DATA PROTECTION POLICY

This describes our policy regarding the personal data we collect from visitors to our pages (hereinafter "users").

The Data Processor is the Limited Company "LIODAKIS MICHAEL & GEORGIOS SA" based in Crete, 7th km of the Rethymnon - Heraklion National Road, Adele 74150, Tax ID number 997820209 D.O.Y. Rethymno, E-mail: geranoiliodakis@hotmail.gr ("Processor").

In the daily activities of our business and our website, we process data concerning natural persons, including:

  • Customers
  • Visitors to our website
  • Other stakeholders (employees, suppliers)


Our business complies with the General Data Protection Regulation (2016/679 EU GDPR) and any other European and national legislation regarding the protection of personal data, electronic communications, etc. and undertakes to ensure the protection of your Data at all times:

  • The data is collected for specific, clear and legitimate purposes and is not further processed in a manner incompatible with these purposes.
  • We collect the necessary personal data for each processing purpose and process them legally, fairly and in a transparent manner in relation to the data subjects.
  • We ensure that they are as accurate and up-to-date as possible and we only keep them for as long as is necessary for the purposes for which they are processed.
  • In any case, the criterion we use to determine the storage period is based on and takes due account of the need to comply with any relevant legal requirements as well as the data minimization principle.
  • We process Data electronically and manually and take all appropriate measures to protect personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures.


Collection, purpose, legal basis of processing and retention time of your data

1. Data we collect automatically through our website
The website https://www.geranoi-liodakis.gr uses the SSL protocol (Secure Sockets Layer) which uses encryption methods for the data exchanged between two devices (usually Computers), establishing a secure connection between them via the internet, which results in the protection of your personal data.
When you visit our website, our server collects so-called server log files, namely:

  • Date and time of entry to the website.
  • The amount of data sent in bytes.
  • The browser and operating system you used to access the website.
  • Internet protocol address (IP address), when you enter the website. The IP address is personal data along with the date and time of your visit, although we cannot identify you with this data alone.

The legal basis for which we collect your IP address and keep it in special files (log files) is our legitimate interest in processing this data in order to ensure the security of networks, information and services against accidental events or illegal or malicious actions that compromise the availability, authenticity, integrity and confidentiality of stored or transmitted data (eg control of ddos “denial of service” attacks), as well as our legal obligation to provide a more secure environment for processing your personal data (GDPR article 6 paragraph 1 letter f and c). The data will not be transferred or used in any other way. However, we reserve the right to review server logs (server logs) if specific indications of unauthorized use are detected.

2. Customer Data.

When you visit our business, we collect your personal data such as name, surname, e-mail, postal address, gender, age, profession, address, and any other information related to the provision of medical services to you.
The purpose of processing your data is to provide you with the requested services and the legal basis of the processing is the execution of the contract between us (Article 6 para. 1b' and 9 para. 2h GDPR), as well as our compliance with legal obligations. Your data retention time is as long as possible and longer if legal claims arise.
It is clarified that we do not have a publicly accessible list of our subscribers/users' email addresses. Therefore, any personal data (e.g. access names, etc.) that appear anywhere on the pages and services of the website of the Data Controller are intended solely to ensure the operation of the respective service and may not be used by any third party without complying with the provisions of the legislation on the protection of personal data processing, as applicable at any given time. The Data Controller shall act in accordance with the applicable legislation and shall aim at the best implementation of good practice as far as the Internet is concerned. Your personal data is kept securely for as long as you are registered with a service of the Data Controller and is deleted after your business relationship with the Data Controller has ended in any way.


3. Data we collect via e-mail and the Contact Form

In the context of communication between us via e-mail and the Contact Form, we collect your name, e-mail address and any other information you provide us. This data is stored and used exclusively to respond to your request. The legal basis for the processing of your personal data is your consent (GDPR, Article 6 para. 1a). Your data will be deleted after the final processing of our communication. This will happen after the purpose and scope of our communication has been completed, provided there are no legal requirements to store such data.

4. Sending newsletters

With your consent, we will collect your e-mail in order to send you a newsletter with news about our Company and articles that you may find interesting. The legal basis for the processing is your consent (GDPR, Article 6 para. 1a) and you have the right to withdraw it at any time.

5. Supplier Data

For the execution of the contract between us, we collect the data of our suppliers such as name, address, contact information, shipping information, financial data, which you provide us yourself. The legal basis for the processing of your data is the execution of a contract and our compliance with legal obligations (GDPR article 6 par. 1b and c), and we keep them for a period of up to twelve years from the last provision of services, or as long as the tax and any other relevant legislation.

Who has access to your data? Data transfers.

Your data can be accessed by our employees as well as by any other person authorized to process your data in the course of their duties. In addition, we cooperate with third parties, natural or legal, professionals, independent consultants etc. who provide us with commercial, professional or technical services (e.g. website hosting, accounting services, transport services) for the purposes mentioned above, and support our business in whole or in part, in connection with our activities. As the case may be, the said natural/legal persons will act as Public or Independent Processors, Processors or persons authorized to process personal data for the same purposes mentioned above, with the same security measures and in accordance with the applicable legal liabilities.
Before the third party receives Personal Data, we must: (1) complete a privacy audit to assess the privacy practices and risks associated with those third parties (2) obtain contractual assurances from those third parties that will process Personal Data in accordance with our instructions and in accordance with this Policy and applicable law, that they will immediately notify our business of any Privacy or Security incidents, failure to comply with the standards set out in this Policy and existing legislation , that they will cooperate in remedying any such incident, that they will help us meet the rights of individuals set out below and that they will allow the Controller to check their processing for compliance with these requirements.
Finally, the data may be further transmitted to public authorities and institutions, as well as to our legal supporters (legal and insurance companies), for legitimate purposes.
Apart from the above, the Data will not be disclosed to third parties, individuals or legal entities and will not be disseminated.
Our business does not transfer Personal Data outside the EU, and if we need to (for example, in order to use Cloud services) this will be done on the terms and conditions set out in Articles 44 et seq. of the GDPR, such as with your consent, the application of standard contractual clauses approved by the European Commission or to countries deemed safe by the European Commission.

Use of cookies

For the correct operation of the website and your better navigation, as well as for the better provision of our services, we use cookies. Cookies are text-files with information, which the web server (web server of the Controller) stores on your computer when you visit this website. In this way, the website remembers your actions and your preferences for a period of time, in order to have, for example, personalization of online advertisements, traffic analysis or other statistical analysis, and provision of the services you have requested. In this way, you do not need to enter these preferences every time you visit the website or browse its pages. Only the Processing Manager and its specially authorized partners have access to any information regarding cookies.
You can control and/or delete cookies according to your wishes. Details can be found on the website: aboutcookies.org. In case you choose to disable cookies on the website https://www.geranoi-liodakis.gr the functionality of some pages may be lost or reduced.

See here which Cookies we use:

More information on the use and management of cookies on the website can be found on the websites:

About cookies and their management:

http://www.aboutcookies.org/default.aspx
http://www.whatarecookies.com/

About Google's policy:

https://www.google.com/about/company/user-consent-policy.html
https://www.google.com/policies/technologies/cookies/
http://www.google.com/intl/el/policies/privacy/partners/


Data security and integrity

The Controller applies reasonable technical and organizational security policies and procedures to protect personal data and information from loss, misuse, alteration or destruction.
In addition, we try to ensure that access to your personal data is limited to those who have a need to know it. Persons who have access to the data are obliged to maintain the confidentiality of that data.
Please be aware that the transmission of information over the Internet is not completely secure. Although we make every effort to protect your personal data, we cannot guarantee the security of data transmitted to our website. After receiving your information we will implement strict security procedures and features to try to prevent unauthorized access.
We make every reasonable effort to keep the personal data we collect from you only for as long as we need the data for the purpose for which it was collected or until it is deleted (whichever is sooner), unless we continue to we observe them according to the provisions of the current legislation.

Links to other websites

Our website may contain links to other websites, which are governed by other privacy statements whose content may differ from this Privacy Statement. Please read the privacy policy of each website you visit before submitting any personal data to that website. Although we strive to provide links only to sites that share our high standards and respect for privacy, we are not responsible for the content, security, or privacy practices of other sites.

Data of minors

When we need to process data of minors (e.g. minor patient data), that is, according to the GDPR, of those who have not reached the age of 15, the processing takes place only with the written and expressly expressed consent of the persons who have parental care of the minor . In any case, we make reasonable efforts to verify that consent is given or approved by the person who actually has parental care of the child, i.e. by verifying identity and any other available evidence.

Rights of Subjects

You can contact us by post or email at the addresses listed in paragraph (1) above, to exercise your rights in accordance with Articles 15 et seq. of the GDPR. You can, for example, request an updated list of people who have access to your data, get confirmation as to whether or not we are processing personal data relating to you, check its content, source, correctness and location (also in relation to any third country), request a copy, request their correction and restrict their processing and even delete them, if applicable. Likewise, you can always report comments and submit complaints to the Hellenic Data Protection Authority, 1-3 Kifissias Ave., GR 115 23, Athens, Call Center: + 30-210 6475600 or at http://www.dpa.gr/

Changes to this Policy

The Controller keeps this Policy under frequent review and may modify or revise it periodically at our discretion. When we make any changes, we will record the date of modification or revision in the Policy. The updated Policy will apply to you and your information from that date. We encourage you to periodically review this Policy to review any changes to the way we manage your personal data. This Statement was last updated in July 2020.

Contact us

If you have any questions, comments or complaints about our handling or protection of your personal data, or if you wish to amend your personal data or exercise any of your rights as a data subject, please contact us at geranoiliodakis@hotmail.gr.