WEBSITE TERMS OF USE

Who we are – what we do www.aria.gr

Any Links we may have to third-party websites are provided for your convenience and we are not responsible for their posts and content.

Copyright applies to part or all of the texts, while their reproduction without our prior approval is strictly prohibited.

We do not provide any support during your browsing of our website and take no responsibility for any person’s connection to our websites.

Applicable law. Any dispute related to our website is subject to the jurisdiction of the Courts of the city of Athens.

 

PERSONAL DATA PROTECTION POLICY

1. Protection & Processing of Personal Data

Our company «NEW CUST S.A.», which makes exclusive use of the ARIA FINE CATERING brand, has fully conformed with the provisions of national and European legislation on personal data protection, namely the Regulation 2016/679 of the European Parliament and the Council on the protection of natural persons with regard to the processing of personal data («General Data Protection Regulation» – hereinafter the «Regulation»), as in force.

To refer to the text of the Regulation: https://eur-lex.europa.eu/legal-content/EL/TXT/HTML/?uri=CELEX:32016R0679&from=EL) This Privacy Policy (hereinafter the «Policy») aims to generally inform you about the processing of your personal data on behalf of «NEW CUST S.A.».

1.2 Definitions

Some of the terms appearing in this policy bear a legal meaning and are defined by the applicable statutory provisions. Specifically: Personal data means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. But even to more personal information such as habits, preferences, biometric data, etc. From May 25, 2018 on, every company that deals with personal data concerning living natural persons, within the EU, is obliged to fully comply with the EU Regulation 679/2016, with regard to the protection of personal data. The validity of the Regulation is immediate in all EU member states. Data collection is a form of processing, as is recording, organization, structuring, storage, alteration, retrieval, consultation, use, disclosure, erasure or destruction. The company, through the Privacy Policy, informs natural persons about the processing of their Personal Data, thus helping natural persons to make informed decisions about their relationship with the company. More about the definitions can be found in article 4 of the Regulation (https://eur-lex.europa.eu/legal-content/EL/TXT/HTML/?uri=CELEX:32016R0679&from=EL)

1.3 Principles governing the collection and processing of your data

The collection and processing of personal data by IFET is governed by the following principles, as further specified in the Regulation (article 5): Lawfulness, fairness, transparency. Purpose limitation. Data minimization. Accuracy. Storage limitation. Integrity and confidentiality.

1.4 Privacy Policy

The company needs to collect Personal Data (i.e. personal information) to effectively carry out day-to-day business operations and services and, in some cases, to comply with the requirements of applicable laws and/or regulations. The Privacy Policy states our compliance with the Regulation for the Protection of Personal Data but also our respect for the protection of privacy and security of personal data. Additionally, it aims to inform natural persons (you) about the Personal Data we collect and process, for what purpose, how and for how long, to ensure that natural persons are aware of their rights as well as our obligation to accountability and security, to provide an easy and clear means of securing your consent, as a legal basis for the processing of Personal Data, and, at the same time, to give you the option to withdraw this consent at any time. This Privacy Policy was posted on the company’s website on 03.08.2018 and replaces any previous posting / version. The Privacy Policy applies to any natural person who has or intends to have any kind of cooperation with us in general.

2. The Personal Data we process

The personal data collected and processed by the Company as a controller are those absolutely necessary and suitable for the achievement of our intended purposes. Specifically, the Company currently collects and processes, on its behalf, the following personal data:

Of its employees, in accordance with the «Employee Privacy Policy» (which has already been notified to everyone on an individual basis)

Of customers, associates and suppliers (see the respective Policy)

Image data and visual material from closed circuit television (CCTV) and security cameras in the surrounding area of ​​New Cust S.A.’s facilities.

Data related to requests you have submitted to exercise your rights or express your complaints.

Finally, the Company collects and stores the personal information of its customers in the context of carrying out orders. It does not conduct this processing on its behalf.

Purposes of personal data processing

The personal information collected by the Company is used for the following purposes:

(a) For the carrying out of the Company’s activities in accordance with article 6 of its Articles of Association and for the provision of specialized services in particular.

(b) For the Company’s compliance with its legal obligations.

(c) For the legal conclusion of contracts with third parties, so that it can meet the legal and contractual obligations imposed by those contracts.

(d) For the Company to be able to manage employment contracts with its staff.

(e) For the safeguarding and protection of the legal interests of both natural persons and the Company. e.g. we use closed circuit television (CCTV) and security cameras in the surrounding area, in order to be able to protect the safety of individuals, materials, facilities.

(f) For the sending of newsletters.

(e) For the communication between us – upon prior identification – and the management of your requests, whether related to personal data protection issues or to the quality of our services.

It is pointed out that the Company does not apply an automated decision-making process.

Furthermore, every time you call us, visit our website, cooperate with us, ask questions or request our cooperation, we may ask you for information (i.e. Personal Data such as: name, address, email, telephone, etc.) depending on the type of our relationship.

It is also possible that you may choose to voluntarily provide us with additional Personal Data (such as in the case of sending a CV) or additional information (such as tax or commercial information, in the context of getting informed or exploring the potential for cooperation).

We collect information, directly or indirectly, in the following ways:

Information that you send or provide us with, when communicating with us or visiting our website, by electronic or other means.

Information we receive when you use our services or the services of our associates.

We use various technologies to collect and store information and these may include the use of technologies such as cookies (also see §7).

We may use information from advertising networks, our customers or third parties in order to inform you about specific services that may be of interest to you.

For more information on how you can access, manage, amend or delete information, see sections 5 & 6 below.

3. How we use the Personal Data

The Company collects and processes your personal data through its authorized employees and associates. The collection of personal data is carried out by both physical and electronic means, as the case may be, by the data subjects themselves or by third parties and as described in each individual Policy in general.

We use the information we collect (as described above), in connection with the consents you have provided us with, to:

  • process your order and complete the shipment of the product,
  • be able to provide you with individualized and updated services and/or products;
  • contact you to inform you about new services or products that may be of interest to you;
  • process your payment or prevent or detect potential fraud;
  • respond to any questions that you have asked us,
  • implement the framework of this Privacy Policy.

Every time you contact us we keep a record of your communications, so that we can resolve any issues you may have.

We do not allow unauthorized entities to access your information without your consent.

All of the above requires your consent (see sections 5 & 8 below).

4. Who we share your Personal Data with

The Company «NEW CUST S.A.» transmits – as the case may be – the personal data it processes to third parties, in the context of contracts it has signed and that may refer to the execution of a certain project or the provision of independent services on behalf of the Company (e.g. transport companies, storage company, software management). The Company enters into a special contract, ensuring that your personal data is processed in accordance with the applicable legal framework. These third parties are contractually obligated to the Company to only use the personal data for specific, contractually defined purposes and to neither transmit nor share your personal data with third parties, unless this is required by law.

The Company «NEW CUST S.A.» may transmit your personal data to law firms and bailiffs, for the establishment, exercise or support of its legal claims.

The Company does not disclose or share Personal Data with companies, organizations or individuals outside of our company, unless one of the following applies:

With your consent: We share your personal information with companies, organizations and individuals when we have your express consent (see sections 5 & 8 below).

For external processing: We provide personal information to our outside contractors and to businesses or individuals we trust to process it for our own use, based on our instructions and in accordance with our Privacy Policy and any other confidentiality and security measures, such as the EU Regulation 679/2016.

For legal purposes: We share personal information with relevant public agencies when reasonably necessary and to comply with laws, regulations, legal processes or government requests.

5. Your rights & our obligations

5.1 Legal basis for personal data processing

The Company «NEW CUST S.A.» processes your personal data in a transparent manner, according to the principles of lawfulness, proportionality, confidentiality and integrity, purpose limitation and accuracy, specific data retention time and data minimization.

The legal basis for processing your personal data per case may be:

(a) your consent, i.e. any freely given, specific, unambiguous and informed indication of will, by which the natural person states their agreement to have their personal data processed,

(b) the necessity to process your data in the context of performing our contractual obligation or at the pre-contractual stage,

(c) the necessity to process your data in the context of safeguarding our legal interests,

(d) the necessity to process your data in the context of compliance with a legal obligation of ours,

(e) the necessity to process the data to protect your vital interests.

5.2 Your rights

Our customers, the users of our services and the visitors to our website enjoy certain rights within the framework of the Data Protection Regulation (which should not be in conflict with the relevant legislation). These rights of natural persons (you) are:

  • Right to access their personal data
  • Right to rectify their personal data
  • Right to erase their personal data
  • Right to restrict the processing of personal data
  • Right to information regarding the rectification or erasure or restriction of processing of their personal data
  • Right to portability of their personal data
  • Right to object to the processing of personal data
  • Right to object to automated individual decision-making including profiling.

Please refer to the Rights Exercise Form (see form)

5.2 Our obligations

Our obligations include:

The principle of accountability, regarding the 6 principles governing the processing of personal data (lawfulness, objectivity and transparency, purpose limitation, personal data minimization, personal data accuracy, specific data retention time, security, integrity and confidentiality).

Any personal data processing is lawful only if one of the 6 following conditions applies:

  1. the data subject has consented to the personal data processing
  2. the personal data processing is necessary for the performance of a contract, where the subject is a contracting party
  3. the processing is necessary for the controller to comply with a legal obligation of theirs
  4. the processing is necessary to safeguard the vital interest of the natural person
  5. the processing is necessary for the fulfillment of a duty in the public interest or the exercise of public authority delegated to the controller
  6. the processing is necessary for the purposes of the legitimate interests pursued by the controller or a third party, unless the interest or fundamental rights and freedoms of the natural person prevail.

Furthermore, we apply the appropriate technical and organizational measures to protect the company and our associates from unauthorized access or alteration, violation or destruction of the personal data in our possession.

Specifically:

We encrypt many of our services. We control the data collection and the storage and processing practices, including physical security measures, to protect against unauthorized access to systems and processes.

Access to personal information is limited and controlled, and the individuals involved are subject to strict contractual obligations of confidentiality.

In the event that outside contractors (for reasons of maintenance or support) may have access to personal data, relevant appendices to the existing cooperation contracts shall cover the requirements of the Regulation.

Throughout the personal data processing cycle (from the personal data collection to their destruction) we apply appropriate technical and organizational measures to ensure the confidentiality, integrity and availability of the personal data. We require similar measures to be applied by third parties who handle or process personal data.

Our services, products and website are not addressed to children under the age of 16. We do not, to our knowledge, process the personal data of children under the age of 16.

6. Access to your personal data and getting informed

Within the framework of your rights according to the Regulation, you can ask for information about your personal data or request the rectification or the restriction of processing or the erasure of your personal data (see your rights in detail in section 5.1).

You can exercise your rights by sending an email to the address listed in the «Methods of Communication» section (section 9), asking for the Subject Access Request (SAR) form, to complete and return it to us. We are obliged to respond within one month of receiving your request.

The rights of the natural person can always be exercised within the framework of the existing legislation (such as the tax or labor legislation).

Every time you use our services, our goal is to provide you with the ability to access your personal data. In case this information is incorrect, we strive to provide you with ways to quickly update or erase it – unless we need to retain this information because we are required to do so by law or for legal purposes.

7. Information Security

The Company conducts the personal data processing in a way that ensures their security. Specifically, it is carried out exclusively by the Company’s staff that is authorized for this purpose, while all appropriate organizational and technical measures are taken to protect the subjects’ personal data from accidental or unlawful destruction or loss, alteration, dissemination or unauthorized access.

We indicatively mention that all of the staff employed by the Company are bound by an agreement of secrecy, confidentiality and protection of the privacy of your data in question, while any third parties, to whom personal data are transmitted (see below), are contractually obligated to the Company to only use the personal data for specific, contractually defined purposes and to neither transmit nor share your personal data with third parties, unless this is required by law.

8. Your consent and its withdrawal

Our company, in the context of:

  • The Privacy Policy
  • Its compliance with the Data Protection Regulation (EU 679/2016) and the relevant national legislation
  • Respect for the protection of personal data privacy and security

may request your written consent (opt-in) for the collection and processing of your personal data, in accordance with what is stated in this Privacy Policy.

Your consent is given for specific purposes and may be withdrawn (per purpose and in general) at any time by contacting us using the details listed in the next paragraph (Methods of Communication).

The company will only collect and process personal data when it can lawfully do so, such as in the cases of (a) applicable law provision, (b) processing necessary for the performance of a contract where the natural person is a party, (c) processing necessary for the controller to comply with a legal obligation of theirs, (d) processing necessary to safeguard the vital interest of the natural person, (e) processing necessary for the purposes of the legitimate interests pursued by the controller or a third party, unless the interest or fundamental rights and freedoms of the natural person prevail.

You may be asked to provide us with additional consent in case your personal data is to be used for purposes not stated in this Privacy Policy.

 

9. Transmission to third countries and/or international organizations

No such transmission takes place.

10. Personal Data Retention Period

The personal data retention period, for simple and sensitive data, is indicated by category of data in the PERSONAL DATA RETENTION POLICY. (see form)

Where can you turn in case we breach the applicable Personal Data Protection Law?

You have the right to file a complaint with the Hellenic Data Protection Authority (post address 1-3 Kifisias Avenue, P.C. 115 23, Athens, tel. 210. 6475600, e-mail contact@dpa.gr), in case you believe that your Personal Data processing violates the applicable national law and the regulatory legal framework for the protection of personal data in general.

Data Protection Officer (DPO) contact details

For any request related to the processing of your personal data, according to the above, please address the Data Protection Officer (DPO) of the Company «New Cust S.A.», Panagiotis Giannakos, email: pg@aria.gr, Tel: 210 9656388

Changes to this Personal Data Protection Policy

The Company «New Cust S.A.» may unilaterally and periodically revise this Policy, so that it reflects the current state of personal data processing, and so it does. We encourage you to periodically refer to this Policy in order to be informed about how we manage and process your personal data.

Next are:

Cookies policy

Privacy Policy

Form for the Exercise of Data Subject’s Rights

Statement on the Processing of Personal Data of Customers, Associates & Suppliers