Personal data protection policy - Greximo

1. Introduction

The purpose of this document is to familiarize you with the ways in which we at “Greximo” collect, process, provide and protect your personal data, which you provide us as users of the Internet platform http://greximo.gr/, such as our customer, partner or counterparty.

Greximo is a commercial company registered in the Commercial Register of the Registration Agency with EIC 206593823, with headquarters and address for correspondence in the city of Sofia, Tri Kladentsi Street No. 5, office 2, which collects, processes and stores your personal data at the terms of this Policy.

“Greximo” is a personal data controller within the meaning of Regulation (EU) 2016/679. We consider the protection of personal data to be our main commitment, collecting, processing and storing your data in accordance with Regulation (EU) 2016/679 “The General Regulation of the EU on data protection” of the European Parliament and of the Council of 27.04.2016, as well as the “Personal Data Protection Act” (PDPA).

The rules of the General Regulation apply to all data controllers established in the EU who process personal data of natural persons in the context of their activity. It also applies to non-EU controllers who process personal data for the purpose of offering goods and services or if they monitor the behavior of data subjects residing in the EU. The principle is that the rules of “follow” the personal data of data subjects who are located in the European Union.

2. Basic concepts

2.1. “Personal data” is any information relating to an identified natural person or an identifiable natural person (“data subject”); an identifiable natural person is a person who can be identified, directly or indirectly, in particular by an identifier such as a name, an identification number, location data, an online identifier or by one or more characteristics specific to the physical, the physiological, genetic, psychic, mental, economic, cultural or social identity of that natural person.

2.2. “Special categories of personal data” – personal data revealing racial or ethnic origin, political views, religious or philosophical beliefs, or membership in trade union organizations and the processing of genetic data, biometric data for the unique identification of a natural person, data relating to health or data regarding an individual’s sex life or sexual orientation.

2.3. “Processing” – means any operation or set of operations performed on personal data or a set of personal data by automatic or other means such as collection, recording, organization, structuring, storage, adaptation or modification, retrieval, consultation, use, disclosure by transmission , distribution or other way in which the data is made available, arranged or combined, restricted, deleted or destroyed.

2.4. “Administrator” – any natural or legal person, public body, agency or other structure that alone or jointly with others determines the purposes and means of processing personal data; when the purposes and means of such processing are determined by EU law or the law of Member State, the controller or the special criteria for its designation may be laid down in Union law or in the law of a Member State.

2.5. “Data subject” – any living natural person who is the subject of the personal data stored by the Administrator.

2.6. “Consent of the data subject” – any freely expressed, specific, informed and unequivocal indication of the will of the data subject, by means of a statement or a clear affirmative action, which expresses his consent to the personal data relating to him being processed.

2.7. “Child” – The General Regulation defines a child as anyone under the age of 16, although this may be reduced to 13 years by Member State law. The processing of a child’s personal data is only lawful if a parent or guardian has given consent. The administrator makes reasonable efforts to verify in such cases that the holder of parental responsibility for the child has given or is authorized to give consent.

2.8. “Profiling” – any form of automated processing of personal data, consisting in the use of personal data to evaluate certain personal aspects related to a natural person, and more specifically to analyze or predict aspects related to the performance of that individual’s professional duties, economic status, health, personal preferences, interests, reliability, conduct, location or movement.

2.10. “Personal Data Security Breach” – a security breach that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access to personal data that is transmitted, stored or otherwise processed.

2.11. “Principal place of establishment” – the controller’s seat in the EU will be the place where it makes the main decisions about the purpose and means of its data processing activities. In relation to the personal data processor, its main place of establishment in the EU will be its administrative centre. If the controller is based outside the EU, it must appoint a representative in the jurisdiction where the controller operates to act on behalf of the controller and deal with supervisory authorities.

2.12. “Recipient” – a natural or legal person, public body, agency or other structure to which the personal data is disclosed, regardless of whether it is a third party or not. At the same time, the public authorities that may receive personal data within the framework of a specific investigation in accordance with the law of the Union or the law of a Member State, are not considered “recipients”, the processing of these data by the specified public authorities complies with the applicable data protection rules according to the purposes of the processing.

2.13. “Third party” – any natural or legal person, public body, agency or other body other than the data subject, the controller, the personal data processor and the persons who, under the direct supervision of the controller or the personal data processor, have the right to process the personal data .

3. Which categories of personal data do we process and what information do we collect about you?

“Greximo” collects the personal data of the data subjects for the implementation of its economic activity, during and on the occasion of the conclusion and execution of contracts with them, for the purposes of direct marketing, as well as when registering on our web platform – http://greximo .gr/.

We process the following personal data provided by you, individually or in combination with each other, depending on the specific purposes:

three names – first name, last name, last name;
Personal identification number
town, address,
e-mail address (e-mail);
contact phone number;
identity document number, date of issue, validity and issuer;
data,
collection upon payment (credit or debit card number, bank account and other banking and payment information collected upon and processed in connection with making a payment);
cookies
IP address when visiting our websites;

4. On what basis do we process your personal data?

4.1. We process your personal data only in accordance with current legislation. Regulation (EU) 2016/679 sets out the rules regarding the protection of natural persons in relation to the processing of personal data, as well as the rules regarding the free movement of personal data. The regulation protects fundamental rights and freedoms of natural persons and, in particular, their right to protection of personal data.

4.2. Regulation (EU) 2016/679 and this policy apply to all functions of processing personal data, including those carried out regarding personal data of customers, employees, suppliers and partners and any other personal data that “Greximo” EOOD processes from various sources.

4.3. We process personal data in good faith, transparently and only for lawful purposes. The processing of personal data will not exceed the period necessary to achieve these purposes, unless we are required to retain it in accordance with applicable law.

4.4. We respect the rights that data subjects have under data protection legislation, including the right to access personal data, the right to correct personal data and others.

4.5. We have implemented the necessary technical and organizational security measures to ensure the protection of data subjects’ personal data from accidental or intentional destruction, or from accidental loss, from unlawful use, modification or distribution, as well as from other unlawful forms of processing.

4.6. “Greximo” guarantees that only authorized persons can have access to the data, and that it is necessary for this person to have knowledge of this data in order to fulfill his obligations arising from or related to his/her work.

4.7. With your consent, we process your personal data in order to provide you with services that most accurately correspond to your interests and searches and are directed specifically to you.

4.8. For direct marketing purposes. When subscribing or with your prior consent to receive from us (e-mail, SMS, telephone or social networks) current offers, new or promotional services of a company, as well as news with interesting content for you.

4.9. Processing inquiries and requests/contracts for the products/services provided by the company or for supplies of goods and services for the needs of the company, as well as the relations that arise on this occasion;

4.10. Sending greetings and compliments for name days, birthdays and professional holidays;

4.11. For the inclusion in surveys for the study of customer satisfaction with the services used.

4.12. Information about the type and content of the contractual relationship, as well as any other information related to the contractual relationship (letters, appeals, requests, complaints and other feedback we receive from you);

5. Can you refuse to provide personal data and what are the consequences?

In order to conclude a contract with you, we need certain data necessary for its conclusion and execution.

If the following data are not provided by you, the possibility of “Greximo” to conclude a contract and/or to provide you with our services is prevented:

three names, personal identification number, address;
three names, social security number, address and other details of an attorney specified in the document with which you authorized him to represent you;
identity document number, date of issue, validity and issuer;

“Greximo” collects personal data from you as data subjects upon and in connection with the conclusion and performance of its contracts with you. Certain data is automatically generated and sometimes data is provided by third parties. Also, in the case of concluded contractual relations with you, if necessary, we can also obtain information from registers that are publicly available (For example, commercial and property register)

We do not collect on any occasion the so-called “Special categories of personal data”: financial status data; sensitive personal data, information related to origin; political, religious and other beliefs; Health status; criminal record; participation in trade union and political organizations.

6. Storage of collected personal data

Greximo” guarantees you that it does not store personal data in a form that allows the identification of data subjects for a longer period than is necessary, in relation to the purposes for which the data were collected, or to comply with the requirements of the current the legislation. In the case of data processing based on consent, personal data will be processed until consent is withdrawn.

After the expiration of the terms for processing personal data, they are anonymized or deleted/destroyed, unless:

They are data on completed orders such as invoices, protocols, or other payment documents. They are stored and subject to the current legislation in the Republic of Bulgaria.
It is data for direct marketing purposes. They are stored until the consent to processing is withdrawn.
They are necessary for provision in judicial, arbitration, administrative or enforcement proceedings. In this case, the data must be kept until the termination of the proceedings and after the expiry of the statutory limitation period.

7. Categories of persons who can access your data

7.1. Related persons in their capacity as administrators or processors of personal data – providers of auxiliary services, persons and providers of services in the field of information technologies, other experts and consultants.

7.2 Transport and courier companies for sending or delivering paper contracts or other documents in connection with the performance of our contractual obligations.

7.3. The banks servicing the payments made by you.

7.4. Security companies holding a license to carry out private security activities, processing video recordings from “Greximo” sites and/or maintaining other registers in the process of ensuring the access regime in them.

7.5. In certain legally established cases of competent authorities that have the authority to demand from “Greximo” the provision of information, including personal data, such as the National Revenue Agency or law enforcement authorities.

8. What are your rights as a data subject?

• To be informed in connection with the processing of your personal data – content of the information we have, as well as sources from which it was obtained;

• Request access to them; right of access to your personal data processed by the administrator;

• Request their addition or correction if you believe they are inaccurate;

• To request the deletion, anonymization or restriction of the processing of your personal data. The so-called “Right to be forgotten” and the deletion of personal data that is processed unlawfully or with a lost legal basis (expired storage period, withdrawn consent, completed original purpose for which they were collected, etc.);

• To request their blocking (restriction of their processing); right to limit processing in the event of a dispute between the administrator and the person regarding the legality or accuracy of the processed personal data until its resolution and/or for the establishment, exercise or defense of legal claims;

• Request that we transfer your personal data to another person;

• Right to object to the processing of your personal data on grounds, if it is processed on the basis of legitimate interest, public interest or official authority;

You have the right at any time and without the need to motivate yourself to withdraw your consent to the processing of data in connection with the purposes of direct marketing – the receipt of electronic messages containing advertisements, news, analysis and market research.

If you wish to exercise any of your rights or have questions regarding the processing of your personal data, please contact us at the contacts specified in this Privacy Policy. You can also send a request to our e-mail οoffice@greximo.com, specifying an e-mail address, contact telephone numbers, as well as clearly indicating what information you would like to receive if it is necessary for us to correct, add or delete.

We at “Greximo” provide conditions to guarantee the exercise of these rights by the data subject. Data subjects have the right to make requests, submit complaints to the indicated correspondence addresses, which will be considered within a reasonable time.

The Company reserves the right to amend or update this Privacy Policy for any reason, including changes in current legislation, changes in specified regulations, instructions, opinions and others. Any changes to this Privacy Policy will be announced in advance by posting on our site http://greximo.gr/.

9. “Cookies” management policy.

9.1. What are cookies?

The electronic platform of the greximo.com site uses data files or so-called cookies. They are small text files that temporarily store information about your actions as a user, your preferences, web search requests, what sites you’ve visited, ads you’ve seen, and more. They are stored on the computer or mobile device you use for a certain period of time depending on their type. This information may include device type and ΙP address, browser used. Cookies help to make the website more convenient by saving users from having to enter their preferences each time they visit the site or move from one page to another. Cookies allow the website to function smoothly, monitor for irregularities and identify opportunities to optimize the ways in which it provides information and communicates with users.

9.2. Disable cookies

As a user, you have the opportunity to control the cookies used, delete the cookies saved on your device, and disable the use of cookies for the future. You should be aware that blocking cookies may affect the way our web platform works and cause it to malfunction.

10. Exercise of rights in relation to the personal data used

Date of last update: 10.12.2023