Security policies - Kanellakis S.A.

PRIVACY POLICY

CANNELLAKIS S.R.O.

The company with the name “KANELLAKIS S.A., HYDRAYLIC HEATING HEALTH CARE PRODUCTS” and the distinctive title “KANELLAKIS S.A.”, with its registered office in Athens, at 2 Moberatou Street, VAT number 094499630 and G.E.M. 002716901000 (referred to herein as the company/and we) is committed to respect and protect your personal data and to comply with the relevant applicable legal framework in order to ensure the lawful processing of the personal data you provide us. The company has already harmonized its philosophy, practices and infrastructure to the changes introduced by the European Regulation 2016/679 (General Data Protection Regulation, GDPR) and its implementing law 4624/2019 regarding the protection of personal data, having taken all the necessary technical and organizational measures in accordance with their requirements.

Our company will receive and manage your personal data as a Data Controller. You, by using our services, both online and offline, accept that you have become aware of, and where applicable, comply/consent to the applicable Privacy Policy.

We hereby wish to clearly and fully inform you about the information we collect, how we use it and your rights regarding the protection of your personal data.

This Policy does not apply to data for which we are unable to verify the identity of the data subject.

Please note that when we need your personal data to service our business relationship, if you decide not to provide us with this information, we will not be able to serve you.

THE INFORMATION WE COLLECT
- The information we collect from you relates to:

a/ If you choose to purchase the product by creating an account:

aa/ Identifying & identifying information and contact details such as name, address, region, city, town, county, postal code, telephone numbers, e-mail

bb/ Information regarding your financial/tax information such as VAT number, tax office, bank account number,

cc/ If you are a legal entity, we also collect the company’s activity and data of the natural person who creates the account on the website, namely: name, surname, position in the company, telephone numbers,

b/ If you choose to purchase a product without creating an account from the e–shop:

aa/ Identifying & identifying information and contact details such as name, surname/name of the company (if the order is placed by a company), shipping and billing address, city, postal code, country, telephone numbers, e-mail

bb/ Information regarding your financial/tax information such as VAT number, tax office, bank account number.

The information we automatically collect through the Website relates to:

When you visit the Website, certain data may be automatically collected, such as: the Internet Protocol (IP) address of your computer, your browser type and operating system, your connection speed and information about the software programs installed on your computer, basic server connection information and information collected through cookies.

For more information about Cookies, please visit the corresponding specific information about the Company’s use of Cookies.

The information we collect about you from third parties

As part of our services, we accept orders for shipping products from third parties. In this case, we process exclusively the personal data necessary to successfully complete the relevant order and to ensure that the product reaches the recipient. That is, our customers who place the order give us your first name, last name and the address to which we should send the product. Upon delivery of the product, we inform about the sender and suggest that the recipient visit our website in order to be aware of our privacy policy and to be informed about the personal data we process. Immediately after delivery of the product, we delete the personal data. The recipients of the data are exclusively those involved in completing the delivery of the product, i.e. our company’s staff who manage the relevant order and its carriers. In all other respects, the provisions of this Privacy Policy shall apply insofar as they are applicable.

Information we collect about you from other sources

If we collect information about you from other bodies, in accordance with the Regulation and the Law, you will be informed accordingly in the cases provided for.

LEGAL BASES FOR DATA PROCESSING

We process your data on the following lawful bases, where applicable:

The performance of the contract between us (Article 6 (1) (b) GDPR).
Our legal obligation (Article 6(1)(c) GDPR): processing is necessary for us to comply with our legal obligations.
Legitimate interests of ours or third parties, unless your interests/rights prevail (Article 6(1)(f) GDPR): the collection and processing is necessary for the pursuit of our legitimate interests, such as the proper functioning of our company, the safeguarding of our company’s reputation, the establishment, exercise and support of legal claims.
Safeguarding your vital interests as a data subject or other natural person (Article 6(1)(d) GDPR).
Your consent (Article 6(1)(a) GDPR): where required by law and where none of the above legal bases apply, our company processes the data lawfully after obtaining your consent. For example, we obtain your consent to activate geolocation services, to collect data via cookies, and to send you our newsletter (“newsletter”).

THE PURPOSES OF PROCESSING YOUR DATA

We process your data to serve our business relationship and based on the legal framework governing their protection. More specifically:

To service our business relationship and for purposes of proof of your order. The personal data collected is still retained in case of abnormal development of the transaction between us until the dispute is resolved out of court or in court and to prove that your consent has been legally obtained. During our telephone contact for the realization of a telephone order, you are asked for the necessary personal data for the service of our transaction, i.e. full name, delivery address, mobile phone number.
For the fulfilment of our legal rights and obligations or for the pursuit of our legitimate interests arising from our business relationships and in accordance with the Regulation and the Law and which are indicatively consistent with the support of our legal claims in the context of out-of-court or judicial dispute resolution.
To send promotional & informative material and to ask for your opinion about our products and services. The company may use the data for informational and promotional purposes regarding the products and services it offers. In this case, we ask for your consent which you grant us, if you wish, by subscribing to our company’s newsletter. To subscribe to the newsletter, you must provide us with your e-mail address (email). By granting your consent by telephone or by subscribing to our newsletter, you provide us with your express consent to receive all our updates and/or offers and/or promotions that we make by telephone or send to you via emails and text messages or Instant messaging through the relevant services (e.g. SMS, Viber, Push Notifications etc.).
For statistical purposes, so that we can better understand your preferences and tailor our policies and services accordingly. Please note that in this case, your data is processed in a way that does not allow you to be identified.

Please note that if you have given your consent to the processing of your personal data, you can withdraw it at any time, which will result in our company ceasing to process your data. This revocation does not affect the lawfulness of the processing based on the existing and explicit consent prior to its revocation. This revocation can take place by sending an e-mail: [email protected] to the company.

THE RECIPIENTS OF YOUR DATA

This section describes the recipients to whom our company may disclose your data for specific purposes. The company does not control and is not responsible for the way in which you process your data or the recipients listed below choose to share or manage your data, subject to paragraph e.

Recipients of your data are:

a/ Our staff

Our staff, respecting the confidentiality required and having been trained to process your personal data in accordance with the Regulation and the law, will process them as strictly necessary to respond to your requests.

b/ The persons indicated by you

Acting on your explicit instructions, in those cases where this is provided for, the company may disclose your data to the recipient indicated by you. Our company has no control over, and is not responsible for, the manner in which such recipients or third parties to whom they give access to your data choose to process it.

c/ Public authorities or third parties

Our company, in order to comply with the Regulation and the laws, may disclose your data to public, judicial and prosecutorial authorities in the context of fulfilling its legal obligation or in support of its legitimate interests or those of third parties (unless the interests/rights of the data subject prevail) or for reasons of national or public security or for the prosecution of criminal offences.

d/ Economic operators – Banking institutions

We will provide your financial data to the economic operators (e.g. banks) with whom we cooperate or you indicate to us on a case-by-case basis, solely for the purpose of processing our financial transactions with you.

e/ Processors

We will provide your data, always in accordance with the requirements of the Regulation and the law, ensuring compliance with the appropriate security measures, to the entities that, on the basis of a contractual relationship with the company, process the data in question on its behalf in order to fulfil the purposes mentioned herein (such as the transport and delivery of your orders, the maintenance of financial statements and accounting records, the provision of IT services and/or support of all kinds of information and electronic systems and networks, e.g.

f/ Cloud IT solution providers

Please note that your personal data may be stored securely in cloud infrastructure within the EU. This allows us to ensure high levels of protection, reliability and availability of your data, in accordance with applicable regulations and security standards, while ensuring that it is only used for the purpose for which it was collected.

In all the aforementioned cases, we will take all necessary measures to ensure, always respecting the requirements of the Regulation and the law, that your data will only need necessary processing and will remain secure in accordance with the principle of data minimisation and purpose limitation that governs the entire Privacy Policy.

YOUR RIGHTS

You have the right under the Regulation to request details of the personal information we hold about you, to request a copy of the personal information you have provided to us, to correct, delete or restrict your personal information or to request portability of your data, as well as to object to the processing taking place, under the conditions set out in the Regulation and the law.

More specifically:

Right of access to your personal data processed by the company, as controller, and to receive a copy (Article 15 GDPR).
The right to correct inaccurate data and to complete incomplete personal data (Article 16 GDPR).
Right to erasure (“right to be forgotten”) of your personal data subject to the obligations and legal claims of the company for their retention under the Regulation and the law (Article 17 GDPR).
The right to restrict the processing of your personal data if, either you contest the accuracy of your data, or the processing is unlawful, or the purpose of the processing no longer applies but the retention of your data is necessary for the establishment, exercise or support of your legitimate claims, or you object to the processing by the company to safeguard its legitimate interests or those of third parties (Article 18 GDPR).
Right to portability of your personal data, i.e. transferring them to you or another controller, if technically feasible, in a structured, commonly used and machine-readable format provided that the processing is based on your consent or the transactional relationship between us and is carried out by automated means (Article 20 GDPR).
Right to object on grounds relating to your particular situation where your personal data are processed for the purpose of securing our or third parties’ legitimate interests or for direct marketing purposes, including profiling.

In order to exercise your rights and to request any information regarding this, you can contact us either by e-mail at [email protected] or by telephone at 210 5912500 or by post at 34-38 Kifissou Street, Aigaleo 122 41.

In the event of the exercise of one of your above-mentioned rights, our company will take all possible measures to satisfy your request within thirty (30) calendar days of receiving it, informing you electronically of the satisfaction of your request, or the reasons that prevent you from exercising or satisfying one or more of your above-mentioned rights in accordance with the Regulation and the law.

You also have the right to lodge a complaint with the Data Protection Authority if you consider that our processing of your data does not comply with the requirements of the Regulation and the law.

RETENTION AND DELETION OF YOUR DATA

We will keep your data for your convenience, i.e. for the completion of our transaction and the execution of your order, as well as for the sending of informative / promotional material, in case you have consented to this, as required by the Regulation and the law. In the event of extrajudicial or judicial dispute, your personal data will be kept in any case until the end of the pending litigation. We will also retain your personal data until you withdraw your consent to the processing of your data. In the event of withdrawal of consent by you, only the stored data identifying you as having previously consented and the date of withdrawal of consent will be retained for the purposes of evidence of consent.

Furthermore, your data will be deleted in accordance with the principle of limitation of the storage period, if their retention is not necessary by the Regulation or the law for the reasons and for the period of time provided for therein.

In case of deletion, your personal data will be deleted or destroyed in such a way that it cannot be restored or reproduced.

DATA RETENTION SECURITY POLICY

We take a number of measures to protect the information you provide to us from loss, misuse and unauthorised access or disclosure. The company has invested in the implementation of the latest data security and integrity technologies, having recruited professionals for this purpose.

USE COOKIES

Cookies are small text files with information, which are stored by the web server on the computer or mobile device of each user-visitor, so that each time the user enters the website, the above information is retrieved in order to adapt the services and products to the preferences of the user-visitor. This information may include the type of web browser used by each visitor-user, his/her operating system, the user’s preferences on a website, as well as other technical information.

The legislation governing the use of cookies is Directive 2002/58/EC, as amended and in force by Directive 2009/136/EC and incorporated into Greek law by L. 3471.2006.

Cookies do not cause damage to the computer or mobile device of the user-visitor, nor to the stored files and do not take note of any document or file from the computer of the user-visitor of our website. Cookies cannot reveal your identity, but may be used to identify your computer.

When you visit our website, we place the necessary cookies which are necessary for the provision of our services and from a technical point of view and the legislation allows us to place them without requiring any action or consent from you. The visitor-user can declare in the pop-up window his consent to the reception of the following cookies: functional, performance, analytics, advertising, others. The above cookies contribute to the improvement of the services we provide.

Instructions for the consent pop-up window in the cookies

As mentioned above, the placement of the necessary cookies does not require a declaration of consent from you. For other non-essential cookies, the consent of the visitor-user is required. When visiting our website, the user-visitor is presented with a pop-up window on the use of cookies, in which the user-visitor has the following two options:

Accept all: By selecting this button, the user-visitor gives his/her consent and accepts the placement of all cookies (i.e. functional, performance, analytics, advertisement, others). By accepting all cookies, the visitor-user enjoys a navigation and service tailored to his preferences.

Cookie Settings: by selecting this button, the visitor-user is able to choose which of the unnecessary cookies he/she wishes to enable and which he/she wishes to keep disabled. After making the above choice, he saves his choice by clicking on the “save & accept” button at the bottom right of the pop-up window.

It is recalled that the visitor-user can revoke his/her consent to the use of cookies at any time through the settings of the browser he/she is using.

UPDATING OF POLITICAL CONFIDENTIALITY

We may update this Privacy Policy from time to time. The amended Privacy Policy will be posted on our website.

CONTACT WITH OUR COMPANY

You can contact us by phone at 210 5912500 or by e-mail at [email protected] or by post at 34-38 Kifissou Street, Aigaleo 122 41.

INFORMATION SECURITY POLICY

KANELLAKIS S.A., which is engaged in the wholesale and retail trade of sanitary ware, plumbing equipment and heating and cooling equipment, recognizes that information is a fundamental asset and is committed to protecting the confidentiality, integrity and availability of all information it manages.

The Management has developed and implements an Information Security Management System (ISMS) in accordance with the ISO 27001:2022 standard, aiming at the continuous improvement of processes and the effectiveness of security measures.

Our Commitments
KANELLAKIS S.A. is committed to:

– It fully complies with the applicable legislation and regulations governing its activities.

– Identify and meet the needs and expectations of stakeholders.

– Ensures the protection of customer, partner and employee information.

– Implement technical and organisational measures to safeguard information against loss, unauthorised access or malicious use.

– Invests in the continuous training and awareness of staff on information security.

– Investigate any incidents, non-compliances and complaints, taking corrective and preventive action.

– Review the ISMS objectives and policies on a regular basis to ensure continuous improvement.

Management shall ensure that this policy:

– It is posted, available and understood by all employees and partners.

– It is applied to all activities and processes of the company.

– It shall be revised as necessary to reflect technological and operational developments.

Commitment to information security is an integral part of the culture and development strategy of KANELLAKIS S.A., with the ultimate goal of providing reliable and high quality services to its customers.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics		This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional		The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary		This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others		This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance		This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy		The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.