Agias Sofias str, Thesi Miliadista Aspropyrgos, 19300, Attiki, Greece
info@pebro.gr
+30 2105595360
Official representative of
Espa

This Personal Data Protection Policy (hereinafter referred to as “Policy”) refers to the personal information collected, processed and used by “PETROYANNIS BROS” (hereinafter referred to as “Company” or “We”) with registered offices in Aspropyrgos, Agias Sofias str, Thesi Miladista.

All references to “We”, “us” or the “Company” within this Policy framework refer to the Company, depending on the case.

Our Company processes personal data as an employer, prospective employer, supplier of products and services, for marketing related purposes and in the course of its operations and its standard business.

It also processes personal information when cooperating with third parties / business partners and with respect to the visits to its website.

DATA WE PROCESS

We process personal data which include but are not limited to:

  • Employees: Information referring to the name, tax registration number – tax office, social security number, birth date and place, gender, contact details (full address, email address, phone number), passport, visas and ID numbers, bank details, driver’s license number etc. of our employees, name and tax registration number of their spouses, date of birth and other data evidenced by birth certificates of children and, in general, all information needed for the execution of a contract of employment.
  • Job applicants: Information referring to the name, mailing address, telephone numbers and other details and information may be included in an application (such as pictures/photographs, educational qualifications, professional certifications, and employment references) of job applicants.
  • Suppliers: Information referring to the name, surname, tax registration number – tax office, ID number, operation accounting number, country of registration, job title and role/function, mailing address (country, town, city, street etc.), phone number, email address etc. of our suppliers (in case of natural persons – individual enterprises) and those of their representatives and/or contact persons (in case of legal entities).
  • Clients: Information referring to the name and surname, tax registration number – tax office, operation ac-counting number, country of registration, job title and role/function mailing address (country, town, city, street etc.), phone number, email address etc. of our clients (in case of natural persons – individual enterprises) or their representatives and/or contact persons (in case of legal entities).
  • Website visitors: Information about the IP address, browser type and Internet Service Provider, websites visited, URL referred, date-time-duration of the visit, data extracted and files downloaded etc. of our website visitors.

SPECIAL CATEGORIES OF DATA 

Where necessary, we may keep information relating to a subject’s health, which could include reasons for absence and /or accident reports, as well as health exams results, medical reports and other health related data and records, as is the case with our personnel, within the framework of the Company’s obligations for the execution of a contract of employment and for reasons of sick pay or leave, etc.

All above data and any other data that constitutes special category of data are lawfully collected and processed by the Company and, unless this is not authorized or required by law or such information is required to protect the subject in an emergency, we obtain the subject’s explicit consent.

WHERE WE COLLECT DATA FROM

The Company collects personal information:

  • Directly from the data subject, as in the case of potential employees, employees, our clients’ contact persons, our suppliers, etc.
  • From sources within the company, when an employee of ours refers a person a potential employee or client or sup-plier, etc.
  • From third parties, such as representatives, mediators, suppliers, partners, etc.
  • From publicly accessible sources, such as trade registries, reports of the sector, the Internet, catalogues, newspapers etc.

WHY WE PROCESS PERSONAL DATA

Personal data is processed by our Company as necessary for the performance of our core business. In particular and as the case may be:

  • We process our employees’ personal data in order to fulfil our contractual obligations towards them within the framework of the employment agreement executed between us (i.e., for reasons of wages and social security contributions payment etc.), as well as to comply with legal requirements (i.e., announcement to the authorities, social security payments etc.)
  • We process job applicants’ personal data in order to assess their applications and evaluate their overall qualifications and ability to work for us, having eventually prompt consent thereof, in which case they – either directly or through an agency or otherwise in question – have delivered their resume to our Company.
  • We process our suppliers’ (in case of natural persons) or (in case of legal entities) their representatives’ and contact persons’ personal data, in order to meet our contractual and legal obligations towards them, within the framework of the supply or services or other commercial agreements executed between us (for reasons of payment, invoicing, de-livery of products etc.)
  • We process our contractors’ and service providers’ (in case of natural persons) or their representatives’ and contact persons’ personal data, in order to execute the contracting-services agreements (for reasons of invoicing, payment etc.)
  • We process our clients’ (in case of natural persons) or (in case of companies) their representatives’ and contact per-sons’ personal data, in order to comply with our obligations arising by the business relationship therewith (for reasons of invoicing processing, delivery of products, payment etc.)

In the cases where the processing is made to fulfill contractual obligations, the purpose of personal data processing is determined by the contract in place with the data subject, whereas in the case where the processing is dictated by law or regulation, the purpose thereof is usually related to provisions of commercial, industrial, trade or tax authorities and bodies or to serve authorities’ control purposes.

In certain cases, we need to process personal data to pursue our legitimate business interests, for example to prevent fraud, security breaches or potential crimes, for administrative purposes or to protect the Company’s assets and to improve our efficiency (as is the case with our CCTV systems, personal data required for clients’ complaints handling etc.).

Without such data, the Company may not be in the position to conclude contracts with suppliers and customers, continue the employee-employer relationship and/or the contractors’ agreements etc., as the case may be.

We also process personal data after being given consent of the subject for their benefit (such as employees giving consent to be included in a group insurance contract etc.)

In such cases the data subject may withdraw consent at any time, such withdrawal not affecting, though, the data processing up to the date of the withdrawal.

CCTV SURVEILLANCE / E-MAIL CORRESPONDENCE

In our Company’s premises there is a CCTV system which records images and not sound. This recording fully adheres to the law regarding video surveillance.

Outside the Company’s premises, personal data processing may be taking place through equipment belonging to the Company (e.g., laptops or tablets, mobile phones etc.) for reasons pertaining to the Company’s legal interests, to protect its assets and resources, following consent by the subjects/employees/cooperators.

Any personal data (name, address, title/position, contact details) we send and/or receive in our email or other electronic correspondence is processed in compliance with the GDPR and any other applicable law or regulation.

HOW LONG WE RETAIN PERSONAL DATA FOR 

Personal data is retained for no more than it is necessary for the purposes for which it is processed for.

During the time that personal data is retained by the Company, we apply the needed and appropriate technical measures, as stated by law, to protect the rights and personal data of the subjects and ensure the safety and the confidentiality of this data (e.g., limiting the illegal and non-authorized access to this data, accidental loss, destruction or damage).

When we process personal data, after being given the subject’s consent, this process takes place for as long the consent is valid and until revoked by the subject.

ACCESS TO PERSONAL DATA PROCESSED 

Personal data is disclosed only to Company’s authorized personnel. We may also disclose personal data to competent authorities, if and insofar this disclosure is mandatory under applicable law (e.g., social insurance organizations, tax authorities etc.)

We also communicate personal data to service providers and external advisors (e.g. lawyers and computerized systems providers) to pursue our legal interests or whenever we need to adhere to our contractual obligations to the subject of the personal data, for example to informatics providers, banks or other financial institutions for the handling of payments etc., as well as for issues regarding delivery of products/or when we need to communicate specific in-formation to our insurance providers (e/g/ in the case of an accident).

In all such cases, we provide access where appropriate and only in accordance with applicable laws and we try to ensure that such third parties have undertaken appropriate data processing obligations to ensure the security and confidentiality of the subjects’ data.

DATA PROCESSING ASSIGNMENT

Where the Company relies on a third-party data processor, to execute personal data processing on its behalf, we choose one who provides adequate security level and measures and undertake reasonable steps to ensure compliance of the data processor with such measures, binding ourselves with it with respective data processing agreements.

DATA SUBJECT’S RIGHTS 

If and to the extent we process a subject’s personal data based on his/her consent, the subject may withdraw con-sent and request us to stop using and/or disclosing such personal data for any or all the purposes for which consent has been granted to the Company.

A data subject is also entitled to request access to his/her personal data, i.e., provision of a copy thereof and/or respective information on his/her personal data processed by the Company. The subject may also request rectification of any inaccurate personal data or supplementation thereof, erasure or restriction of processing, as the case may be and under the legal prerequisites thereof. He/she also has the right to object to our Company’s processing, if and as the case may be, as well as to receive the data in machine-readable format.

To exercise the aforementioned rights, the data subjects can contact the Company via the form available on the Web-site on CONTACT page.

In the case where any data subject believes his/her personal data protection is breached by the Company, he/she may file a respective complaint before the competent Data Protection Authority (ΑΠΔΠΧ / www.dpa.gr / 1-3 Kifissias Avenue, P.C. 115 23, Athens / tel.: +30 210 6475600 / fax: + 30 210 6475628 / e-mail: contact@dpa.gr).

CHANGES TO THIS POLICY 

We reserve the right to make changes to this Policy from time to time. Regularly reviewing our website ensures that a data subject is always aware of the updated version. If we make substantial changes to this Policy, we will promptly provide notification to the relevant data subjects’ category.

en_GBEnglish
elGreek en_GBEnglish