We would like to inform you that the protection of the personal data of individuals who do business in any way with STONETECH (“the Company”) is of high importance. For this reason, we take the appropriate measures to protect the personal data we process and to ensure that their collection and processing by the Company, or by third parties acting on behalf of the Company, are always carried out in accordance with the law. Please read this Notice carefully to find out more.
2. Who is the Data Controller?
Marmara Gonianaki Industrial and Commercial S.A., Z-G Industrial Area of Heraklion, Crete - Greece, PC 71601, with Tax Identification No. 999979183, Tax Office of Heraklion (“STONETECH” or “the Company”) is the Data Controller of your personal data. The Company, in the context of its business activities, processes personal data of individuals (for instance, the Company's customers, suppliers, shareholders and investors, as well as its websites’ users in accordance with the applicable national legislation and the REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter "GDPR" ) as applicable.
2.2. For any questions regarding this Notice, you may contact the Company and its Data Protection Officer at the following contact details:
Address: Z-G Industrial Area of Heraklion, Crete
3. What is personal data and what does processing of personal data mean?
"Personal data" refers to information, such as name, surname, email address, telephone, location data, etc., relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly. ‘Processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
4. What data do we collect from you?
4.1. From the users who visit our website we collect and maintain only the important information for their registration and the creation of a user account, for the execution and completion of their order, as well as for our communication with them for issues related to our services. The mandatory data which ypu are requested to provide is your surname, your profession, your VAT number, the details of your contact person (name, surname, e-mail) if you are considered an entity according our Terms and Conditions of Use, your address (registered office), telephone number and your email address. We only collect as much information as you provide. For online payment you may need to provide our payment provider with your credit, debit or prepaid card details (credit number and expiration date).
4.2. We may use your data and only with your previous approval (eg name and e-mail) in order to send you advertising or information material.
4.3. The data collected through our website may also be combined with data provided by you in other cases, for example, when you call to our call centers or participate in contests and promotions. The personal data provided to us in such cases may be integrated into existing databases and stored, in order to simplify your data management systems.
5. Which data do we collect by automated means?
5.1. When you use our website, your device automatically provides us with data so that we can better serve and tailor our response to you. The type of information we collect through automated means generally includes technical information about your device, such as the IP (server’s and/or users’) address or other device ID, the type of device you are using, ypur user agent, the version of your operating system, your browser, the languages available on your computer, the time and date you used or submitted a request to our portal (www.stonetechb2b.com). The data we collect may also include usage information and statistics about your interaction with our website. It may also include information about the URLs of the websites you have visited, the referring / exit pages, page views, the length of your stay on a page, the number of clicks, the type of platform, location data (if you have enabled access to our site) and other information about how you used the website. This information is collected using Cookies and other similar tracking technologies.
5.2. We should inform you that in order to manage our website, we use Google Analytics, a web analytics service managed by Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. Google Analytics is used only after your exempt consent, in order to track traffic to our website. In this context, it collects your browsing history on our website, the tracking time of each of our subpages, the data of the website from which you have visited our website, your IP address, the time of access, the country from which access was attempted, the frequency of your visits to our website etc. This information is collected using Cookies. This data is necessary for the optimization of our services to you and for the purposes of online advertising. With each visit to our website, such personal data, including your IP address will be transmitted to Google. This personal information is stored by Google for its own purposes. Google may transfer such personal data through the technical process to third parties, as well as to Google LLC in the United States of America. For more details you can visit the following websites:
6. In which other way do we collect your data?
6.1. We process the personal data ypu provide us with, when you contact us (e.g. by filling out the contact form or when calling us), or when you interact on the Company’s social media or when you make a transaction with us in any way (e.g. when you make a payment), either online or offline (e.g. when you buy from our physical stores), when you submit a request at our customer care service, or when you participate in contests organized by the Company, or during your participation in exhibitions, workshops, seminars and presentations where the Company participates or in case of partnership with third parties, where applicable, or in the context of the contractual relationship between us (under a work contract with a contractor / subcontractor, a supply contract, a service contract, etc. or whether the processing of personal data takes place at a pre-contractual stage), as well as when we receive requests, orders, warrants, etc. from supervisory, prosecutorial, judicial, tax authorities, etc., to investigate crimes and to protect you against fraud or to fight against crime and infringement of legally protected rights. In any case, we process personal data that is adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
7. What are the legal bases for processing personal data?
The processing of your personal data is carried out based on:
a) your consent, where required (e.g. for receiving communication from us, for receiving newsletters). When you give us your consent you can withdraw it at any time (applicable for the future) by contacting us at the contact details under 2.2., as well as by unsubscribing from the newsletters by clicking on the relevant link in the newsletter.
b) the performance of your online quota, already concluded or about to conclude (e.g. the performance of a project work, or the provision of services), in order to fulfill our contractual obligations in the above context.
c) to protect Stonetech’s legitimate interest to process and save personal data information [e.g. for your identification where required to avoid fraud or any security breach, to conduct business partnerships, to improve our customer service, for statistical analysis and processing of aggregated data, to improve our products and services, for direct marketing communication when you are our client, where you can always request to opt-out].
When the legal basis is the legitimate interest, you have the right to object to the above processing on a case by case basis. However, we have the right to demonstrate compelling legitimate grounds to continue this processing (e.g. to record any problems or to resolve disputes, etc.).
d) compliance with a legal obligation (e.g. the publication of transactions and details of the company or tax obligations, etc.)
8. For what purposes is personal data processed?
a) For proper compliance with our contractual commitments. Deriving from the contractual relationship between us, we draw and use the information required for a smooth development of our co-operation.
b) For communicating with you and managing our relationship with you. We may need to contact you to answer your questions or comments to serve you and to improve the quality of our services.
c) For complying with our legal obligations. (to fulfill tax or publicity obligations etc) d) To safeguard our legitimate interests and protect individuals and goods. For example, when using CCTV and security cameras in order to be able to protect the security of individuals, materials and facilities of the Company.
e) For sending our newsletters and other direct marketing communication with you. In order to continuously improve the content of our newsletters and our communication with you, based on our legitimate interest, we measure and store the percentages of open messages and clicks, i.e. if you open our e-mails, what is the content of the e-mails you open, as well as whether and why our emails may not have been delivered. We may also use this data for statistical purposes.
f) For statistical analysis purposes (e.g. for evaluation and improvement of business processes, or to better understand the needs of our customers, etc.). In this case, we observe all the necessary guarantees for the collection and processing of data that do not identify you and do not violate your rights and freedoms.
g) For the management and security of our websites.
h) For conducting a credit audit in order to safeguard the legitimate interests of the Company in the context of the pre-contractual audit.
9. For how long is personal data stored?
Your personal data is kept / stored by the Company only for the period of time required for the fulfillment of the respective purpose for which the processing takes place, unless an extension of this time is required due to our legal claims or legal obligations. When processing is required as a requirement under provisions of the applicable legal framework, your personal data will be stored for as long as required by the relevant provisions. When processing is done according to a contract, your personal data will be stored for as long as is necessary to perform the contract and for the foundation, exercise, and / or support of legal claims under the contract. Your contact data and your personal choice data for purposes of marketing communication with you will be retained for three (3) years from your last contact with us. Your statement of consent for sending the newsletter is kept for as long as the newsletter is sent to you by the Company and in any case not more than six months from the cessation of sending it.
You can request the deletion of your data or withdraw your consent, where applicable, to delete the data we keep (with the exception of data that we must maintain based on the performance of the contract and / or fulfillment of a legal obligation e.g .tax liabilities).
At the end of the retention period, your personal data is completely deleted or rendered anonymous so that it can be used in an unidentifiable manner for statistical analysis and business planning. For the retention period of the data collected through Cookies, please check our Cookies Policy.
10. Who can be the recipients of the data?
The Company may forward personal data to the following categories of recipients:
A) Public Authorities. When, and to the extent necessary, in the course of an audit (e.g. application of tax, insurance, labor, or other legislation) and in all cases according to the applicable legal procedures.
B) Partners of our company (partners, website maintenance and hosting company, newsletters management and sending company subcontractors, banks, insurance companies, auditing company, etc.) The Company maintains partners to whom it assigns the processing of personal data on its behalf. When transmitting your personal data, we always ensure the highest possible level of security. As a result, your data will only be transmitted to service providers and co-operating companies, which are carefully selected and bound by confidentiality, not to send your data to third parties without the Company's permission, to take appropriate security measures and to comply with the legal framework for the protection of personal data and in particular the GDPR. In these cases, the Company remains responsible for the processing of your personal data and sets out the details of the processing, executing a specific contract with the subcontractors to whom it entrusts the execution of processing activities in order to ensure that processing is carried out in accordance with the applicable legal framework and that any natural person may freely and without hindrance exercise the rights conferred by the legal framework.
C) In third countries where the Company is doing business. In the case where the Company needs to transmit personal data outside the EU within the exercise of its legitimate activities, it fully complies with the applicable provisions of GDPR.
D) To the absolutely necessary staff of the Company, who is committed to maintaining confidentiality.
G) To Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001.
H) Facebook Ireland Ltd, 4 Grand Canal Square Grand Canal Harbor Dublin 2 Ireland, www.facebook.com. We may transfer your data to Facebook for the purpose of personalized online advertising (Facebook Ads). For Facebook Ireland Ltd's compliance with the General Data Protection Regulation and how your data is processed, please visit the following websites:
I) Linkedin Corporation, Mountain View California United States. For LinkesIn’s compliance with the General Data Protection Regulation and how your data is being processed, please visit the following websites:
J) The Rocket Science Group LLC., 675 Ponce de Leon Ave NE Suite 5000. Atlanta, GA 30308 USA.. For Mailchimp’s compliance with the General Data Protection Regulation and how your data is being processed, please visit the following websites:
K) SoftOne Technologies S.A, 8 L. Katsoni and Achilleos Str, 17674, Kallithea, Athens, Tel: +30 211 10 22222, Fax: +30 210 9484094, E-mail: firstname.lastname@example.org
L) GDPR Tools
11. What applies to the security of personal data?
11.1. We implement appropriate technical and organizational measures to ensure the safe processing of personal data and to prevent accidental loss or destruction and unauthorized and / or unauthorized access to, use, modification or disclosure of such data. The data you submit to the Company are managed exclusively by specifically authorized personnel of the Company acting under its control and according to its orders, or those of the recipients, where appropriate. In order to conduct the processing, the Company selects persons with corresponding professional qualifications that provide sufficient guarantees in terms of technical knowledge and personal integrity to maintain confidentiality.
11.2. In order to ensure the appropriate level of security against such risks and in order to select appropriate technical and organizational measures, the company takes into account the latest technological and other developments, the cost of implementation, the nature, the scope and the purposes of the processing, as well as on the one hand, the likelihood and risk of occurrences of accidental loss or destruction and unauthorized and / or unauthorized access to personal data, use, modification or disclosure, and, on the other, how serious the consequences on the rights and freedoms of natural persons will be.
11.3. In any case, the security of the data is subject to reasons beyond the Company’s sphere of influence, as well as reasons resulting from technical or other failure of the network that is not controlled by the Company, or reasons of force majeure or events of chance.
12. What are the rights in relation to personal data?
Your rights can be exercised at the Company's contact details under 2.2. or in any other convenient way where it applies (e.g. by unsubscribing). Your rights are as follows:
a) Right of Access:
You have the right to be aware and verify the legitimacy of the processing. So, you can access your data and get additional information about how we process it.
b) Right of Rectification:
You have the right to correct, update or modify your personal data when thay are inaccurate. We can try to verify the accuracy of the data before we rectify it.
c) Right of Erasure:
You have the right to request the deletion of your personal data under the restrictions provided for in GDPR. In particular, You can request to erase your personal data at any time when they are no longer needed for the purposes for which they were collected or if they have been illegally processed. However, we can retain your data if processing of your personal data is necessary to comply with a legal obligation, to fulfill another legitimate purpose or other legal basis; or for the establishment, exercise or defense of legal requirements of our Company.
d) Right to Restriction of Processing:
You have the right to request a limitation on the processing of your personal data in the following cases: (a) when you contest the accuracy of your personal data and until it has been verified, (b) when you object to the erasure of personal data and you request to restrict their use instead of their erasure, c) when personal data is not needed for processing purposes, it is, however, indispensable for the foundation, exercise, support of legal claims, and (d) when you object to the processing and until it is verified that there are legitimate reasons that concern us and outweigh the reasons why you object the processing.
e) Right to Object Processing:
You have the right to object at any time to the processing of your personal data where it is necessary for the purposes of legitimate interests we seek as a data controller. If you exercise your right to object, the Company has the right to demonstrate compelling legitimate grounds for the processing which override your rights and freedoms.
f) Right to Portability:
When processing is based on your consent or the performance of a contract and done by automated means, you may request to provide your personal data, free of charge, in a structured, commonly used and machine-readable format, or you may request to be transferred directly to another controller, if technically feasible. However, this right concerns only the data provided by you.
g) Right of human intervention in automated individual decision-making, including profiling:
You have the right not to be subject at any time to automated individual decision-making, including profiling, to intervene, to express your opinion and to doubt the decision taken on the basis of automated processing.
h) Right to opt-out:
Where processing is based on your consent, you have the right to withdraw it freely, without prejudice to the lawfulness of the processing which was based on your consent prior to you withdrawing it.
i) Right to file a complaint to the HDPA or other competent supervisory authority:
If you exercise any of your rights above and are not satisfied, you have the right to file a complaint to the Data Protection Authority (www.dpa.gr): Call Centre: +302106475600, Email: email@example.com. Please contact us first to find a solution to any of your problems before submitting a complaint.
13. What procedures apply to the exercise of rights?
13.1. In order to identify you, taking into account the confidentiality of all files that contain personal data and we reserve the right to ask you for proof of your identity, if you are applying for the exercise of your rights with respect to those files.
13.2. We will not charge you for the exercise of your rights in relation to your personal data unless, as provided by law, your request for access to information is unfounded or excessive, so we have the right to charge a reasonable fee under the specific circumstances. In any case, we will notify you of any charges before completing your request.
13.3. We try to respond to any valid requests within one (1) month of their receipt, unless they are very complex or you have made a number of requests. We'll let you know if we'll need more time. We may ask you more details to help us to act faster on your request. In any case, you should give specific and true details and / or facts in order to be able to reply to and / or satisfy your request accurately; otherwise we reserve the right to make any errors that are beyond our control. In addition, our Company may discard requests that are unjustified or excessive or abusive or made in bad faith or generally illegal.
14. How will I be informed of any amendments to this Notice?
Information about the data processing reflects the current state.We update this Privacy Notice when necessary. In case of changes in data processing, this information will be updated accordingly and we will post the latest version of this Notice on our website. We also encourage you to periodically review this page.