The website of the anonymoys company MARBLE SACHANAS S.A. with the distinctive title MS SA, which is based in Thessaloniki, on the 3nd km. Langada – Kavalari, Thessaloniki (hereinafter the “Company” or the “Website”) as the Data Controller, informs you as a person to whom the respective personal data concern (hereinafter the “Subject”) that during the visit or use of the website marblesachanas.gr, the processing of your personal data is governed by applicable European and national data protection legislation, including Law 4624/2019, Regulation (EU) 2016/679 of the European Parliament and of the Council adopted on 27 April 2016 and entered into force on 25 May 2018 (hereinafter the “GDPR”), as well as of the decisions, instructions and regulatory acts of the Personal Data Protection Authority.
1. Personal Data collected and processed by the Company
The Company ensures the lawful and legal collection and processing of personal data. Personal data is information that directly or indirectly identifies the Subject in particular through reference to an identifier, such as name, contact telephone number and e-mail address. The above personal data that are collected are absolutely necessary for the implementation of the action requested by the Subject.
The Subject ensures that the personal data provided is correct and accurate and undertakes to notify the Company of any change or modification in them. Any loss or damage caused to the Company or any third party through the disclosure of incorrect, inaccurate or incomplete information in the contact form is the sole responsibility of the Subject.
2. Use of the Website by minors
According to the specific provisions of article 8 par. 1.a. of the GDPR in combination with article 21 of the Law, minors under fifteen (15) years of age are prohibited from disclosing their personal data through the Company’s website, without the prior consent of their guardian.
3. Purpose of data processing
The purpose of the collection and processing of personal data by the Company is to communicate with the Subject for the best possible service of the request sent to the e-mail address and / or through the contact form and / or through the other available means of communication and social networking (Facebook, Instagram). Furthermore, the Company collects personal data necessary for the basic functions of its website, such as navigation and access to secure areas of the website (necessary cookies).When the Subject enters the Website, the Company may, with Subject’s express consent, also collect browsing data for analytical purposes (e.g. traffic monitoring), and for statistical purposes (Browser Type, Operating System, Internet Protocol Addresses (IP), in order to understand the way in which the Subject interacts with the Website and to improve it in the corresponding direction. More information about this category of personal data can be found in the Cookies Policy of the Website.
The Company collects and processes personal data exclusively for the aforementioned purposes and only to the extent absolutely necessary for the effective service of these purposes. This data is always relevant, necessary, not more than what is required in view of the above purposes, accurate and, if necessary, updated.
4. Data retention time
The personal data collected is kept and stored in a secure environment, solely for the purpose of collecting and processing them (see paragraph 3) and only for as long as is necessary to achieve those purposes, with without prejudice to the specific provisions of applicable law. In any case, the personal data of the customers are kept for a period of five (5) years from the end of the contractual relationship between the Company and the customer, and are deleted-destroyed in a safe way after the end of this period, except if it is foreseen to continue their observance by the current legislation, such as e.g. in case of civil cases or investigation of a criminal act, case of tax control, etc.
5. Data security
The process of processing personal data by the Company is carried out in a way that ensures its confidentiality. The Company takes all appropriate organizational and technical measures for the security of data and their protection against accidental or unlawful destruction, accidental loss, alteration, prohibited dissemination or access and any other form of unfair processing.
6. Data breaches
The Company undertakes that in case of violation of its database it will inform the Subjects as well as the Personal Data Protection Authority within 72 hours from the violation.
7. Recipients of the data
The recipient of the personal data is the Company as well as the Data Processors on its behalf. The Company guarantees that it will not transfer, disclose or make available the personal data of the Subject to third parties for any purpose or use. However, it reserves the right to disclose information concerning the Subject, if the law imposes a corresponding obligation or if such notification is required by a court decision, prosecutor’s order or order or decision of another person or administrative body with a legal competence to oblige disclosure such information.
8. Data Processors
The Company uses third party service providers (accountant, IT professional, web hosting provider and bailiffs) to manage one or more aspects of its business, including the processing of personal information. When the Company uses an external company or partner, it uses contractual commitments and other appropriate means to ensure that the Subject ‘s personal data is used in a manner consistent with applicable law and this Policy.
For more detailed information about the cookies we collect, see the Cookies Policy.
10. Links to third party websites
Any connection of the Company through special hyperlinks (links, hyperlinks, banners) with any other third party website does not imply its assumption of any responsibility for the policy pursued on the Website regarding the protection and management of personal data. The Subject should ensure that it is informed about the protection and management of its data from the above websites.
11. Access, rectification and erasure (‘right to be forgotten’) Rights
According to the GDPR (Articles 15-18, 20-21 GDPR) the Subject has the right to access the data, to rectify, erase, restrict processing, data portability and object. The above rights can be exercised by sending an e-mail to the electronic address of the Company email@example.com from the e-mail address through which the initial e-mail was submitted, in order to identify the Subject.
12. Communication with Personal Data Protection Authority
In the event that the Subject considers that the protection of his personal data is affected in any way, he may appeal to the Personal Data Protection Authority with the following information:
Personal Data Protection Authority