PRIVACY AND PERSONAL DATA PROTECTION POLICY

1. Information for the Processing of Personal Data

For Moschou SA, the protection of the personal data of its customers and associates is of paramount importance. For this reason we take the appropriate technical and organizational measures to protect the personal data we process and to ensure that their processing is always carried out in accordance with the obligations set by the legal framework, both by the company itself and by third parties who process personal data on its behalf.
This Privacy and Privacy Policy applies to the services we provide to our customers, to the communication to any interested party and to the website https://www.e-tiles.gr and its online services.

2. What is GDPR;

The General Data Protection Regulation (GDPR) 2016/679 (EU) is the new regulatory framework for the protection of personal data of the European Union (EU). The object of the law is to establish the conditions for the processing of personal data, the protection of the rights and freedoms of natural persons and in particular the right to protection of personal data.
Personal data, as defined in Article 4 of the GDPR, is the information that can be used to identify you and to communicate and trade with you, for example your name, your postal address, your e-mail address or any other information that, if combined with each other can identify you.

3. Moschou SA as data controller

Moschou, as the person in charge of personal data processing, with the name «Moschou SA», located in Vassiloudi Thessaloniki, 27th km Thessaloniki-Kavala Old National Rd, 57012 with VAT number 094297190, for business purposes collects and processes the personal data of its associates, suppliers, employees and customers, in accordance with applicable national law (4624/2019) and European Regulation 2016/679 on the protection of individuals with regard to the processing of personal data and on the free movement of such data as applicable. Therefore, Moschou SA acts as the controller, in accordance with Article 4 para. 7 of the GDPR.
For any issue regarding the processing of personal data you can contact the Privacy Department of Moschou SA at the following contact details:
email: [email protected]
Τηλέφωνο: +30 23930 21013

4. Your personal data that we process

We process your personal data only for a legal purpose, provided that one of the conditions of article 6 par. 1 of the GDPR is met. The website https://www.e-tiles.gr/ was designed so that users can visit it without having to reveal their identity and without having to provide personal data unless they wish. In the course of our activities and our cooperation with you, we will need to collect and process some of your personal data in order to offer you specific services and to be able to adequately meet your needs. More specifically:

4.1 Personal data of our clients

Moschou SA collects personal data of its customers such as names, patronymics, contact numbers, email, address, IBAN, Tax Identification Number, which processes in business processes such as orders, invoicing, payments, etc. in order to complete services to our customers.
Legal bases for the above processing are the fulfillment of our contractual obligations (GDPR article 6 par. 1b) and the legal interest of Moschou SA (GDPR article 6 par. 1f).
1st version Page 5 of 9 09 April 2021
Privacy and Personal Data Protection Policy
Internal Document

4.2 Personal data collected and processed by Moschou SA for its employees

The staff of Moschou SA, is well trained and aware of its obligations regarding the protection of personal data of customers and professional privacy. There is always a contractual relationship between Moschou SA and its employees, with the necessary commitments of confidentiality and taking the appropriate organizational and technical measures to protect the personal data of customers.
When a new job is created, Moschou SA collects CVs of prospective employees. At this stage, Moschou SA collects and processes candidates’ personal data, such as name, passport / identity card, age, marital status, address, telephone, email, CV, degrees, certifications, previous service, job application, interview notes etc. Moschou SA ensures that the personal data of each candidate is kept intact and secure, only for as long as necessary in order to be considered in future employment opportunities.
When Moschou SA decides to hire a prospective employee, it collects and processes employees’ personal data, such as name, passport / identity card, age, marital status, address, telephone, email, curriculum vitae, degrees, certifications, previous service, job, health certificates, VAT, AMKA, AM IKA, IBAN that are in employment contracts, in payroll and training documents of employees. These data are necessary for the performance of contractual and legal obligations of Moschou SA
Legal bases for the above processing are the fulfillment of our legal obligations (eg compliance with tax, insurance and labor obligations set by law) (GDPR article 6 par. 1c) and the legal interest of Moschou SA (GDPR article 6 par .1΄f).

4.3 Personal data of our third party partners / suppliers

We collect and process personal data of our partners / suppliers (eg, webmasters, accountants, lawyers, security technicians, etc.) such as name, email, phone, address, TIN, AMKA, IBAN, Business Cards for invoicing and contracting, etc. We also maintain a file of categorization, evaluation and development of our partners / suppliers. This information is necessary for us to be able to communicate, direct and supervise our partners, always aiming at our perfect cooperation and the satisfaction of our customers.
Legal bases for the above processing are the fulfillment of our legal obligations (eg compliance with tax, insurance and labor obligations set by law) (GDPR article 6 par. 1c) and the legal interest of Moschou SA (GDPR article 6 par .1΄f).

4.4 Personal data from video surveillance

The main purpose of our security cameras and CCTV circuits is to prevent crime and then to keep records that help us to draw safe conclusions, in order to have a complete knowledge of the dangers from which we must protect the our life and property. Moschou SA ensures that the locations of the cameras and the way in which the data are received are determined in such a way that the data collected is not more than is absolutely necessary to fulfill the purpose of the processing and that fundamental rights are not infringed. of our customers, suppliers and staff. Also, Moschou SA takes care to inform the customers, before entering the scope of the video surveillance system, in a visible and understandable way (signaling), that they are going to enter a place that is being videotaped. Personal data resulting from the use of control and monitoring methods will not be used to the detriment of customers or for the evaluation of staff unless necessary due to a malicious act.
1st version Page 6 of 9 09 April 2021
Privacy and Personal Data Protection Policy
Internal Document

5. Basic Principles of personal data processing

• The processing of personal data takes place in a legal, fair and transparent manner.
• The collection of personal data is carried out only for specified, clear and legal purposes.
• The collection of personal data is adequate and relevant.
• Personal data is accurate and up to date.
• Inaccurate personal data is corrected or deleted.
• Personal data remains confidential and securely stored.
• Personal data is not disclosed to third parties unless it is necessary for them to be offered services by agreement.
6 Where is your personal data disclosed?
Moschou SA may transmit personal data provided by individuals to third parties, in the following cases and for specific purposes.

6.1 To employees or external associates

These are experienced professionals who are well-informed about the confidentiality obligations regarding customers’ personal data. Employees / external associates of Moschou SA (eg transport company, courier companies), have access only to the personal data of the customers, which are deemed absolutely necessary for the performance of their duties. There is always a contractual relationship between Moschou SA and its employees / external partners, with the necessary commitments of confidentiality and taking appropriate organizational and technical measures to protect the personal data of customers.

6.2 Other third parties due to legislation

We may disclose your personal information in order to comply with the law or to comply with a mandatory legal procedure (eg for tax purposes), or to protect the rights or security of Moschou SA.

6.3 Other third parties with your consent

In addition to the disclosures described in this Privacy and Privacy Policy, we may transmit information about you to third parties, provided you give us your free and express consent.

6.4 Recipients outside the EEA

The personal data you provide to us will be transferred and stored on our servers, located within the EEA (European Economic Area). We will not transfer your information outside the European Economic Area (EEA) unless you are a non-EEA user, in which case you may need to transfer your details to deliver your products, process payment / returns or send us promotional information on which you have registered. We will take all necessary steps to ensure that your personal information is processed securely and in accordance with this Data Protection Policy and legislation when it takes place from a location outside the EEA. For the avoidance of doubt, where the United Kingdom is no longer a Party to the EEA, the references in this paragraph to the EEA shall mean the EEA and the United Kingdom.

7. Privacy Policy

Moschou SA implements appropriate technical and organizational measures aimed at the secure processing of personal data and the prevention of accidental loss or destruction and unauthorized and / or illegal access to, use, modification or disclosure. These technical and organizational measures are taken both during the design of the processing media (eg encryption of the server data and the company’s computers, etc.), and by default, so that only the personal data necessary for the respective process are processed. purpose of processing (principle of minimization of personal data). Moschou SA does not rest on the technical security measures it has taken so far, but is constantly looking for new and modern methods in order to shield the personal data it collects and processes. In any case, the operation of the internet and the fact that it is free to anyone does not guarantee that unauthorized
1st version Page 7 of 9 09 April 2021
Privacy and Personal Data Protection Policy
Internal Document
third parties will never be able to violate the applicable technical and organizational measures by gaining access and possibly using personal data for unauthorized and / or unlawful purposes.

8. Actions in case of violation of the personal data of the subjects

In the event that a breach of the data subjects’ personal data is found and this breach may pose a threat to their rights and freedoms, Moschou SA undertakes to notify without delay and in any case within 72 hours of being aware of the fact. of the violation, to the Personal Data Protection Authority (APDPX) and if deemed necessary to the data subject.

9. Subject Rights

Every natural person whose data is processed by Moschou SA, has the following rights:

9.1 The right to be informed

You have the right to be informed about the identity and contact details of us, or our representatives, the purposes of the processing for which the personal data is intended, as well as the legal basis for the processing, the recipients or the categories of recipients of the personal data. As part of the principle of transparency that governs the operation of our company, you can contact us requesting further information on how your personal data is processed and how to exercise your rights, by submitting the relevant requests. Your requests will be answered without delay and in any case within one month of receiving the request. This time limit may be extended by a further two months, if necessary, taking into account the complexity of the request and the number of requests.

9.2 Right of access

You have the right to be aware of and verify the legality of the processing and to request copies of the personal data being processed. Thus, you have the right to access the data and receive additional information about their processing. You also have the right to access more specific information about the content and how to exercise your individual rights.

9.3 Right of correction

You have the right to study, correct, update or modify your personal data.

9.4 Right of erasure

You have the right to request the deletion of your personal data when we process it with your consent or in order to protect our legal interests. In all other cases (such as when there is a contract, obligation to process personal data imposed by law, public interest), this right is subject to certain restrictions or does not exist as the case may be (eg we have the right to refuse the deletion of personal for the purpose of establishing, exercising or upholding our legal claims).

9.5 Right to restriction of processing

Υou have the right to request a restriction on the processing of your personal data in the following cases:
1. when you dispute the accuracy of the personal data and until it is verified,
2. when you oppose the deletion of personal data and instead of deleting you request the restriction of their use,
3. when personal data is not needed for processing purposes, however you are necessary to establish, exercise, support legal claims, and
4. when you object to the processing and until it is verified that there are legitimate reasons that concern us and prevail over the reasons why you oppose the processing.
1st version Page 8 of 9 09 April 2021
Privacy and Personal Data Protection Policy
Internal Document

9.6 Right to object

You have the right to object at any time to the processing of your personal data in cases where, as described above, it is necessary for the purposes of the legal interests we seek as processors, as well as to the processing for the purposes of direct information promotion. In particular, you have the right to object to any decision made solely on the basis of automated processing, including profiling, which produces legal effects that affect or significantly affect you. Exceptionally you can’t object to the automated decision making that concerns you, when this decision, whether it is necessary for the conclusion or execution of the contract we have concluded with you, or is based on your explicit and free consent.

9.7 Right to data portability

You have the right to receive your personal data free of charge in a form that will allow you to access, use and process it using commonly used processing methods. You also have the right to request that, if technically possible, we transfer the data directly to another controller. This right exists for the data you have provided to us and their processing is carried out by automated means based on your consent or in execution of a relevant contract.

9.8 Right to withdraw consent

Where processing is based on your explicit and free consent, you have the right to revoke it freely, without prejudice to the legality of the processing based on your consent, before revoking it.
To revoke your consent you can contact the Privacy Policy of Moschou SA at the following contact details:
email: [email protected]
phone number: +30 23930 21013

9.9 Right of complaint to authorities

In case of violation of your personal data you have the right to file a complaint to the Personal Data Protection Authority (www.dpa.gr):
Phone number: +30 210 6475600,
Fax: +30 210 6475628,
email: [email protected] .

10. Websites of third parties

Our Website may provide links to other Websites that are not owned or controlled by us, but which we believe could be useful or interesting to visitors to our Websites. In this case, we are not responsible for the privacy practices used on the websites of others or for the validity of their content or for the collection of information by the parties who own and control those websites, or the use of their Cookies. Therefore, we are not responsible for any damage or problems that occur to any of you who will use this foreign Website and ultimately, it is up to you whether or not to use a link to another Website provided by our Website, in in case you do not trust him completely.

11. Children access

Με την παροχή της συγκατάθεσής σας δηλώνετε υπεύθυνα πως είστε άνω των 15 ετών. Εάν είστε κάτω των 15 ετών, μπορείτε να χρησιμοποιήσετε την ιστοσελίδα μας και τις υπηρεσίες της μόνο με τη συμμετοχή και την έγκριση ενός γονέα ή κηδεμόνα.
1st version Page 9 of 9 09 April 2021
Privacy and Personal Data Protection Policy
Internal Document

12. Renewals and changes

The E-tiles.gr website is constantly updated and expanded both functionally and in terms of products and services, with the consequence that it renews the current policy of protection of the secrecy of transactions. We recommend that you read this page at regular intervals to be informed of any changes to the content of this protection policy.