PURPOSE

The purpose of this Policy is to define and formulate the general framework and the basic principles established and applied by our Company under the name „VITEX SA“,   based in Aspropyrgos, Attica, location „Imeros Topos“ (hereinafter to be referred to as the „Company“) concerning the processing of personal data (hereinafter to be referred to as „personal data“), their confidentiality, integrity and availability.

1 FIELD OF APPLICATION

This Policy applies to all of the personal data that the Company processes during the course of its activities (see also 3.3 below).

2 ACCOUNTABLE FOR THE IMPLEMENTATION OF THIS POLICY ARE:

  • Company Management
  • Data Protection Officer (DPO)
  • All Company staff
  • All partners who manage and / or have access to personal data

3 OBJECT

3.1 In general

The Company acknowledges and respects the importance of the personal data it processes in its activities and has therefore fully adapted its policy to the requirements of the General Personal Data Protection Regulation 2016/679 / EC (hereinafter referred to as the „GDPR“).

Through this Policy the Company:

• Informs employees, associates and traders with it in what capacity, for what purpose and on what legal basis it processes personal data, the concept of which is specified below,

• Identifies the categories of personal data, the sources of personal data (when personal data are not collected from the individual) and the criteria for determining the period of retention of personal data,

• informs the subjects of any third party or third country transfers of personal data concerning them,

• informs about the ability of individuals to contact the Company for any matter relating to the processing of their personal data, the ability to exercise with respect to their personal data the rights of access, rectification and, as the case may be, erasure, restriction and opposing the processing, as well as the right of such persons to denounce any violation of their rights relating to their personal data to the Data Protection Authority,

• defines the principles governing the Company’s compliance with the civil protection and the security of the personal data.

For further questions or queries or a copy of the present, and for anyone wishing to exercise any of the rights related to their personal data, the person concerned may contact the Company’s Data Protection Officer, a service which has been assigned and provided by AQS Business Consultant Company, „ADVANCED QUALITY SERVICES LTD“ (Tirnavos and Sarantaporou 1A, Agios Stefanos Attica), by phone 2106216997 and email dpo@vitex.gr.

3.2 Data Controller

Name „VITEX SA,“

Address Aspropyrgos of Attica, Imeros Place, PO 139, T.K. 19300

Phone – Fax 2105589400 – 2105597859

Email info@vitex.gr

3.3 Who collects personal data?

This Policy refers to the collection of personal data by the Company in the development of its business activity, which consists mainly in the industrial production and marketing of building paints, insulating materials, integrated systems of external thermal insulation and marine colors in the Greek and international market, including its presence on websites, platforms and third party applications based on the terms of use of each site.

3.4 How are personal data collected?

We may collect personal data from various sources, such as:

• directly from the subjects for one of the following reasons:

1. Information you give us when concluding, developing and resolving the contractual relationship between us.

2. Information you give us when you participate in our Company’s training sessions.

3. Information you give us when you contact us or submit your request.

4. Information you give us when you subscribe to our newsletter.

• indirectly, from other sources and on the basis of our legitimate interest, in the following cases:

1. Information we obtain in the event of a credit check of the subjects who deal with us on terms of credit provision, provided that the relevant legal procedure envisaged is respected.

2. Data collected from our CCTV system at our Company’s external facilities to protect the Company and third parties from offenses against life and property.

• we receive and store specific kinds of personal data online whenever anyone interacts with us when we use cookies and tracking technologies under the conditions set by applicable law, as well as when the browser used by the internet user has access to our websites or our listings as well as other content displayed by or on behalf of the Company on third party websites. Please note that when you visit any of our Company’s sites we simply collect data related to your interaction with the site and the installation of cookies (see in detail the corresponding Cookies Policy posted on each Company’s proprietary website). Third-party websites generally apply their own privacy statements and our own terms of use which we recommend you read before using these sites. We clarify that the official sites owned by our Company today are: www.vitex.grwww.vitextherm.grwww.hermes-ins.grwww.eumaria.com.

3.5 What personal data are collected?

 ‘Personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

Due to the nature and nature of the aforementioned activity, our Company mainly collects the following personal data per category of subjects:

• Employees: personal data and data that refer only to their employment relationship with the Company, including, but not limited to, identity and communication data, financial data and any health data of their own or additional family members, provided that the latter are necessary for the compliance of the Company with the applicable employment and social security and social protection law (ie: name, address, telephone, email, identity / passport, E1, VAT certificate, IKA and AMKA registry number, bank account number for payroll, medical reports, medical or hospital papers or other documents provided by the Law, such as a certificate from the OAED for maternity leave for a period of seven months, etc.).

• Candidates for recruitment: personal data and data referring to their evaluation as candidates and their recruitment procedures by the Company, including, but not limited to, identity and communication details, as well as details of the CVs of the candidates (ie indicative Curriculum vitae, name, address, phone, email, photo, experience, specialty, competence, education)

• Company counterparties (customers, prospective customers and in general persons who communicate with the Company): personal data and data referring to our existing contractual relationship, where it exists or is used to communicate the Company with the above persons, including, but not limited to, identification and communication details, transaction data as well as financial information related to the Company’s performance of its legal obligations (ie, indicatively: head office, telephone, e-mail, VAT number, bank account number, and so on).

• Affiliates (third parties, suppliers and other affiliates in general): personal data and data that refer to our existing contractual relationship, including, but not limited to, identification and communication details, transaction data and any financial information relating to the Company’s performance of its statutory obligations (ie, name, address, telephone, e-mail, VAT number, bank account number, etc.).

• Trainees: The personal data of the persons participating in the training sessions organized by the Company, including, but not limited to, identity and communication data, elements of the contractual relationship of the Company with the participants (ie: name, VAT number, employment contract, when the participant is an employee of the Company and so on).

• Recipients of „newsletter“ and other updates: personal data of subjects interested in being informed about the products and actions of the Company, including, but not limited to, identity and communication details, information on the type of professional activity they exercise, information on any the Company’s earlier trading relationship with them.

• Inbound and outbound persons recorded by our CCTV system inside our company’s premises: personal data related to the identification and time of entry of the persons entering the Company’s premises, as well as to the recording of the image of these persons in the context of the legal operation of a closed circuit video surveillance