Privacy Policy

Privacy Policy

“BREW RATIO IKE” (hereinafter “Company”) fully shares your concern regarding your personal data in accordance to the enhanced requirements of Regulation (EU) 2016/679 (hereinafter “GDPR”), law 4624/2019, Decisions, Guidelines and Opinions of Hellenic Data Protection Authority and, the relevant legislation about the protection of Personal Data (hereinafter “Data Protection Legislation”), as the Data Controller, informs the natural persons (hereinafter “Data Subjects”, “you”) about the processing of their personal data through this Privacy Policy.

Ι. Definitions

For the purposes of this Policy, the following terms have the following meaning:

“Personal Data”: Any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

“Processing”: Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

“Data Controller”: The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

II. What personal data we collect, for which purposes and which are the legal bases

PURPOSEPERSONAL DATA LEGAL BASIS
Use of Cookies in order to improve the functionality, the services provided to you, as well as the analysis of website traffic.Please visit our Cookie PolicyYour free express consent (Article 6 para. 1 (a)GDPR) which you grant by accepting cookies, with the exception of necessary cookies which are permanently installed and are absolutely necessary for the operation of our website, for the which legal basis for processing is Company’s legitimate interest (Article 6 para 1(f) GDPR)
Social PluginsThrough the plugins in use in our website we may be granted access only to publicly shared information found on the respective Social Media platforms. The use of the plugins found on our website is governed by the terms and conditions of each platform.Article 6 para (1)(a) GDPR: the data subject’s consent, as explicitly given by clicking each social media icon that transfers the user to the corresponding social medium.
Communication with users (via the contact form)Name, surname e-mail address (email), phone number, personal data that may be included in the subject and in the message sent by the user.Article 6(1)(b) GDPR: processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract
CV formName, surname e-mail address (email), phone number, area, personal data that may be included in the candidate’s message or resumeArticle 6(1)(b) GDPR: processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract
Coffee Franchise Interest FormName, surname e-mail address (email), phone number, area, personal data that may be included in the subject and in the message sent by the user.Article 6(1)(b) GDPR: processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract

III. Data Retention Period

Your personal data is retained for a limited period, depending on the purpose of the processing, after which the data is deleted from our records. When the processing is imposed as a legal obligation, your personal data is kept for as long as the relevant obligations impose. Where processing is based on your consent, your personal data will be retained until you withdraw such consent.

IV. Security

Considering the latest developments, the cost of implementation and the nature, scope, context and purposes of the processing, as well as the risks of different probability of occurrence and severity to the rights and freedoms of users from the processing, the Company take all necessary technical and organizational measures to protect your personal data. Although no method of transmission over the Internet, or electronic storage is completely secure, the Company takes security measures for your data.

V. Recipients

The staff and the administrative officers of the Company may gain access to your personal data, in order to achieve the above purposes, as described in section 1 of this Policy. Also, your personal data may be transferred to third parties, who have been entrusted with the processing of your personal data on behalf of the Company, such digital service providers (e.g. cloud, website hosting). Both employees and the external partners/suppliers of the Company, to whom user’s data may be transferred, are contractually bound to the Company, with confidentiality clauses. Also, your personal data may be transferred to public authorities, independent authorities, etc. in order to the exercise of their duties ex officio, or at the request of a third party who has legitimate interest.

VI.  International Data Transfers

Your personal data are not transmitted to any third country outside the European Union (EU), or the European Economic Area (EEA). However, in case your personal data is transferred to a country outside the European Union (EU), or the European Economic Area (EEA), the Company will ensure that any of the special exemptions provided by the GDPR, applies.

VII. Rights of the data subject

The General Data Protection Regulation provides you with rights and options that we are committed to satisfying. Thus, you may:

  • request information about your stored personal data and the way it is processed. If you so wish, we shall provide a copy of your personal data undergoing processing, free of charge (Right of Access).
  • request rectification of inaccuracies or errors, correction of incomplete data or an update of your data (Right to rectification).
  • request erasure of personal data, if no longer retained for specific, legal or stated purposes (Right to erasure or Right to be forgotten).
  • request restriction of processing a) when the accuracy of the personal data is contested, b) when the processing is unlawful (but you oppose the erasure of the data), c) when the data is no longer needed for the purposes of the processing, and d) for as long as the verification whether the legitimate grounds of the controller override those of the data subject are still pending.
  • object on grounds relating to your particular situation, at any time, to processing of personal data, especially when this data is processed for direct marketing purposes or profiling. More specifically, you may object to a decision based solely on automated processing. In such a case, you may exercise your right of intervention (Right to object – Automated individual decision-making).
  • receive your personal data in a structured, commonly used and machine-readable format or transmit this data to another controller at your behest, where technically feasible and at all times under the specific conditions of the law (Right to data portability).
  • revoke your once granted consent for your data processing at any time. As a result, we will not be allowed to continue the data processing based on this consent in the future.

You may address your requests to our DPO via email dpo-custom@revivalsa.gr. We shall answer all your requests within one (1) month. In the extremely rare cases that such a fulfillment is proven unfeasible, we shall immediately inform you explaining the reasons in detail.  If you believe that the provisions for personal data are being violated, you may file a complaint to the Hellenic Data Protection Authority (DPA).

VIII. Contact Information

DATA CONTROLLER

Brew Ratio ΙΚΕ

Kyprou 10, Moschato

Tel. 2168004940

Email: info@coffeelab.gr 

DATA PROTECTION OFFICER

Revival Consulting Services Α.Ε

Lenorman 194-196

Email: dpo-custom@revivalsa.gr 

Tel. 210 5156800

Latest Update: May 2023

FOLLOW US

Scroll to Top