Statement of the Data Controller "On Personal Data Protection"
The increasing economic and scientific cooperation, as well as mutual provisions for data processing services, have as a consequence the exchange of personal data, a trend reinforced by the growing use of modern means of telecommunication.
For these reasons, it is necessary to process the data carefully.
The Data Controller states that compliance with the principles governing the protection of data for their processing is his purpose, as he is committed to respecting individual rights and privacy of individuals. The Data Controller handles personal data with special care and always in accordance with EU Regulation 2016/679, applicable National Law and applicable law.
The following definitions will apply for the purposes of this Directive:
Data Subject: any natural person whose personal data is the subject of processing by or on behalf of the Company.
Personal Data: any information in relation to an identified or identifiable natural person relating to his/her physical, physiological, psychological, emotional, or economic status, cultural or social identity.
Processing: processing of personal data (“processing”), any work or series of work performed on personal data, such as collection, registration, storage, modification, analysis, use, correlation, blocking(locking), deletion or destruction.
1.Data Controller and Data Protection Officer
2. The Data we process
Following your consent, we process the following common and sensitive personal data that you provide when you interact with the Website https://www.polimorfo.gr and use the services and functions it provides. This data includes in particular the name and surname, contact details, address and content of your specific requests, updates or reports, as well as the additional data that the Data Controller may acquire, including from third parties, in the context of conducting its business activity (“Data”).
In order to be able to fulfill the requests you submit through the contact form and/or to provide adverse event notices, it is necessary to consent to the processing of the data marked with an asterisk (*).
Without this mandatory data or your consent, we cannot proceed any further. Conversely, the information required in fields that are not marked with an asterisk and your consent to receive informational material is optional and their non-provision has no consequence.
In any case, even without your prior consent, the Data Controller may process your data to comply with the legal obligations arising from EU legislation, regulations and law, to exercise rights in legal proceedings, to exercise its own legitimate interests and in all cases provided for, as the case may be, in Articles 6 and 9 of the GDPR.
The processing is performed both by using computers and in printed form and always involves the implementation of the security measures provided by current legislation.
3. Why and how we process your data
- to handle the requests, you submit with the “Form”, to then contact you or to provide information through it. The legal basis for the processing of personal data for this purpose is your consent (Article 6 (1) (a) and Article 9 (2) (a) of the GDPR) and the performance of the contract in which you are a party to as a data subject.
- to manage adverse events reports submitted through the Website or the Forms. The legal basis for processing for these purposes is your consent (Article 6 (1) (a) and Article 9 (2) (a) of the GDPR), as well as the pursuit of any public interest (Article 9 (2)(i) of the GDPR) and legal obligations.
in addition, but only with your optional consent which is the legal basis of the processing in accordance with Article 6 (1) (a) of the GDPR:
- to receive advertising material (direct marketing) from us.
By ticking the appropriate boxes, you agree to the processing of your data for these purposes.
Your data may in any case be processed, even without your consent, for reasons of compliance with the law, regulations, EU legislation (Article 6 (1) (c) of the GDPR, for obtaining statistical data on the use of the Website and its proper operation (Article 6 (1) (f) of the Regulation).
Personal data is entered into the computer system of the Data Controller in full compliance with data protection legislation, including security and confidentiality profiles, and is based on principles of good practice, legality and transparency regarding processing.
The data is stored for as long as it is absolutely necessary to achieve the purposes for which it was collected. In any case, the criterion used to determine this period is based on compliance with the deadlines set by law and the principles of data minimization, storage limitation and rational file management.
All your data will be processed in printed form or by means of automated instruments, ensuring in each case the appropriate level of security and confidentiality.
4. Principles applied during processing
We are authorized to process your personal data in order to provide personalized services, in accordance with the law (Article 6 (1b) of Regulation (EU) 2016/679) and the relevant National Implementing Law. Your personal data is not used for purposes other than those described in the Statement, unless we obtain your prior permission, or unless required to do so or permitted by law.
Personal data is processed in a manner consistent with the purpose for which it was collected. The principle of proportionality applies when processing personal data. Among other things, it creates the obligation not to collect personal data without reason. The personal data used must be accurate and up to date.
Personal data used that is no longer accurate and complete should be corrected or deleted. Except in cases where there is a legal obligation to maintain them for a longer period of time, personal data shall not be stored for a longer period of time than is necessary for the purposes for which they were collected or processed.
The processing of personal data is done according to the principles of good faith. This means that data subjects can rely on data processors to show due diligence on all data processing issues.The processing of personal data is done according to the principles of good faith. This means that data subjects can rely on processors to show due diligence on all data processing issues.
Data subjects whose personal data have been processed will be notified accordingly, if they so request. In particular, they have the right to be informed of the purposes for which their data are processed, the type of data they relate to, as well as the identity of the recipients of the data. Where deemed necessary, data subjects also have the right to request the correction, non-transmission or deletion of their data.
The above rights may be restricted only if this restriction is provided by law. This is especially true when conducting scientific research. In particular, personal data is protected against unauthorized disclosure and any illegal processing. The measures taken ensure a level of security equal to the nature of the data that must be protected and the risks that may arise from processing it.
The data controller is responsible for complying with and implementing EU Regulation 2016/679 and the National Implementing Law. Our employees who deal with the processing of personal data are up-to-date and trained accordingly. Procedures for processing third-party personal data by agreement will be set out in writing, ensuring that the contracting third party safely processes personal data and complies with the principles set forth in this Statement and the EU GDPR. If the third party is deemed to be unable to provide a satisfactory level of personal data security, we will terminate the cooperation.
5. Persons who have access to the data
The Data is processed electronically and manually, according to the procedures and practices related to the aforementioned purposes and is accessible to the staff of the Data Controller which is authorized to process the Personal Data and to the supervisors and especially the employees who belong to the following categories: technical staff, Information and Network Security personnel and administrative staff, as well as other staff members who must process the data to perform their duties.
Data may also be disclosed to countries outside the European Union (“Third Countries”): i) to institutions, authorities, public bodies for institutional purposes, ii) to professionals, independent advisers – whether working individually or collectively – and other third parties and providers that provide the Data Controller with commercial, professional or technical services required for the operation of the Website (e.g. provision of IT services and Cloud Computing) for the purposes mentioned above and to support the Data Controller in providing the services you requested , iii) to third parties in case of mergers, acquisitions, transfers of companies or their branches, audits or other extraordinary actions The mentioned recipients receive only the necessary data for their respective functions and duly undertake their processing only for the purposes mentioned above and in accordance with the data protection laws.Data may also be disclosed to other legal recipients as determined by applicable law from time to time.
With the exception of the above, the Data will not be disclosed to third parties, natural or legal persons, who do not perform commercial, professional or technical duties for the Data Controller and will not be disseminated. The data recipients will process the data, as appropriate, as Data Controllers, Data Processors or authorized persons to process personal data for the purposes set out above and in accordance with applicable data protection legislation.
With regard to the transfer of data outside the EU, even to countries whose laws do not guarantee the same level of data privacy protection as provided by EU law, the Data Controller notifies that the transfer will take place in any case via the methods allowed by the GDPR, such as for example on the basis of the user’s consent, on the basis of standard contractual clauses approved by the European Commission, by selecting parties participating in international programs for the free movement of data (e.g. . EU-US Privacy Shield) or which are implemented in countries considered safe by the European Commission.
6. Your rights
- Right to information about your personal data: Upon your request, we will provide you with information about the personal data we hold about you.
- Right to correct and complete your personal data: If you notify us, we will correct any inaccurate personal data concerning you. We will fill-in incomplete data if you notify us, provided that this data is necessary for the purposes of processing your data.
- Right to delete your personal data: Upon your request, we will delete the personal data we hold about you. However, some data will only be deleted after a specified retention period, for example because in some cases we are required by law to retain the data, or because the data is required to fulfill our contractual obligations to you.
- Right to block your personal data: In some cases provided by law, we will block your data if you request it. Further processing of blocked data occurs only in a very limited extent.
- Right to withdraw your consent: You may at any time withdraw your consent for the processing of your personal data in the future. The legitimacy of the processing of your data remains unaffected by this action, up to the point that your consent is withdrawn.
- Your right to object to the processing of your data: You may at any time object to the processing of your personal data in the future, if we process your data on the basis of one of the legal grounds provided for in Article 6 (1e or 1f) of Regulation (EU) 2016/679. If you object, we will stop processing your data, provided that there are no legitimate reasons for further processing. The processing of your data for advertising purposes does not constitute a legitimate reason.
7. Security of Personal Data
The Data Controller implements specific technical and organizational security procedures in order to protect personal data and information from loss, misuse, modification or destruction. Our associates who support us in the operation of this website also comply with these provisions.
The Data Controller makes every reasonable effort to retain the personal data collected only for the period of time for which this data is needed for the purpose for which it was collected or until their deletion is requested (if this happens earlier), unless it continues to retain them in accordance with the legislation in force.
8. Reviews of the Statement
We reserve the right to amend or revise this Statement periodically, at our sole discretion. In the event that changes are made, the Data Controller will record the date of amendment or revision to this Statement and the updated Statement will be valid for you from that date. We encourage you to review this Statement from time to time to see if there are any changes to the way we handle your personal data.
This is a Statement of Compliance with the provisions of EU Regulation 2016/679 and the National Implementing Law.