PERSONAL DATA PROTECTION POLICY

Personal Data Protection Policy

HELLENIC DAIRIES SA understands that the security of your personal data is extremely important and it is committed to respecting your privacy and safeguarding your personal data.

This privacy policy sets out how HELLENIC DAIRIES SA (“HELLENIC DAIRIES”, “we”, “us”, “our”) uses your personal data and the measures is has put in place to protect your information and keep it secure.

This privacy policy is applicable to you if you purchase goods from us, receive services from us, participate in our events or promotions or otherwise interact with us, including by using any of our websites or by interacting with us via social media.

If you use one of our websites take some time to check in detail this policy (together with our cookies policy https://www.olympos.gr/politiki-chrisis-cookies/ and terms of use https://www.olympos.gr/ori-chrisis/) and any other documents referred to in them. If you are an existing customer of ours, further details about how we use your personal data may be set out in your contract with us.

Further information highlighting certain uses of your personal data together with the ability to opt in or out of selected uses, may also be provided when we collect personal data from you.

This privacy policy explains our privacy practices and covers the following areas:

  1. What personal data we collect.
  2. What we do with your personal data.
  3. How we use cookies.
  4. Your use of chatrooms, messaging or other interactive forums.
  5. How we protect your personal data.
  6. Which are your rights and how you can contact us.
  7. Updates to this policy.
  1. What personal data we collect.

We will collect and process some or all of the following personal data about you:

  • Information about you, such as your name, address, email address, phone number, photograph, social network user name, gender, date of birth or photograph or details of your employer and your position.
  • Information we collect about your participation in our promotions and competitions or attendance at our events. Information provided in your applications forms, recording you or we have made, details of your guests in connection with any promotions and competitions you have entered or won, or other information related to your attendance at events, including any dietary and access requirements that you may have.
  • Information about your interests, details of any hobbies or activities you undertake or details about your personal interests.
  • Marketing preference information, details of your marketing and communication preferences and information we collect to help us determine what products and services may be of interest to you.
  • Information about your use of our chat rooms, message boards, social media pages or other interactive forums including any comments, photos, videos or other information that you post online.
  • Survey information, your responses to market surveys that we conduct.
  • Our correspondence with you including any feedback, complaints and comments from you via telephone, email or social media or records of any type of online, paper or in person correspondence  and  interactions between us. If you have communicated with us by phone, we will collect the details of the phone number used to call us, and any information collected via a call recording.
  • Technical information, including the Internet Protocol (IP) address used to connect your computer to the Internet, or your login information, browser type and version, time zone setting, browser plug in types and versions, operating system and platform.
  • Information about your visit to our websites including the full Uniform Resource Locators (URL), clickstream to, through and from our websites (including date and time), products you viewed or searched for, pages you accessed, download errors, lengths of visits to certain pages, page interaction information (such as scrolling, clicks and mouse-overs), and methods used to browse away from the page.

Sources of personal data

We collect much of the personal data that we hold about you directly from you or your interactions with us, our websites or social media sites. We may also receive your personal data from other sources, including business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies, anti-fraud databases and other third-party databases, including sanctions lists, as well as business information and research tools.

Sensitive personal data

Under data protection law, certain categories of personal data are considered particularly sensitive and, therefore, as needing additional protection. These categories include information about health, racial and ethnic origin, political opinions and / or religious beliefs, trade union membership, sexual orientation, and genetic and biometric data. According to the European data protection law, information concerning criminal convictions and offences is also viewed as sensitive.

In limited circumstances, we will collect and handle such sensitive personal data, for example, when we handle requests for special medical or access assistance or your specific dietary requirements in connection with your attendance at an event, which may indicate your religious beliefs, e.g. lunch selections or where we undertake certain background checks on you, which may disclose information about previous criminal convictions. We handle these sensitive personal data in compliance with applicable data protection laws, including as described further, in the “What we do with your personal data” section below.

  1. What we do with your personal data

Under European data protection laws (European Data Protection Laws) we must establish and inform you of a legal basis or the “ground” for our use of your personal data. For each use mentioned below we note the purpose for which we use and disclose it, and the ground we rely on as the basis for our use. An explanation of each of the grounds / legal basis can be found further in this document.

Depending on how you interact with the society HELLENIC DAIRIES, we will use your personal data for the following purposes:

  • To provide and manage the products and services you have requested. To carry out our obligations arising from any type of contract concluded between you and us, including to arrange delivery, to action or cancel orders, to provide you with the information, products and services that you have requested, and to inform you about changes to our products and services.

Legal bases: contracts performance, legitimate interests, to enable us to perform our obligations and provide products and services to you or to inform you about changes to our products and services.

  • To communicate effectively with you. To respond to your questions, comments, complaints or other types of communication, including any queries relating to our products.

Legal bases: legitimate interests, to allow us to correspond with you and provide products and services to you, legal claims.

  • To monitor activities and record our correspondence with you. To monitor our communication with our customers, including to ensure the quality of our services, the compliance with the procedures and for training purposes.

Legal bases: legitimate interests, to ensure the quality of our products and services.

  • To provide you with marketing materials. To provide you with information by post, email, phone, SMS or online or social media advertisement about products and services that we offer where such products or services are similar to those you have already purchased or enquired about, or where you have consented to being contacted for those purposes. We may also use your information for marketing selected business partners’ products and services. Where required by law, we will ask for your consent at the time we collect your data to conduct any of these types of marketing. We provide an option to unsubscribe or opt-out of further communication on any electronic marketing communication sent to you or you may opt out at any time by contacting us. You may use the details set out in the “Contact Us” section below.

Legal bases: consent, legitimate interests, to keep you updated with news in relation to our products and services.

  • To understand our customers, develop and tailor our products and services. We may analyse the personal data that we have at our disposal, in order to measure or understand the effectiveness of the advertising we serve to you and others, and to deliver relevant advertising to you. We may report aggregated information to our advertisers and make suggestions and recommendations to you, our customers and users of our websites about products or services that may interest you.

Legal bases: legitimate interests to ensure the quality of our products and services, to allow us to improve our products and services, and provide you with the content and services on our websites.

  • To run out promotions and competitions. When you are participating in promotions and competitions, to run such promotions and competitions, including to notify you if you have won. If you win a prize, according the applicable Greek law, we may make your personal data and your guests’ personal data available on our websites and social media pages and in press releases. We may also provide these details available to third parties who may need them for prize fulfilment purposes.

Legal bases: legal obligations, contract performance, legitimate interests, in order to successfully run our promotions and events.

  • To run our events. If you attend an event organised or otherwise supported by us, we may use your personal data, including specific dietary requirements, health information and access assistance, in connection with the running of the event.

Legal bases: legitimate interests, to allow us to run our events and meet your special preferences and requirements during our events, explicit consent (if required).

  • In relation to fraud prevention We and other organisations may access and use certain of your personal information to prevent fraud, as may be required by applicable laws and regulations, and best practice, at any given time. If false or inaccurate information is provided and fraud is identified or suspected, details may be passed to fraud prevention agencies and other organisations, and may be recorded by us or them.

Legal bases: legal obligations, legitimate interests, to ensure that you fall within our acceptable risk profile and to assist with the prevention of crime and fraud, a substantial public interest.

  • To conduct certain checks, such as the process of knowing your customer (KYC) and credit checks. If you are a customer or prospective customer, we may use your personal data to conduct certain checks in relation to you (and / or your business). For this purpose, we may disclose your information to the relevant authorities including credit reference agencies, government agencies and fraud prevention agencies. Law enforcement agencies may access and use this information. We, and other organisations that access and use information recorded by such agencies, may do so from countries other than the country in which you are based.

Legal bases: legal obligations, legal claims, substantial public interests, legitimate interests, to assist with the prevention of crime and fraud.

  • To improve and administer our websites, and to ensure that their content is relevant. To ensure that only adults of legal drinking age view and interact with our websites. To improve our websites and ensure that their content is presented in the most effective manner for you and your computer. To administer our websites and for internal operations, including troubleshooting and data analysis, even traffic data analysis, testing and research, statistical and survey purposes to allow you to participate in / register for interactive features of our service as part of our efforts to keep our websites safe and secure. To ensure that content from our websites is presented in the most effective manner for you and your device, which may include passing your data to business partners, service providers, analytics and search engine providers.

Legal bases: legitimate interests, to allow us to administer our websites and to provide you with the content and services on our websites, legal obligations.

  • To reorganise or make changes to our business. In the case that we (i) are subject to negotiations for the sale of our business or part of it to a third party (ii) are sold to a third party; or (iii) undergo a re-organisation, we may need to transfer some or all of your personal data to the relevant third party (or its advisors) as part of any due diligence process for the purpose of analysing any proposed sale or re-organisation. We may also need to transfer your personal data to that re-organised entity or third party after the sale or reorganisation for them to use for the same purposes as set out in this Personal Data Protection Policy.

Legal bases: legitimate interests (in order to allow us to change our business), legal obligations.

  • To comply with legal and regulatory obligations. We may process your personal data to comply with our legal and regulatory obligations, which may include disclosing your personal data to third parties, including the court service and/or regulators or law enforcement agencies in connection with proceedings or investigations by such parties anywhere in the world or where compelled to do so.

Legal bases: legal obligations, legal claims, legitimate interests (to cooperate with law enforcement and regulatory authorities).

If you have any questions about the legal bases we rely on, please contact us using the details set out in the “Contact Us” section below.

Disclosure of your information

In addition to the third parties mentioned above, we may also disclose your personal data to any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, who may use it in connection with any of the aforementioned purposes. We will also share your personal data with third-party service providers (such as marketing providers, IT or administrative services) who may process it on our behalf for any of the aforementioned purposes.

We do not disclose information about identifiable individuals to our advertisers, but we may provide them with aggregated information about our users (for example, we may inform them that 500 men aged under 30 have clicked on their advertisement on any given day). We may also use such aggregated information to help advertisers reach the kind of audience they want to target (for example, women in a particular location). We may make use of the personal data we have collected from you to enable us to comply with our advertisers’ wishes by displaying their advertisement to that target audience.

  1. How we use “cookies”

Our websites use cookies to distinguish you from other users. They help us to provide you with a good experience when you browse our sites and make sure that the content is relevant to you. If you want to find out more about how we use cookies, please visit our Cookies Policy at https://www.olympos.com/politiki-chrisis-cookies/

  1. Your use of chat rooms, messaging or other interactive forums

We offer chat rooms, message or bulletin boards, or interactive areas where visitors may post comments or information for our visitors’ enjoyment. If you participate in a chat room, bulletin or message board, or other interactive area where personal data may be posted on our sites, in addition to reading this privacy policy be sure to check the chat room rules before entering, as you will be bound by them. As you know, anything you post on the internet is available for the world to see. We make no representations and undertake no obligations as to information you voluntarily post.

  1. How we protect your personal data

Where is your personal data stored?

The data that we collect from you may be transferred to, and stored at, a destination in abroad. It may also be processed by staff, which operates abroad and work for us or for one of our suppliers. Such staff may be engaged in, among other things, the fulfilment of your order, the processing of your payment details or the provision of support services.

How long is your personal data stored for?

The personal data that we hold about you will not be kept for longer than is permitted by law and will only be kept for as long as necessary to provide you with any requested products, services or information, or for any other purpose set out under the heading “What do we do with the information”.

For example, we may retain certain transaction details and correspondence until the time limit for claims arising from the transaction has expired, or to comply with regulatory requirements regarding the retention of such data.

Disclosure of your information outside the European Economic Area

When we transfer personal data from inside the European Economic Area (the EEA) to outside the EEA, we may be required to take specific additional measures to safeguard the relevant personal data. Certain countries outside the EEA have been approved by the European Commission as providing essentially equivalent protections to EEA data protection laws and, therefore, no additional safeguards are required to export personal data to these jurisdictions. In countries that have not had these approvals, we will use appropriate safeguards to protect any personal data from being transferred, such as EU Commission-approved model contractual clauses or binding corporate rules permitted by applicable legal requirements.

Please contact us using the details set out in the “Contact” section below if you would like to see a copy of the specific safeguards applied to the export of your personal data.

What do we do to safeguard personal data?

We will take all steps reasonably necessary to ensure that your personal data is treated securely and in accordance with this privacy policy.

All information you provide to us is stored on our secure servers. In case that we have given you (or you have chosen) a password that enables you to access certain parts of our websites, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

Unfortunately, the transmission of information via the Internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your personal data transmitted to our websites – any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

What about links to other sites?

Our websites and social media fan pages may, from time to time, contain links to and from the websites of our partner networks, affiliates and other third parties.  If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

 

  1. Your rights and contacting us

Marketing

You have the right to ask us not to process your personal data for marketing purposes. We will usually inform you or collect your consent (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data or clicking unsubscribe at the bottom of the emails we send to you for marketing purposes.  You can also exercise the right at any time by contacting us at the email address [email protected].

Updating information

We will use reasonable endeavours to ensure that your personal data is accurate. In order to assist us with this, you should notify us of any changes to the personal data that you have provided to us by contacting us using the details set out in the “Contact” section below.

Your rights

If you are based in the EEA during your interactions with us, under certain conditions, you may have the right to require us to:

  • provide you with further details on how we use and process your personal data,
  • provide you with a copy of the personal data that we hold about you,
  • rectify inaccuracies in the personal data and complete any incomplete personal data that we process about you,
  • delete personal data we no longer have grounds to process, and
  • restrict how we process your personal data whilst we consider an inquiry you have raised.

In addition, under certain conditions, you have the right to:

  • in the case that processing is based on consent, withdraw the consent.
  • Ask us to transmit the personal data you have provided to us and that we still hold about you to a third party electronically,
  • object to any processing of personal data that we process on the “legitimate interests” or “public interests” grounds, unless our reasons for the underlying processing outweigh your interests, rights and freedoms, and
  • object to direct marketing (including any profiling for such purposes) at any time.

These rights are subject to certain exemptions to safeguard the public interest (e.g. the prevention or detection of crime) and our interests (e.g. the maintenance of legal privilege), and may not all be available in the country in which you are based.

If you have the right to do so, you can exercise these rights by contacting us using the details set out in the “Contact Us” section below.

If you are not satisfied with our use of your personal information or our response to any exercise of these rights you have the right to complain to the Personal Data Protection Policy.

Contact

Questions, comments and requests regarding this privacy policy are welcomed and should be addressed to [email protected]. You may also contact us at:

HELLENIC DAIRIES SA, 5th km Trikalwn-Pilis, Μunicipality of Pili, Postcode: 42100

Tel. +30 2410 541160 Fax. +30 2431061590

 

  1. Updates to the Personal Data Protection Policy

Any changes we may make to this privacy policy will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to this Personal Data Protection Policy.

This Personal Data Protection Policy was last updated in May 2018

Legal bases for use of personal data.

These are the principal legal grounds that justify our use of your personal data:

Consent: where you have consented to our use of your information and you have been presented with a consent form in relation to any such use. You may withdraw your consent by the means stated in this privacy policy.
Contract performance:where your information is necessary to enter into or perform our contract with you.
Legal obligation:where we need to use your information to comply with our legal obligations.
Legitimate interests:where we use your information to achieve a legitimate interest and our reasons for using it outweigh any prejudice to your data protection rights.

 

These are the principal legal bases that we typically use to justify our use of Special Categories of your Personal Data and Criminal Convictions Data:

Legal claims: where your information is necessary for us to establish, defend, prosecute or make a claim against you, us or a third party.
In the substantial public interest: processing is necessary for reasons of substantial public interest, on the basis of European or Greek law.
Explicit consent: you have given your explicit consent to the processing of the personal data for one or more specified purposes. You are free to withdraw your consent by contacting us as set out in the “Contact us” section of the above notice. If you do so, we may be unable to provide our products or services that require the use of such data.