For the purposes of this Policy, the following terms have the following meaning:
“Personal Data”: Any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
“Processing”: Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
“Data Controller”: The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
II. What personal data we collect, for which purposes and which are the legal bases
|PURPOSE||PERSONAL DATA||LEGAL BASIS|
|Social Plugins||Through the plugins in use in our website we may be granted access only to publicly shared information found on the respective Social Media platforms. The use of the plugins found on our website is governed by the terms and conditions of each platform.||Article 6 para (1)(a) GDPR: the data subject’s consent, as explicitly given by clicking each social media icon that transfers the user to the corresponding social medium.|
|Communication with users (via the contact form)||Name, surname e-mail address (email), phone number, personal data that may be included in the subject and in the message sent by the user.||Article 6(1)(b) GDPR: processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract|
|CV form||Name, surname e-mail address (email), phone number, area, personal data that may be included in the candidate’s message or resume||Article 6(1)(b) GDPR: processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract|
|Coffee Franchise Interest Form||Name, surname e-mail address (email), phone number, area, personal data that may be included in the subject and in the message sent by the user.||Article 6(1)(b) GDPR: processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract|
III. Data Retention Period
Your personal data is retained for a limited period, depending on the purpose of the processing, after which the data is deleted from our records. When the processing is imposed as a legal obligation, your personal data is kept for as long as the relevant obligations impose. Where processing is based on your consent, your personal data will be retained until you withdraw such consent.
Considering the latest developments, the cost of implementation and the nature, scope, context and purposes of the processing, as well as the risks of different probability of occurrence and severity to the rights and freedoms of users from the processing, the Company take all necessary technical and organizational measures to protect your personal data. Although no method of transmission over the Internet, or electronic storage is completely secure, the Company takes security measures for your data.
The staff and the administrative officers of the Company may gain access to your personal data, in order to achieve the above purposes, as described in section 1 of this Policy. Also, your personal data may be transferred to third parties, who have been entrusted with the processing of your personal data on behalf of the Company, such digital service providers (e.g. cloud, website hosting). Both employees and the external partners/suppliers of the Company, to whom user’s data may be transferred, are contractually bound to the Company, with confidentiality clauses. Also, your personal data may be transferred to public authorities, independent authorities, etc. in order to the exercise of their duties ex officio, or at the request of a third party who has legitimate interest.
VI. International Data Transfers
Your personal data are not transmitted to any third country outside the European Union (EU), or the European Economic Area (EEA). However, in case your personal data is transferred to a country outside the European Union (EU), or the European Economic Area (EEA), the Company will ensure that any of the special exemptions provided by the GDPR, applies.
VII. Rights of the data subject
The General Data Protection Regulation provides you with rights and options that we are committed to satisfying. Thus, you may:
- request information about your stored personal data and the way it is processed. If you so wish, we shall provide a copy of your personal data undergoing processing, free of charge (Right of Access).
- request rectification of inaccuracies or errors, correction of incomplete data or an update of your data (Right to rectification).
- request erasure of personal data, if no longer retained for specific, legal or stated purposes (Right to erasure or Right to be forgotten).
- request restriction of processing a) when the accuracy of the personal data is contested, b) when the processing is unlawful (but you oppose the erasure of the data), c) when the data is no longer needed for the purposes of the processing, and d) for as long as the verification whether the legitimate grounds of the controller override those of the data subject are still pending.
- object on grounds relating to your particular situation, at any time, to processing of personal data, especially when this data is processed for direct marketing purposes or profiling. More specifically, you may object to a decision based solely on automated processing. In such a case, you may exercise your right of intervention (Right to object – Automated individual decision-making).
- receive your personal data in a structured, commonly used and machine-readable format or transmit this data to another controller at your behest, where technically feasible and at all times under the specific conditions of the law (Right to data portability).
- revoke your once granted consent for your data processing at any time. As a result, we will not be allowed to continue the data processing based on this consent in the future.
You may address your requests to our DPO via email firstname.lastname@example.org. We shall answer all your requests within one (1) month. In the extremely rare cases that such a fulfillment is proven unfeasible, we shall immediately inform you explaining the reasons in detail. If you believe that the provisions for personal data are being violated, you may file a complaint to the Hellenic Data Protection Authority (DPA).
VIII. Contact Information
Brew Ratio ΙΚΕ
Kyprou 10, Moschato
DATA PROTECTION OFFICER
Revival Consulting Services Α.Ε
Tel. 210 5156800
Latest Update: May 2023