A. Introduction
Privacy Policy
This Privacy Policy (hereinafter referred to as the “Policy”) aims to inform you about how our company, under the name “GRIC GROUP S.A.” and the trade name “GRIC GROUP“, located in the Municipality of Agia Paraskevi at 507 Mesogeion Ave., Postal Code 153 43, with VAT number 801659629, Athens Tax Office (hereinafter the “company”), phone: 210 94 16 174, collects, stores, and uses your personal data, in compliance with the strict requirements of data protection legislation, including the General Data Protection Regulation EU 2016/679 (GDPR).
B. Definitions
B.1. What is personal data?
The term “personal data”, as used in this Policy, refers to information of natural persons, whether individuals or professionals, such as full name, postal address, email address, contact phone number, VAT number, credit card details, etc., which can be used to identify a customer or visitor of the online store, hereinafter referred to as “Personal Data or Data”.
B.2. What is Personal Data Processing?
Personal Data Processing is the collection, recording, organization, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination, alignment, combination, restriction, erasure, and destruction of Personal Data of natural persons.
C. Questions
C.1. What type of Personal Data do we collect from you?
A) When you visit and browse our online store:
We do not collect your Data, except for what is collected by cookies that you have allowed to be used with your consent.
B) When you register as a user on our e-shop, the company may collect data from and about you. Specifically, a prospective customer profile is created that asks you to enter and stores the following information:
During the B2B user account creation stage, mandatory fields include Company Name, Business Activity, VAT Number, Tax Office, phone number, full address (PC, area, city, prefecture), and potentially fax, as well as the applicant’s details (First Name, Last Name, phone, mobile, email, password, and potentially job position).
▪ If you have created a user account, we will use the Data you provided during your registration for our services.
▪ Additionally, to complete the payment, details of your “Paypal” account or your credit/debit card may be required.
C) We collect preference and browsing data, meaning we record the products from our online store that you place in your cart or favorites, or have purchased in the past.
D) Also, if you have consented to receive informational material (newsletter), we register your email address in the “newsletter mailing list”.
E) For your registration as a customer:
You create a customer profile that asks you to enter and stores the following information: Company Name, Business Activity, VAT Number, Tax Office, phone number, full address (PC, area, city, prefecture), and email address.
C.2. For what purposes do we use your personal data?
We collect your personal data exclusively for a) managing the sale of our products, e.g., communicating and informing you about product availability and order progress, fulfilling your order, shipping products to your address, managing your debts to the Company, processing returns, providing warranties, b) for purposes of compliance with legal obligations or for protecting the Company’s legitimate interests, c) customer satisfaction surveys, product promotion, periodic sending of newsletters for products and services.
Failure to provide such data will result in our inability to offer you the Company’s Services.
C.3. What is the legal basis for the Company’s processing of your Data?
The processing of applicant, contact, billing, shipping, and transaction data is carried out either for the performance of the sales contract or is based on the user’s consent.
Your data, such as VAT number, Tax Office, and invoice details, are collected and maintained in compliance with a legal obligation imposed by the applicable tax legislation.
For data related to sending newsletters, product promotion, satisfaction surveys, and the use of cookies, the lawfulness of their processing is based on your consent.
C.4. Who are the recipients of your Data?
Recipients of the Data are the Company’s strictly necessary personnel, who are bound by confidentiality, and our collaborating businesses, which process your Data as Processors on our behalf and according to our instructions.
We may share or disclose your data when you have explicitly requested it or when required by law.
C.5. Is your personal data transferred abroad?
We do not send your Data outside the European Union (EU). Your Personal Data is stored and processed only within the EU.
However, Data may be transferred to countries within and outside the European Economic Area, and specifically to America. The European Commission recognizes that some countries outside the EEA provide an adequate level of data protection according to EEA standards. The full list of these countries is available at http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.htm. For transfers from the EEA to countries not deemed safe by the European Commission, we have implemented appropriate and adequate safeguards aimed at protecting your personal data and transferring your personal data in accordance with applicable data protection laws, such as standard contractual clauses approved by the European Commission pursuant to Articles 45 and 46 of Regulation (EU) 2016/679 on data protection (the “data protection regulation”).
C.6. How do we ensure that Processors respect your Personal Data?
The Processors have agreed and are contractually bound with the Company to:
▪ maintain confidentiality,
▪ take appropriate security measures,
▪ comply with the legal framework for personal data protection, especially the GDPR Regulation.
▪ not send Data to third parties without the Company’s permission.
C.7. How long do we retain your Data?
We keep the Data you have entrusted to us stored for as long as our commercial relationship lasts.
If you have given us your explicit consent for the use of your personal data for advertising purposes (newsletter subscription), we will use your data for this purpose until you withdraw your consent. You can withdraw your consent at any time with future effect.
We delete the Data collected by Cookies according to the Cookies Policy.
C.8. For how long will we send you informational material?
We will send you informational material (newsletter) only with your consent, for as long as your details are on the “newsletter mailing list”, meaning for as long as six months have not passed since the cessation of sending newsletters and you have not stated that you no longer wish to receive newsletters.
C.9. Is your Data secure?
We are committed to safeguarding your Personal Data. We have taken appropriate organizational and technical measures for the security and protection of your Data from any form of accidental or unlawful processing.
These measures are reviewed and modified when deemed necessary.
Any processing of your Data is permitted only to persons authorized by us, our employees and partners, exclusively for the aforementioned purposes.
C.10. What are your rights regarding personal data?
You have the right to access your personal data.
To this end, you have the right, at any time, to:
- obtain confirmation as to whether your personal data exists and to be informed of its content and origin, to verify its accuracy and to request its rectification, updating or modification,
- request the erasure, anonymization or restriction of processing of your personal data processed in violation of applicable law,
- object to the processing, in all cases, of your personal data for legitimate reasons,
We remind you that even after the cancellation of your account, or if you ask us to delete your personal data, copies of certain information from your account may remain visible in some cases where, for example, you have shared information on social media or other services, or, for example, when the retention of such copies is necessary for purposes of compliance with legal obligations or for purposes of legal defense. Due to the nature of caching technology, your account may not be immediately inaccessible to others. We may also retain backup information related to your account on our servers for some time after cancellation or your deletion request, for purposes of compliance with applicable law.
This means that you have the right to be informed by us if we process your Data. If we process your Data, you can request to be informed about the purpose of processing, the type of your Data we hold, to whom we disclose it, how long we store it, whether automated decision-making occurs, as well as your other rights, such as rectification, data erasure, restriction of processing, and lodging a complaint with the Hellenic Data Protection Authority.
C.11. How can you exercise your rights?
If you wish to contact us regarding any matter related to the processing of your Data and the exercise of your rights, you can reach our company’s IT Department at info (at) gricgroup (dot) gr. In your request, please include your email address, name, address, and phone number, and clearly specify the information you wish to access, change, update, remove, or delete.
C.12. When and how do we respond to your Requests?
We respond to your Requests free of charge without undue delay, and in any case within one (1) month from receiving your request. However, if your Request is complex or there is a large number of Requests, we will inform you within the month if we need to extend by another two (2) months within which we will respond. If your Requests are manifestly unfounded or excessive, especially due to their repetitive nature, the Company may impose a reasonable fee, taking into account the administrative costs for providing the information or performing the requested action, or refuse to act on the Request.
C.13. Do we use automated decision-making/including profiling when processing your Data?
We do not make decisions or engage in profiling based on automated processing of your Data. “Cookies” are used on our website www (dot) gricgroup (dot) gr, always after your information and consent.
C.14. How will you be informed of any modifications to this Policy?
We will update this Policy whenever necessary. The Company may modify or update this Privacy Policy for any reason (including, but not limited to, changes in applicable law and interpretations, decisions, opinions, and orders related to said applicable law). If there are significant changes to the Policy or the way we use your Personal Data, we will notify you either by posting a prominent notice before the changes take effect or by any other appropriate means. We encourage you to read this Policy periodically to be aware of how your Data is protected.
C.15. What is the applicable law when we process your Data?
We process your Data in accordance with the General Data Protection Regulation 2016/679/EU, and generally the applicable National and European legislative and regulatory framework for Personal Data Protection.
If you have any questions regarding personal data legislation or if you believe your rights may be violated, you can contact the Hellenic Data Protection Authority, Kifisias Ave. 1, Athens 11523, Tel. 2106475600 or at the email address www.dpa.gr.
