KARAKANAS Group
PERSONAL DATA SECURITY POLICIES (GDPR)
(According to EU REGULATION 2016/679)
Version : 1
Volos, 24/1/2023
I. DEFINITIONS
1.Enterprise
Karakanas Group
2.Personal Data
Any information relating to a natural person whose identity is known or can be verified. It includes both simple personal data (i.e. data concerning name, age, marital status, home address, email address, bank account details, IP address of the computer, telephone/fax numbers, payment data e.g. bank accounts, debit/credit and other bank cards, ID card or passport, VAT number, Social Security number, education, profession, place of birth or in accompanying documents/documents or related to it, etc.) as well as sensitive data (i.e. data concerning racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, etc.), health (physical or mental), social welfare, sex life, data relating to criminal prosecutions or convictions, racial or ethnic origin, biometric and genetic data or data concerning the sexual life or sexual orientation of a natural person and, in general, data which characterise the physical, biological, mental, economic, cultural, political or social nature of a person.
Personal data subject
The natural person to whom the data refer.
4.Processing
Any operation or set of operations which is performed, whether or not by automated means, on personal data or on a set of personal data, such as collection, recording, organisation, structuring, storage, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment, combination, restriction, erasure or destruction.
Controller
The natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.
Third party
Any person who is authorised to process personal data, other than the controller, and persons under his or her direct supervision.
Data file or filing system
Any structured set of data which is accessible according to specific criteria.
Consent
Any indication of free, specific, explicit and informed consent by which the data subject agrees to his or her data being processed.
Profiling
Any form of data processing intended to evaluate certain personal aspects of the data subject for the purpose of analysing his or her performance at work, financial situation, health, personal preferences, interests, reliability, behaviour, movements.
Data breach
Any breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access to data.
Prior consultation with a supervisory authority
The controller shall consult the supervisory authority prior to any processing where it considers that a high risk may arise.
II. COLLECTION; RETENTION; PROCESSING OF DATA
The Personal Data collected by our company are simple (i.e. data concerning name, VAT number, profession)
The company carries out Processing of Personal Data which it collects by entering them in the company’s commercial and tax books and electronically in the company’s computers and, if necessary, in case of changes, retrieves them from the computer and modifies them and finally deletes or destroys them. It shall disclose them, as appropriate, to the authorities (insurance funds, tax authorities, labour inspectorate, employees, etc.) or for sales promotion purposes (advertising, promotional activities) or for reasons of social propriety.
The data controller is the company itself.
There are also third natural persons who carry out the processing under the direct supervision of the Controller (e.g. employees) who are authorised by the Controller.
III. MODE OF PROTECTION
1.The undertaking obtains the written Consent of the data subjects to the processing of data concerning them by means of a specific form
2.It keeps such personal data in paper and/or electronic form.
The company keeps an electronic file on a local server, which is available and installed at its headquarters, on which it stores some of these data. Each of the computers has a specific password, which is changed from time to time, known and managed by the controller and/or the employee working under the direct supervision of the controller, and there is a prohibition on any processing of the data.