PERSONAL DATA POLICY
The company Berlin Packaging – TC ROM, recognizes and respects the rules for the protection of personal data of individuals and for this reason proceeded to the drafting and announcement of this policy, in accordance with the provisions of national, European and international law, regarding by protecting the natural person from the processing of personal data.
With its current policy, the company under the name “Berlin Packaging – TC ROM”, located in Bucuresti, determines and notifies the terms under which, acting as defined by law as” Processor “, processes your personal data when collecting your data, in its physical store and branches, as well as when you visit its website or the mobile applications (Apps).
Field of application
Personal Data Policy is in accordance with the terms of European Regulation 679/2016 and any other relevant applicable legislation.
This policy applies to the transactions of individuals with the physical stores of the company as well as to the information provided through the company and her website.
What is personal data
Personal data are the data that can be used to determine the identity of the natural person (ex. name, telephone, VAT number, etc.)
What does personal data processing mean?
Processing is any operation or series of operations performed with or without the use of automated media, on personal data or on personal data sets, such as the collection, registration, organization, structure, storage, adaptation or alteration, retrieval of information, use, disclosure by transmission, dissemination or any other form of disposal, association or combination, restriction, deletion or destruction.
Is it mandatory to provide your personal data?
The provision of your personal data to the company may be necessary to achieve the intended purposes or be optional.
If you refuse to provide information necessary for the Implementation of the contract, it will be impossible to achieve the main purpose for which the specific data is collected. The provision of additional, in addition to the mandatory data, is optional and does not have consequences for the main purposes of data collection, since their provision is used exclusively for communication, information and optimization of the services provided.
What personal data do we collect?
We take care to collect only your absolutely necessary personal data, which are appropriate for the purpose for which they are intended and specifically we collect:
• The personal data (name, address of commercial activity, VAT number) required for the implementation of the contract between us.
• Data regarding the method of payment for the transactions you make with us.
• e-mail address and telephone number for general communication (ex. sending personalized offers, newsletters about new products, promotions, updates for participation in exhibitions, etc.)
• The data you provide to us when you subscribe to the news letter (name and mail)
• Traffic data of our website. Your social media username, if you interact with us through these channels, to help us respond to your comments, questions or comments.
We may, if required, collect:
• Financial data and commercial information concerning the creditworthiness of the natural person, with the sole purpose of the legal support of the legal interest of the client, but also the consolidation of financial transactions, in accordance with law.
How do we use your personal data?
The company processes your personal data
• To fulfill the contractual relationship, in order to process the sale of products and / or services, to serve its legal interests and its operation, to comply with its legal obligations and possibly to exercise or oppose legal requirements.
• To create a user account on its website.
• For communication purposes.
• To send a newsletter. With your consent, we will use your personal data to inform you via e-mail about our products, services and actions.
What is the legal basis for the processing of your data by the company?
The data protection regulation sets out the reasons why the company may collect and process your personal data. These reasons are:
• Implementation of the contract of which you are a party.
• Serving the legal interests of the company
• Compliance with the company’s legal obligations
• Your consent, for the reasons for which it is provided.
Who are the recipients of your Data?
Access to your data is provided by the competent supervisory authorities, the absolutely necessary personnel of the company, which is bound by confidentiality and the companies or third party service providers associated with us, who process your data as processors on our behalf and in accordance with our orders and subject to the observance in any case of confidentiality and in particular:
• Administrative, Insurance, Tax and Judicial Authorities
• IT Application Maintenance Service Providers
• Service providers, who under the legal conditions undertake the processing of financial and commercial information concerning the creditworthiness of the natural person, for the sole purpose of legally supporting the legitimate interest of the customer, but also the resolution of financial transactions, in accordance with the law.
• Private Insurance Organizations of the European Union, licensed and operating legally, to which the company insures its customers, in case of non-payment of debts.
• Credit and Financial Institutions of the European Union, licensed and operating legally
• Chartered accountants
How do we ensure that Processors respect your Data?
The processors on our behalf are contractually committed to the company:
• to maintain confidentiality,
• not send your data to third parties without the permission of the company,
• take appropriate security measures,
• comply with the legal framework for the protection of personal data and in particular Regulation 979/2016 / EU.
How long do we keep your Data?
We keep your personal data for as long as required by Greek and European Legislation and until the completion of the contract of sale, or provision of services, in paper and / or electronic form and in addition for as many years as required after its expiration, until the completion of the time limitation period of the right of the Greek State to carry out regular inspections and to impose fines on relevant violations.
Especially in case of submission of a bid, which in the end does not result in the conclusion of a contract, the data will be kept for a period not exceeding five years.
In case of any initiation of legal actions of any kind that directly or indirectly concern the signatory hereof, the above data retention period is suspended throughout their duration and until the issuance of an irrevocable court decision.
Is your Data secure?
For the security of your personal data, the company takes all appropriate organizational and technical measures to protect both its physical and electronic files, from accidental or unauthorized destruction, accidental loss, alteration, prohibited dissemination or access and any other form of improper processing. .
The company uses a high fidelity program. There is a classification of users with access according to their responsibilities and with an individual access password. The database is encrypted. The database is backed up in the cloud and is encrypted.
The above measures shall be reviewed and amended as necessary.
In any case, you have complete control over your personal information, which you provide and receive to us, for the above purposes.
The company will in no case make available for sale, will not transfer in any way, and will not disclose personal data of its customers, without consent, except to the competent authorities, when required by law.
The company undertakes not to process your personal data for purposes other than those for which they have been collected and disclosed to you.
What are your rights to access and manage your personal data and your choices?
According to the provisions of national, EU and international law, you have the right to request:
a copy of the personal data which are or have been processed (right of access),
to object at any time and to object to the processing of the data concerning you, (right to object),
request a correction (right of correction), or deletion of your data (right to be forgotten), provided that this is not contrary to law
request the company to transfer your data directly to another controller (portability right).
The above actions are performed by us, once your request and identity are identified, and within a reasonable period of time, which will not exceed 30 days.
Sending e-mails and news letter
You may or may not at any time allow us to send you emails and news letters for advertising purposes.
You may withdraw any consent you have given us regarding the processing of your personal data, provided that it does not conflict with the law or our legitimate interests. We will comply with your request within a reasonable time.
How can you contact us?
If you wish to file a complaint regarding the way we process your personal data, please contact the data protection officer at mail [email protected]
If you are not satisfied with our answer or you believe that we do not process personal data in accordance with the law, you can file a complaint to the competent Greek Personal Data Protection Authority (www.dpa.gr, Kifisias str 1-3 Athens, tel.2106475600).
Applicable Law is the Greek Law, as formulated according to the General Regulation for the Protection of Personal Data 2016/679 / EU, and in general the current national and European legislative and regulatory framework for the protection of personal data. The courts of Larissa become responsible for every dispute.
This policy may be renewed from time to time due to changes in the relevant legislation or changes in the structure of the company. We therefore encourage our customers / users to periodically check this page for the latest information on privacy practices.
Information on the processing of personal data through a video surveillance system
Berlin Packaging – TC ROM, Bd. Libertatii Nr 10, Bl. 114, Sc 2, Et 5, Ap 34 Sector 4, Bucuresti, 040129
2. Purpose of processing and legal basis:
We use a video surveillance system to protect people entering or working on the premises of the company, to protect the assets of the company, as well as to prevent illegal acts. The processing is necessary for the purposes of the legal interests we pursue, in our capacity as the controller, in accordance with article 6 par. 1. f of the GDPR.
3. Analysis of legal interests
Our legitimate interest consists
on one hand, and as a matter of priority, on the need to protect the life, physical integrity, health and property of our employees, but also of all persons legally entering in the monitored area,
on the other hand the need to protect our space and the property located in it
from illegal acts, such as thefts, fires, sabotage, violence.
We only collect image data and restrict its download to areas where we have assessed that there is an increased likelihood of illegal activity, without focusing on areas where the privacy of the person being photographed may be severely restricted, including their right to be respected.
4. Personal data recipients
The kept material is accessible only by our competent / authorized personnel, who are in charge of the security of the space. This material shall not be passed on to third parties, except in the following cases: competent judicial, prosecutorial and police authorities when requesting data, lawfully, in the performance of their duties, and to the victim or perpetrator of a crime, in the case of data which may constitute evidence of the act
5. Compliance time
We keep the data for a maximum of fourteen days, after which they are automatically deleted. In the event that during this period we find an incident, we isolate part of the video and keep it for another month, in order to investigate the incident and initiate legal proceedings to defend our legal interests, while if the incident concerns a third party we will keep the video for up to three more months.
6. Rights of data subjects
Data subjects have the following rights:
Right of access: you have the right to know if we are processing your image and, if applicable, to receive a copy.
Restriction right: you have the right to ask us to restrict processing, such as not deleting data that you deem necessary to establish, exercise or support legal claims.
Right of objection: you have the right to object to the processing.
Right to delete: you have the right to request that we delete your data.
You can exercise your rights by sending an e-mail to [email protected], or a letter to our postal address or by submitting the request to us in person, to the staff address of the company. To consider a request related to your image, you should tell us about when you were within range of the cameras and give us a picture of you to make it easier for us to locate your data and hide the data of third parties pictured . Alternatively, we give you the opportunity to visit our facilities by appointment, to show you the images in which you appear. We also note that the exercise of the right of objection or deletion does not imply the immediate deletion of data or the modification of the processing. In any case, we will answer you in detail as soon as possible, within the deadlines set by the GDPR.
7. Right to file a complaint
In case you consider that the processing of the data concerning you violates Regulation (EU) 2016/679, you have the right to file a complaint to a supervisory authority.
Competent supervisory authority for Greece is the Data Protection Authority, Kifissias 1-3, 115 23, Athens, https://www.dpa.gr/, tel. 2106475600.