Privacy Policy

PRIVACY POLICY
INFORMATION NOTICE ON THE PROCESSING OF PERSONAL DATA OF WEBSITE VISITORS

Introduction
With this Privacy Policy – Information Notice on the Processing of Personal Data of Website Visitors (hereinafter referred to as the “Policy” or “Privacy Policy”), our company under the name “MENNE S.A.” (hereinafter referred to as the “Company”, “we”, “us”, “Data Controller”), respecting the privacy of users and visitors of this website (hereinafter referred to as “visitors”, “you”) and being vigilant about ensuring the security of their personal data, provides the necessary information and notice regarding the processing of personal data.
In order to ensure transparency in how personal data is collected, used, processed, and stored, the Company encourages visitors of its website and any interested party to read this Policy carefully in order to be informed about the following:

Legal Framework
The processing of your personal data is governed by the relevant provisions of the applicable legislation on the protection of personal data (Law 4624/2019), the Directives and Regulations of the European Union (in particular the General Data Protection Regulation (EU) 2016/679 – GDPR), as well as the decisions, guidelines, and regulatory acts of the Hellenic Data Protection Authority, and is subject to the lawful procedures and restrictions they establish.

Definitions

• Data Subject: The website visitor, customer/consumer of the online store who places an order and purchases a product, registered user, or any other natural person who interacts with our website.

• Personal Data: Any information that can directly or indirectly identify a natural person (“Data Subject”), such as name, postal address, contact details (telephone, mobile), email address, etc.

• Processing: Any operation or set of operations performed on personal data or on sets of personal data, with or without automated means, such as collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction of personal data.

• Data Controller: The Company “MENNE S.A.”, which determines the purposes and means of processing personal data.

• Processor: The natural or legal person, public authority, agency, or other body that processes personal data on behalf of the Controller.

• Recipient: The natural or legal person, public authority, agency, or other body to which personal data are disclosed, whether or not it is a third party.

• Third Party: Any natural or legal person, public authority, agency, or body other than the Data Subject, the Controller, the Processor, and persons authorized to process personal data under their direct authority.

• Consent: Any freely given, specific, informed, and unambiguous indication of the Data Subject’s wishes by which they signify agreement to the processing of personal data relating to them.

• Data Protection Officer (DPO): The person appointed by the Company, as Controller, who has the position and duties defined by the applicable data protection legislation.

Personal Data Collected and Lawfulness of Processing (Legal Basis and Purpose)
We collect data and information that you provide during your visit and navigation on our website, as well as when using our services.

Data Collected and Processing Cases
Upon entering the website, we collect:

• IP address

• Date and time of access

• Geographic time zone

• Operating system and version

• Browser and version

• Device name and/or username

Purpose of Processing: Provision of personalized services, proper connection functionality, system security, and stability.
Legal Basis: The Company’s legitimate interest in making the website available to the public and providing services (Article 6(1)(f) GDPR).

When contacting us via email, we collect:

• Email address

• Full name (where required)

• Message content

Purpose of Processing: Managing, addressing, or resolving your request, inquiry, or complaint.
Legal Basis:

• If the communication relates to an existing contract, the legal basis is the performance of the contract (Article 6(1)(b) GDPR).

• Otherwise, the legal basis is the Company’s legitimate interest in customer service and communication (Article 6(1)(f) GDPR).

Company Presence on Social Media
Our Company maintains official pages on social media such as Facebook, Instagram, and YouTube. Through these platforms, you can submit comments, send messages, and be informed about our news.
In these cases, both our Company and the respective platform administrator act as joint Controllers according to Article 26 GDPR.
Due to the independent management of data by social media platforms, we may not always have full knowledge of the extent and nature of data processed by them. We make every effort to configure our pages to ensure the protection of your personal data, within the capabilities offered by each platform.

For more information about how these platforms process your personal data, you may refer to their respective privacy policies:

• Facebook: www.facebook.com/privacy/explanation

• Instagram: help.instagram.com/519522125107875

• YouTube: www.youtube.com/yt/about/policies/

Processing of Special Categories of Personal Data
Our Company does not collect or process “sensitive” personal data (special categories), such as data related to racial or ethnic origin, religious or philosophical beliefs, health, or sexual orientation. Visitors are requested not to provide such data. Any such data found will be securely deleted.

Data Concerning Minors
We do not process personal data of minors (under 18 years of age) through our website. If it is discovered that a minor has provided personal data without parental consent, such data will be deleted immediately. Parents or guardians may contact us if they believe their child has submitted data without consent.

Recipients of Personal Data
We maintain the confidentiality of your personal data and generally do not disclose it to third parties, except where required or permitted by law.
Data may be processed by:

• Authorized and trained staff bound by confidentiality agreements,

• External partners acting as Processors (e.g. delivery companies, technical support, marketing agencies), under GDPR-compliant contracts,

• Public authorities when required by applicable law.

Data Retention Period
Personal data are retained only as long as necessary for the fulfillment of the respective purpose.

• Data collected during contractual relationships are retained for as long as necessary for the contract and any legal obligations.

• Data collected during pre-contractual stages are retained for five (5) years.

• Maximum retention period: twenty (20) years, extendable in case of legal claims or audits.

• When processing is based on consent, data are retained as long as the consent is valid or as required by law.

Technical and Organizational Measures
The Company implements all appropriate technical and organizational measures to ensure the security of personal data (Article 32 GDPR), maintaining integrity, confidentiality, and availability. Internal policies and staff training ensure compliance with data protection standards.

Cookies Collection
Our website uses cookies to function properly. For more information, please refer to our Cookies Policy available on our website.

Your Rights under the GDPR
As a Data Subject, you have the following rights under the GDPR:

• Right to information and transparency (Articles 12–14 GDPR)

• Right of access (Article 15 GDPR)

• Right to rectification (Article 16 GDPR)

• Right to erasure (“right to be forgotten”) (Article 17 GDPR)

• Right to restriction of processing (Article 18 GDPR)

• Right to data portability (Article 20 GDPR)

• Right to object (Article 21 GDPR)

• Right to withdraw consent (Article 7(3) GDPR)

• Right not to be subject to automated decision-making (Article 22 GDPR)

You also have the right to lodge a complaint with a Supervisory Authority, particularly in your country of residence or where the alleged infringement occurred.
In Greece, the competent authority is the Hellenic Data Protection Authority (HDPA) — www.dpa.gr.

How to Exercise Your Rights
For any request related to your personal data and the exercise of your rights, please submit the Data Subject Request Form available on our website and send it to our Data Protection Officer (DPO) at: dpo@mennefoods.gr.
Alternatively, you may send it by post or submit it in person at the Company’s address.
The Company will make every effort to respond within thirty (30) days of receiving your request, or within sixty (60) days in complex cases, notifying you accordingly.

Company Statements
The Company shall not be held liable for any damage (direct, indirect, incidental, or consequential) arising from the use of this website. Each visitor is solely responsible for protecting their system from viruses or other harmful software.
This Policy may be amended at any time. Updates will be posted on our website, and users are encouraged to review the Policy regularly.
The Company will not use your personal data for purposes other than those stated herein, without prior notice and, where required, your consent.

By reading this Policy, the user acknowledges and consents to the processing of their personal data in accordance with applicable data protection legislation and solely for the purposes described above.

Last Updated: July 2025