DATA PROTECTION POLICY
SFAKIANAKIS S.A. - PERSONAL DATA PROTECTION POLICY
Who we are
We are "SFAKIANAKIS S.A.", Tax Identification Number: 094010226, based in Athens, 5-7 Sidirokastrou Street, 11855, email: firstname.lastname@example.org, tel. 210 3493400. Our main activity is trading and dealership of passenger cars, trucks, motorcycles, spare parts and accessories and other related parts, new and second hand, the operation of repair shops and body shops as well as the financial leasing of vehicles.
We have an extensive network of representatives nationwide, who operate as independent companies, on their own account. For this reason, if you have questions or reservations about how your data is processed by one of our representatives, please contact them directly in the first stage and in the second stage, if you deem it necessary, with our Company (see below the paragraph 7: YOUR RIGHTS)
In the context of its commercial activity and for the fulfillment of its statutory purposes, our Company collects, keeps in a file and processes your personal data.
The purpose of this policy is to provide you with information on how your personal data is collected and processed by our Company.
The basic principle of our Company is the respect of the privacy of your personal data, so we are committed to protecting and keeping your personal data safe.
This version was updated on 10/5/2018.
1. THE DATA WE COLLECT ABOUT YOU
Personal data means any information or data relating to a person by which that person can be identified. It does not include anonymous data, i.e. where the identity of the person has been removed (e.g. they have been encrypted or pseudonyms have been used).
We may, therefore, collect, use, store and transfer various types of your personal data, which we have grouped as follows:
- Identity information includes, for example, first name, last name, username or similar identifier, marital status, title, date of birth and gender.
- Contact details include address, street, city, postal code, telephone number, mobile phone number and e-mail address.
- The financial data, including the account number, credit card information.
- Transaction data includes indicative details of the products and services you have purchased from us.
- Marketing and communications data, including your marketing preferences for us and companies that provide support services for marketing and communication purposes, and your communication preferences.
2. HOW YOUR PERSONAL DATA IS COLLECTED
We use different methods to collect data from and for you, including:
- Immediate interactions. You can provide us with your Identity, Contact, Financial and Transaction Details by filling out forms, by post, telephone, electronic or otherwise.
- This includes personal data you provide when:
- Apply a request for our products or services.
- You visit one of our websites.
- Subscribe to our service or posts.
- Look for your local dealer.
- Book a service.
- Request a brochure or other marketing that will be sent to you.
- Participate in a contest, promotion or research.
- Send email
- Third parties or public sources. We may receive personal information about you from various third parties, including our network of dealers and public sources, as stated below:
Contact details, financial data and transactions from technical support and payment service providers.
Identity card data, contact details, financial details and transactions from our dealer network.
3. HOW WE USE YOUR PERSONAL DATA
Your personal data is collected for the following purposes:
a) for service of your respective request (e.g. for the submission of an offer for the purchase of a vehicle/s, financial leasing, for the performance of a test drive, etc.)
b) if you enter into a contract with our company (purchase of a vehicle, lease, etc.), for the execution of the contract, for customer service and the general fulfillment of all our contractual rights and obligations
c) for customer satisfaction research, for statistical reasons and for the general improvement of our company and our relationship with you
d) if you wish to purchase a vehicle with financing, for the control of your creditworthiness, for their transfer to the Bank(s) of financing of your choice, etc.
e) if you wish to purchase a vehicle with leasing, for their transfer to the leasing company/ies of your choice
f) if you wish to rent a vehicle (leasing), to check your creditworthiness
g) for the fulfillment of all our legal obligations, in order to respond to legal proceedings / requests from competent Authorities for the provision of information (indicatively, for offenses / violations / fines of the KOK / Penal Code, etc.)
h) if you give your consent, for the direct promotion of products and services and the conduct of market research.
4. DISCLOSURE OF YOUR PERSONAL DATA - INTERNATIONAL TRANSMISSIONS - THIRD PARTIES
Your personal data for sub-items a and b purposes, whenever needed for your best service, will be forwarded to our official network of dealers / traders and associates while for sub-items a, b and c purposes, may be forwarded to companies provide us with support services for the relevant purpose. For the purpose under (d), they will be forwarded to the Bank(s) of your choice / to a credit rating company. For the purpose under (e), they will be sent to the leasing company/s of your choice. For the purpose under (f), they will be forwarded to the respective credit rating company. For the purpose under points (g), they will be forwarded to the relevant Competent Authority. For the sub-item (h) purpose, if you give your consent, apart from Sfakianakis S.A. and to companies that provide support services for the above purpose, they may be transferred and / or to other companies of the Sfakianakis Group and to companies that provide them support services for the above purpose. We will obtain your express consent before sharing your personal information with any third party company for marketing purposes.
You can ask us or third parties to stop sending you marketing messages at any time by following the exception links in any marketing message sent to you.
In any case of disclosure or transmission of your personal data, we require all third parties to respect the security of your personal data and to process it in accordance with the law. We do not allow our service providers to use your personal data for their own purposes and we only allow them to process your personal data for specified purposes and in accordance with our instructions.
Support service providers include service providers providing IT and systems management services, professional consultants including lawyers, bankers, auditors and insurers providing consulting, banking, legal, insurance and accounting services.
The personal data we collect from you may be transferred outside the European Economic Area (EEA).
They may also be processed by staff working outside the EEA and working for us or one of our suppliers or contractors. Non-EEA territories may not have the same legal protection as the EEA, but we have an obligation to ensure that suppliers and non-EEA parties continue to take all reasonable steps to ensure that your data is treated with security and in accordance with this Policy. By submitting your personal data to us, you agree to this transfer, storage or processing.
Contact us if you would like more information on the specific mechanism we use when transferring your personal data from the EEA.
5. HOW WE PROTECT YOUR PERSONAL DATA
All information you provide to us is stored and transmitted securely and every transaction is protected by appropriate technology.
Once we receive your information, we will use strict security procedures and features to try to prevent any unauthorized access.
We have implemented the appropriate technical and organizational measures to prevent any loss, use or access to your personal data in an unauthorized manner, alteration or disclosure. In addition, we restrict access to your personal data to those employees, associates, contractors and other third parties that are absolutely necessary, who will process your personal data only in accordance with our instructions and will be subject to an obligation of confidentiality.
We have put in place procedures to deal with any possible breach of personal data and we will notify the relevant control bodies of any breach and you in the event that the risk of a breach is assessed at a high level.
6. HOW LONG DO WE HOLD YOUR PERSONAL DATA
Your personal data will be stored and used only for the above purposes and the retention time is until the withdrawal of opt-out by you, where you have given your consent.
In order to determine the appropriate period of retention of personal data, we examine the quantity, nature and sensitivity of personal data, the potential risk of damage from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve these goals by other means within the applicable legal requirements.
In some cases, we anonymize your personal data (so that they can no longer be associated with you) for research or statistical purposes, so we may use this information indefinitely without further notice to you.
7. YOUR RIGHTS
Your rights in the processing of your personal data, which may be exercised under the conditions laid down in EU Regulation (2016/679), depending on the purpose and legal basis for their processing, are the following:
a) Request access to your personal data. This allows you to obtain a copy of the personal data we hold about you and verify that we are processing it legally.
Request the correction of the personal data we hold about you. This allows you to correct any incomplete or inaccurate data we hold about you, although we may need to verify the accuracy of the new data you provide to us.
Request the deletion of your personal data. This allows you to ask us to delete or remove personal data where there is no reason to continue processing it. You also have the right to request that we delete or remove your personal data where you have exercised your right to object to the processing (see below). Please note, however, that we may not always be able to comply with the deletion request. For specific legal reasons that will be notified to you, as the case may be, at the time of your application.
Request a restriction on the processing of your personal data. This allows you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want to determine the accuracy of the data, (b) where the use of the data is not lawful, but you do not want to delete. (c) where needed to retain the data, even if you no longer require it, if you need it to substantiate legal claims, or (d) you have objections to the use of your data, but we must verify whether we have legitimate reasons to use it.
b) Challenge the processing of your personal data for direct marketing purposes. In some cases, we can demonstrate that we have compelling legal reasons to process your information that overrides your rights and freedoms.
c) Request the transfer of your personal data to you or to third parties. We will provide you or a third party who has selected your personal data in a structured, widely used, mechanically readable format. Please note that this right only applies to automated information that you originally provided to us with consent or where we used the information to execute a contract with you.
d) Withdraw your consent at any time for the processing of your personal data
when it was required. However, this will not affect the legality of any processing that took place prior to the withdrawal of your consent. If you withdraw your consent, we may not be able to offer you certain products or services. We will advise you if this happens at the time you request the withdrawal of your consent.
There is usually no charge for exercising your rights.
You will not have to pay a fee to access your personal data (or exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request under these circumstances.
We may need to ask you for specific information to help us verify your identity and secure your right to access your personal data (or to exercise any of your other rights). This is a security measure that ensures that personal data is not disclosed to anyone who does not have the right to receive it. We can also contact you to request further information about your request and expedite our response.
We try to respond to all legitimate requests within a month. Occasionally we may need more than a month if your request is particularly complex. In this case, we will inform you properly.
To exercise any of your rights, call 210 3499940
You also have the right to submit a complaint to the Personal Data Protection Authority, 1-3 Kifissias av., PC 115 23, Athens, tel.: + 30-210 6475600, e-mail: email@example.com
However, we would appreciate your choice to convey your concerns to us before contacting the competent supervisory authority, so in the first stage, contact the Company's Data Protection Officer at tel.: 210 3499817 or email: firstname.lastname@example.org for advice and explanations regarding the processing of your personal data and the exercise of your rights.