such as SMS, Viber, WhatsApp etc.), (article 6, par. 1.a , GDPR).

If you are a registered user, you can change your preferences regarding the sending of such updates by visiting this website under "MY ACCOUNT" where you can edit your preferences.

You can also unsubscribe from receiving updates in the "My Account/Account Information/Promotions" field. Changes to these preferences have an implementation time of up to 30 days, for technical reasons.

• the understanding of your interests (Article 6, par. 1.a, GDPR), so that we can adapt the content, offers and other actions we display on our website in such a way that it better meets your interests and preferences
• our company's compliance with current legislation (Article 6.1.c GDPR), indicative and not limited to: tax, labor and insurance legislation, and for compliance with the legal obligation of the data controller
• verifying compliance with the terms and conditions governing the use of our website
• protecting our civil rights, and
• safeguarding and protecting the legal interests (Article 6.1.c GDPR), both yours and ours. Thus, we use closed circuit television (CCTV) and security cameras in order to be able to protect the safety of individuals, materials, facilities, and to prevent illegal acts
• for the establishment, exercise and/or support of legal claims and/or the defense of our company's rights before Courts, Administrative or Judicial Authorities or in the context of extrajudicial proceedings, for the purposes of exercising or defending our rights or those of third parties before any Court or other principle etc. (Article 9 par. 2 para. GDPR)
• for reasons of substantial public interest, based on Union or Member State law, which is proportionate to the objective pursued, respects the essence of the right to data protection and provides for appropriate and specific measures to safeguard your fundamental rights and interests (article 9 par. 2 para. g GDPR)

Finally, we expressly state that the processing is necessary for the purposes of the legal interests pursued by us, unless these interests are overridden by the interest or the fundamental rights and freedoms of the data subject that require the protection of personal data, in particular if the data subject is a child.

In the event that you transfer a third party's personal information to us, you are responsible for having informed that person about the use of their information and for obtaining their express consent that this information is provided for the purposes explained above. In case you have purchased a product or a gift card, the personal information of the third party you have provided to us will be used for the following purposes:

• Managing the delivery and/or verifying the correct delivery of the respective product
• Answering any questions or servicing requests that either you or the third party may make

4.2 Clarification of Personal Information

The personal data and information you enter through the website, including information you provide when you create an account on the website or make a transaction as a guest, that we process for the above purposes are:

• Name
• Full Address
• Electronic Address (E-mail)
• Telephone (Landline and Mobile)

In addition to issuing an Invoice:

• VAT number
• Company Title - Activity
• ADT of Legal representative
• SEE

as well as all the information required by Greek legislation for commercial transactions.

Update Data

The user (you) hereby ensures that the information provided during registration or consent is correct and accurate and undertakes to notify any change or modification thereof. For any loss or damage caused to the website or any third party responsible for the website due to the provision of incorrect, inaccurate or incomplete information in the registration fields, the user will be solely responsible.

Special Category Data

For our services and our communication with you, we do not require the sharing of special category data or sensitive personal data (such as health data, political beliefs, etc.).

5. Obtaining Consent

The legal basis for the above purposes is your present consent, as well as the contractual commitments where they exist. Your consent applies to all terms stated herein. By giving your consent, you responsibly declare that you are over 18 years old. If you are under 18 years of age, you may use our website only with the participation and approval of a parent or guardian.

Your consent to the activation of the above functions allows the automatic completion of your data in subsequent purchases, therefore it will not be necessary to enter your data in each new process, and it will be considered that the data will be valid and valid for subsequent purchases markets. You can modify your above information through the "MY ACCOUNT" section. Finally, you are granted the right to request the deletion of your data, subject to the expiry of the legally defined period of time, by sending an e-mail to info@aslanidisbuild.gr, attention "Personal Data Protection – Aslanidis Theodoros & Co. O.E., Greece". If deemed necessary we will ask you to provide us with a photocopy of your ID, passport or other valid proof.

6. To Whom we Communicate / Disclose your Personal Data

In principle, we do not allow third parties to gain access to the personal data collected and processed by the Processor. Exceptionally and only if it is absolutely necessary to fulfill the purposes of condition 2 above, we may disclose or transfer the information you have given us:

• at Pointer, company Th. Papamichail Vainas – G. Psaltakis O.E. and to certain other companies that support our company's website
• National Bank and Viva Payments
• to the courier service provider and the post office for the purpose of executing and sending your order to the postal address you have given us
• to any public authority, court, attorney-at-law, as long as we are obliged by the current legislation, as each time it applies

The above are carefully selected each time, checked by us and contractually bound in accordance with Article 28 GDPR.

Said access is made exclusively for the purposes and to the extent required for the provision of the respective service and always under the condition that the above-mentioned persons accept and comply with the terms of this Policy and the legislation. In these cases, our company remains responsible for the processing of your personal data and, if processing is carried out through another person, defines the individual elements of the processing, and signs a special contract with those to whom it entrusts the execution of processing activities, in order to it is ensured that the processing is carried out in accordance with the applicable legal framework and that each natural person can freely and unhindered exercise the rights granted to him by virtue of the applicable legislation.

We hereby inform you that by registering and providing information through this website, you expressly authorize us to disclose and/or transfer said information to the above-mentioned partner companies of ASLANIDIS. We may also disclose this information to company branches and ASLANIDIS affiliates, third-party controllers, data collection centers, financial institutions, or other third-party service providers who assist in our business operations (such as fraud detection, account collection, corporate and rewards programs, technology service providers, financial transaction management, logistics services, transportation, order management and customer service, and/or analysis of transactions made through the website in order to provide our users with adequate guarantees in purchase transactions, etc.) or which are necessary for the management of your purchases.

By providing information to us on this website or otherwise to us, you expressly authorize us to disclose and process your information as described above. Your consent to this access/disclosure includes those cases where, for the effectiveness of the provision of the services, suppliers may be located in the European Union or in other countries or regions outside the European Economic Area.

7. Links to Other Websites

Our website may contain links (hyperlinks) or advertising banners, which refer to websites, websites of third parties or companies that do not belong to our company. These links are provided for the convenience of the user only and do not imply that our company endorses or accepts their content. ASLANIDIS bears no responsibility in the event that you register your personal data on a website other than that of our company. Also, it does not control these links and is not responsible for their data and the policy they follow regarding the protection of personal data. Connecting to these websites is the sole responsibility of each user.

The aforementioned third-party providers of the websites and websites in question have full (civil and criminal) responsibility for the security, legality and validity of their content, excluding any responsibility of ASLANIDIS, such as indicative responsibility for intellectual property rights or any right of a third party. Consequently, users are obliged to contact the above third-party providers directly for anything arising from the visit or use of their websites and web pages.

The users of this website accept that the company is not obliged, nor is it able to check the security and content of both the websites and web pages, as well as the third party services to which it provides access. However, the company is entitled at any time to remove, modify or interrupt any third-party service or link to third-party websites and websites, if in its judgment the law or these terms are threatened or violated. All actions you take on a website or website other than ours are at your own risk.

8. Data Storage Period

We store and generally process your personal data for the period of time that your contractual relationship with us is in force and the establishment, exercise and/or support of legal claims that may arise from this contract, but also for as long as necessary for the satisfaction of said legitimate interests. If our contractual relationship ends, we retain your personal data for as long as necessary until the time required by the current legislation has passed for the purpose of our compliance, indicatively, in tax laws, statutes of limitations for any related claims. Regarding personal data that we store for the promotion of products and services (marketing activities), as well as the sending of Newsletters, they are kept for as long as we are legalized by virtue of your express consent. In case of withdrawal of consent we are obliged to permanently delete the personal data for which your consent was withdrawn.

8.1 We will delete your data:

When its retention is no longer necessary to fulfill the purposes for which this information was collected and processed.

Upon your request or objection, provided that there are no compelling legal grounds under European or national law, which oblige us to retain this personal data of yours for a specific period of time.

When it is necessary to comply with our legal obligations such as (e.g. based on tax, social security legislation etc.).

If our collection of information was based on your consent, after your consent is withdrawn. The legality of the processing that took place up to the time of withdrawal of consent is not affected.

9. Promotional Actions

How we use your personal data for marketing activities:

We may process your personal data to inform you about products, services and offers that may be of interest to you or your business. The personal data we process for this purpose consists of information you provide to us and data we collect when you use our services.

- We may only use your personal data to market our products and services to you if we have your consent to do so or if we believe it is in our legitimate interests to do so.

- You have the right to object at any time to the processing of your personal data for marketing purposes, which includes profiling.

9.1 Information material (Newsletter)

ASLANIDIS undertakes to obtain your express consent for the collection and processing of your data for the purpose of communicating with you through Newsletters. This consent should be given once you have become aware of our Privacy Policy and your rights. You will receive informative Newsletters only if you wish and you declare it during your registration as a member on the website www.aslanidisbuild.gr or when you directly register for the ASLANIDIS informative Newsletter.

In the event that you no longer wish to receive informative Newsletters or wish to be completely unsubscribed from the ASLANIDIS newsletter system, you can go to the "My account/Account Details/Promotions" field.

9.2 Social media

In the context of ASLANIDIS' legal interest in generating purchasing interest in its products and services, we may process information that is published on the internet in search engines and Social Media applications (Google, LinkedIn, Facebook, Twitter, Instagram), with the aim of creating personalized promotion and information of the potential customer by phone and/or email for the above commercial purpose. The legal basis is the voluntary publication of your information in search engines and your registration in Social Media services where they are taken as express consent to publish information depending on the settings of the applications you manage.

9.3 Customer satisfaction survey - reviews - ratings

The data we collect from our website is used for your participation in a Customer Satisfaction Survey, provided you have given your consent, under the specific conditions set by the legal framework. The Customer Satisfaction Survey today is carried out through a rating or review or an electronic message (e-mail) for any of the products of aslanidisbuild.gr or our services and it is necessary to maintain an account.

If any review contains abusive content, offensive comments, personal information, constitutes negative advertising, etc., ASLANIDIS reserves the right to refuse its publication. The reviews and comments of the users are the personal views and opinions of the users themselves and do not necessarily express the views of www.aslanidisbuild.gr, which in no way can be held responsible for any of these views. Submitting a review is done exclusively by email from the Contact menu, while submitting a rating is done by selecting the desired stars.

The results of our customer surveys are normally only used for internal evaluations. The transfer of data to third parties is generally prohibited. We do not pass on your personal data to third parties, unless we receive your express consent.

9.4 Personalized update (Profiling)

In order to provide you with the best possible experience, the personal data collected by our website may be used to send you personalized updates, if you have given your consent, under the specific conditions set by the legal framework. Personalization based on your needs and preferences (Profiling) results from the information we derive from your personal data, such as profession, area of ​​residence, etc., or based on the results of the Customer Satisfaction Survey as well as based on the purchases you make.

10. Use Rights Based on the Regulation

According to the General Regulation on the Protection of Personal Data (EU 679/2016), you have the following rights and can exercise them against our company:

• You have the right to know which of your personal data we keep and process, who processes them, the purposes of their processing, the recipients or categories of recipients to whom they are disclosed and the period of time for which they will be stored (Article 12-14 of the Regulation, right to information and transparency).
• You have the right to request access to your personal data (Article 15 of the Regulation, right of access of the data subject).
• You have the right to request at any time the correction of inaccurate personal data and the completion of incomplete personal data (Article 16 of the Regulation, right to correction).
• You have the right to refuse and/or object to any further processing, the restriction of the use of your data in case of questioning their accuracy, provided that the public interest is not affected (Article 21 of the Regulation, right to object).
• You have the right to request the restriction of the processing of your personal data when their accuracy is disputed, the processing is unlawful, the data is no longer needed by the controller, you object to automated processing. (Article 18 of the Regulation, right of limitation).
• You have the right to request the deletion of your personal data from our database if their processing is not necessary to serve the purposes for which they were collected, or you have withdrawn your consent to the collection and processing of the data, and under the condition that your data is not required to be retained due to the controller's obligation to retain it in accordance with applicable law or any other restrictions (Article 17 of the Regulation, right to be forgotten).
• You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format, as well as the right to transmit said data to another controller without objection from us . When exercising the right to data portability, you have the right to request that your personal data be transferred directly from us to another controller, if this is technically possible. (Article 20 of the Regulation, right to portability).
• You have the right to revoke at any time, without charge, the consent you have given us to process your personal data. This concerns the cases where the processing of personal data is based on consent and not on the basis of our contractual relationship or personal data that the company must, based on current legislation, keep for the purposes of control and compliance for example with tax or other provisions (e.g. order execution , issuing an invoice). Any withdrawal of consent does not affect the lawfulness of processing based on consent prior to its withdrawal by you.
• You have the right to object when a decision concerning you is based solely on automated processing, including profiling, and this decision produces legal effects or significantly affects you (Article 22 of the Regulation, right to non-automated individual decision-making).

You can exercise all the above rights by sending an email to the email address dpo@aslanidisbuild.gr

• You have the right to submit a complaint to the Supervisory Authority under the name Personal Data Protection Authority electronically at the following address www.dpa.gr.

11. Security Methods

ASLANIDIS recognizes the importance of the security of your Personal Data as well as your electronic transactions and takes all the necessary measures, with the most modern and advanced methods, to ensure your maximum possible security. All information related to your personal information and transactions is secure and confidential. The security of our online store www.aslanidisbuild.gr is achieved by the following methods:

11.1 Encyption of data

To ensure the confidentiality of the transfer of personal data, we use a 2048-bit SSL encryption protocol. The SSL (Secure Sockets Layer) protocol is today the global standard on the internet for certifying websites to web users and for encrypting data between web users and web servers. An encrypted SSL communication requires that all information sent between a client and a server be encrypted by the sending software and decrypted by the receiving software, thus protecting personal information in transit. In addition, all information sent with the SSL protocol is protected by a mechanism that automatically checks if the data has been changed in transit. Encryption and use of SSL is mandatory on all pages, whether they contain sensitive data or not.

11.2 Customer identification

The codes used for your identification are two: the Login Code (e-mail or username) and the Personal Secret Security Code (password), which every time you enter them, they provide you with absolute security access to your personal information.

You are given the opportunity to change your Personal Secret Security Code (password) as often as you wish. The only one who has access to your information is you through the above codes and you are solely responsible for maintaining its secrecy and hiding it from third parties. In case of its loss or leakage, you should notify us immediately, otherwise our online store is not responsible for the use of the secret code by an unauthorized person. For security reasons, we recommend that you change your password on a regular basis and avoid using the same and easily detectable passwords (e.g. date of birth). We also recommend that you use not only letters and numbers but also symbols and password creation.

Secret security codes are stored in our database using a one-way hash encryption algorithm, making it impossible to retrieve even by administrators, thus protecting the system even in the event of a malicious attack.

11.3 Automatic logout

If there is no activity for 20 minutes, you will be automatically logged out of the member area of ​​our online store.

11.4 Security of payments

Your transactions in our online store are protected by the highest online security systems, which guarantee a safe trading environment. To minimize the possibility of unauthorized access, your card details will be encrypted (SSL encryption protocol). Transactions via credit cards are made with Viva Payments' security system, utilizing the infrastructure it has as an Electronic Money Institution and certified according to the PCI-DSS security standard.

Through our website if you have a VISA, MasterCard, Maestro or UnionPay card you can use it safely through our website www.aslanidisbuild.gr. The payment process via credit or debit cards is covered by the 3D Secure (3DS) security protocol, which is available on the payment portal of our site - check out, where a strong verification of the identity of the cardholder (Strong Customer Authentication - SCA) is required in order to each transaction is completed in a way that prevents the unauthorized use of the card with which it is carried out. For telephone orders, it is possible to pay by debit or credit (installments) via an electronic link of the EUROBANK PAYMENT LINK service. With the service you will receive a link via email, SMS and/or via social media (Viber – Facebook) and the transaction is completed in a secure environment fully in line with the latest e-commerce security protocols (3D secure / Strong Customer Authentication).

The details of your card that you will use to process your transaction, will be registered directly in a secure environment of the cooperating company that has undertaken the routing of the cards. The card's CVV is only used for the purchase in progress and is not stored or processed as part of your card details.

ASLANIDIS transfers your card data in accordance with the international basic principles of confidentiality and security for credit and debit cards. All transactions you carry out through www.aslanidisbuild.gr are governed by International and European law, which regulates issues related to electronic commerce, as well as by the Consumer Protection Law (Law 2251/1994), which regulates issues related to with distance sales.

Please remember that security when using this website also depends on using it correctly and keeping certain confidential passwords. For security reasons, we recommend that you change your user code / password on a regular basis.

Our company, outside the framework of our transactional/contractual relationship and outside our website, will never ask you for your personal data regarding your credit/debit bank card number and details, especially by email or by phone. In the event that you detect this type of malicious activity by third parties who claim to be acting in the name and on behalf of our company, please inform us immediately and without undue delay so that we can take appropriate measures to deal with fraudulent behavior, to the detriment of both ours and yours interests.

11.5 Controlled access (firewall)

Access to ASLANIDIS systems (servers) is controlled by a firewall, which allows the use of specific services by customers/users while prohibiting, at the same time, access to systems and databases with confidential company data and information.

All servers have an Antivirus service that checks for possible malware that could leak data. For server management, access is only allowed through a VPN service that only our technical team has access to, thus preventing any access from a public network, even if the administrators' credentials are leaked for any reason. The server filesystem is encrypted, so that even if someone gains physical access to a server with our data, they cannot decrypt the data.

11.6 Backup

We keep daily backup copies of all data to prevent any destruction (hardware failure) in a safe place. Copies are automatically deleted from our systems with a maximum lifetime of one month. Copies are stored in the same data center but on a separate storage unit, having exactly the same access and protection principles as the original data. Backups are stored with encryption so that even if they are leaked, they cannot be recovered.

11.7 Data leakage

If any case of data leakage comes to our attention, either from a malicious attack on our systems, or from a user error, our actions are as follows:

• Temporarily suspending the operation of the application until we ensure that any security loophole has been closed.
• Immediate notification of users and/or customers about the violation, its size - and in case the error has come from a member, the possible way to deal with it.
• Immediate notification of any competent authority depending on the type of leak (e.g. in the case of a malicious attack, the electronic crimes department of the Greek police is notified).

12. Cookies

On this website we use cookies (article 6, par. 1.f, GDPR). Our interest in optimizing our website must be considered as legitimate, within the meaning of the aforementioned provision. Cookies are small files, which are stored on your terminal device (laptop, tablet, smartphone, etc.) when you visit our website. Cookies do not cause damage to your terminal device, they do not contain viruses, trojans or other harmful programs.

The cookie gathers information, which results each time in relation to the specific terminal device used. This does not mean that we have direct knowledge of your identity through them. The use of cookies aims, on  one hand, to offer you a more comfortable use. For this reason, we use so-called session cookies, to recognize that you have already visited individual pages of the website. These are automatically deleted once you leave our website. In addition, we use temporary cookies for ease of use, which are stored for a specified period of time on your terminal device. If you visit our page again to use our services, we automatically recognize that you have already visited us, which entries/settings you made, so that it is not necessary to make the same actions again.

On the other hand, we use cookies to statistically analyze the use of our website in order to optimize our offer as well as display information that is specifically tailored to you. These cookies allow us to automatically recognize on a subsequent visit to our website that you have visited us again. These cookies are automatically deleted after a predetermined period of time. Most browsers automatically accept cookies. However, you can set your browser in such a way that cookies are not stored on your computer or that a message is displayed continuously before a new cookie is stored. However, the complete deactivation of cookies may result in the inability to use some functions of our website.

You will find a summary of the cookies used with additional information (e.g. about storage duration) and the possibilities to object in the Cookies Terms.

13. Update of Modification of this Policy

We reserve the right to modify this Privacy Policy Statement and related business practices at any time.