At Globiled we collect and process your personal data in accordance with the EU Regulation 2016/679 (GDPR) as well as the current Greek legislation on personal data protection, and we take all reasonable technical and organizational measures for their protection and preservation.
- Purpose of this Policy
This Personal Data Protection Policy concerns Globiled and the personal data of individuals processed by the Company. This policy provides to any individual, customer or visitor of the website of our Company https://www.globiled.com, with concise and transparent information regarding the practices followed for the management and protection of personal data.
It concerns any transaction or series of transactions performed with or without the use of automated means, in personal data or in personal data sets, such as the collection, registration, organization, structure, storage, adaptation or modification, retrieval, search for information, use, disclosure by transmission, dissemination or any other form of disposal, association or combination, restriction, deletion or destruction.
The Policy is updated from time to time and may be amended whenever necessary, without prior notice, always within the applicable legal framework and in accordance with any changes in the current legislation on personal data protection. We therefore suggest that you check our website https://www.globiled.com, in which, any posted revised version of this policy, prevails over the printed version.
- Company Information (Data Controller)
“GLOBILED DEVELOPMENT. COMMERCIAL LIGHTING LED. Ltd. “, which is based in Athens at 19-21 I. DAMASKINOU Street with Tax Identification Number: 800472030 and Tax Office: D ‘ATHENS.
“GLOBILED DEVELOPMENT. COMMERCIAL LIGHTING LED ONLY. Ltd. “(hereinafter” GlobiLED “or” COMPANY “) is a Greek company active in the Development, Marketing of LED Lighting & Energy Saving Systems.
The term “personal data” hereinafter referred to as “Personal Data or Data”, is any information concerning a specific natural person or person whose identity can be verified (e.g., name, identity number, address, etc.).
- Legal Framework
Since May of 2018, 2016/679 General Regulation on the Protection of Personal Data (GDPR) of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data is in place. At the same time, the Company applies Law n. 4624/2019 and any relevant national legislation, as applicable.
- Data Protection Measures
The company takes the appropriate technical and organizational measures to ensure compliance with the legislation for the protection of personal data of its customers, as well as the users of its website. The company also ensures, through the above measures that access to personal data is not given to anyone other than the appropriate authorized persons, and only for the purposes of processing, specified in this policy.
- Categories of Personal Data – Purposes of Processing – Legal Bases
The personal data are obtained from the data subjects either in person or through our website, or through contracted third parties and are as follows:
- Demographic data of the company’s customers (Name, Surname Address, etc.). The legal basis for this is the performance of the contract between us in accordance with Article 6, par. 1(b) of the GDPR.
- Personal data related to contact details of the company’s customers (phone, email, etc.). The legal basis for this is the performance of the contract between us in accordance with Article 6, par. 1(b) of the GDPR.
- Personal data related to Sales and Service Information of the company’s customers, i.e., information related to purchases, customer ID, contract numbers, support and repair services (service), including complaints and claims. The legal basis for this is the performance of the contract between us in accordance with Article 6, par. 1(b) of the GDPR.
- Electronic communications data (IP Address, Mac Address, Web Browser Information etc.) during the use of our website (log files) https://www.globiled.com by its visitors and customers. The above data is collected to ensure the availability, integrity and confidentiality of information and data from accidental or illegal or malicious actions or events, to investigate any cyber-attacks and incidents and to support any relevant legal claims. The legal basis for this processing is the legitimate interest of the Data Controller, according to Article 6, par. 1(f) of the GDPR. Note: Our site is not intended to collect data from underage visitors, unless authorized by parents or guardians. However, we cannot check if a visitor is a minor. We encourage parents to participate in their children’s online activities in order to avoid the collection of data about their children without parental consent.
- Necessary data related to financial data of the company’s customers, including identification, financial, tax and communication data, such as VAT, Tax Office, contact details, address, etc. The receipt, processing and retention of your data belonging to the above categories is necessary for the compliance of the Company with its legal obligations and in accordance with Article 6, par. 1(c) of the GDPR.
- Data contained in CVs/Resumes (identification, personal characteristics, family status, education, work, contact details, etc.) that you willingly send to us through our website or to our corporate email addresses. The provision of your personal data in the context of submitting a CV to find a job in our company takes place voluntarily on your part, as it would not be otherwise possible to assess the possibility of your recruitment. The legal basis for this processing is the explicit consent of the data subject, according to Article 6, par. 1(a) of the GDPR. Your data is kept only for this purpose and is processed by the relevant responsible Departments of our Company and its authorized personnel (i.e., Human Resources Department, Accounting Department, etc.)
- Our company processes, through a video surveillance system, data regarding to image/video etc. of visitors and customers in our premises at 287 Vouliagmenis Avenue, 172 Agios Dimitrios, Zip Code:17236, Athens, aiming at the protection and safety of persons and goods, protection and safety of our customers, visitors, employees and other third parties as well as the facilities and assets of our Company. The image/video capture has a maximum file retention period of 15 days and the cameras are positioned at the company’s entrances, exits, cashier and critical facility areas, e.g., computer room etc. The legal basis for this processing is the legitimate interest of the Data Controller, according to Article 6, par. 1(f) of the GDPR and is carried out in accordance with Directive 1/2011 of the Greek Personal Data Protection Authority.
- Newsletter: By entering your e-mail, you accept to receive our Newsletter. Your email will be used only by our company (Data Controller) for the purpose of sending the newsletter to you, and will only be communicated to its contracted partner (Data Processor) who will be responsible for handling the Newsletters. In order to document your electronic statement of consent, as well as the service of a possible access request on your part, we keep an electronic log file. You can withdraw your consent at any time by following the link at the bottom of each Newsletter. Your email will be retained in our database, for the purpose of sending you the Newsletter, until your consent is revoked, a fact that however will not affect in any way the lawfulness of the processing made until the withdrawal of your consent. The legal basis for this processing is the explicit consent of the data subject, according to Article 6, par. 1(a) of the GDPR.
- Cookies: Our website uses Electronic “Cookies”. Cookies are small pieces of information sent by us to your computer (via the web browser) and stored on your hard drive to allow our website to recognize you when you visit the website again in the future. They help us improve our website and provide a better, more personalized service. Through the cookies’ implementation platform of our website, you can choose which cookies you will give your consent to. The legal basis for this processing is the explicit consent of the data subject, according to Article 6, par. 1(a) of the GDPR. You have the right to withdraw your consent at any time by contacting us in writing, a fact that however will not affect in any way the lawfulness of the processing made until the withdrawal of your consent. For more information, please visit our website “Cookies Policy”.
- Who are the recipients of your Data?
We may disclose your personal information (in whole or in part, as required each time) indicatively to:
- All authorized persons of our Company, e.g., Legal advisers, business consultants, external accountants, insurance companies, security technicians, etc.
- Specific persons of our Company, necessary for the selection process of candidate employees, e.g., HR Department, Accounting Department, Administration, IT Manager etc.
- External partners (car service companies, transport companies, etc.), necessary for the execution of the contract between us.
- Providers of support for these data processing systems.
- Judicial or supervisory or control authorities, within the scope of their jurisdiction.
- Third parties who have a legal interest in establishing, exercising or supporting legal claims.
In cases where your consent is required for the disclosure of your data to third parties (where they are not mentioned by law), this will be explicitly requested by you, and you have the right to revoke it at any time. In these cases, the Company assures you that it is under constant vigilance and takes all necessary security measures, so that the transfer of personal data is carried out in the safest possible way.
The Company undertakes the obligation to not trade your personal data by making it available for sale or rental by transferring or disclosing it to third parties or using it in any other way and for other purposes that might jeopardize your privacy and your rights and freedoms, unless required by law, court decision / order, administrative act or if it is a contractual obligation necessary for the smooth operation of the Company’s website and the performance of its functions.
Your personal data may be transferred to partners, or third parties, who are required to comply with the terms of this Policy and are committed to maintaining its confidentiality, and who act on behalf of the Company for further processing in order to provide services (e.g., data management, technical support etc.). These third parties have contractually agreed with the Company, that they will use the personal data only for the legal agreed purposes, and will not transmit personal information to third parties, as well as will not disclose it to third parties unless required by law.
- How do we ensure that the Data Processors respect your Personal Data?
The Data Processors have agreed and are contractually committed with the Company to:
- preserve the data confidentiality,
- not send data to third parties without the permission of the Company,
- take the appropriate security measures,
- comply with the legal framework for the protection of personal data and in particular the GDPR Regulation.
- Do we send your Data outside the E.E.?
We do not send your data to third parties outside the European Union (EU). Your Personal Data is stored and processed only within the EU.
- How long do we store your Data for and when do we delete it?
The data provided by you will be kept / stored by us only for the period of time required for the fulfillment of the purpose for which you have communicated your data to us and in accordance with the applicable legal provisions. More specifically:
- The Data Controller is entitled by the current legislation (Article 937 – Civil Code – Limitation) to keep the data concerning his clients, for twenty (20) years.
- The Data Controller is entitled by the current legislation (L.4174 / 2013 as amended by article 32 par. 2 L.4646 / 2019 and is valid), to keep the details of the financial transactions with his customers, for a period of ten (10) years from the end of the year in which the deadline for submission of the tax declaration or the last tax declaration expires in case more than one declaration is foreseen.
- If you have given us your permission to use your data for direct marketing reasons (e.g., newsletter), we will retain this data until you notify us of something different and / or withdraw your consent, a fact that however will not affect in any way the lawfulness of the processing made until the withdrawal of your consent.
- Your personal data which is contained in the CV/Resume that you send us, will be kept in the database of our company for 12 (twelve) months. They will be used solely for the purpose of sending you updates on new available jobs at our company, and will not be transmitted or notified to any third party. In case you do not consent to the preservation of your CV in the database of our company for 12 months, you have the right to request its deletion, forwarding your wish to the e-mail firstname.lastname@example.org.
- Data that are collected by the Cookies are retained and deleted according to our Cookies Policy, which can be found at https://www.globiled.com.
- The image/video data captured by our CCTV system of visitors and customers in our premises at 287 Vouliagmenis Avenue, 172 Agios Dimitrios, Zip Code:17236, Athens, has a maximum file retention period of 15 days. In the event that during this period we identify an incident, we isolate part of the video and keep it for another (1) month, in order to investigate the incident and initiate legal proceedings to defend our legal interests, while if the incident concerns third parties, we will keep the video for up to three (3) more months.
- The data of electronic communications concerning the use of our website by you (log files), are kept for a period of 12 months, unless there is a need for further investigation or legal claim in which case, they are retained for the period of time required for those purposes.
- Do we use automated decision making / including profiling when processing your Data?
We do not make decisions, nor do we make profiles, based on automated processing of your Data.
- Is your Data safe?
We are committed to safeguarding your Personal Data. We have taken the appropriate organizational and technical measures to secure and protect your Data from any form of accidental or improper processing.
We use Electronic Security Certificate (SSL – Secure Socket Layer), to ensure the secure exchange of data between the website and your browser. These measures shall be reviewed and amended as necessary.
Any kind of processing of your Data is allowed only to persons authorized by us, our employees and associates exclusively for the above-mentioned purposes.
- What are your rights as a data subject and can you exercise them?
Regarding your personal data, you have the option of exercising the following rights: right of access, right of rectification, right of deletion, right of limitation of processing, right of data portability and right to object, by submitting a written request in person in our premises at 287 Vouliagmenis Avenue, 172 Agios Dimitrios, Zip Code:17236, Athens, or by sending the request by post, or email with your authenticated signature. Globiled will respond to your request free of charge, without delay and in any case within one month of receipt of the request, except in exceptional circumstances, when that deadline can be extended by a further two months if necessary, taking into account the complexity of the request and the number of requests. We will inform you of any extension within one month of receipt of the request, as well as of the reasons for the delay. If it is not possible to meet your request, we will notify you without delay and at the latest within one month of receipt of the request for the reasons. This information is in principle provided free of charge by the Company, provided that the request for notification and information is not exercised repeatedly, in excess and/or is clearly unjustified.
Finally, you have the option to file a complaint to the Hellenic Data Protection Authority (HDPA): www.dpa.gr. (Postal address: 1-3 Kifissias, Zip Code: 115 23, Athens, tel. 2106475600, e-mail address: email@example.com).
- How can you exercise your rights?
If you wish to contact us for any issue related to the processing of your Data and the exercise of your rights, you can contact the Data Protection Officer (DPO) of our company at Iosif Damaskinou 19-21, Athens, Zip Code: 11471 or at the address of our branch at 287 Vouliagmenis Ave, Agios Dimitrios, Zip Code:17236, or at the e-mail address firstname.lastname@example.org.