Privacy Policy - GDPR

PURPOSE

The purpose of this Security Policy is to define and articulate the general framework and basic principles set out and applied by the General Partnership under the name DIMOGLOU TECH & TRADE O.E., legally seated in Thessaloniki (Isiodou 1, 56224), with VAT number 802767800 and the distinctive title DTT (hereinafter "DTT") for the management of personal data and for protecting their security, confidentiality, integrity and availability.

SCOPE

This Security Policy applies to all personal data managed by DTT in the course of its activities.

General

DTT recognizes and respects the importance of the personal data it handles in the course of its activities, and for this reason has fully aligned its policy with the requirements of the General Data Protection Regulation (hereinafter GDPR) 2016/679/EC.

With this statement, DTT wishes:

  • to inform those interacting with it in what capacity, for what purpose and on what legal basis it processes personal data — that is, information that may be used to directly or indirectly identify individuals;
  • to specify the categories of data, the sources of the data (when the data is not provided by the data subject), and the criteria for determining the retention period of personal data;
  • to inform data subjects of their ability to exercise — in relation to their personal data — the rights of access and rectification and, where applicable, erasure, restriction and objection to processing, and the right to lodge any complaint regarding violations of their personal-data rights with the Hellenic Data Protection Authority;
  • to set out the principles governing the relevant protection policies and the personal-data security guarantees applied by DTT.

Data Controller, Representative and Data Protection Officer details

Giorgos Dimoglou, Isiodou 1, Evosmos, Thessaloniki 56224, info@dtt-industries.com, (+30) 2310 684 108.

Who collects personal data?

This statement covers the collection of personal data by DTT in the course of its activities, including its presence on third-party websites, platforms and applications under our website's Terms of Use.

Please note that when you visit the DTT website, simple data is collected relating to your interaction with the site and to the placement of cookies (see the relevant cookie policy). Third-party websites generally apply their own privacy statements and their own Terms and Conditions. We invite you to read them before using those sites.

What personal data is collected?

We primarily collect and process information relating to our (prospective) customers and/or visitors to our website.

In addition, personal data is collected from individuals entering DTT and its premises.

How is my personal data collected?

We may collect personal data from various sources, namely:

  • When you register as a member or voluntarily provide your details,
  • When you contact us via the website, the social media we operate, or by email to the professional address we publish.
  • When you have already made your data publicly available and accessible by any means, or have given consent for your data to be shared by another data controller, subject to the relevant terms of the latter.

Specifically, we process:

a. Data you provide when creating a user account on the Websites or Apps or on DTT-managed Social Media Groups, via the internet or your mobile device, or via personal contact at our offices or with our sales staff — specifically data such as email address and login password, or first name, surname, postal address, phone number.

b. Data you provide when registering as a DTT customer, either in person before our authorized staff or remotely (electronically or by post), specifically data such as ID card, tax details, address, telephone, etc.

c. Data you provide when you sign up for our newsletter.

d. Website-traffic data.

e. Information collected through cookies in your browser.

f. Your social-media username, if you interact with us via those channels, to help us respond to your comments, questions or feedback.

For what purposes is my data used?

The purpose of processing depends on the specific function performed. Specifically:

  • To communicate information about our products, services and events, as well as for other (commercial) promotion purposes

    • Sending newsletter/offers: With your consent, we will use your personal data, preferences and transaction details to inform you by email, internet, telephone (SMS/Viber, etc.) and/or via social media about related products and services, including personalized offers, discounts, etc. Of course, you may withdraw this consent at any time.
    • Web push notifications: Depending on your browsing activity, you may — with your prior consent — receive notifications about our offers, news, your wish list and your shopping cart. You may withdraw this consent at any time.
  • To operate, improve and maintain our business, products and services
  • Developing and improving the systems and services for the products we provide. We do this on the basis of our legitimate business interests.
  • To show you the most interesting content on our Websites, Apps, or DTT-managed Social Media Groups, we will use the data we hold about your favorite products. This is based on your consent to receive notifications or — for our Websites — your consent to place cookies on your device. For example, we may display a list of products you recently viewed or offer recommendations based on your purchase history and any other data you have shared with us.
  • To send you research and feedback requests so that we can improve our services. These messages may be sent by email or text (SMS or Viber, etc.). We have a legitimate interest in doing so, as this helps make our products or services more relevant to you. You are of course free to refuse to receive these requests from us at any time by updating your preferences in your online account or by contacting the relevant DTT department directly.

What is the legal basis for processing?

The legal basis for processing in the case of newsletters and notifications generally is your consent, which is given either by registering as a DTT customer or by voluntarily sending your personal data whenever it is requested by you. In the context of social media, you give your consent by liking or following our pages, and you can withdraw it just as easily, in the same way (unlike, unfollow). Your consent implies acceptance of our data-protection policy, which is published in a prominent and easily accessible place on the relevant page.

Profiling

DTT does not use personal data to create profiles.

Transfer to third parties: who will my data be shared with?

As a rule, DTT does not share data with third parties.

DTT does share data with other third parties to the extent required for the following purposes:

  1. compliance with a government request, court order or applicable law,
  2. prevention of unlawful uses of our Websites and Apps or Groups, or breaches of our Websites' or Apps' or Groups' Terms of Use and our policies,
  • our own protection from third-party claims, and
  1. helping to prevent or investigate cases of fraud (e.g., counterfeiting).
  2. To other third parties where you yourself have given your consent.

Hyperlinks to third-party websites

By means of relevant hyperlinks within the website and the social-media pages DTT manages, access is provided to third-party websites. These hyperlinks have been placed solely to facilitate visitors during their browsing on the internet. They do not in any way constitute acceptance or endorsement of the content of the linked websites. The respective link leads to a different website, browsing of which is subject to its own terms of use and data-protection policies.

DTT bears no responsibility whatsoever for the content and personal-data management policy of any linked website.

Access through the provided hyperlinks to any website takes place at the user's sole responsibility. We encourage you to read the data-protection policies of all websites you visit.

Sponsors or advertisers may use their own Cookies, Web Beacons or other on-line tracking technologies in their advertisements that appear on our website and in the emails, special promotions or newsletters we send you. Some advertisers use companies other than our own to serve their ads and to measure user responses to them, and these companies ("Ad Servers") may collect Non-Personal Data through the use of Cookies or Web Beacons on our website. In some cases, the collection of information may be facilitated by momentarily redirecting your browser to an Ad Server's website or to another third party operating on behalf of the sponsor, advertiser or partner, before redirecting your browser to the intended destination (e.g., back to our website to view the ad, or to the advertiser's website). This redirection will not be apparent to you.

We do not control these third-party measurement methods or how they manage the Non-Personal Data they collect. Nevertheless, we require sponsors, advertisers and Ad Servers that collect information via Cookies or Web Beacons from our website to agree that they will not collect any Personal Data from users of our website without their consent. You should review the Privacy Policies of the other websites you visit through our site so as to understand how they use Cookies or Web Beacons on their websites.

Transfer of personal data

Personal data we collect (or process) in the context of our Websites, Apps and/or Social Media Groups will be stored in Greece and within the EU. However, some of the data recipients with whom DTT shares your Personal Data may be in countries other than the one in which your Personal Data was originally collected. Legislation in those countries may not provide the same level of data protection as the country that originally provided your Personal Data. Nevertheless, when we transfer your Personal Data to recipients in other countries, including the U.S., we are committed to protecting your Personal Data as described in this Privacy Policy and in accordance with applicable law.

Important note: We are not responsible for the way or means by which each of the following platforms (Google, Facebook, Instagram) processes your data.

You should be aware that, under Decision 2010/87/EU, the data exporter and data recipient are obliged to check, before each transfer and taking into account the circumstances of the transfer, whether the specific level of protection is upheld in the relevant third country, and that Decision 2010/87/EU obliges the data importer to inform the data exporter of any inability to comply with the standard data-protection clauses and, if necessary, with any additional measures beyond those provided by that clause — and the exporter is in turn obliged to suspend the data transfer and/or terminate the contract with the data importer.

With judgment C-311/18 (Data Protection Commissioner v Facebook Ireland Limited and Maximillian Schrems), the Court examined the validity of the privacy-shield decision (Decision 2016/1250 on the adequacy of the protection provided by the EU–U.S. Privacy Shield) and held that the requirements of U.S. domestic law — and specifically certain programs allowing access by U.S. public authorities to personal data transferred from the EU to the U.S. for national-security purposes — result in restrictions on personal-data protection which are not delimited in a way that is essentially equivalent to that required by EU law, and that this legislation does not give data subjects enforceable rights against the U.S. authorities before the courts. For these reasons, the Court annulled that agreement.

For how long is my personal data retained?

The retention period of personal data depends primarily on the purpose of processing — since even the simple keeping of the data constitutes processing, which is only permitted when it complies with the processing principles. After the retention period elapses, personal data is deleted.

What are my rights?

The processing of your personal data is associated with corresponding rights of yours which, subject to provisions that may limit their exercise, are:

  • The right to be informed. You have the right to receive clear, transparent and understandable information about how we use personal data and what your rights are. For this purpose we provide the information in this Statement – Privacy Policy and invite you to contact us for any clarifications.
  • The right of access and rectification. You have the right to access, correct and update your personal data at any time.
  • The right to data portability. The personal data you have provided is portable. This means it can be moved, copied or transferred electronically.
  • The right to erasure. If you withdraw your consent to processing at any time, you have the right to request that we delete your data.
  • The right to restriction of processing. You have the right to restrict the processing of your personal data.
  • The right to withdraw consent. If you have given your consent to the processing of your personal data, you have the right to withdraw it at any time by contacting us at the details provided herein.
  • The right to object applies to processing for direct marketing purposes (e.g., receiving promotional emails from us).
  • The right to lodge a complaint with the Hellenic Data Protection Authority. You have the right to lodge a complaint directly with the local supervisory authority — the Hellenic Data Protection Authority — concerning how we process your personal data.
  • Rights related to automated decision-making. You have the right not to be subject to a decision based solely on automated processing which produces legal or other significant effects on you. Specifically, you have the right: to human intervention, to express your view, to receive an explanation of the decision reached after evaluation, and to challenge that decision.

If you exercise any of the rights above, we will take every possible measure to satisfy your request within a reasonable period — and at the latest within one (1) month of the identification of your submitted request — informing you in writing about the fulfillment of your request, or the reasons that may prevent the exercise of the relevant right or the fulfillment of one or more of your rights, in accordance with the GDPR. We note that in some cases the fulfillment of your relevant requests may not be possible, e.g., when satisfying the right conflicts with a legal obligation or with a contractual legal basis for processing your data.

If you nevertheless believe that any of your rights or any legal obligation of DTT relating to the protection of personal data has been violated, and after first having contacted DTT's Data Protection Officer (DPO) on the relevant matter — i.e., you have exercised your rights with DTT and either received no response within one month (extended to two months in the case of a complex request) or judge that DTT's response is unsatisfactory and your matter has not been resolved — you may submit a complaint to the competent supervisory authority, namely the Hellenic Data Protection Authority (HDPA), 1-3 Kifissias Ave., 115 23 Athens, email: complaints@dpa.gr, fax 2106475628.

How is my personal data protected?

We have taken appropriate organizational and technical measures to protect your personal data from misuse, interference, loss, unauthorized access, alteration or disclosure. The measures we use include implementing appropriate access controls, technical information security, and ensuring that personal data is encrypted, pseudonymized and anonymized where necessary and feasible.

Access to your personal data is allowed only to authorized employees and partners of ours, and only where necessary to support DTT's operations, and is subject to strict contractual confidentiality obligations when processing is assigned to and performed by third parties.

How can I contact DTT?

You can contact us at the email address info@dtt-industries.com or submit a request through the Contact form on our website.

Update – Revision of this Personal Data Protection Statement

This statement will be revised as needed to adapt to legislative changes, to respond to the comments and needs of data subjects, and to changes in DTT's products, services and internal procedures. Every change will be published with a simultaneous revision of the last-updated date at the top of this Statement – Privacy Policy. We therefore recommend that you check this website periodically for any policy revisions. To the extent that such changes may affect the consent you have provided, we will inform you specifically.

Governing Law

The governing law is Greek law, as shaped in accordance with the General Data Protection Regulation 2016/679/EU and, more generally, the applicable national and European legislative and regulatory framework for personal-data protection. The competent courts for any disputes relating to your data are the Courts of Thessaloniki.